Zadny antivirus nejde naistalovat

Zpráva

Vasil · #1 Příspěvek od **Vasil** » 27 říj 2012 16:12

wLogfile of random's system information tool 1.09 (written by random/random)
Run by Majka-Lukas at 2012-10-27 17:04:36
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 258 GB (56%) free of 461 GB
Total RAM: 3948 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:04:42, on 27. 10. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Free Download Manager\fdm.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Users\Majka-Lukas\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Majka-Lukas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Majka-Lukas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Majka-Lukas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Majka-Lukas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Majka-Lukas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Majka-Lukas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Majka-Lukas.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Majka-Lukas\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Prevziať pomocou FDM - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: Prevziať video pomocou FDM - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Prevziať vybrané pomocou FDM - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Prevziať všetko pomocou FDM - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Úložná technologie Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XobniService - Xobni Corporation - C:\Program Files (x86)\Xobni\XobniService.exe

--
End of file - 13402 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 3978512
\??\C:\Windows\system32\conhost.exe "1722269739-11245057121937736662-599023050-16904202001410319204424531202147467156
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe"
"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe"
"C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe"
"C:\Program Files (x86)\PDF Complete\pdfsvc.exe" /startedbyscm:66B66708-40E2BE4D-pdfcService
"C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE"
"C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2088
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
"C:\Program Files (x86)\Free Download Manager\fdm.exe" -autorun
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#HP PSC 1400 series#1341496370" -Startup
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe" -Embedding
"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe" -Embedding
taskeng.exe {5F615ECD-344E-4DEE-9194-A48509FBC302}
"C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" /hidden
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe" "<hpNotification><Toast><Title>HP Wireless Assistant</Title><Text>Bluetooth®: Off
WLAN: On</Text><IconPath>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WA_tray_32_on.ico</IconPath><ID>1491522539</ID><Path>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe</Path><Parameters></Parameters></Toast></hpNotification>"
"C:\Users\Majka-Lukas\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe"
C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding
C:\Windows\system32\wbem\WmiApSrv.exe
"C:\Users\Majka-Lukas\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Majka-Lukas\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="5228.1.1634154414\946963603" --gpu-vendor-id=0x8086 --gpu-device-id=0x0106 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2266 --ignored=" --type=renderer " /prefetch:12
"C:\Users\Majka-Lukas\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/0/Prerender/PrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyImpact/spdy3/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-1-Percent/group_93/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/last_accessed_socket/ --extension-process --renderer-print-preview --channel="5228.2.2130400493\482398649" /prefetch:3
"C:\Users\Majka-Lukas\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Majka-Lukas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll" --lang=sk --channel="5228.3.1493980484\781591367" /prefetch:4
"C:\Users\Majka-Lukas\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxSearchSuggest/0/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwndDynamic/SpdyImpact/spdy3/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-1-Percent/group_93/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/last_accessed_socket/ --renderer-print-preview --channel="5228.6.2120699473\335533799" /prefetch:3
"C:\Users\Majka-Lukas\AppData\Local\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="5228.7.1257618139\316767782" --lang=sk --ignored=" --type=renderer " /prefetch:13
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
"C:\Users\Majka-Lukas\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-810337923-305667393-2845738528-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-810337923-305667393-2845738528-1000UA.job
C:\Windows\tasks\HPCeeScheduleForMajka-Lukas.job
C:\Windows\tasks\WebReg HP PSC 1400 series.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Majka-Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\vz1u775r.default

prefs.js - "browser.startup.homepage" - "www.google.sk"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.287 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0]
"Description"=WildTangent Games App Presence Detector Plugin
"Path"=C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.287 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Users\Majka-Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\vz1u775r.default\extensions\
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2012-10-02 5748928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-09 49440]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-05-09 60576]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-10-02 4119744]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2008-12-30 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01 1089288]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20 509496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01 1089288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-12-20 167960]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-12-20 391704]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-12-20 418328]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2011-01-12 6602856]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-12-21 2480936]
"HPWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [2010-07-21 8192]
"AtherosBtStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2011-05-09 627360]
"AthBtTray"=C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [2011-05-09 379552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Majka-Lukas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-24 136176]
"Free Download Manager"=C:\Program Files (x86)\Free Download Manager\fdm.exe [2010-04-28 3727411]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-09-13 283160]
"PDF Complete"=C:\Program Files (x86)\PDF Complete\pdfsty.exe [2011-02-01 656920]
"HPOSD"=C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [2010-12-13 318520]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"NeroFilterCheck"=C:\Windows\system32\NeroCheck.exe []
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2011-10-24 421888]
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"hpqSRMon"=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [2008-07-22 150528]
"HP Quick Launch"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [2012-02-15 577408]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-12-17 384000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv
"midi3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-10-27 17:04:36 ----D---- C:\rsit
2012-10-27 17:04:36 ----D---- C:\Program Files\trend micro
2012-10-27 14:17:41 ----D---- C:\ProgramData\ESET
2012-10-27 14:17:41 ----D---- C:\Program Files\ESET
2012-10-27 14:02:35 ----A---- C:\Windows\ntbtlog.txt
2012-10-27 13:43:16 ----A---- C:\Windows\system32\aswBoot.exe
2012-10-27 13:42:42 ----D---- C:\ProgramData\AVAST Software
2012-10-27 13:42:42 ----D---- C:\Program Files\AVAST Software
2012-10-27 10:54:22 ----D---- C:\Program Files (x86)\ESET
2012-10-27 09:55:41 ----D---- C:\ProgramData\McAfee
2012-10-27 09:50:41 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-10-10 21:53:13 ----D---- C:\Users\Majka-Lukas\AppData\Roaming\Skype
2012-10-10 21:53:03 ----RD---- C:\Program Files (x86)\Skype

======List of files/folders modified in the last 1 month======

2012-10-27 20:32:19 ----D---- C:\Windows\system32\wfp
2012-10-27 20:32:19 ----D---- C:\Windows\system32\catroot2
2012-10-27 20:32:16 ----D---- C:\ProgramData\Atheros
2012-10-27 20:32:16 ----D---- C:\Program Files\CDBurnerXP
2012-10-27 20:32:10 ----D---- C:\Windows\system32\wbem
2012-10-27 20:32:10 ----D---- C:\Windows\registration
2012-10-27 20:32:01 ----RSD---- C:\Windows\assembly
2012-10-27 20:31:52 ----D---- C:\Program Files (x86)\Common Files
2012-10-27 19:48:21 ----D---- C:\Windows\system32\drivers\UMDF
2012-10-27 19:48:20 ----D---- C:\Windows\AppCompat
2012-10-27 19:48:20 ----D---- C:\Users\Majka-Lukas\AppData\Roaming\vlc
2012-10-27 19:48:19 ----D---- C:\Users\Majka-Lukas\AppData\Roaming\IrfanView
2012-10-27 19:48:18 ----D---- C:\ProgramData\Skype
2012-10-27 19:48:18 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2012-10-27 17:04:42 ----D---- C:\Windows\Temp
2012-10-27 17:04:36 ----RD---- C:\Program Files
2012-10-27 17:03:01 ----D---- C:\Users\Majka-Lukas\AppData\Roaming\Free Download Manager
2012-10-27 16:58:30 ----D---- C:\Windows\Tasks
2012-10-27 16:58:30 ----D---- C:\Windows\system32\Tasks
2012-10-27 16:28:23 ----D---- C:\Windows\system32\config
2012-10-27 15:47:45 ----SHD---- C:\Windows\Installer
2012-10-27 15:47:45 ----HD---- C:\Config.Msi
2012-10-27 15:47:44 ----D---- C:\Windows\system32\DriverStore
2012-10-27 15:47:44 ----D---- C:\Windows\system32\catroot
2012-10-27 15:47:43 ----D---- C:\Windows\system32\drivers
2012-10-27 15:47:43 ----D---- C:\Windows\inf
2012-10-27 15:46:06 ----SHD---- C:\System Volume Information
2012-10-27 15:45:51 ----A---- C:\Windows\SYSWOW64\log.txt
2012-10-27 15:43:23 ----D---- C:\ProgramData\PDFC
2012-10-27 14:17:41 ----HD---- C:\ProgramData
2012-10-27 14:02:35 ----D---- C:\Windows
2012-10-27 14:01:08 ----D---- C:\Windows\SysWOW64
2012-10-27 13:43:16 ----D---- C:\Windows\System32
2012-10-27 10:54:22 ----RD---- C:\Program Files (x86)
2012-10-27 10:53:32 ----D---- C:\Windows\Prefetch
2012-10-12 19:56:01 ----D---- C:\Windows\Logs
2012-10-11 15:10:08 ----D---- C:\Windows\rescache
2012-10-11 15:08:48 ----D---- C:\Users\Majka-Lukas\AppData\Roaming\Mozilla
2012-10-11 14:31:58 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-10-11 14:29:12 ----D---- C:\Windows\system32\wdi
2012-10-02 16:58:31 ----D---- C:\Users\Majka-Lukas\AppData\Roaming\HP

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-09-13 437272]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-02-22 2736640]
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys [2011-05-09 29344]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys [2011-02-09 31088]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2010-12-17 12256512]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-01-12 2709224]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-12-31 56344]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver; C:\Windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 335464]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-03-05 436840]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-12-21 1402416]
S1 bbalfppd;bbalfppd; \??\C:\Windows\system32\drivers\bbalfppd.sys []
S1 icoshbqn;icoshbqn; \??\C:\Windows\system32\drivers\icoshbqn.sys []
S1 qsbndcex;qsbndcex; \??\C:\Windows\system32\drivers\qsbndcex.sys []
S3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2011-05-09 36000]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2009-06-10 1311232]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2011-05-09 298656]
S3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys [2011-05-09 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2011-05-09 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys [2011-05-09 154272]
S3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2011-05-09 281760]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-21 19968]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AERTFilters;Andrea RT Filters Service; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-05-09 146592]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2011-05-09 80032]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 HPWMISVC;HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]
R2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
R2 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-28 1817088]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-12-31 325656]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-02-01 1127448]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-02-25 249648]
R2 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-31 2656280]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2011-09-01 991288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S2 XobniService;XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [2011-02-25 62184]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-27 250808]
S3 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-11 114144]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-11-26 1255736]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 27 říj 2012 16:17

Zdravim

Jste se dal na chov stadecka rootkitu a konicku trojskych ci co

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Vasil · #3 Příspěvek od **Vasil** » 27 říj 2012 16:31

Tu je log z Rkill:

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/27/2012 05:26:57 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Majka-Lukas\Desktop\rkill\rkill-10-27-2012-05-27-00.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* C:\Windows\System32\drivers\MSPQM.sys [NoSig]
+-> C:\Windows\winsxs\amd64_microsoft-windows-kernelstreamingsupport_31bf3856ad364e35_6.1.7600.16385_none_bde9acc8f46cb6db\mspqm.sys : 6 784 : 07/14/2009 00:00 AM : 4ed981241db27c3383d72092b618a1d0 [Pos Repl]

Checking HOSTS File:

* No issues found.

