Zdravim, dnes otec pri prehliadani internetu nejak stiahol virus System Progressive Protection, po restarte sa nastastie nespustil, preto ma teraz neblokuje, program vsak nejde odinstalovat. Preto som zacal s tymto navodom
http://malwaretips.com/blogs/remove-sys ... rotection/
posielam vsak este log pred zaciatkom odstranovania, po odstranovani mozem hodit aktualny, ci je ste nieco pritomne:
Logfile of random's system information tool 1.09 (written by random/random)
Run by USER at 2012-11-05 16:11:01
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 33 GB (44%) free of 76 GB
Total RAM: 2021 MB (46% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:15:30, on 5. 11. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal
Running processes:
C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\USER.exe
C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sme.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Pomocník pri prihlasovaní v konte Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [CLX3180_Scan2Pc] C:\Windows\Twain_32\Samsung\CLX3180\Scan2pc.exe
O4 - HKLM\..\Run: [3180 Scan2PC] "C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted IP range: http://10.0.0.50
O16 - DPF: {4D21BDFC-A621-4DE6-87DA-7C952D0ADF7E} (P00RecImageCtrl Class) - http://10.0.0.50/push04.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://195.28.70.134/kapor2/lib/mgaxctrl.cab
O16 - DPF: {8A96EAE5-D262-4226-A517-304C88B53F1F} (ProfileAccessCtrl Class) - http://10.0.0.50/access01.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0AC4B240-B84D-45B7-B66F-86A8D85E6A56}: NameServer = 10.0.0.138,195.80.171.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{0AC4B240-B84D-45B7-B66F-86A8D85E6A56}: NameServer = 10.0.0.138,195.80.171.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{0AC4B240-B84D-45B7-B66F-86A8D85E6A56}: NameServer = 10.0.0.138,195.80.171.4
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung Network Fax Server - Samsung Electronics Co., Ltd. - C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9381 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
"C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 1492
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-7b215980-50fd-4366-bc44-1f14b41a27fc -SystemEventPortName:HostProcess-94517320-e63c-4d86-a0ed-59852f0f815d -IoCancelEventPortName:HostProcess-0715a1cb-dc09-4ef1-8149-2adc1de3af68 -NonStateChangingEventPortName:HostProcess-79a99b7c-f0df-46b8-aac4-089b13260f78 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:e7c652f0-b4fc-44a7-a999-2b1c2bf969b5
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
C:\Windows\system32\igfxsrvc.exe -Embedding
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE" /logon
"C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Windows\Samsung\PanelMgr\SSMMgr.exe" /autorun
"C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" /logon
"C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\Samsung\PanelMgr\caller64.exe Samsung PanelMgr
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\splwow64.exe 8192
C:\Windows\system32\sppsvc.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3604.1.1791252772\2042169155" --gpu-vendor-id=0x8086 --gpu-device-id=0x29c2 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.1930 --ignored=" --type=renderer " /prefetch:12
"C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="3604.4.740020472\1276666498" --lang=sk --ignored=" --type=renderer " /prefetch:13
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\USER\Downloads\RSITx64.exe"
taskeng.exe {6D862E2F-C517-4507-AB14-8435C243E113}
"C:\Users\USER\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxSearchSuggest/0/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd10/SpdyImpact/spdy3/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/UMA-Dynamic-Binary-Uniformity-Trial/group_01/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-1-Percent/group_41/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warmest_socket/ --renderer-print-preview --disable-accelerated-2d-canvas --channel="3604.7.694226348\881062113" /prefetch:3
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto -scheduled
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-259793603-2597556968-308381179-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-259793603-2597556968-308381179-1000UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08 202144]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-07-12 453104]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v konte Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-07-12 157680]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08 1619352]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 165912]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 385560]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 363544]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-11-08 2919168]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2010-07-26 2782096]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-01 136176]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
"Sony PC Companion"=C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [2012-09-12 445624]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-07 37296]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"Samsung PanelMgr"=C:\Windows\Samsung\PanelMgr\SSMMgr.exe [2011-07-06 688128]
"CanonSolutionMenuEx"=C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [2010-12-02 1316248]
"CLX3180_Scan2Pc"=C:\Windows\Twain_32\Samsung\CLX3180\Scan2pc.exe [2011-04-29 1990144]
"3180 Scan2PC"=C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe [2011-04-29 1990144]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 261120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-11-05 16:11:01 ----D---- C:\rsit
2012-11-05 16:11:01 ----D---- C:\Program Files\trend micro
2012-11-05 09:53:02 ----D---- C:\ProgramData\E4381869515235020000E4373435381D
2012-10-10 07:08:03 ----A---- C:\Windows\system32\drivers\ntfs.sys
2012-10-10 07:08:00 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-10-10 07:07:57 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-10-10 07:07:57 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-10-10 07:07:51 ----A---- C:\Windows\system32\winsrv.dll
2012-10-10 07:07:51 ----A---- C:\Windows\system32\KernelBase.dll
2012-10-10 07:07:51 ----A---- C:\Windows\system32\kernel32.dll
2012-10-10 07:07:50 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2012-10-10 07:07:50 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2012-10-10 07:07:50 ----A---- C:\Windows\system32\conhost.exe
2012-10-10 07:07:49 ----A---- C:\Windows\SYSWOW64\setup16.exe
2012-10-10 07:07:49 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2012-10-10 07:07:49 ----A---- C:\Windows\system32\wow64win.dll
2012-10-10 07:07:49 ----A---- C:\Windows\system32\wow64cpu.dll
2012-10-10 07:07:49 ----A---- C:\Windows\system32\wow64.dll
2012-10-10 07:07:49 ----A---- C:\Windows\system32\ntvdm64.dll
2012-10-10 07:07:48 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 07:07:48 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 07:07:48 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2012-10-10 07:07:48 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 07:07:48 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-10-10 07:07:48 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 07:07:48 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 07:07:48 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 07:07:48 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 07:07:48 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-10-10 07:07:48 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 07:07:48 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-10-10 07:07:48 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 07:07:48 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-10-10 07:07:48 ----A---- C:\Windows\SYSWOW64\wow32.dll
2012-10-10 07:07:48 ----A---- C:\Windows\SYSWOW64\instnm.exe