Program finished at: 10/27/2012 05:28:03 PM
Execution time: 0 hours(s), 1 minute(s), and 6 seconds(s)

Vasil · #4 Příspěvek od **Vasil** » 27 říj 2012 16:49

a tu je log ComboFix:

ComboFix 12-10-26.05 - Majka-Lukas . 10. 2012 17:36:08.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.3948.2450 [GMT 2:00]
Running from: c:\users\Majka-Lukas\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-09-27 to 2012-10-27 )))))))))))))))))))))))))))))))
.
.
2012-10-27 15:42 . 2012-10-27 15:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-27 15:04 . 2012-10-27 15:04 -------- d-----w- C:\rsit
2012-10-27 15:04 . 2012-10-27 15:04 -------- d-----w- c:\program files\trend micro
2012-10-27 12:17 . 2012-10-27 12:17 -------- d-----w- c:\program files\ESET
2012-10-27 11:43 . 2012-10-23 10:17 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-27 11:42 . 2012-10-27 12:01 -------- d-----w- c:\programdata\AVAST Software
2012-10-27 11:42 . 2012-10-27 11:42 -------- d-----w- c:\program files\AVAST Software
2012-10-27 09:10 . 2012-10-17 00:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DE5132C2-173B-4840-97BA-EC2AC7394768}\mpengine.dll
2012-10-27 08:54 . 2012-10-27 08:54 -------- d-----w- c:\program files (x86)\ESET
2012-10-27 07:55 . 2012-10-27 07:55 -------- d-----w- c:\programdata\McAfee
2012-10-27 07:50 . 2012-10-27 09:34 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-11 12:31 . 2012-10-11 12:31 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-10-10 19:53 . 2012-10-27 17:47 -------- d-----w- c:\users\Majka-Lukas\AppData\Roaming\Skype
2012-10-10 19:53 . 2012-10-27 17:48 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-10-10 19:53 . 2012-10-27 17:48 -------- d-----r- c:\program files (x86)\Skype
2012-10-02 10:17 . 2012-10-02 10:17 5171904 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-27 09:34 . 2011-11-24 16:19 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 21:12 . 2011-12-28 18:18 62134624 ----a-w- c:\windows\system32\MRT.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\atapi.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\asyncmac.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\kbdclass.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\ndis.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\ntfs.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\null.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\tcpip.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\tdx.sys
.
[7] 2012-05-04 . A37A39568C8EC9A17D1B7471445B81A8 . 3916656 . . [6.1.7601.21987] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21987_none_6e78bf732bb8d24e\ntoskrnl.exe
[7] 2012-05-04 . 53483A0B2DE3617E832F1DBAF9620F39 . 3913072 . . [6.1.7601.17835] .. c:\windows\erdnt\cache86\ntoskrnl.exe
[7] 2012-05-04 . 53483A0B2DE3617E832F1DBAF9620F39 . 3913072 . . [6.1.7601.17835] .. c:\windows\SysWOW64\ntoskrnl.exe
[7] 2012-05-04 . 53483A0B2DE3617E832F1DBAF9620F39 . 3913072 . . [6.1.7601.17835] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17835_none_6e2331b012747421\ntoskrnl.exe
[7] 2012-03-31 . 28F44480E411C3DDF04B63F6560E6EF4 . 3913072 . . [6.1.7601.17803] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntoskrnl.exe
[7] 2012-03-31 . 2E02A17E8965AD671E4987E503AD38B1 . 3916656 . . [6.1.7601.21955] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntoskrnl.exe
[7] 2012-03-06 . 53B4BDEA12A032EEC71E60B6BFF42F37 . 3913072 . . [6.1.7601.17790] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17790_none_6ddd4ed012a99fed\ntoskrnl.exe
[7] 2012-03-06 . 57B7DE30C4E65AD19CA13AC3065EE60B . 3916656 . . [6.1.7601.21936] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21936_none_6eadcec52b912d42\ntoskrnl.exe
[7] 2011-11-19 . F0F0E99A65F598A1A7720F5111C4DA8F . 3913584 . . [6.1.7601.17727] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntoskrnl.exe
[7] 2011-11-19 . 00B12EA93ED392FBD09F07B63E926647 . 3916656 . . [6.1.7601.21863] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9\ntoskrnl.exe
[7] 2011-06-23 . 90EFDB506F6140EEA9DEE398D9449D86 . 3912576 . . [6.1.7601.21755] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntoskrnl.exe
[7] 2011-06-23 . FB58ABD5E1F75A2CF713C9DFF0EC0804 . 3912576 . . [6.1.7601.17640] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntoskrnl.exe
[7] 2010-11-21 . 2088D9994332583EDB3C561DE31EA5AD . 3911040 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntoskrnl.exe
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"="c:\program files (x86)\Free Download Manager\fdm.exe" [2010-04-28 3727411]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-01-31 656920]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 bbalfppd;bbalfppd;c:\windows\system32\drivers\bbalfppd.sys [x]
R1 icoshbqn;icoshbqn;c:\windows\system32\drivers\icoshbqn.sys [x]
R1 qsbndcex;qsbndcex;c:\windows\system32\drivers\qsbndcex.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe [2011-02-25 62184]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-27 250808]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-11 114144]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-26 1255736]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-05-09 146592]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-05-09 80032]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-28 1817088]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-01-31 1127448]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-31 2656280]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - 578d65f6b1ee3ca9
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-27 09:34]
.
2012-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-810337923-305667393-2845738528-1000Core.job
- c:\users\Majka-Lukas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-24 16:14]
.
2012-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-810337923-305667393-2845738528-1000UA.job
- c:\users\Majka-Lukas\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-24 16:14]
.
2012-10-27 c:\windows\Tasks\HPCeeScheduleForMajka-Lukas.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
2012-10-27 c:\windows\Tasks\WebReg HP PSC 1400 series.job
- c:\program files (x86)\HP\Digital Imaging\bin\hpqwrg.exe [2009-05-21 19:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-20 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-20 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-20 418328]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-11 6602856]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-05-09 627360]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-05-09 379552]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.bing.com?pc=CMNTDF
mStart Page = hxxp://www.bing.com?pc=CMNTDF
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Prevziať pomocou FDM - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Prevziať video pomocou FDM - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Prevziať vybrané pomocou FDM - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Prevziať všetko pomocou FDM - file://c:\program files (x86)\Free Download Manager\dlall.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Majka-Lukas\AppData\Roaming\Mozilla\Firefox\Profiles\vz1u775r.default\
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - ExtSQL: 2012-10-10 21:54; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2012-10-27 09:57; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: !HIDDEN! 2012-01-23 15:06; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\578d65f6b1ee3ca9]
"ImagePath"="\SystemRoot\System32\Drivers\578d65f6b1ee3ca9.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-27 17:47:24
ComboFix-quarantined-files.txt 2012-10-27 15:47
.
Pre-Run: 269 984 055 296 bytes free
Post-Run: 269 771 538 432 bytes free
.
- - End Of File - - AB0D5FC47B9C4F0DD03ED38B03091C30

#5 Příspěvek od **vyosek** » 28 říj 2012 11:09

Stahnete MBRScan http://eric71.geekstogo.com/tools/MbrScan.exe

Ulozte nejlepe na plochu
Pokud pouzivate Win Vista ci W7, kliknete na MBRScan pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Report
Po chvilce se objevi log do souboru MBRScan.txt, ten sem vlozte

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

Kliknete na volbu Change parametrs
V okne Additional Option zakliknete vsechny moznosti
Kliknete na OK
Utilite prikazte, at skenuje - klik na Start Scan
Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
Pokud mate vsude Skip, kliknete na Continue
Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

Vasil · #6 Příspěvek od **Vasil** » 28 říj 2012 14:03

Kód: Vybrat vše

MBRScan v1.1.1

OS             : Windows 7 Service Pack 1 (64 bit)
PROCESSOR      : Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
BOOT           : Normal Boot
DATE           : 2012/10/28 (ISO 8601) at 14:02:41
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __Hitachi HTS545050B9A (PB4O)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : NO
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0	465.8 Go  [Fixed] ==> 7 MBR Code .

MBR_MD5   : AC3F665AA47A34B77AAFE63832E40900
MBR_SHA1  : BDC2D52E88B90DFF324ECCA3ADBC3213932A8A8F

Device\Harddisk0\Partition1	199.0 Mo  	0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2	449.9 Go  	0x07 NTFS / HPFS
Device\Harddisk0\Partition3	15.56 Go  	0x07 NTFS / HPFS
Device\Harddisk0\Partition4	103.0 Mo  	0x0C FAT32 [LBA] 
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\Windows\system32\hal.dll => Invisible on the disk
ADDRESS : 0x02E03000
SIZE    : 292.0 Ko

DRIVER  : C:\Windows\system32\kdcom.dll => Invisible on the disk
ADDRESS : 0x00BCA000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\mcupdate_GenuineIntel.dll => Invisible on the disk
ADDRESS : 0x00C79000
SIZE    : 316.0 Ko

DRIVER  : C:\Windows\system32\CLFS.SYS => Invisible on the disk
ADDRESS : 0x00CDC000
SIZE    : 376.0 Ko

DRIVER  : C:\Windows\system32\CI.dll => Invisible on the disk
ADDRESS : 0x00D3A000
SIZE    : 768.0 Ko

DRIVER  : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk
ADDRESS : 0x00EBF000
SIZE    : 656.0 Ko

DRIVER  : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk
ADDRESS : 0x00F63000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\System32\Drivers\578d65f6b1ee3ca9.sys => Invisible on the disk
ADDRESS : 0x048E9000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\drivers\ACPI.sys => Invisible on the disk
ADDRESS : 0x00F8B000
SIZE    : 348.0 Ko

DRIVER  : C:\Windows\system32\drivers\WMILIB.SYS => Invisible on the disk
ADDRESS : 0x00FE2000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\msisadrv.sys => Invisible on the disk
ADDRESS : 0x00FEB000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\pci.sys => Invisible on the disk
ADDRESS : 0x00E00000
SIZE    : 204.0 Ko

DRIVER  : C:\Windows\system32\drivers\vdrvroot.sys => Invisible on the disk
ADDRESS : 0x00E33000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk
ADDRESS : 0x00E40000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\drivers\compbatt.sys => Invisible on the disk
ADDRESS : 0x00E55000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\BATTC.SYS => Invisible on the disk
ADDRESS : 0x00E5E000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\drivers\volmgr.sys => Invisible on the disk
ADDRESS : 0x00E6A000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk
ADDRESS : 0x00C00000
SIZE    : 368.0 Ko

DRIVER  : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk
ADDRESS : 0x00E7F000
SIZE    : 104.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\iaStor.sys => Invisible on the disk
ADDRESS : 0x0106A000
SIZE    : 1.33 Mo

DRIVER  : C:\Windows\system32\drivers\atapi.sys => Invisible on the disk
ADDRESS : 0x011BE000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\ataport.SYS => Invisible on the disk
ADDRESS : 0x011C7000
SIZE    : 168.0 Ko

DRIVER  : C:\Windows\system32\drivers\msahci.sys => Invisible on the disk
ADDRESS : 0x011F1000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\drivers\PCIIDEX.SYS => Invisible on the disk
ADDRESS : 0x01000000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\drivers\amdxata.sys => Invisible on the disk
ADDRESS : 0x01010000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\drivers\fltmgr.sys => Invisible on the disk
ADDRESS : 0x0101B000
SIZE    : 304.0 Ko

DRIVER  : C:\Windows\system32\drivers\fileinfo.sys => Invisible on the disk
ADDRESS : 0x00E99000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Ntfs.sys => Invisible on the disk
ADDRESS : 0x0123D000
SIZE    : 1.64 Mo

DRIVER  : C:\Windows\System32\Drivers\msrpc.sys => Invisible on the disk
ADDRESS : 0x014D2000
SIZE    : 376.0 Ko

DRIVER  : C:\Windows\System32\Drivers\ksecdd.sys => Invisible on the disk
ADDRESS : 0x01530000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\System32\Drivers\cng.sys => Invisible on the disk
ADDRESS : 0x0154B000
SIZE    : 456.0 Ko

DRIVER  : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk
ADDRESS : 0x015BD000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk
ADDRESS : 0x015CE000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk
ADDRESS : 0x016ED000
SIZE    : 972.0 Ko

DRIVER  : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk
ADDRESS : 0x01600000
SIZE    : 384.0 Ko

DRIVER  : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk
ADDRESS : 0x01660000
SIZE    : 168.0 Ko

DRIVER  : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk
ADDRESS : 0x0188F000
SIZE    : 2.01 Mo

DRIVER  : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk
ADDRESS : 0x01A92000
SIZE    : 296.0 Ko

DRIVER  : C:\Windows\system32\drivers\volsnap.sys => Invisible on the disk
ADDRESS : 0x01ADC000
SIZE    : 304.0 Ko

DRIVER  : C:\Windows\System32\Drivers\spldr.sys => Invisible on the disk
ADDRESS : 0x01B28000
SIZE    : 32.0 Ko

DRIVER  : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk
ADDRESS : 0x01B30000
SIZE    : 232.0 Ko

DRIVER  : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk
ADDRESS : 0x01B6A000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\System32\drivers\hwpolicy.sys => Invisible on the disk
ADDRESS : 0x01B7C000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk
ADDRESS : 0x01B85000
SIZE    : 232.0 Ko

DRIVER  : C:\Windows\system32\drivers\disk.sys => Invisible on the disk
ADDRESS : 0x01BBF000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\drivers\CLASSPNP.SYS => Invisible on the disk
ADDRESS : 0x01800000
SIZE    : 192.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\cdrom.sys => Invisible on the disk
ADDRESS : 0x03F7F000
SIZE    : 168.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk
ADDRESS : 0x03FA9000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk
ADDRESS : 0x03FB2000
SIZE    : 28.0 Ko

DRIVER  : C:\Windows\System32\drivers\vga.sys => Invisible on the disk
ADDRESS : 0x03FB9000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\drivers\VIDEOPRT.SYS => Invisible on the disk
ADDRESS : 0x03FC7000
SIZE    : 148.0 Ko

DRIVER  : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk
ADDRESS : 0x03FEC000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\RDPCDD.sys => Invisible on the disk
ADDRESS : 0x03E00000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\rdpencdd.sys => Invisible on the disk
ADDRESS : 0x03E09000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\rdprefmp.sys => Invisible on the disk
ADDRESS : 0x0183E000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk
ADDRESS : 0x01847000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk
ADDRESS : 0x01852000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the disk
ADDRESS : 0x01863000
SIZE    : 136.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the disk
ADDRESS : 0x01BD5000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\drivers\afd.sys => Invisible on the disk
ADDRESS : 0x01400000
SIZE    : 548.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the disk
ADDRESS : 0x0168A000
SIZE    : 276.0 Ko

DRIVER  : C:\Windows\system32\drivers\ws2ifsl.sys => Invisible on the disk
ADDRESS : 0x01BE2000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\wfplwf.sys => Invisible on the disk
ADDRESS : 0x01BED000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\pacer.sys => Invisible on the disk
ADDRESS : 0x01489000
SIZE    : 152.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\vwififlt.sys => Invisible on the disk
ADDRESS : 0x016CF000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\netbios.sys => Invisible on the disk
ADDRESS : 0x017E0000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\wanarp.sys => Invisible on the disk
ADDRESS : 0x014AF000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\system32\drivers\termdd.sys => Invisible on the disk
ADDRESS : 0x015D8000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the disk
ADDRESS : 0x03CBC000
SIZE    : 324.0 Ko

DRIVER  : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the disk
ADDRESS : 0x03D0D000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\drivers\mssmbios.sys => Invisible on the disk
ADDRESS : 0x03D19000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\drivers\discache.sys => Invisible on the disk
ADDRESS : 0x03D24000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the disk
ADDRESS : 0x03D33000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\system32\drivers\blbdrive.sys => Invisible on the disk
ADDRESS : 0x03D51000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tunnel.sys => Invisible on the disk
ADDRESS : 0x03D62000
SIZE    : 152.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\igdkmd64.sys => Invisible on the disk
ADDRESS : 0x04A28000
SIZE    : 11.69 Mo

DRIVER  : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the disk
ADDRESS : 0x0420F000
SIZE    : 976.0 Ko

DRIVER  : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the disk
ADDRESS : 0x04303000
SIZE    : 280.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\HECIx64.sys => Invisible on the disk
ADDRESS : 0x04349000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\drivers\usbehci.sys => Invisible on the disk
ADDRESS : 0x0435A000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\drivers\USBPORT.SYS => Invisible on the disk
ADDRESS : 0x0436B000
SIZE    : 344.0 Ko

DRIVER  : C:\Windows\system32\drivers\HDAudBus.sys => Invisible on the disk
ADDRESS : 0x043C1000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\Rt64win7.sys => Invisible on the disk
ADDRESS : 0x03D88000
SIZE    : 432.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\athrx.sys => Invisible on the disk
ADDRESS : 0x04402000
SIZE    : 2.63 Mo

DRIVER  : C:\Windows\system32\DRIVERS\vwifibus.sys => Invisible on the disk
ADDRESS : 0x046A4000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\RtsPStor.sys => Invisible on the disk
ADDRESS : 0x046B1000
SIZE    : 344.0 Ko

DRIVER  : C:\Windows\system32\drivers\i8042prt.sys => Invisible on the disk
ADDRESS : 0x04707000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\system32\drivers\kbdclass.sys => Invisible on the disk
ADDRESS : 0x04725000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\SynTP.sys => Invisible on the disk
ADDRESS : 0x05877000
SIZE    : 1.36 Mo

DRIVER  : C:\Windows\system32\DRIVERS\USBD.SYS => Invisible on the disk
ADDRESS : 0x059D3000
SIZE    : 8.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mouclass.sys => Invisible on the disk
ADDRESS : 0x059D5000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\drivers\CmBatt.sys => Invisible on the disk
ADDRESS : 0x059E4000
SIZE    : 20.0 Ko

DRIVER  : C:\Windows\system32\drivers\wmiacpi.sys => Invisible on the disk
ADDRESS : 0x059E9000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\intelppm.sys => Invisible on the disk
ADDRESS : 0x05800000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\drivers\CompositeBus.sys => Invisible on the disk
ADDRESS : 0x05816000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\clwvd.sys => Invisible on the disk
ADDRESS : 0x05826000
SIZE    : 24.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ks.sys => Invisible on the disk
ADDRESS : 0x0582C000
SIZE    : 268.0 Ko

DRIVER  : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the disk
ADDRESS : 0x0586F000
SIZE    : 24.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\AgileVpn.sys => Invisible on the disk
ADDRESS : 0x04734000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rasl2tp.sys => Invisible on the disk
ADDRESS : 0x0474A000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndistapi.sys => Invisible on the disk
ADDRESS : 0x059F2000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\System32\Drivers\fastfat.SYS => Invisible on the disk
ADDRESS : 0x0476E000
SIZE    : 216.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndiswan.sys => Invisible on the disk
ADDRESS : 0x047A4000
SIZE    : 188.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\raspppoe.sys => Invisible on the disk
ADDRESS : 0x047D3000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\raspptp.sys => Invisible on the disk
ADDRESS : 0x055D9000
SIZE    : 132.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rassstp.sys => Invisible on the disk
ADDRESS : 0x043E5000
SIZE    : 104.0 Ko

DRIVER  : C:\Windows\system32\drivers\swenum.sys => Invisible on the disk
ADDRESS : 0x059FE000
SIZE    : 8.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\btath_bus.sys => Invisible on the disk
ADDRESS : 0x047EE000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\umbus.sys => Invisible on the disk
ADDRESS : 0x04A00000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbhub.sys => Invisible on the disk
ADDRESS : 0x03C00000
SIZE    : 360.0 Ko

DRIVER  : C:\Windows\System32\Drivers\NDProxy.SYS => Invisible on the disk
ADDRESS : 0x04A12000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\drivers\RTKVHD64.sys => Invisible on the disk
ADDRESS : 0x0667A000
SIZE    : 2.58 Mo

DRIVER  : C:\Windows\system32\drivers\portcls.sys => Invisible on the disk
ADDRESS : 0x0690E000
SIZE    : 244.0 Ko

DRIVER  : C:\Windows\system32\drivers\drmk.sys => Invisible on the disk
ADDRESS : 0x0694B000
SIZE    : 136.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\IntcDAud.sys => Invisible on the disk
ADDRESS : 0x0696D000
SIZE    : 332.0 Ko

DRIVER  : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the disk
ADDRESS : 0x069C0000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dump_iaStor.sys => Invisible on the disk
ADDRESS : 0x03E12000
SIZE    : 1.33 Mo

DRIVER  : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk
ADDRESS : 0x069CE000
SIZE    : 76.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbccgp.sys => Invisible on the disk
ADDRESS : 0x069E1000
SIZE    : 116.0 Ko

DRIVER  : C:\Windows\System32\win32k.sys => Invisible on the disk
ADDRESS : 0x00060000
SIZE    : 3.08 Mo

DRIVER  : C:\Windows\System32\drivers\Dxapi.sys => Invisible on the disk
ADDRESS : 0x06600000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\System32\Drivers\usbvideo.sys => Invisible on the disk
ADDRESS : 0x0660C000
SIZE    : 184.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\HIDPARSE.SYS => Invisible on the disk
ADDRESS : 0x02757000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\TSDDD.dll => Invisible on the disk
ADDRESS : 0x00570000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\System32\cdd.dll => Invisible on the disk
ADDRESS : 0x00700000
SIZE    : 156.0 Ko

DRIVER  : C:\Windows\system32\drivers\luafv.sys => Invisible on the disk
ADDRESS : 0x0277B000
SIZE    : 140.0 Ko

DRIVER  : C:\Windows\system32\drivers\WudfPf.sys => Invisible on the disk
ADDRESS : 0x0279E000
SIZE    : 132.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\lltdio.sys => Invisible on the disk
ADDRESS : 0x027BF000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\nwifi.sys => Invisible on the disk
ADDRESS : 0x02600000
SIZE    : 332.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndisuio.sys => Invisible on the disk
ADDRESS : 0x02653000
SIZE    : 76.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rspndr.sys => Invisible on the disk
ADDRESS : 0x02666000
SIZE    : 96.0 Ko

DRIVER  : C:\Windows\system32\drivers\HTTP.sys => Invisible on the disk
ADDRESS : 0x048F9000
SIZE    : 804.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the disk
ADDRESS : 0x049C2000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the disk
ADDRESS : 0x049E0000
SIZE    : 96.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk
ADDRESS : 0x04800000
SIZE    : 180.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk
ADDRESS : 0x0482D000
SIZE    : 312.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk
ADDRESS : 0x0487B000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\drivers\peauth.sys => Invisible on the disk
ADDRESS : 0x0267E000
SIZE    : 664.0 Ko

DRIVER  : C:\Windows\System32\Drivers\secdrv.SYS => Invisible on the disk
ADDRESS : 0x0489F000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the disk
ADDRESS : 0x048AA000
SIZE    : 196.0 Ko

DRIVER  : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the disk
ADDRESS : 0x048DB000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the disk
ADDRESS : 0x0825F000
SIZE    : 420.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the disk
ADDRESS : 0x082C8000
SIZE    : 608.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\hidusb.sys => Invisible on the disk
ADDRESS : 0x083E7000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\HIDCLASS.SYS => Invisible on the disk
ADDRESS : 0x08200000
SIZE    : 100.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mouhid.sys => Invisible on the disk
ADDRESS : 0x08219000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\monitor.sys => Invisible on the disk
ADDRESS : 0x083C1000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\smss.exe => Invisible on the disk
ADDRESS : 0x47D10000
SIZE    : 128.0 Ko

BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)

SystemStartOptions :  TESTSIGNING  NOEXECUTE=OPTIN

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00   3À.Ð¼.|.À.Ø¾.|¿.
0x00000010   06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00   .¹..üó¤Ph..Ëû¹..
0x00000020   BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10   ½¾..~..|......Å.
0x00000030   E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00   âñÍ..V.UÆF..ÆF..
0x00000040   B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09   ´A»ªUÍ.]r..ûUªu.
0x00000050   F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74   ÷Á..t.þF.f`.~..t
0x00000060   26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00   &fh....f.v.h..h.
0x00000070   7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13   |h..h..´B.V..ôÍ.
0x00000080   9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00   ..Ä..ë.¸..».|.V.
0x00000090   8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE   .v..N..n.Í.fas.þ
0x000000A0   4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84   N.u..~......².ë.
0x000000B0   55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55   U2ä.V.Í.]ë..>þ}U
0x000000C0   AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64   ªun.v.è..u.ú°Ñæd
0x000000D0   E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75   è..°ßæ`è|.°.ædèu
0x000000E0   00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54   .û¸.»Í.f#Àu;f.ûT
0x000000F0   43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00   CPAu2.ù..r,fh.».
0x00000100   00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66   .fh....fh....fSf
0x00000110   53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66   SfUfh....fh.|..f
0x00000120   61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD   ah...Í.Z2öê.|..Í
0x00000130   18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4   ..·.ë..¶.ë..µ.2ä
0x00000140   05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD   ....ð¬<.t.»..´.Í
0x00000150   10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8   .ëòôëý+Éädë.$.àø
0x00000160   24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69   $.ÃInvalid parti
0x00000170   74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72   tion table.Error
0x00000180   20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69    loading operati
0x00000190   6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E   ng system.Missin
0x000001A0   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x000001B0   65 6D 00 00 00 63 7B 9A 89 EA 0C 1B 00 00 80 20   em...c{..ê..... 
0x000001C0   21 00 07 7E 25 19 00 08 00 00 00 38 06 00 00 7E   !..~%......8...~
0x000001D0   26 19 07 FE FF FF 00 40 06 00 00 E8 3C 38 00 FE   &..þ...@...è<8.þ
0x000001E0   FF FF 07 FE FF FF 00 28 43 38 00 F8 F1 01 00 FE   ...þ...(C8.øñ..þ
0x000001F0   FF FF 0C FE FF FF 00 20 35 3A 30 38 03 00 55 AA   ...þ... 5:08..Uª