2012-10-10 07:07:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-10 07:07:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2012-10-10 07:07:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-10 07:07:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-10-10 07:07:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-10-10 07:07:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2012-10-10 07:07:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-10-10 07:07:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-10 07:07:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-10-10 07:07:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-10-10 07:07:47 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 07:07:47 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 07:07:47 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-10 07:07:47 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-10-10 07:07:47 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 07:07:46 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 07:07:46 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 07:07:46 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 07:07:45 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 07:07:45 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-10-10 07:07:45 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-10-10 07:07:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 07:07:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2012-10-10 07:07:44 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 07:07:44 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-10-10 07:07:44 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-10-10 07:07:44 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-10-10 07:07:44 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 07:07:44 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 07:07:44 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 07:07:44 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-10 07:07:44 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-10-10 07:07:44 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-10 07:07:44 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-10-10 07:07:44 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-10 07:07:44 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-10 07:07:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2012-10-10 07:07:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 07:07:43 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2012-10-10 07:07:43 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 07:07:43 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 07:07:43 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-10-10 07:07:43 ----A---- C:\Windows\SYSWOW64\user.exe
2012-10-10 07:07:31 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2012-10-10 07:07:31 ----A---- C:\Windows\system32\wintrust.dll
2012-10-10 07:07:23 ----A---- C:\Windows\SYSWOW64\tzres.dll
2012-10-10 07:07:23 ----A---- C:\Windows\system32\tzres.dll
2012-10-10 07:07:07 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2012-10-10 07:07:07 ----A---- C:\Windows\system32\kerberos.dll
2012-10-10 07:07:02 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2012-10-10 07:07:02 ----A---- C:\Windows\system32\crypt32.dll
2012-10-10 07:07:01 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2012-10-10 07:07:01 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2012-10-10 07:07:01 ----A---- C:\Windows\system32\cryptsvc.dll
2012-10-10 07:07:01 ----A---- C:\Windows\system32\cryptnet.dll
======List of files/folders modified in the last 1 month======
2012-11-05 16:14:55 ----D---- C:\Windows\Temp
2012-11-05 16:12:18 ----D---- C:\Windows\Prefetch
2012-11-05 16:11:27 ----D---- C:\Windows\System32
2012-11-05 16:11:27 ----D---- C:\Windows\inf
2012-11-05 16:11:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-11-05 16:11:01 ----RD---- C:\Program Files
2012-11-05 10:18:22 ----D---- C:\Windows\system32\config
2012-11-05 09:53:46 ----SHD---- C:\Windows\Installer
2012-11-05 09:53:02 ----HD---- C:\ProgramData
2012-11-05 09:52:03 ----SHD---- C:\$Recycle.Bin
2012-11-02 08:57:25 ----SHD---- C:\System Volume Information
2012-10-31 07:32:45 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-10-11 09:07:58 ----D---- C:\Windows\rescache
2012-10-11 07:46:09 ----D---- C:\Windows\winsxs
2012-10-11 07:44:06 ----D---- C:\Windows\SysWOW64
2012-10-11 07:44:06 ----D---- C:\Windows\system32\drivers
2012-10-11 07:44:05 ----D---- C:\Windows\SYSWOW64\sk-SK
2012-10-11 07:44:04 ----D---- C:\Windows\system32\sk-SK
2012-10-11 07:44:03 ----D---- C:\Windows\AppPatch
2012-10-10 15:44:52 ----A---- C:\Windows\system32\MRT.exe
2012-10-10 07:06:03 ----D---- C:\Windows\system32\catroot
2012-10-10 07:06:01 ----D---- C:\Windows\system32\catroot2
2012-10-09 09:11:25 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-09-03 170104]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 126320]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2009-07-13 11576]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032e.sys [2009-06-10 278016]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-09-23 6180832]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S2 Angelnt;Angelnt; C:\Windows\System32\Drivers\ANGELNT.SYS []
S2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [2009-07-13 53816]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-11-08 810144]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-07-09 159336]
R2 Samsung Network Fax Server;Samsung Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [2011-04-28 229888]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-11-08 42360]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2011-01-05 79360]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-12-07 1255736]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Zavireny PC - System Progressive Protection
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zavireny PC - System Progressive Protection
Naposledy upravil(a) chambo dne 05 lis 2012 16:44, celkem upraveno 1 x.
Re: Zavireny PC - System Progressive Protection
Zdravim 
Dejte sem log.txt, je ulozen v c:\rsit
Dejte sem log.txt, je ulozen v c:\rsit"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Zavireny PC - System Progressive Protection
ospravedlnujem sa, uz som upravil ten prvy prispevok. isiel som podla navodu hore, tu je log z Rkill
Rkill 2.4.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 11/05/2012 04:26:13 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]
Backup Registry file created at:
C:\Users\USER\Desktop\rkill\rkill-11-05-2012-04-26-14.reg
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!
* HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!
Performing miscellaneous checks:
* ALERT: ZEROACCESS rootkit symptoms found!
* HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32 [ZA Reg Hijack]
* HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 [ZA Reg Hijack]
* C:\$Recycle.Bin\S-1-5-18\$f5563b963f713291444e502b47833427\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-18\$f5563b963f713291444e502b47833427\@ [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$f5563b963f713291444e502b47833427\L\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-18\$f5563b963f713291444e502b47833427\U\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-259793603-2597556968-308381179-1000\$f5563b963f713291444e502b47833427\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-259793603-2597556968-308381179-1000\$f5563b963f713291444e502b47833427\@ [ZA File]
* C:\$Recycle.Bin\S-1-5-21-259793603-2597556968-308381179-1000\$f5563b963f713291444e502b47833427\L\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-259793603-2597556968-308381179-1000\$f5563b963f713291444e502b47833427\U\ [ZA Dir]
Checking Windows Service Integrity:
* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Automatic
* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)
* Ovládač overenia brány Windows Firewall (mpsdrv) is not Running.