Vasil · #7 Příspěvek od **Vasil** » 28 říj 2012 14:16

14:10:01.0439 5132 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
14:10:01.0834 5132 ============================================================
14:10:01.0834 5132 Current date / time: 2012/10/28 14:10:01.0834
14:10:01.0834 5132 SystemInfo:
14:10:01.0834 5132
14:10:01.0834 5132 OS Version: 6.1.7601 ServicePack: 1.0
14:10:01.0834 5132 Product type: Workstation
14:10:01.0835 5132 ComputerName: NOTEBOOKMAJKA
14:10:01.0835 5132 UserName: Majka-Lukas
14:10:01.0835 5132 Windows directory: C:\Windows
14:10:01.0835 5132 System windows directory: C:\Windows
14:10:01.0835 5132 Running under WOW64
14:10:01.0835 5132 Processor architecture: Intel x64
14:10:01.0835 5132 Number of processors: 2
14:10:01.0835 5132 Page size: 0x1000
14:10:01.0835 5132 Boot type: Normal boot
14:10:01.0835 5132 ============================================================
14:10:04.0686 5132 !crdlk
14:10:04.0690 5132 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
14:10:04.0719 5132 ============================================================
14:10:04.0719 5132 \Device\Harddisk0\DR0:
14:10:04.0720 5132 MBR partitions:
14:10:04.0720 5132 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
14:10:04.0720 5132 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x383CE800
14:10:04.0720 5132 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38432800, BlocksNum 0x1F1F800
14:10:04.0720 5132 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
14:10:04.0720 5132 ============================================================
14:10:04.0763 5132 C: <-> \Device\Harddisk0\DR0\Partition2
14:10:04.0802 5132 D: <-> \Device\Harddisk0\DR0\Partition3
14:10:04.0810 5132 F: <-> \Device\Harddisk0\DR0\Partition4
14:10:04.0810 5132 ============================================================
14:10:04.0810 5132 Initialize success
14:10:04.0811 5132 ============================================================
14:10:50.0151 1092 ============================================================
14:10:50.0151 1092 Scan started
14:10:50.0151 1092 Mode: Manual; SigCheck; TDLFS;
14:10:50.0151 1092 ============================================================
14:10:50.0379 1092 ================ Scan system memory ========================
14:10:50.0379 1092 System memory - ok
14:10:50.0380 1092 ================ Scan services =============================
14:10:50.0784 1092 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:10:50.0969 1092 1394ohci - ok
14:10:51.0000 1092 Suspicious service (NoAccess): 578d65f6b1ee3ca9
14:10:51.0061 1092 [ 0863F37BF4B445E033285792FA056C43 ] 578d65f6b1ee3ca9 C:\Windows\System32\Drivers\578d65f6b1ee3ca9.sys
14:10:51.0062 1092 Suspicious file (NoAccess): C:\Windows\System32\Drivers\578d65f6b1ee3ca9.sys. md5: 0863F37BF4B445E033285792FA056C43
14:10:51.0156 1092 578d65f6b1ee3ca9 ( Rootkit.Win32.Necurs.gen ) - infected
14:10:51.0156 1092 578d65f6b1ee3ca9 - detected Rootkit.Win32.Necurs.gen (0)
14:10:51.0243 1092 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:10:51.0283 1092 ACPI - ok
14:10:51.0343 1092 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:10:51.0458 1092 AcpiPmi - ok
14:10:51.0622 1092 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:10:51.0653 1092 AdobeFlashPlayerUpdateSvc - ok
14:10:51.0760 1092 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:10:51.0808 1092 adp94xx - ok
14:10:51.0940 1092 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:10:51.0981 1092 adpahci - ok
14:10:52.0029 1092 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:10:52.0061 1092 adpu320 - ok
14:10:52.0121 1092 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:10:52.0321 1092 AeLookupSvc - ok
14:10:52.0488 1092 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
14:10:52.0513 1092 AERTFilters - ok
14:10:52.0632 1092 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
14:10:52.0727 1092 AFD - ok
14:10:52.0824 1092 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:10:52.0851 1092 agp440 - ok
14:10:52.0903 1092 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
14:10:52.0977 1092 ALG - ok
14:10:53.0060 1092 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
14:10:53.0084 1092 aliide - ok
14:10:53.0146 1092 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
14:10:53.0172 1092 amdide - ok
14:10:53.0237 1092 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:10:53.0297 1092 AmdK8 - ok
14:10:53.0373 1092 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
14:10:53.0437 1092 AmdPPM - ok
14:10:53.0540 1092 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:10:53.0570 1092 amdsata - ok
14:10:53.0621 1092 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
14:10:53.0654 1092 amdsbs - ok
14:10:53.0690 1092 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:10:53.0716 1092 amdxata - ok
14:10:53.0811 1092 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
14:10:54.0024 1092 AppID - ok
14:10:54.0135 1092 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:10:54.0246 1092 AppIDSvc - ok
14:10:54.0332 1092 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
14:10:54.0443 1092 Appinfo - ok
14:10:54.0562 1092 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
14:10:54.0590 1092 arc - ok
14:10:54.0627 1092 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:10:54.0656 1092 arcsas - ok
14:10:54.0715 1092 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:10:54.0835 1092 AsyncMac - ok
14:10:54.0922 1092 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
14:10:54.0948 1092 atapi - ok
14:10:55.0023 1092 [ CBE61B4494165F458BD87E37181EE934 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
14:10:55.0040 1092 AthBTPort - ok
14:10:55.0176 1092 [ 650F111D5CDA64C10AE4B9D1BA9D4FFF ] Atheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
14:10:55.0197 1092 Atheros Bt&Wlan Coex Agent - ok
14:10:55.0296 1092 [ 7DF4FC861D1AB4977195936025B1B940 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
14:10:55.0314 1092 AtherosSvc - ok
14:10:55.0477 1092 [ 40734F3A5EEC4C4AC6A1FAF10B293714 ] athr C:\Windows\system32\DRIVERS\athrx.sys
14:10:55.0628 1092 athr - ok
14:10:55.0769 1092 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:10:55.0912 1092 AudioEndpointBuilder - ok
14:10:55.0959 1092 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:10:56.0068 1092 AudioSrv - ok
14:10:56.0201 1092 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:10:56.0320 1092 AxInstSV - ok
14:10:56.0404 1092 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
14:10:56.0489 1092 b06bdrv - ok
14:10:56.0575 1092 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:10:56.0644 1092 b57nd60a - ok
14:10:56.0696 1092 bbalfppd - ok
14:10:56.0807 1092 [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
14:10:56.0841 1092 BBSvc - ok
14:10:56.0956 1092 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
14:10:57.0083 1092 BCM43XX - ok
14:10:57.0199 1092 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:10:57.0291 1092 BDESVC - ok
14:10:57.0380 1092 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:10:57.0508 1092 Beep - ok
14:10:57.0639 1092 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
14:10:57.0775 1092 BFE - ok
14:10:57.0880 1092 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
14:10:58.0025 1092 BITS - ok
14:10:58.0099 1092 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
14:10:58.0147 1092 blbdrive - ok
14:10:58.0211 1092 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:10:58.0288 1092 bowser - ok
14:10:58.0378 1092 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
14:10:58.0432 1092 BrFiltLo - ok
14:10:58.0481 1092 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
14:10:58.0517 1092 BrFiltUp - ok
14:10:58.0601 1092 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
14:10:58.0711 1092 BridgeMP - ok
14:10:58.0806 1092 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
14:10:58.0872 1092 Browser - ok
14:10:58.0905 1092 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:10:59.0000 1092 Brserid - ok
14:10:59.0047 1092 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:10:59.0102 1092 BrSerWdm - ok
14:10:59.0181 1092 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:10:59.0234 1092 BrUsbMdm - ok
14:10:59.0279 1092 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:10:59.0323 1092 BrUsbSer - ok
14:10:59.0392 1092 [ FE70889A85C57A9268101B2DB0474509 ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
14:10:59.0421 1092 BTATH_A2DP - ok
14:10:59.0510 1092 [ A9DF22429E8D69ED849B0BBBE16BD327 ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys
14:10:59.0526 1092 BTATH_BUS - ok
14:10:59.0564 1092 [ C864FF85EE16D61C2BDD5EF76824625F ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys
14:10:59.0589 1092 BTATH_HCRP - ok
14:10:59.0616 1092 [ 0DEA505EFB5D771826D177EF8B8A208F ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
14:10:59.0636 1092 BTATH_LWFLT - ok
14:10:59.0680 1092 [ 724C8088C96EFE7A3E63FEC21D4681C0 ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys
14:10:59.0703 1092 BTATH_RCP - ok
14:10:59.0778 1092 [ 433ED82856EB245577544DA94D0C0565 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
14:10:59.0805 1092 BtFilter - ok
14:10:59.0887 1092 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
14:10:59.0958 1092 BthEnum - ok
14:11:00.0018 1092 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:11:00.0077 1092 BTHMODEM - ok
14:11:00.0142 1092 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
14:11:00.0208 1092 BthPan - ok
14:11:00.0319 1092 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
14:11:00.0379 1092 BTHPORT - ok
14:11:00.0472 1092 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
14:11:00.0564 1092 bthserv - ok
14:11:00.0649 1092 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
14:11:00.0698 1092 BTHUSB - ok
14:11:00.0782 1092 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:11:00.0897 1092 cdfs - ok
14:11:00.0992 1092 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:11:01.0053 1092 cdrom - ok
14:11:01.0135 1092 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
14:11:01.0257 1092 CertPropSvc - ok
14:11:01.0325 1092 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
14:11:01.0388 1092 circlass - ok
14:11:01.0434 1092 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
14:11:01.0474 1092 CLFS - ok
14:11:01.0610 1092 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:11:01.0634 1092 clr_optimization_v2.0.50727_32 - ok
14:11:01.0698 1092 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:11:01.0723 1092 clr_optimization_v2.0.50727_64 - ok
14:11:01.0817 1092 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:11:01.0845 1092 clr_optimization_v4.0.30319_32 - ok
14:11:01.0922 1092 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:11:01.0948 1092 clr_optimization_v4.0.30319_64 - ok
14:11:02.0017 1092 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
14:11:02.0045 1092 clwvd - ok
14:11:02.0118 1092 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
14:11:02.0189 1092 CmBatt - ok
14:11:02.0249 1092 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:11:02.0275 1092 cmdide - ok
14:11:02.0367 1092 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
14:11:02.0440 1092 CNG - ok
14:11:02.0527 1092 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
14:11:02.0554 1092 Compbatt - ok
14:11:02.0645 1092 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
14:11:02.0707 1092 CompositeBus - ok
14:11:02.0741 1092 COMSysApp - ok
14:11:02.0787 1092 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:11:02.0813 1092 crcdisk - ok
14:11:02.0911 1092 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:11:02.0980 1092 CryptSvc - ok
14:11:03.0093 1092 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:11:03.0223 1092 DcomLaunch - ok
14:11:03.0323 1092 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
14:11:03.0436 1092 defragsvc - ok
14:11:03.0488 1092 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:11:03.0599 1092 DfsC - ok
14:11:03.0669 1092 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
14:11:03.0788 1092 Dhcp - ok
14:11:03.0861 1092 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
14:11:03.0979 1092 discache - ok
14:11:04.0057 1092 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
14:11:04.0087 1092 Disk - ok
14:11:04.0195 1092 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:11:04.0276 1092 Dnscache - ok
14:11:04.0379 1092 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:11:04.0491 1092 dot3svc - ok
14:11:04.0582 1092 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
14:11:04.0641 1092 Dot4 - ok
14:11:04.0704 1092 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:11:04.0753 1092 Dot4Print - ok
14:11:04.0797 1092 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
14:11:04.0852 1092 dot4usb - ok
14:11:04.0950 1092 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
14:11:05.0060 1092 DPS - ok
14:11:05.0131 1092 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:11:05.0186 1092 drmkaud - ok
14:11:05.0264 1092 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:11:05.0333 1092 DXGKrnl - ok
14:11:05.0428 1092 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:11:05.0547 1092 EapHost - ok
14:11:05.0689 1092 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
14:11:05.0823 1092 ebdrv - ok
14:11:05.0919 1092 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
14:11:06.0003 1092 EFS - ok
14:11:06.0162 1092 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:11:06.0258 1092 ehRecvr - ok
14:11:06.0341 1092 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
14:11:06.0389 1092 ehSched - ok
14:11:06.0477 1092 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:11:06.0525 1092 elxstor - ok
14:11:06.0604 1092 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:11:06.0657 1092 ErrDev - ok
14:11:06.0793 1092 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
14:11:06.0914 1092 EventSystem - ok
14:11:06.0989 1092 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
14:11:07.0110 1092 exfat - ok
14:11:07.0163 1092 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:11:07.0276 1092 fastfat - ok
14:11:07.0351 1092 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
14:11:07.0435 1092 Fax - ok
14:11:07.0509 1092 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
14:11:07.0556 1092 fdc - ok
14:11:07.0636 1092 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:11:07.0727 1092 fdPHost - ok
14:11:07.0766 1092 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:11:07.0879 1092 FDResPub - ok
14:11:07.0957 1092 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:11:07.0986 1092 FileInfo - ok
14:11:08.0061 1092 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:11:08.0186 1092 Filetrace - ok
14:11:08.0235 1092 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
14:11:08.0266 1092 flpydisk - ok
14:11:08.0312 1092 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:11:08.0350 1092 FltMgr - ok
14:11:08.0466 1092 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
14:11:08.0576 1092 FontCache - ok
14:11:08.0683 1092 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:11:08.0705 1092 FontCache3.0.0.0 - ok