Startup Type set to: Manual
* iphlpsvc [Missing Service]
* MpsSvc [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]
* SharedAccess [Missing ImagePath]
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* No issues found.
Program finished at: 11/05/2012 04:26:29 PM
Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)
a tu je log z mbam
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Verzia databázy: v2012.11.05.04
Windows 7 Service Pack 1 x64 NTFS (Núdzoví režim/Sieť)
Internet Explorer 9.0.8112.16421
USER :: TIBOR [administrátor]
5. 11. 2012 16:27:31
mbam-log-2012-11-05 (16-31-56).txt
Typ kontroly: Rýchla kontrola
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 235272
Uplynutý čas: 3 min, 22 sek
Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)
Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)
Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)
Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)
Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)
Detegované priečinky: 1
C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection (Rogue.SystemProgressiveProtection) -> Žiadna úloha nevykonaná.
Detegované súbory: 2
C:\Users\USER\AppData\Local\Temp\msimg32.dll (Trojan.0Access) -> Žiadna úloha nevykonaná.
C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection\System Progressive Protection.lnk (Rogue.SystemProgressiveProtection) -> Žiadna úloha nevykonaná.
(koniec)
teraz uz nic nevyskakuje, este cistim Hitmanom, za par minut hodim log z tade a znova z RSIT
Rkill 2.4.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 11/05/2012 04:26:13 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]
Backup Registry file created at:
C:\Users\USER\Desktop\rkill\rkill-11-05-2012-04-26-14.reg
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!
* HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!
Performing miscellaneous checks:
* ALERT: ZEROACCESS rootkit symptoms found!
* HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32 [ZA Reg Hijack]
* HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 [ZA Reg Hijack]
* C:\$Recycle.Bin\S-1-5-18\$f5563b963f713291444e502b47833427\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-18\$f5563b963f713291444e502b47833427\@ [ZA File]
* C:\$Recycle.Bin\S-1-5-18\$f5563b963f713291444e502b47833427\L\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-18\$f5563b963f713291444e502b47833427\U\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-259793603-2597556968-308381179-1000\$f5563b963f713291444e502b47833427\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-259793603-2597556968-308381179-1000\$f5563b963f713291444e502b47833427\@ [ZA File]
* C:\$Recycle.Bin\S-1-5-21-259793603-2597556968-308381179-1000\$f5563b963f713291444e502b47833427\L\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-21-259793603-2597556968-308381179-1000\$f5563b963f713291444e502b47833427\U\ [ZA Dir]
Checking Windows Service Integrity:
* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Automatic
* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)
* Ovládač overenia brány Windows Firewall (mpsdrv) is not Running.
Startup Type set to: Manual
* iphlpsvc [Missing Service]
* MpsSvc [Missing Service]
* WinDefend [Missing Service]
* wscsvc [Missing Service]
* SharedAccess [Missing ImagePath]
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* No issues found.
Program finished at: 11/05/2012 04:26:29 PM
Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)
a tu je log z mbam
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Verzia databázy: v2012.11.05.04
Windows 7 Service Pack 1 x64 NTFS (Núdzoví režim/Sieť)
Internet Explorer 9.0.8112.16421
USER :: TIBOR [administrátor]
5. 11. 2012 16:27:31
mbam-log-2012-11-05 (16-31-56).txt
Typ kontroly: Rýchla kontrola
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 235272
Uplynutý čas: 3 min, 22 sek
Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)
Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)
Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)
Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)
Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)
Detegované priečinky: 1
C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection (Rogue.SystemProgressiveProtection) -> Žiadna úloha nevykonaná.
Detegované súbory: 2
C:\Users\USER\AppData\Local\Temp\msimg32.dll (Trojan.0Access) -> Žiadna úloha nevykonaná.
C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection\System Progressive Protection.lnk (Rogue.SystemProgressiveProtection) -> Žiadna úloha nevykonaná.