14:11:08.0791 1092 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:11:08.0819 1092 FsDepends - ok
14:11:08.0885 1092 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:11:08.0912 1092 Fs_Rec - ok
14:11:08.0992 1092 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:11:09.0034 1092 fvevol - ok
14:11:09.0112 1092 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:11:09.0140 1092 gagp30kx - ok
14:11:09.0257 1092 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
14:11:09.0284 1092 GamesAppService - ok
14:11:09.0420 1092 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
14:11:09.0534 1092 gpsvc - ok
14:11:09.0607 1092 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:11:09.0672 1092 hcw85cir - ok
14:11:09.0741 1092 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:11:09.0811 1092 HdAudAddService - ok
14:11:09.0862 1092 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
14:11:09.0923 1092 HDAudBus - ok
14:11:09.0998 1092 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
14:11:10.0074 1092 HidBatt - ok
14:11:10.0131 1092 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:11:10.0189 1092 HidBth - ok
14:11:10.0250 1092 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
14:11:10.0286 1092 HidIr - ok
14:11:10.0354 1092 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
14:11:10.0467 1092 hidserv - ok
14:11:10.0513 1092 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:11:10.0541 1092 HidUsb - ok
14:11:10.0630 1092 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:11:10.0747 1092 hkmsvc - ok
14:11:10.0808 1092 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:11:10.0879 1092 HomeGroupListener - ok
14:11:10.0939 1092 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:11:10.0990 1092 HomeGroupProvider - ok
14:11:11.0145 1092 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
14:11:11.0166 1092 HP Support Assistant Service - ok
14:11:11.0293 1092 [ C930128C8F8FF03D8F8C42B570920D56 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
14:11:11.0315 1092 HP Wireless Assistant Service - ok
14:11:11.0420 1092 [ B19FF523B533A3F198B9239E1749C940 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
14:11:11.0447 1092 HPDrvMntSvc.exe - ok
14:11:11.0579 1092 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
14:11:11.0623 1092 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
14:11:11.0623 1092 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
14:11:11.0706 1092 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
14:11:11.0740 1092 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
14:11:11.0740 1092 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
14:11:11.0836 1092 [ 01091B900E15878B4434F9C726C4541D ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
14:11:11.0901 1092 hpqwmiex - ok
14:11:11.0979 1092 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:11:12.0007 1092 HpSAMD - ok
14:11:12.0112 1092 [ 7F57926169C1B8ABA9274EA7D4B70F18 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
14:11:12.0159 1092 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
14:11:12.0159 1092 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
14:11:12.0267 1092 [ 77C15D7E8F002A173EEBFF0B20CD697D ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
14:11:12.0286 1092 HPWMISVC - ok
14:11:12.0392 1092 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:11:12.0523 1092 HTTP - ok
14:11:12.0586 1092 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:11:12.0611 1092 hwpolicy - ok
14:11:12.0699 1092 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:11:12.0732 1092 i8042prt - ok
14:11:12.0845 1092 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
14:11:12.0887 1092 iaStor - ok
14:11:13.0015 1092 [ B25F192EA1F84A316EB7C19EFCCCF33D ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
14:11:13.0037 1092 IAStorDataMgrSvc - ok
14:11:13.0120 1092 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:11:13.0163 1092 iaStorV - ok
14:11:13.0337 1092 [ E4693409D06785477A49FB34AFAE1B92 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
14:11:13.0625 1092 IconMan_R ( UnsignedFile.Multi.Generic ) - warning
14:11:13.0625 1092 IconMan_R - detected UnsignedFile.Multi.Generic (1)
14:11:13.0661 1092 icoshbqn - ok
14:11:13.0756 1092 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:11:13.0814 1092 idsvc - ok
14:11:14.0249 1092 [ 8CB8667F5A3B5515F2585F3254F3AAF7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
14:11:14.0907 1092 igfx - ok
14:11:15.0012 1092 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:11:15.0038 1092 iirsp - ok
14:11:15.0158 1092 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
14:11:15.0304 1092 IKEEXT - ok
14:11:15.0463 1092 [ 336C3A6BF14D5A9AF35AF07C6B6B29CD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:11:15.0608 1092 IntcAzAudAddService - ok
14:11:15.0690 1092 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
14:11:15.0740 1092 IntcDAud - ok
14:11:15.0795 1092 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
14:11:15.0820 1092 intelide - ok
14:11:15.0884 1092 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:11:15.0933 1092 intelppm - ok
14:11:16.0028 1092 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:11:16.0141 1092 IPBusEnum - ok
14:11:16.0199 1092 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:11:16.0285 1092 IpFilterDriver - ok
14:11:16.0370 1092 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:11:16.0495 1092 iphlpsvc - ok
14:11:16.0562 1092 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:11:16.0612 1092 IPMIDRV - ok
14:11:16.0680 1092 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:11:16.0790 1092 IPNAT - ok
14:11:16.0835 1092 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:11:16.0897 1092 IRENUM - ok
14:11:16.0983 1092 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:11:17.0008 1092 isapnp - ok
14:11:17.0071 1092 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:11:17.0107 1092 iScsiPrt - ok
14:11:17.0169 1092 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
14:11:17.0197 1092 kbdclass - ok
14:11:17.0267 1092 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
14:11:17.0314 1092 kbdhid - ok
14:11:17.0376 1092 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
14:11:17.0404 1092 KeyIso - ok
14:11:17.0480 1092 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:11:17.0509 1092 KSecDD - ok
14:11:17.0546 1092 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:11:17.0579 1092 KSecPkg - ok
14:11:17.0619 1092 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:11:17.0711 1092 ksthunk - ok
14:11:17.0809 1092 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
14:11:17.0935 1092 KtmRm - ok
14:11:18.0047 1092 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
14:11:18.0161 1092 LanmanServer - ok
14:11:18.0222 1092 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:11:18.0336 1092 LanmanWorkstation - ok
14:11:18.0424 1092 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:11:18.0536 1092 lltdio - ok
14:11:18.0611 1092 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:11:18.0738 1092 lltdsvc - ok
14:11:18.0795 1092 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:11:18.0907 1092 lmhosts - ok
14:11:18.0993 1092 [ D7E0BED3EA21D7BDDD410ADE51708D90 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
14:11:19.0028 1092 LMS - ok
14:11:19.0116 1092 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:11:19.0146 1092 LSI_FC - ok
14:11:19.0182 1092 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:11:19.0211 1092 LSI_SAS - ok
14:11:19.0242 1092 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
14:11:19.0270 1092 LSI_SAS2 - ok
14:11:19.0334 1092 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:11:19.0365 1092 LSI_SCSI - ok
14:11:19.0434 1092 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
14:11:19.0548 1092 luafv - ok
14:11:19.0664 1092 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:11:19.0698 1092 Mcx2Svc - ok
14:11:19.0783 1092 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
14:11:19.0809 1092 megasas - ok
14:11:19.0848 1092 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
14:11:19.0885 1092 MegaSR - ok
14:11:19.0962 1092 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
14:11:19.0986 1092 MEIx64 - ok
14:11:20.0078 1092 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
14:11:20.0184 1092 MMCSS - ok
14:11:20.0266 1092 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:11:20.0372 1092 Modem - ok
14:11:20.0429 1092 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:11:20.0486 1092 monitor - ok
14:11:20.0560 1092 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:11:20.0587 1092 mouclass - ok
14:11:20.0667 1092 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:11:20.0712 1092 mouhid - ok
14:11:20.0802 1092 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:11:20.0830 1092 mountmgr - ok
14:11:20.0940 1092 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:11:20.0967 1092 MozillaMaintenance - ok
14:11:21.0069 1092 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
14:11:21.0100 1092 mpio - ok
14:11:21.0189 1092 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:11:21.0285 1092 mpsdrv - ok
14:11:21.0358 1092 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:11:21.0495 1092 MpsSvc - ok
14:11:21.0572 1092 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:11:21.0631 1092 MRxDAV - ok
14:11:21.0703 1092 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:11:21.0783 1092 mrxsmb - ok
14:11:21.0825 1092 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:11:21.0862 1092 mrxsmb10 - ok
14:11:21.0928 1092 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:11:21.0959 1092 mrxsmb20 - ok
14:11:22.0026 1092 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
14:11:22.0052 1092 msahci - ok
14:11:22.0129 1092 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:11:22.0159 1092 msdsm - ok
14:11:22.0228 1092 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
14:11:22.0287 1092 MSDTC - ok
14:11:22.0388 1092 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:11:22.0476 1092 Msfs - ok
14:11:22.0542 1092 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:11:22.0655 1092 mshidkmdf - ok
14:11:22.0696 1092 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:11:22.0722 1092 msisadrv - ok
14:11:22.0829 1092 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:11:22.0946 1092 MSiSCSI - ok
14:11:22.0985 1092 msiserver - ok
14:11:23.0032 1092 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:11:23.0137 1092 MSKSSRV - ok
14:11:23.0157 1092 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:11:23.0259 1092 MSPCLOCK - ok
14:11:23.0303 1092 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:11:23.0413 1092 MSPQM - ok
14:11:23.0470 1092 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:11:23.0512 1092 MsRPC - ok
14:11:23.0604 1092 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
14:11:23.0629 1092 mssmbios - ok
14:11:23.0710 1092 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:11:23.0823 1092 MSTEE - ok
14:11:23.0897 1092 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
14:11:23.0926 1092 MTConfig - ok
14:11:23.0996 1092 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:11:24.0024 1092 Mup - ok
14:11:24.0133 1092 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
14:11:24.0252 1092 napagent - ok
14:11:24.0362 1092 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:11:24.0436 1092 NativeWifiP - ok
14:11:24.0525 1092 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
14:11:24.0590 1092 NDIS - ok
14:11:24.0670 1092 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:11:24.0777 1092 NdisCap - ok
14:11:24.0851 1092 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:11:24.0939 1092 NdisTapi - ok
14:11:25.0000 1092 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:11:25.0109 1092 Ndisuio - ok
14:11:25.0181 1092 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:11:25.0288 1092 NdisWan - ok
14:11:25.0326 1092 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:11:25.0414 1092 NDProxy - ok
14:11:25.0524 1092 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
14:11:25.0536 1092 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:11:25.0536 1092 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:11:25.0618 1092 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:11:25.0735 1092 NetBIOS - ok
14:11:25.0810 1092 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:11:25.0906 1092 NetBT - ok
14:11:25.0975 1092 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
14:11:26.0002 1092 Netlogon - ok
14:11:26.0111 1092 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
14:11:26.0234 1092 Netman - ok
14:11:26.0283 1092 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
14:11:26.0411 1092 netprofm - ok
14:11:26.0503 1092 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:11:26.0529 1092 NetTcpPortSharing - ok
14:11:26.0613 1092 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:11:26.0640 1092 nfrd960 - ok
14:11:26.0729 1092 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:11:26.0843 1092 NlaSvc - ok
14:11:26.0952 1092 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:11:27.0041 1092 Npfs - ok
14:11:27.0081 1092 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:11:27.0196 1092 nsi - ok
14:11:27.0258 1092 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:11:27.0369 1092 nsiproxy - ok
14:11:27.0525 1092 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:11:27.0649 1092 Ntfs - ok
14:11:27.0737 1092 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
14:11:27.0842 1092 Null - ok
14:11:27.0907 1092 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
14:11:27.0964 1092 NVENETFD - ok
14:11:28.0046 1092 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:11:28.0079 1092 nvraid - ok
14:11:28.0155 1092 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:11:28.0188 1092 nvstor - ok
14:11:28.0271 1092 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:11:28.0301 1092 nv_agp - ok
14:11:28.0346 1092 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:11:28.0377 1092 ohci1394 - ok
14:11:28.0481 1092 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:11:28.0505 1092 ose - ok
14:11:28.0607 1092 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:11:28.0691 1092 p2pimsvc - ok
14:11:28.0770 1092 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:11:28.0813 1092 p2psvc - ok
14:11:28.0897 1092 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
14:11:28.0928 1092 Parport - ok
14:11:29.0008 1092 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:11:29.0036 1092 partmgr - ok
14:11:29.0116 1092 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:11:29.0181 1092 PcaSvc - ok
14:11:29.0253 1092 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
14:11:29.0287 1092 pci - ok
14:11:29.0336 1092 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
14:11:29.0361 1092 pciide - ok
14:11:29.0394 1092 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:11:29.0430 1092 pcmcia - ok
14:11:29.0467 1092 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:11:29.0493 1092 pcw - ok