(koniec)
teraz uz nic nevyskakuje, este cistim Hitmanom, za par minut hodim log z tade a znova z RSIT
Re: Zavireny PC - System Progressive Protection
Dodelejte Hitmana, novy RSIT zatim nechci Uz needitujte, jelikoz to nevidim jako novy prispevek Sam pak zadne dalsi utility uz nespoustejte a jen mi napiste. mate tak pekne silnou mrchu"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Zavireny PC - System Progressive Protection
Hitman:
Kód: Vybrat vše
HitmanPro 3.6.2.173
www.hitmanpro.com
Computer name . . . . : TIBOR
Windows . . . . . . . : 6.1.1.7601.X64/2
User name . . . . . . : TIBOR\USER
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2012-11-05 16:37:40
Scan mode . . . . . . : Normal
Scan duration . . . . : 9m 22s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 4
Objects scanned . . . : 1 330 801
Files scanned . . . . : 91 722
Remnants scanned . . : 323 587 files / 915 492 keys
Cookies _____________________________________________________________________
C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
C:\Users\USER\AppData\Roaming\Microsoft\Windows\Cookies\2CT73WNK.txt
Re: Zavireny PC - System Progressive Protection
Fajn, takze jdeme dale, uz prosim jen aplikujte co budu psat Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe
- Kliknete na volbu Change parametrs
- V okne Additional Option zakliknete vsechny moznosti
- Kliknete na OK
- Utilite prikazte, at skenuje - klik na Start Scan
- Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
- Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
- Pokud mate vsude Skip, kliknete na Continue
- Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Zavireny PC - System Progressive Protection
nech sa paci, log:
16:51:02.0807 3620 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:51:02.0941 3620 ============================================================
16:51:02.0941 3620 Current date / time: 2012/11/05 16:51:02.0941
16:51:02.0941 3620 SystemInfo:
16:51:02.0941 3620
16:51:02.0941 3620 OS Version: 6.1.7601 ServicePack: 1.0
16:51:02.0941 3620 Product type: Workstation
16:51:02.0942 3620 ComputerName: TIBOR
16:51:02.0942 3620 UserName: USER
16:51:02.0942 3620 Windows directory: C:\Windows
16:51:02.0942 3620 System windows directory: C:\Windows
16:51:02.0942 3620 Running under WOW64
16:51:02.0942 3620 Processor architecture: Intel x64
16:51:02.0942 3620 Number of processors: 2
16:51:02.0942 3620 Page size: 0x1000
16:51:02.0942 3620 Boot type: Normal boot
16:51:02.0942 3620 ============================================================
16:51:04.0108 3620 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:51:04.0113 3620 Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:51:04.0132 3620 ============================================================
16:51:04.0132 3620 \Device\Harddisk0\DR0:
16:51:04.0132 3620 MBR partitions:
16:51:04.0132 3620 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800
16:51:04.0132 3620 \Device\Harddisk1\DR1:
16:51:04.0133 3620 MBR partitions:
16:51:04.0133 3620 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:51:04.0133 3620 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x94DC800
16:51:04.0133 3620 ============================================================
16:51:04.0160 3620 C: <-> \Device\Harddisk1\DR1\Partition2
16:51:04.0186 3620 D: <-> \Device\Harddisk0\DR0\Partition1
16:51:04.0186 3620 ============================================================
16:51:04.0186 3620 Initialize success
16:51:04.0186 3620 ============================================================
16:51:16.0346 3636 ============================================================
16:51:16.0346 3636 Scan started
16:51:16.0346 3636 Mode: Manual; SigCheck; TDLFS;
16:51:16.0346 3636 ============================================================
16:51:16.0973 3636 ================ Scan system memory ========================
16:51:16.0973 3636 System memory - ok
16:51:16.0974 3636 ================ Scan services =============================
16:51:17.0118 3636 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:51:17.0234 3636 1394ohci - ok
16:51:17.0277 3636 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:51:17.0298 3636 ACPI - ok
16:51:17.0331 3636 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:51:17.0424 3636 AcpiPmi - ok
16:51:17.0593 3636 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:51:17.0609 3636 AdobeFlashPlayerUpdateSvc - ok
16:51:17.0645 3636 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:51:17.0709 3636 adp94xx - ok
16:51:17.0722 3636 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:51:17.0770 3636 adpahci - ok
16:51:17.0791 3636 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:51:17.0808 3636 adpu320 - ok
16:51:17.0830 3636 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:51:17.0947 3636 AeLookupSvc - ok
16:51:18.0007 3636 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:51:18.0089 3636 AFD - ok
16:51:18.0134 3636 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:51:18.0170 3636 agp440 - ok
16:51:18.0190 3636 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:51:18.0245 3636 ALG - ok
16:51:18.0264 3636 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:51:18.0295 3636 aliide - ok
16:51:18.0304 3636 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:51:18.0332 3636 amdide - ok
16:51:18.0361 3636 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:51:18.0430 3636 AmdK8 - ok
16:51:18.0436 3636 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:51:18.0525 3636 AmdPPM - ok
16:51:18.0569 3636 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:51:18.0617 3636 amdsata - ok
16:51:18.0655 3636 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:51:18.0686 3636 amdsbs - ok
16:51:18.0703 3636 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:51:18.0730 3636 amdxata - ok
16:51:18.0751 3636 Angelnt - ok
16:51:18.0793 3636 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:51:18.0969 3636 AppID - ok
16:51:18.0996 3636 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:51:19.0048 3636 AppIDSvc - ok
16:51:19.0095 3636 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:51:19.0136 3636 Appinfo - ok
16:51:19.0176 3636 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
16:51:19.0220 3636 AppMgmt - ok
16:51:19.0251 3636 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
16:51:19.0280 3636 arc - ok
16:51:19.0285 3636 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:51:19.0299 3636 arcsas - ok
16:51:19.0325 3636 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:51:19.0370 3636 AsyncMac - ok
16:51:19.0400 3636 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:51:19.0412 3636 atapi - ok
16:51:19.0467 3636 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:51:19.0533 3636 AudioEndpointBuilder - ok
16:51:19.0554 3636 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:51:19.0592 3636 AudioSrv - ok
16:51:19.0635 3636 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:51:19.0715 3636 AxInstSV - ok
16:51:19.0758 3636 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
16:51:19.0812 3636 b06bdrv - ok
16:51:19.0850 3636 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:51:19.0909 3636 b57nd60a - ok