14:11:29.0562 1092 pdfcDispatcher - ok
14:11:29.0670 1092 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:11:29.0804 1092 PEAUTH - ok
14:11:29.0959 1092 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:11:30.0019 1092 PerfHost - ok
14:11:30.0163 1092 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
14:11:30.0319 1092 pla - ok
14:11:30.0436 1092 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:11:30.0527 1092 PlugPlay - ok
14:11:30.0623 1092 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
14:11:30.0656 1092 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
14:11:30.0656 1092 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
14:11:30.0730 1092 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:11:30.0778 1092 PNRPAutoReg - ok
14:11:30.0840 1092 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:11:30.0877 1092 PNRPsvc - ok
14:11:30.0974 1092 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:11:31.0102 1092 PolicyAgent - ok
14:11:31.0197 1092 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
14:11:31.0313 1092 Power - ok
14:11:31.0375 1092 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:11:31.0486 1092 PptpMiniport - ok
14:11:31.0565 1092 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
14:11:31.0620 1092 Processor - ok
14:11:31.0707 1092 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
14:11:31.0789 1092 ProfSvc - ok
14:11:31.0818 1092 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:11:31.0849 1092 ProtectedStorage - ok
14:11:31.0927 1092 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:11:32.0039 1092 Psched - ok
14:11:32.0155 1092 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:11:32.0246 1092 ql2300 - ok
14:11:32.0337 1092 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:11:32.0367 1092 ql40xx - ok
14:11:32.0407 1092 qsbndcex - ok
14:11:32.0496 1092 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
14:11:32.0548 1092 QWAVE - ok
14:11:32.0590 1092 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:11:32.0651 1092 QWAVEdrv - ok
14:11:32.0719 1092 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:11:32.0827 1092 RasAcd - ok
14:11:32.0871 1092 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:11:32.0983 1092 RasAgileVpn - ok
14:11:33.0061 1092 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
14:11:33.0181 1092 RasAuto - ok
14:11:33.0257 1092 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:11:33.0371 1092 Rasl2tp - ok
14:11:33.0437 1092 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
14:11:33.0538 1092 RasMan - ok
14:11:33.0567 1092 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:11:33.0680 1092 RasPppoe - ok
14:11:33.0721 1092 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:11:33.0840 1092 RasSstp - ok
14:11:33.0939 1092 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:11:34.0060 1092 rdbss - ok
14:11:34.0116 1092 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
14:11:34.0169 1092 rdpbus - ok
14:11:34.0218 1092 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:11:34.0326 1092 RDPCDD - ok
14:11:34.0405 1092 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:11:34.0519 1092 RDPENCDD - ok
14:11:34.0581 1092 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:11:34.0671 1092 RDPREFMP - ok
14:11:34.0720 1092 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:11:34.0761 1092 RDPWD - ok
14:11:34.0854 1092 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:11:34.0888 1092 rdyboost - ok
14:11:34.0990 1092 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:11:35.0105 1092 RemoteAccess - ok
14:11:35.0190 1092 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:11:35.0289 1092 RemoteRegistry - ok
14:11:35.0357 1092 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
14:11:35.0414 1092 RFCOMM - ok
14:11:35.0500 1092 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:11:35.0618 1092 RpcEptMapper - ok
14:11:35.0671 1092 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
14:11:35.0721 1092 RpcLocator - ok
14:11:35.0803 1092 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
14:11:35.0907 1092 RpcSs - ok
14:11:36.0016 1092 [ 546D7F426776090B90EF5F195B6AE662 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
14:11:36.0052 1092 RSPCIESTOR - ok
14:11:36.0152 1092 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:11:36.0244 1092 rspndr - ok
14:11:36.0310 1092 [ 3372196F61AF48503656EF6AA3E92D1B ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
14:11:36.0350 1092 RTL8167 - ok
14:11:36.0429 1092 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
14:11:36.0458 1092 SamSs - ok
14:11:36.0530 1092 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:11:36.0559 1092 sbp2port - ok
14:11:36.0672 1092 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:11:36.0771 1092 SCardSvr - ok
14:11:36.0800 1092 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:11:36.0903 1092 scfilter - ok
14:11:37.0017 1092 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
14:11:37.0163 1092 Schedule - ok
14:11:37.0264 1092 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:11:37.0352 1092 SCPolicySvc - ok
14:11:37.0426 1092 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
14:11:37.0481 1092 sdbus - ok
14:11:37.0556 1092 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:11:37.0636 1092 SDRSVC - ok
14:11:37.0753 1092 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
14:11:37.0787 1092 SeaPort - ok
14:11:37.0886 1092 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:11:37.0995 1092 secdrv - ok
14:11:38.0057 1092 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
14:11:38.0146 1092 seclogon - ok
14:11:38.0181 1092 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
14:11:38.0299 1092 SENS - ok
14:11:38.0371 1092 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:11:38.0433 1092 SensrSvc - ok
14:11:38.0505 1092 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
14:11:38.0553 1092 Serenum - ok
14:11:38.0618 1092 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
14:11:38.0666 1092 Serial - ok
14:11:38.0728 1092 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:11:38.0777 1092 sermouse - ok
14:11:38.0912 1092 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
14:11:39.0025 1092 SessionEnv - ok
14:11:39.0087 1092 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:11:39.0139 1092 sffdisk - ok
14:11:39.0176 1092 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:11:39.0230 1092 sffp_mmc - ok
14:11:39.0297 1092 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:11:39.0360 1092 sffp_sd - ok
14:11:39.0436 1092 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:11:39.0486 1092 sfloppy - ok
14:11:39.0569 1092 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:11:39.0669 1092 SharedAccess - ok
14:11:39.0772 1092 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:11:39.0895 1092 ShellHWDetection - ok
14:11:39.0960 1092 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
14:11:39.0987 1092 SiSRaid2 - ok
14:11:40.0031 1092 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:11:40.0061 1092 SiSRaid4 - ok
14:11:40.0345 1092 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
14:11:40.0503 1092 Skype C2C Service - ok
14:11:40.0653 1092 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
14:11:40.0678 1092 SkypeUpdate - ok
14:11:40.0748 1092 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:11:40.0840 1092 Smb - ok
14:11:40.0974 1092 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:11:41.0031 1092 SNMPTRAP - ok
14:11:41.0091 1092 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:11:41.0116 1092 spldr - ok
14:11:41.0214 1092 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
14:11:41.0281 1092 Spooler - ok
14:11:41.0436 1092 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
14:11:41.0643 1092 sppsvc - ok
14:11:41.0726 1092 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:11:41.0823 1092 sppuinotify - ok
14:11:41.0931 1092 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
14:11:42.0014 1092 srv - ok
14:11:42.0102 1092 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:11:42.0161 1092 srv2 - ok
14:11:42.0234 1092 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
14:11:42.0271 1092 SrvHsfHDA - ok
14:11:42.0334 1092 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
14:11:42.0429 1092 SrvHsfV92 - ok
14:11:42.0525 1092 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
14:11:42.0600 1092 SrvHsfWinac - ok
14:11:42.0706 1092 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:11:42.0738 1092 srvnet - ok
14:11:42.0793 1092 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:11:42.0910 1092 SSDPSRV - ok
14:11:42.0942 1092 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:11:43.0036 1092 SstpSvc - ok
14:11:43.0110 1092 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
14:11:43.0136 1092 stexstor - ok
14:11:43.0277 1092 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
14:11:43.0340 1092 stisvc - ok
14:11:43.0438 1092 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
14:11:43.0464 1092 swenum - ok
14:11:43.0571 1092 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
14:11:43.0698 1092 swprv - ok
14:11:43.0817 1092 [ EC4DCA6539EB97376F1A1743D209D842 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
14:11:43.0902 1092 SynTP - ok
14:11:44.0059 1092 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
14:11:44.0202 1092 SysMain - ok
14:11:44.0305 1092 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:11:44.0368 1092 TabletInputService - ok
14:11:44.0421 1092 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:11:44.0543 1092 TapiSrv - ok
14:11:44.0607 1092 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
14:11:44.0700 1092 TBS - ok
14:11:44.0856 1092 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:11:44.0966 1092 Tcpip - ok
14:11:45.0122 1092 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:11:45.0223 1092 TCPIP6 - ok
14:11:45.0341 1092 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:11:45.0443 1092 tcpipreg - ok
14:11:45.0494 1092 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:11:45.0495 1092 Suspicious file (NoAccess): C:\Windows\system32\drivers\tdpipe.sys. md5: 3371D21011695B16333A3934340C4E7C
14:11:45.0532 1092 TDPIPE ( LockedFile.Multi.Generic ) - warning
14:11:45.0532 1092 TDPIPE - detected LockedFile.Multi.Generic (1)
14:11:45.0578 1092 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:11:45.0579 1092 Suspicious file (NoAccess): C:\Windows\system32\drivers\tdtcp.sys. md5: 51C5ECEB1CDEE2468A1748BE550CFBC8
14:11:45.0585 1092 TDTCP ( LockedFile.Multi.Generic ) - warning
14:11:45.0585 1092 TDTCP - detected LockedFile.Multi.Generic (1)
14:11:45.0676 1092 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:11:45.0676 1092 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tdx.sys. md5: DDAD5A7AB24D8B65F8D724F5C20FD806
14:11:45.0682 1092 tdx ( LockedFile.Multi.Generic ) - warning
14:11:45.0683 1092 tdx - detected LockedFile.Multi.Generic (1)
14:11:45.0767 1092 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
14:11:45.0768 1092 Suspicious file (NoAccess): C:\Windows\system32\drivers\termdd.sys. md5: 561E7E1F06895D78DE991E01DD0FB6E5
14:11:45.0775 1092 TermDD ( LockedFile.Multi.Generic ) - warning
14:11:45.0775 1092 TermDD - detected LockedFile.Multi.Generic (1)
14:11:45.0844 1092 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
14:11:45.0975 1092 TermService - ok
14:11:46.0087 1092 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
14:11:46.0152 1092 Themes - ok
14:11:46.0218 1092 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
14:11:46.0308 1092 THREADORDER - ok
14:11:46.0358 1092 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
14:11:46.0473 1092 TrkWks - ok
14:11:46.0606 1092 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:11:46.0716 1092 TrustedInstaller - ok
14:11:46.0787 1092 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:11:46.0788 1092 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tssecsrv.sys. md5: CE18B2CDFC837C99E5FAE9CA6CBA5D30
14:11:46.0821 1092 tssecsrv ( LockedFile.Multi.Generic ) - warning
14:11:46.0821 1092 tssecsrv - detected LockedFile.Multi.Generic (1)
14:11:46.0875 1092 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:11:46.0875 1092 Suspicious file (NoAccess): C:\Windows\system32\drivers\tsusbflt.sys. md5: D11C783E3EF9A3C52C0EBE83CC5000E9
14:11:46.0922 1092 TsUsbFlt ( LockedFile.Multi.Generic ) - warning
14:11:46.0922 1092 TsUsbFlt - detected LockedFile.Multi.Generic (1)
14:11:46.0966 1092 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
14:11:46.0967 1092 Suspicious file (NoAccess): C:\Windows\system32\drivers\TsUsbGD.sys. md5: 9CC2CCAE8A84820EAECB886D477CBCB8
14:11:46.0973 1092 TsUsbGD ( LockedFile.Multi.Generic ) - warning
14:11:46.0973 1092 TsUsbGD - detected LockedFile.Multi.Generic (1)
14:11:47.0049 1092 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:11:47.0050 1092 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\tunnel.sys. md5: 3566A8DAAFA27AF944F5D705EAA64894
14:11:47.0057 1092 tunnel ( LockedFile.Multi.Generic ) - warning
14:11:47.0057 1092 tunnel - detected LockedFile.Multi.Generic (1)
14:11:47.0129 1092 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:11:47.0129 1092 Suspicious file (NoAccess): C:\Windows\system32\drivers\uagp35.sys. md5: B4DD609BD7E282BFC683CEC7EAAAAD67
14:11:47.0169 1092 uagp35 ( LockedFile.Multi.Generic ) - warning
14:11:47.0169 1092 uagp35 - detected LockedFile.Multi.Generic (1)
14:11:47.0234 1092 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:11:47.0235 1092 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\udfs.sys. md5: FF4232A1A64012BAA1FD97C7B67DF593
14:11:47.0264 1092 udfs ( LockedFile.Multi.Generic ) - warning
14:11:47.0264 1092 udfs - detected LockedFile.Multi.Generic (1)
14:11:47.0341 1092 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:11:47.0375 1092 UI0Detect - ok
14:11:47.0407 1092 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:11:47.0408 1092 Suspicious file (NoAccess): C:\Windows\system32\drivers\uliagpkx.sys. md5: 4BFE1BC28391222894CBF1E7D0E42320
14:11:47.0436 1092 uliagpkx ( LockedFile.Multi.Generic ) - warning
14:11:47.0436 1092 uliagpkx - detected LockedFile.Multi.Generic (1)
14:11:47.0513 1092 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:11:47.0514 1092 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\umbus.sys. md5: DC54A574663A895C8763AF0FA1FF7561
14:11:47.0542 1092 umbus ( LockedFile.Multi.Generic ) - warning
14:11:47.0542 1092 umbus - detected LockedFile.Multi.Generic (1)
14:11:47.0608 1092 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
14:11:47.0609 1092 Suspicious file (NoAccess): C:\Windows\system32\drivers\umpass.sys. md5: B2E8E8CB557B156DA5493BBDDCC1474D
14:11:47.0631 1092 UmPass ( LockedFile.Multi.Generic ) - warning
14:11:47.0631 1092 UmPass - detected LockedFile.Multi.Generic (1)
14:11:47.0820 1092 [ A678E5DDD974903DD71F503BDCACA218 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
14:11:47.0958 1092 UNS - ok
14:11:48.0121 1092 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