16:51:19.0944 3636 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:51:19.0990 3636 BDESVC - ok
16:51:20.0020 3636 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:51:20.0077 3636 Beep - ok
16:51:20.0144 3636 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:51:20.0210 3636 BFE - ok
16:51:20.0265 3636 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
16:51:20.0347 3636 BITS - ok
16:51:20.0379 3636 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:51:20.0415 3636 blbdrive - ok
16:51:20.0452 3636 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:51:20.0533 3636 bowser - ok
16:51:20.0562 3636 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:51:20.0626 3636 BrFiltLo - ok
16:51:20.0630 3636 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:51:20.0649 3636 BrFiltUp - ok
16:51:20.0682 3636 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:51:20.0715 3636 Browser - ok
16:51:20.0731 3636 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:51:20.0792 3636 Brserid - ok
16:51:20.0797 3636 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:51:20.0841 3636 BrSerWdm - ok
16:51:20.0845 3636 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:51:20.0906 3636 BrUsbMdm - ok
16:51:20.0910 3636 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:51:20.0945 3636 BrUsbSer - ok
16:51:20.0952 3636 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:51:20.0992 3636 BTHMODEM - ok
16:51:21.0020 3636 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:51:21.0068 3636 bthserv - ok
16:51:21.0095 3636 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:51:21.0145 3636 cdfs - ok
16:51:21.0190 3636 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:51:21.0238 3636 cdrom - ok
16:51:21.0291 3636 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:51:21.0343 3636 CertPropSvc - ok
16:51:21.0364 3636 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:51:21.0393 3636 circlass - ok
16:51:21.0420 3636 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:51:21.0500 3636 CLFS - ok
16:51:21.0539 3636 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:51:21.0549 3636 clr_optimization_v2.0.50727_32 - ok
16:51:21.0595 3636 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:51:21.0608 3636 clr_optimization_v2.0.50727_64 - ok
16:51:21.0665 3636 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:51:21.0677 3636 clr_optimization_v4.0.30319_32 - ok
16:51:21.0701 3636 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:51:21.0711 3636 clr_optimization_v4.0.30319_64 - ok
16:51:21.0741 3636 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:51:21.0778 3636 CmBatt - ok
16:51:21.0803 3636 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:51:21.0840 3636 cmdide - ok
16:51:21.0882 3636 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
16:51:21.0936 3636 CNG - ok
16:51:21.0955 3636 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:51:21.0980 3636 Compbatt - ok
16:51:22.0001 3636 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:51:22.0028 3636 CompositeBus - ok
16:51:22.0041 3636 COMSysApp - ok
16:51:22.0046 3636 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:51:22.0060 3636 crcdisk - ok
16:51:22.0107 3636 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:51:22.0168 3636 CryptSvc - ok
16:51:22.0214 3636 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
16:51:22.0274 3636 CSC - ok
16:51:22.0316 3636 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
16:51:22.0367 3636 CscService - ok
16:51:22.0414 3636 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:51:22.0470 3636 DcomLaunch - ok
16:51:22.0507 3636 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:51:22.0566 3636 defragsvc - ok
16:51:22.0614 3636 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:51:22.0665 3636 DfsC - ok
16:51:22.0711 3636 [ 2D589A2C024B2FB238535DB9F7B3597D ] DgiVecp C:\Windows\system32\Drivers\DgiVecp.sys
16:51:22.0744 3636 DgiVecp - ok
16:51:22.0791 3636 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:51:22.0846 3636 Dhcp - ok
16:51:22.0877 3636 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:51:22.0963 3636 discache - ok
16:51:22.0999 3636 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:51:23.0032 3636 Disk - ok
16:51:23.0066 3636 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:51:23.0109 3636 Dnscache - ok
16:51:23.0146 3636 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:51:23.0201 3636 dot3svc - ok
16:51:23.0236 3636 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:51:23.0279 3636 DPS - ok
16:51:23.0305 3636 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:51:23.0349 3636 drmkaud - ok
16:51:23.0397 3636 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:51:23.0441 3636 DXGKrnl - ok
16:51:23.0480 3636 [ 416A2007878ED1D6FC5DDDB9E1F6DB3E ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys
16:51:23.0510 3636 e1express - ok
16:51:23.0556 3636 [ 72A1AA3C6C79B928D02A6FAD387B1349 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
16:51:23.0567 3636 eamonm - ok
16:51:23.0589 3636 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:51:23.0640 3636 EapHost - ok
16:51:23.0725 3636 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
16:51:23.0875 3636 ebdrv - ok
16:51:23.0900 3636 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:51:23.0954 3636 EFS - ok
16:51:23.0985 3636 [ E99457900012B53B2226F146ECAF9136 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
16:51:23.0996 3636 ehdrv - ok
16:51:24.0059 3636 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:51:24.0110 3636 ehRecvr - ok
16:51:24.0132 3636 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:51:24.0166 3636 ehSched - ok
16:51:24.0231 3636 [ A18464CF1F1EF4B898EB5B31AD8A0956 ] EhttpSrv C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
16:51:24.0241 3636 EhttpSrv - ok
16:51:24.0293 3636 [ 672F6D4AA61A8F5615A4A5D9387890ED ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
16:51:24.0317 3636 ekrn - ok
16:51:24.0366 3636 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:51:24.0396 3636 elxstor - ok
16:51:24.0423 3636 [ A2AF094DCBE8BFF7E898D327750506A0 ] epfwwfpr C:\Windows\system32\DRIVERS\epfwwfpr.sys
16:51:24.0449 3636 epfwwfpr - ok
16:51:24.0481 3636 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:51:24.0516 3636 ErrDev - ok
16:51:24.0555 3636 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:51:24.0607 3636 EventSystem - ok
16:51:24.0623 3636 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:51:24.0695 3636 exfat - ok
16:51:24.0715 3636 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:51:24.0782 3636 fastfat - ok
16:51:24.0833 3636 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:51:24.0895 3636 Fax - ok
16:51:24.0915 3636 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:51:24.0969 3636 fdc - ok
16:51:24.0983 3636 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:51:25.0017 3636 fdPHost - ok
16:51:25.0025 3636 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:51:25.0078 3636 FDResPub - ok
16:51:25.0095 3636 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:51:25.0125 3636 FileInfo - ok
16:51:25.0143 3636 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:51:25.0225 3636 Filetrace - ok
16:51:25.0247 3636 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:51:25.0260 3636 flpydisk - ok
16:51:25.0301 3636 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:51:25.0356 3636 FltMgr - ok
16:51:25.0414 3636 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
16:51:25.0531 3636 FontCache - ok
16:51:25.0596 3636 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:51:25.0610 3636 FontCache3.0.0.0 - ok
16:51:25.0635 3636 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:51:25.0664 3636 FsDepends - ok
16:51:25.0701 3636 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:51:25.0729 3636 Fs_Rec - ok
16:51:25.0786 3636 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:51:25.0895 3636 fvevol - ok
16:51:25.0918 3636 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:51:25.0986 3636 gagp30kx - ok
16:51:26.0031 3636 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:51:26.0094 3636 gpsvc - ok
16:51:26.0111 3636 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:51:26.0140 3636 hcw85cir - ok
16:51:26.0203 3636 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:51:26.0241 3636 HdAudAddService - ok
16:51:26.0273 3636 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:51:26.0296 3636 HDAudBus - ok
16:51:26.0310 3636 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:51:26.0366 3636 HidBatt - ok
16:51:26.0388 3636 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:51:26.0433 3636 HidBth - ok
16:51:26.0450 3636 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:51:26.0500 3636 HidIr - ok
16:51:26.0521 3636 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
16:51:26.0559 3636 hidserv - ok
16:51:26.0611 3636 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:51:26.0644 3636 HidUsb - ok
16:51:26.0675 3636 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:51:26.0724 3636 hkmsvc - ok
16:51:26.0759 3636 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:51:26.0820 3636 HomeGroupListener - ok
16:51:26.0855 3636 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:51:26.0883 3636 HomeGroupProvider - ok
16:51:26.0927 3636 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:51:26.0942 3636 HpSAMD - ok
16:51:27.0002 3636 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:51:27.0075 3636 HTTP - ok
16:51:27.0107 3636 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:51:27.0135 3636 hwpolicy - ok
16:51:27.0192 3636 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:51:27.0221 3636 i8042prt - ok
16:51:27.0277 3636 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:51:27.0316 3636 iaStorV - ok
16:51:27.0378 3636 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:51:27.0417 3636 idsvc - ok
16:51:27.0580 3636 [ 24CC43ECDEEFD4C19FBBEE4951B647F1 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
16:51:27.0704 3636 igfx - ok
16:51:27.0734 3636 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:51:27.0749 3636 iirsp - ok
16:51:27.0791 3636 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:51:27.0867 3636 IKEEXT - ok
16:51:27.0887 3636 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:51:27.0899 3636 intelide - ok
16:51:27.0920 3636 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:51:27.0945 3636 intelppm - ok
16:51:27.0969 3636 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:51:28.0020 3636 IPBusEnum - ok
16:51:28.0050 3636 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:51:28.0102 3636 IpFilterDriver - ok
16:51:28.0137 3636 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:51:28.0169 3636 IPMIDRV - ok
16:51:28.0190 3636 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:51:28.0275 3636 IPNAT - ok
16:51:28.0302 3636 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:51:28.0363 3636 IRENUM - ok
16:51:28.0405 3636 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:51:28.0436 3636 isapnp - ok
16:51:28.0472 3636 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:51:28.0509 3636 iScsiPrt - ok
16:51:28.0532 3636 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:51:28.0545 3636 kbdclass - ok
16:51:28.0581 3636 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:51:28.0605 3636 kbdhid - ok
16:51:28.0625 3636 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:51:28.0636 3636 KeyIso - ok
16:51:28.0674 3636 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:51:28.0691 3636 KSecDD - ok
16:51:28.0721 3636 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:51:28.0739 3636 KSecPkg - ok
16:51:28.0762 3636 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:51:28.0822 3636 ksthunk - ok
16:51:28.0850 3636 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:51:28.0902 3636 KtmRm - ok
16:51:28.0956 3636 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:51:29.0013 3636 LanmanServer - ok
16:51:29.0047 3636 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:51:29.0093 3636 LanmanWorkstation - ok
16:51:29.0126 3636 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:51:29.0190 3636 lltdio - ok
16:51:29.0215 3636 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:51:29.0266 3636 lltdsvc - ok
16:51:29.0279 3636 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:51:29.0313 3636 lmhosts - ok
16:51:29.0348 3636 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:51:29.0377 3636 LSI_FC - ok
16:51:29.0382 3636 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:51:29.0412 3636 LSI_SAS - ok
16:51:29.0416 3636 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:51:29.0446 3636 LSI_SAS2 - ok
16:51:29.0457 3636 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:51:29.0486 3636 LSI_SCSI - ok
16:51:29.0503 3636 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:51:29.0547 3636 luafv - ok
16:51:29.0577 3636 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:51:29.0591 3636 Mcx2Svc - ok
16:51:29.0596 3636 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:51:29.0639 3636 megasas - ok
16:51:29.0661 3636 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:51:29.0698 3636 MegaSR - ok
16:51:29.0716 3636 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:51:29.0780 3636 MMCSS - ok
16:51:29.0799 3636 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:51:29.0840 3636 Modem - ok
16:51:29.0862 3636 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:51:29.0904 3636 monitor - ok
16:51:29.0924 3636 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:51:29.0938 3636 mouclass - ok
16:51:29.0964 3636 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:51:29.0993 3636 mouhid - ok
16:51:30.0028 3636 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:51:30.0060 3636 mountmgr - ok
16:51:30.0100 3636 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:51:30.0153 3636 mpio - ok
16:51:30.0168 3636 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:51:30.0223 3636 mpsdrv - ok
16:51:30.0256 3636 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:51:30.0289 3636 MRxDAV - ok
16:51:30.0321 3636 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:51:30.0356 3636 mrxsmb - ok
16:51:30.0397 3636 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:51:30.0475 3636 mrxsmb10 - ok
16:51:30.0497 3636 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:51:30.0552 3636 mrxsmb20 - ok
16:51:30.0600 3636 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:51:30.0631 3636 msahci - ok