14:11:48.0239 1092 upnphost - ok
14:11:48.0316 1092 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:11:48.0316 1092 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbccgp.sys. md5: 6F1A3157A1C89435352CEB543CDB359C
14:11:48.0357 1092 usbccgp ( LockedFile.Multi.Generic ) - warning
14:11:48.0357 1092 usbccgp - detected LockedFile.Multi.Generic (1)
14:11:48.0410 1092 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:11:48.0410 1092 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbcir.sys. md5: AF0892A803FDDA7492F595368E3B68E7
14:11:48.0443 1092 usbcir ( LockedFile.Multi.Generic ) - warning
14:11:48.0443 1092 usbcir - detected LockedFile.Multi.Generic (1)
14:11:48.0461 1092 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
14:11:48.0462 1092 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbehci.sys. md5: C025055FE7B87701EB042095DF1A2D7B
14:11:48.0465 1092 usbehci ( LockedFile.Multi.Generic ) - warning
14:11:48.0466 1092 usbehci - detected LockedFile.Multi.Generic (1)
14:11:48.0536 1092 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:11:48.0537 1092 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbhub.sys. md5: 287C6C9410B111B68B52CA298F7B8C24
14:11:48.0549 1092 usbhub ( LockedFile.Multi.Generic ) - warning
14:11:48.0549 1092 usbhub - detected LockedFile.Multi.Generic (1)
14:11:48.0626 1092 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:11:48.0627 1092 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbohci.sys. md5: 9840FC418B4CBD632D3D0A667A725C31
14:11:48.0677 1092 usbohci ( LockedFile.Multi.Generic ) - warning
14:11:48.0677 1092 usbohci - detected LockedFile.Multi.Generic (1)
14:11:48.0727 1092 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:11:48.0728 1092 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 73188F58FB384E75C4063D29413CEE3D
14:11:48.0752 1092 usbprint ( LockedFile.Multi.Generic ) - warning
14:11:48.0752 1092 usbprint - detected LockedFile.Multi.Generic (1)
14:11:48.0814 1092 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:11:48.0814 1092 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbscan.sys. md5: AAA2513C8AED8B54B189FD0C6B1634C0
14:11:48.0821 1092 usbscan ( LockedFile.Multi.Generic ) - warning
14:11:48.0821 1092 usbscan - detected LockedFile.Multi.Generic (1)
14:11:48.0904 1092 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:11:48.0904 1092 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: FED648B01349A3C8395A5169DB5FB7D6
14:11:48.0955 1092 USBSTOR ( LockedFile.Multi.Generic ) - warning
14:11:48.0955 1092 USBSTOR - detected LockedFile.Multi.Generic (1)
14:11:49.0005 1092 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:11:49.0005 1092 Suspicious file (NoAccess): C:\Windows\system32\drivers\usbuhci.sys. md5: 62069A34518BCF9C1FD9E74B3F6DB7CD
14:11:49.0012 1092 usbuhci ( LockedFile.Multi.Generic ) - warning
14:11:49.0012 1092 usbuhci - detected LockedFile.Multi.Generic (1)
14:11:49.0073 1092 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
14:11:49.0074 1092 Suspicious file (NoAccess): C:\Windows\system32\Drivers\usbvideo.sys. md5: 454800C2BC7F3927CE030141EE4F4C50
14:11:49.0080 1092 usbvideo ( LockedFile.Multi.Generic ) - warning
14:11:49.0080 1092 usbvideo - detected LockedFile.Multi.Generic (1)
14:11:49.0170 1092 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
14:11:49.0287 1092 UxSms - ok
14:11:49.0360 1092 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
14:11:49.0390 1092 VaultSvc - ok
14:11:49.0468 1092 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:11:49.0469 1092 Suspicious file (NoAccess): C:\Windows\system32\drivers\vdrvroot.sys. md5: C5C876CCFC083FF3B128F933823E87BD
14:11:49.0508 1092 vdrvroot ( LockedFile.Multi.Generic ) - warning
14:11:49.0508 1092 vdrvroot - detected LockedFile.Multi.Generic (1)
14:11:49.0586 1092 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
14:11:49.0709 1092 vds - ok
14:11:49.0787 1092 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:11:49.0788 1092 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: DA4DA3F5E02943C2DC8C6ED875DE68DD
14:11:49.0827 1092 vga ( LockedFile.Multi.Generic ) - warning
14:11:49.0827 1092 vga - detected LockedFile.Multi.Generic (1)
14:11:49.0888 1092 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
14:11:49.0889 1092 Suspicious file (NoAccess): C:\Windows\System32\drivers\vga.sys. md5: 53E92A310193CB3C03BEA963DE7D9CFC
14:11:49.0899 1092 VgaSave ( LockedFile.Multi.Generic ) - warning
14:11:49.0899 1092 VgaSave - detected LockedFile.Multi.Generic (1)
14:11:49.0974 1092 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:11:49.0974 1092 Suspicious file (NoAccess): C:\Windows\system32\drivers\vhdmp.sys. md5: 2CE2DF28C83AEAF30084E1B1EB253CBB
14:11:50.0013 1092 vhdmp ( LockedFile.Multi.Generic ) - warning
14:11:50.0013 1092 vhdmp - detected LockedFile.Multi.Generic (1)
14:11:50.0073 1092 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
14:11:50.0073 1092 Suspicious file (NoAccess): C:\Windows\system32\drivers\viaide.sys. md5: E5689D93FFE4E5D66C0178761240DD54
14:11:50.0104 1092 viaide ( LockedFile.Multi.Generic ) - warning
14:11:50.0104 1092 viaide - detected LockedFile.Multi.Generic (1)
14:11:50.0207 1092 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:11:50.0207 1092 Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgr.sys. md5: D2AAFD421940F640B407AEFAAEBD91B0
14:11:50.0214 1092 volmgr ( LockedFile.Multi.Generic ) - warning
14:11:50.0214 1092 volmgr - detected LockedFile.Multi.Generic (1)
14:11:50.0282 1092 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:11:50.0283 1092 Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgrx.sys. md5: A255814907C89BE58B79EF2F189B843B
14:11:50.0310 1092 volmgrx ( LockedFile.Multi.Generic ) - warning
14:11:50.0311 1092 volmgrx - detected LockedFile.Multi.Generic (1)
14:11:50.0380 1092 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:11:50.0381 1092 Suspicious file (NoAccess): C:\Windows\system32\drivers\volsnap.sys. md5: 0D08D2F3B3FF84E433346669B5E0F639
14:11:50.0410 1092 volsnap ( LockedFile.Multi.Generic ) - warning
14:11:50.0410 1092 volsnap - detected LockedFile.Multi.Generic (1)
14:11:50.0479 1092 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:11:50.0480 1092 Suspicious file (NoAccess): C:\Windows\system32\drivers\vsmraid.sys. md5: 5E2016EA6EBACA03C04FEAC5F330D997
14:11:50.0489 1092 vsmraid ( LockedFile.Multi.Generic ) - warning
14:11:50.0489 1092 vsmraid - detected LockedFile.Multi.Generic (1)
14:11:50.0599 1092 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
14:11:50.0761 1092 VSS - ok
14:11:50.0847 1092 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:11:50.0848 1092 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vwifibus.sys. md5: 36D4720B72B5C5D9CB2B9C29E9DF67A1
14:11:50.0870 1092 vwifibus ( LockedFile.Multi.Generic ) - warning
14:11:50.0870 1092 vwifibus - detected LockedFile.Multi.Generic (1)
14:11:50.0922 1092 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:11:50.0923 1092 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vwififlt.sys. md5: 6A3D66263414FF0D6FA754C646612F3F
14:11:50.0932 1092 vwififlt ( LockedFile.Multi.Generic ) - warning
14:11:50.0933 1092 vwififlt - detected LockedFile.Multi.Generic (1)
14:11:51.0071 1092 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
14:11:51.0174 1092 W32Time - ok
14:11:51.0261 1092 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:11:51.0261 1092 Suspicious file (NoAccess): C:\Windows\system32\drivers\wacompen.sys. md5: 4E9440F4F152A7B944CB1663D3935A3E
14:11:51.0291 1092 WacomPen ( LockedFile.Multi.Generic ) - warning
14:11:51.0292 1092 WacomPen - detected LockedFile.Multi.Generic (1)
14:11:51.0359 1092 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:11:51.0359 1092 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C
14:11:51.0369 1092 WANARP ( LockedFile.Multi.Generic ) - warning
14:11:51.0369 1092 WANARP - detected LockedFile.Multi.Generic (1)
14:11:51.0389 1092 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:11:51.0390 1092 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C
14:11:51.0394 1092 Wanarpv6 ( LockedFile.Multi.Generic ) - warning
14:11:51.0395 1092 Wanarpv6 - detected LockedFile.Multi.Generic (1)
14:11:51.0489 1092 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:11:51.0570 1092 WatAdminSvc - ok
14:11:51.0699 1092 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
14:11:51.0824 1092 wbengine - ok
14:11:51.0914 1092 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:11:51.0982 1092 WbioSrvc - ok
14:11:52.0066 1092 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:11:52.0122 1092 wcncsvc - ok
14:11:52.0162 1092 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:11:52.0201 1092 WcsPlugInService - ok
14:11:52.0294 1092 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
14:11:52.0294 1092 Suspicious file (NoAccess): C:\Windows\system32\drivers\wd.sys. md5: 72889E16FF12BA0F235467D6091B17DC
14:11:52.0332 1092 Wd ( LockedFile.Multi.Generic ) - warning
14:11:52.0332 1092 Wd - detected LockedFile.Multi.Generic (1)
14:11:52.0383 1092 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:11:52.0384 1092 Suspicious file (NoAccess): C:\Windows\system32\drivers\Wdf01000.sys. md5: 441BD2D7B4F98134C3A4F9FA570FD250
14:11:52.0422 1092 Wdf01000 ( LockedFile.Multi.Generic ) - warning
14:11:52.0422 1092 Wdf01000 - detected LockedFile.Multi.Generic (1)
14:11:52.0491 1092 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:11:52.0625 1092 WdiServiceHost - ok
14:11:52.0653 1092 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:11:52.0700 1092 WdiSystemHost - ok
14:11:52.0836 1092 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
14:11:52.0919 1092 WebClient - ok
14:11:52.0987 1092 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:11:53.0084 1092 Wecsvc - ok
14:11:53.0129 1092 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:11:53.0222 1092 wercplsupport - ok
14:11:53.0317 1092 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:11:53.0428 1092 WerSvc - ok
14:11:53.0485 1092 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:11:53.0486 1092 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 611B23304BF067451A9FDEE01FBDD725
14:11:53.0526 1092 WfpLwf ( LockedFile.Multi.Generic ) - warning
14:11:53.0526 1092 WfpLwf - detected LockedFile.Multi.Generic (1)
14:11:53.0587 1092 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:11:53.0588 1092 Suspicious file (NoAccess): C:\Windows\system32\drivers\wimmount.sys. md5: 05ECAEC3E4529A7153B3136CEB49F0EC
14:11:53.0624 1092 WIMMount ( LockedFile.Multi.Generic ) - warning
14:11:53.0624 1092 WIMMount - detected LockedFile.Multi.Generic (1)
14:11:53.0684 1092 WinDefend - ok
14:11:53.0724 1092 WinHttpAutoProxySvc - ok
14:11:53.0868 1092 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:11:53.0963 1092 Winmgmt - ok
14:11:54.0100 1092 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
14:11:54.0253 1092 WinRM - ok
14:11:54.0462 1092 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:11:54.0462 1092 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WinUsb.sys. md5: FE88B288356E7B47B74B13372ADD906D
14:11:54.0499 1092 WinUsb ( LockedFile.Multi.Generic ) - warning
14:11:54.0499 1092 WinUsb - detected LockedFile.Multi.Generic (1)
14:11:54.0602 1092 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
14:11:54.0696 1092 Wlansvc - ok
14:11:54.0935 1092 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:11:55.0056 1092 wlidsvc - ok
14:11:55.0141 1092 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:11:55.0141 1092 Suspicious file (NoAccess): C:\Windows\system32\drivers\wmiacpi.sys. md5: F6FF8944478594D0E414D3F048F0D778
14:11:55.0177 1092 WmiAcpi ( LockedFile.Multi.Generic ) - warning
14:11:55.0177 1092 WmiAcpi - detected LockedFile.Multi.Generic (1)
14:11:55.0264 1092 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:11:55.0322 1092 wmiApSrv - ok
14:11:55.0402 1092 WMPNetworkSvc - ok
14:11:55.0497 1092 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:11:55.0535 1092 WPCSvc - ok
14:11:55.0581 1092 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:11:55.0621 1092 WPDBusEnum - ok
14:11:55.0687 1092 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:11:55.0688 1092 Suspicious file (NoAccess): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6BCC1D7D2FD2453957C5479A32364E52
14:11:55.0735 1092 ws2ifsl ( LockedFile.Multi.Generic ) - warning
14:11:55.0736 1092 ws2ifsl - detected LockedFile.Multi.Generic (1)
14:11:55.0811 1092 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
14:11:55.0874 1092 wscsvc - ok
14:11:55.0904 1092 WSearch - ok
14:11:56.0069 1092 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:11:56.0201 1092 wuauserv - ok
14:11:56.0278 1092 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:11:56.0279 1092 Suspicious file (NoAccess): C:\Windows\system32\drivers\WudfPf.sys. md5: D3381DC54C34D79B22CEE0D65BA91B7C
14:11:56.0310 1092 WudfPf ( LockedFile.Multi.Generic ) - warning
14:11:56.0310 1092 WudfPf - detected LockedFile.Multi.Generic (1)
14:11:56.0388 1092 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:11:56.0388 1092 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: CF8D590BE3373029D57AF80914190682
14:11:56.0393 1092 WUDFRd ( LockedFile.Multi.Generic ) - warning
14:11:56.0394 1092 WUDFRd - detected LockedFile.Multi.Generic (1)
14:11:56.0433 1092 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:11:56.0524 1092 wudfsvc - ok
14:11:56.0610 1092 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
14:11:56.0682 1092 WwanSvc - ok
14:11:56.0786 1092 [ EB71EAE3FB76758DEB8DEFC2C1EA25E9 ] XobniService C:\Program Files (x86)\Xobni\XobniService.exe
14:11:56.0807 1092 XobniService - ok
14:11:56.0894 1092 ================ Scan global ===============================
14:11:56.0980 1092 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:11:57.0018 1092 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
14:11:57.0034 1092 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
14:11:57.0080 1092 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:11:57.0121 1092 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:11:57.0131 1092 [Global] - ok
14:11:57.0132 1092 ================ Scan MBR ==================================
14:11:57.0144 1092 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:11:57.0402 1092 \Device\Harddisk0\DR0 - ok
14:11:57.0403 1092 ================ Scan VBR ==================================
14:11:57.0409 1092 [ DB371686F0CEA005E35DDFA76CB4235D ] \Device\Harddisk0\DR0\Partition1
14:11:57.0412 1092 \Device\Harddisk0\DR0\Partition1 - ok
14:11:57.0444 1092 [ DAAC47913B65F4382CC97A39F685F193 ] \Device\Harddisk0\DR0\Partition2
14:11:57.0448 1092 \Device\Harddisk0\DR0\Partition2 - ok
14:11:57.0486 1092 [ 39D7387A56C7857608127A16808BED75 ] \Device\Harddisk0\DR0\Partition3
14:11:57.0489 1092 \Device\Harddisk0\DR0\Partition3 - ok
14:11:57.0508 1092 [ 9F921A5A6D5DB2C896108D608152250C ] \Device\Harddisk0\DR0\Partition4
14:11:57.0510 1092 \Device\Harddisk0\DR0\Partition4 - ok
14:11:57.0511 1092 ============================================================
14:11:57.0511 1092 Scan finished