16:51:30.0664 3636 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:51:30.0694 3636 msdsm - ok
16:51:30.0711 3636 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:51:30.0740 3636 MSDTC - ok
16:51:30.0781 3636 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:51:30.0818 3636 Msfs - ok
16:51:30.0831 3636 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:51:30.0881 3636 mshidkmdf - ok
16:51:30.0908 3636 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:51:30.0935 3636 msisadrv - ok
16:51:30.0976 3636 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:51:31.0024 3636 MSiSCSI - ok
16:51:31.0028 3636 msiserver - ok
16:51:31.0048 3636 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:51:31.0091 3636 MSKSSRV - ok
16:51:31.0110 3636 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:51:31.0146 3636 MSPCLOCK - ok
16:51:31.0162 3636 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:51:31.0218 3636 MSPQM - ok
16:51:31.0260 3636 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:51:31.0282 3636 MsRPC - ok
16:51:31.0295 3636 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:51:31.0308 3636 mssmbios - ok
16:51:31.0318 3636 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:51:31.0363 3636 MSTEE - ok
16:51:31.0375 3636 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:51:31.0393 3636 MTConfig - ok
16:51:31.0414 3636 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:51:31.0442 3636 Mup - ok
16:51:31.0484 3636 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:51:31.0541 3636 napagent - ok
16:51:31.0584 3636 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:51:31.0650 3636 NativeWifiP - ok
16:51:31.0716 3636 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:51:31.0743 3636 NDIS - ok
16:51:31.0760 3636 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:51:31.0816 3636 NdisCap - ok
16:51:31.0838 3636 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:51:31.0883 3636 NdisTapi - ok
16:51:31.0925 3636 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:51:31.0969 3636 Ndisuio - ok
16:51:31.0999 3636 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:51:32.0068 3636 NdisWan - ok
16:51:32.0097 3636 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:51:32.0160 3636 NDProxy - ok
16:51:32.0188 3636 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:51:32.0246 3636 NetBIOS - ok
16:51:32.0288 3636 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:51:32.0352 3636 NetBT - ok
16:51:32.0366 3636 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:51:32.0378 3636 Netlogon - ok
16:51:32.0414 3636 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:51:32.0486 3636 Netman - ok
16:51:32.0528 3636 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:51:32.0582 3636 netprofm - ok
16:51:32.0623 3636 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:51:32.0633 3636 NetTcpPortSharing - ok
16:51:32.0712 3636 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:51:32.0779 3636 nfrd960 - ok
16:51:32.0821 3636 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:51:32.0872 3636 NlaSvc - ok
16:51:32.0889 3636 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:51:32.0952 3636 Npfs - ok
16:51:32.0977 3636 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:51:33.0039 3636 nsi - ok
16:51:33.0055 3636 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:51:33.0114 3636 nsiproxy - ok
16:51:33.0185 3636 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:51:33.0240 3636 Ntfs - ok
16:51:33.0257 3636 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:51:33.0318 3636 Null - ok
16:51:33.0614 3636 [ E55CAB397F77D5208DB18A78B1B7C0D5 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:51:34.0044 3636 nvlddmkm - ok
16:51:34.0067 3636 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:51:34.0097 3636 nvraid - ok
16:51:34.0133 3636 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:51:34.0182 3636 nvstor - ok
16:51:34.0223 3636 [ 43BC8151893AE6AFE42E149D663C2221 ] nvsvc C:\Windows\system32\nvvsvc.exe
16:51:34.0235 3636 nvsvc - ok
16:51:34.0250 3636 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:51:34.0280 3636 nv_agp - ok
16:51:34.0308 3636 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:51:34.0351 3636 ohci1394 - ok
16:51:34.0381 3636 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:51:34.0426 3636 p2pimsvc - ok
16:51:34.0458 3636 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:51:34.0481 3636 p2psvc - ok
16:51:34.0508 3636 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:51:34.0538 3636 Parport - ok
16:51:34.0571 3636 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:51:34.0600 3636 partmgr - ok
16:51:34.0614 3636 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:51:34.0642 3636 PcaSvc - ok
16:51:34.0656 3636 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:51:34.0669 3636 pci - ok
16:51:34.0702 3636 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:51:34.0733 3636 pciide - ok
16:51:34.0748 3636 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:51:34.0781 3636 pcmcia - ok
16:51:34.0795 3636 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:51:34.0824 3636 pcw - ok
16:51:34.0851 3636 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:51:34.0928 3636 PEAUTH - ok
16:51:34.0971 3636 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
16:51:35.0040 3636 PeerDistSvc - ok
16:51:35.0095 3636 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:51:35.0123 3636 PerfHost - ok
16:51:35.0182 3636 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:51:35.0284 3636 pla - ok
16:51:35.0333 3636 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:51:35.0389 3636 PlugPlay - ok
16:51:35.0416 3636 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:51:35.0440 3636 PNRPAutoReg - ok
16:51:35.0457 3636 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:51:35.0471 3636 PNRPsvc - ok
16:51:35.0504 3636 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:51:35.0553 3636 PolicyAgent - ok
16:51:35.0578 3636 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:51:35.0619 3636 Power - ok
16:51:35.0663 3636 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:51:35.0747 3636 PptpMiniport - ok
16:51:35.0759 3636 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:51:35.0799 3636 Processor - ok
16:51:35.0841 3636 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:51:35.0889 3636 ProfSvc - ok
16:51:35.0899 3636 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:51:35.0913 3636 ProtectedStorage - ok
16:51:35.0960 3636 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:51:36.0002 3636 Psched - ok
16:51:36.0057 3636 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:51:36.0123 3636 ql2300 - ok
16:51:36.0137 3636 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:51:36.0153 3636 ql40xx - ok
16:51:36.0191 3636 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:51:36.0224 3636 QWAVE - ok
16:51:36.0249 3636 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:51:36.0305 3636 QWAVEdrv - ok
16:51:36.0316 3636 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:51:36.0389 3636 RasAcd - ok
16:51:36.0439 3636 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:51:36.0473 3636 RasAgileVpn - ok