Vasil · #8 Příspěvek od **Vasil** » 28 říj 2012 14:17

14:11:57.0511 1092 ============================================================
14:11:57.0531 5140 Detected object count: 53
14:11:57.0531 5140 Actual detected object count: 53
14:13:18.0301 5140 578d65f6b1ee3ca9 ( Rootkit.Win32.Necurs.gen ) - skipped by user
14:13:18.0301 5140 578d65f6b1ee3ca9 ( Rootkit.Win32.Necurs.gen ) - User select action: Skip
14:13:18.0305 5140 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
14:13:18.0305 5140 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:13:18.0308 5140 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:13:18.0309 5140 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:13:18.0311 5140 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
14:13:18.0312 5140 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:13:18.0314 5140 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
14:13:18.0314 5140 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:13:18.0317 5140 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:13:18.0317 5140 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:13:18.0321 5140 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
14:13:18.0321 5140 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:13:18.0323 5140 TDPIPE ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0324 5140 TDPIPE ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0326 5140 TDTCP ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0326 5140 TDTCP ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0329 5140 tdx ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0329 5140 tdx ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0332 5140 TermDD ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0332 5140 TermDD ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0335 5140 tssecsrv ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0335 5140 tssecsrv ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0339 5140 TsUsbFlt ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0339 5140 TsUsbFlt ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0341 5140 TsUsbGD ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0342 5140 TsUsbGD ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0344 5140 tunnel ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0344 5140 tunnel ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0347 5140 uagp35 ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0347 5140 uagp35 ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0350 5140 udfs ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0350 5140 udfs ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0354 5140 uliagpkx ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0354 5140 uliagpkx ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0357 5140 umbus ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0357 5140 umbus ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0360 5140 UmPass ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0360 5140 UmPass ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0362 5140 usbccgp ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0363 5140 usbccgp ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0365 5140 usbcir ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0365 5140 usbcir ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0368 5140 usbehci ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0368 5140 usbehci ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0372 5140 usbhub ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0372 5140 usbhub ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0375 5140 usbohci ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0375 5140 usbohci ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0378 5140 usbprint ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0378 5140 usbprint ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0381 5140 usbscan ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0381 5140 usbscan ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0383 5140 USBSTOR ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0384 5140 USBSTOR ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0388 5140 usbuhci ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0388 5140 usbuhci ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0391 5140 usbvideo ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0391 5140 usbvideo ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0394 5140 vdrvroot ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0394 5140 vdrvroot ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0397 5140 vga ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0398 5140 vga ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0402 5140 VgaSave ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0402 5140 VgaSave ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0403 5140 vhdmp ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0403 5140 vhdmp ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0406 5140 viaide ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0407 5140 viaide ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0414 5140 volmgr ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0414 5140 volmgr ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0415 5140 volmgrx ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0415 5140 volmgrx ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0418 5140 volsnap ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0418 5140 volsnap ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0422 5140 vsmraid ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0422 5140 vsmraid ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0425 5140 vwifibus ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0425 5140 vwifibus ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0428 5140 vwififlt ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0428 5140 vwififlt ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0431 5140 WacomPen ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0431 5140 WacomPen ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0434 5140 WANARP ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0434 5140 WANARP ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0437 5140 Wanarpv6 ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0437 5140 Wanarpv6 ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0440 5140 Wd ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0441 5140 Wd ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0443 5140 Wdf01000 ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0444 5140 Wdf01000 ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0447 5140 WfpLwf ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0447 5140 WfpLwf ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0450 5140 WIMMount ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0450 5140 WIMMount ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0454 5140 WinUsb ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0454 5140 WinUsb ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0458 5140 WmiAcpi ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0458 5140 WmiAcpi ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0462 5140 ws2ifsl ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0462 5140 ws2ifsl ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0465 5140 WudfPf ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0465 5140 WudfPf ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:18.0468 5140 WUDFRd ( LockedFile.Multi.Generic ) - skipped by user
14:13:18.0468 5140 WUDFRd ( LockedFile.Multi.Generic ) - User select action: Skip
14:13:55.0500 6124 Deinitialize success

#9 Příspěvek od **vyosek** » 28 říj 2012 23:22

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Driver::
bbalfppd
icoshbqn
qsbndcex
578d65f6b1ee3ca9

Collect::
c:\windows\system32\drivers\qsbndcex.sys
c:\windows\system32\drivers\icoshbqn.sys
c:\windows\system32\drivers\bbalfppd.sys
c:\System32\Drivers\578d65f6b1ee3ca9.sys

Restore::
c:\windows\system32\ntoskrnl.exe

File::
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-810337923-305667393-2845738528-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-810337923-305667393-2845738528-1000UA.job
C:\Windows\tasks\HPCeeScheduleForMajka-Lukas.job
C:\Windows\tasks\WebReg HP PSC 1400 series.job

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"=-
"SunJavaUpdateSched"=-
"NeroFilterCheck"=-
"QuickTime Task"=-
"HP Software Update"=-

DDS::
mDefault_Page_URL = hxxp://www.bing.com?pc=CMNTDF
mStart Page = hxxp://www.bing.com?pc=CMNTDF

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Vasil · #10 Příspěvek od **Vasil** » 29 říj 2012 16:20

Problem sa mi podarilo vyriesit.

Pomocou TDSSKillera, ktorý odstránil Rootkit.Win32.Necurs.gen, po restarte nabehli automatické aktualizacie, ktoré boli blokované a dal sa nainstalovat aj antivirus. Takze asi to uz bude OK. Následný scan uz nic nenasiel.

Dakujem vsetkým za pomoc.

#11 Příspěvek od **vyosek** » 29 říj 2012 16:55

Tak priste si to lecte teda se sam a nezadejte nas tady o pomoc...Haveti tam mate s prominutim dalsi 3 p*dele, nakazene systemove souborym ale prosim, je to vase rozhodnuti...

Takto se PC lecit neda kdyz si sam delate co chcete, mazete si co chcete apod...

VIRY.CZ

Zadny antivirus nejde naistalovat

Zadny antivirus nejde naistalovat

Re: Zadny antivirus nejde naistalovat

Re: Zadny antivirus nejde naistalovat

Re: Zadny antivirus nejde naistalovat

Re: Zadny antivirus nejde naistalovat

Re: Zadny antivirus nejde naistalovat

Re: Zadny antivirus nejde naistalovat

Re: Zadny antivirus nejde naistalovat

Re: Zadny antivirus nejde naistalovat

Re: Zadny antivirus nejde naistalovat

Re: Zadny antivirus nejde naistalovat