16:51:36.0488 3636 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:51:36.0533 3636 RasAuto - ok
16:51:36.0561 3636 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:51:36.0638 3636 Rasl2tp - ok
16:51:36.0668 3636 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:51:36.0708 3636 RasMan - ok
16:51:36.0752 3636 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:51:36.0804 3636 RasPppoe - ok
16:51:36.0833 3636 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:51:36.0893 3636 RasSstp - ok
16:51:36.0926 3636 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:51:36.0977 3636 rdbss - ok
16:51:36.0988 3636 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:51:37.0041 3636 rdpbus - ok
16:51:37.0054 3636 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:51:37.0101 3636 RDPCDD - ok
16:51:37.0133 3636 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
16:51:37.0162 3636 RDPDR - ok
16:51:37.0179 3636 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:51:37.0227 3636 RDPENCDD - ok
16:51:37.0267 3636 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:51:37.0311 3636 RDPREFMP - ok
16:51:37.0341 3636 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:51:37.0398 3636 RDPWD - ok
16:51:37.0445 3636 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:51:37.0462 3636 rdyboost - ok
16:51:37.0493 3636 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:51:37.0535 3636 RemoteAccess - ok
16:51:37.0570 3636 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:51:37.0624 3636 RemoteRegistry - ok
16:51:37.0635 3636 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:51:37.0687 3636 RpcEptMapper - ok
16:51:37.0712 3636 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:51:37.0742 3636 RpcLocator - ok
16:51:37.0795 3636 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:51:37.0836 3636 RpcSs - ok
16:51:37.0863 3636 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:51:37.0914 3636 rspndr - ok
16:51:37.0941 3636 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
16:51:37.0983 3636 s3cap - ok
16:51:37.0999 3636 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:51:38.0011 3636 SamSs - ok
16:51:38.0086 3636 [ 90AFEDD698D05E0798EC11A4C55DA13D ] Samsung Network Fax Server C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe
16:51:38.0101 3636 Samsung Network Fax Server ( UnsignedFile.Multi.Generic ) - warning
16:51:38.0101 3636 Samsung Network Fax Server - detected UnsignedFile.Multi.Generic (1)
16:51:38.0135 3636 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:51:38.0165 3636 sbp2port - ok
16:51:38.0202 3636 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:51:38.0251 3636 SCardSvr - ok
16:51:38.0279 3636 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:51:38.0336 3636 scfilter - ok
16:51:38.0389 3636 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:51:38.0465 3636 Schedule - ok
16:51:38.0498 3636 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:51:38.0530 3636 SCPolicySvc - ok
16:51:38.0556 3636 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:51:38.0599 3636 SDRSVC - ok
16:51:38.0628 3636 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:51:38.0678 3636 secdrv - ok
16:51:38.0711 3636 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:51:38.0744 3636 seclogon - ok
16:51:38.0773 3636 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
16:51:38.0807 3636 SENS - ok
16:51:38.0830 3636 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:51:38.0853 3636 SensrSvc - ok
16:51:38.0867 3636 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:51:38.0904 3636 Serenum - ok
16:51:38.0920 3636 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:51:39.0004 3636 Serial - ok
16:51:39.0040 3636 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:51:39.0068 3636 sermouse - ok
16:51:39.0102 3636 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:51:39.0148 3636 SessionEnv - ok
16:51:39.0184 3636 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:51:39.0224 3636 sffdisk - ok
16:51:39.0242 3636 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:51:39.0283 3636 sffp_mmc - ok
16:51:39.0299 3636 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:51:39.0322 3636 sffp_sd - ok
16:51:39.0335 3636 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:51:39.0364 3636 sfloppy - ok
16:51:39.0403 3636 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:51:39.0442 3636 ShellHWDetection - ok
16:51:39.0468 3636 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:51:39.0512 3636 SiSRaid2 - ok
16:51:39.0517 3636 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:51:39.0545 3636 SiSRaid4 - ok
16:51:39.0562 3636 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:51:39.0612 3636 Smb - ok
16:51:39.0649 3636 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:51:39.0674 3636 SNMPTRAP - ok
16:51:39.0721 3636 [ 4945020BC094C322571184A6E8056B3A ] SolidWorks Licensing Service C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
16:51:39.0738 3636 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - warning
16:51:39.0738 3636 SolidWorks Licensing Service - detected UnsignedFile.Multi.Generic (1)
16:51:39.0825 3636 [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
16:51:39.0834 3636 Sony PC Companion - ok
16:51:39.0846 3636 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:51:39.0878 3636 spldr - ok
16:51:39.0915 3636 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:51:39.0967 3636 Spooler - ok
16:51:40.0068 3636 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:51:40.0209 3636 sppsvc - ok
16:51:40.0231 3636 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:51:40.0283 3636 sppuinotify - ok
16:51:40.0322 3636 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:51:40.0407 3636 srv - ok
16:51:40.0447 3636 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:51:40.0492 3636 srv2 - ok
16:51:40.0504 3636 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:51:40.0532 3636 srvnet - ok
16:51:40.0565 3636 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:51:40.0615 3636 SSDPSRV - ok
16:51:40.0641 3636 [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
16:51:40.0651 3636 SSPORT - ok
16:51:40.0668 3636 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:51:40.0704 3636 SstpSvc - ok
16:51:40.0724 3636 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:51:40.0737 3636 stexstor - ok
16:51:40.0787 3636 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:51:40.0830 3636 stisvc - ok
16:51:40.0863 3636 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
16:51:40.0878 3636 storflt - ok
16:51:40.0896 3636 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
16:51:40.0933 3636 StorSvc - ok
16:51:40.0965 3636 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
16:51:40.0998 3636 storvsc - ok
16:51:41.0029 3636 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
16:51:41.0062 3636 swenum - ok
16:51:41.0084 3636 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:51:41.0166 3636 swprv - ok
16:51:41.0230 3636 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:51:41.0318 3636 SysMain - ok
16:51:41.0347 3636 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:51:41.0378 3636 TabletInputService - ok
16:51:41.0424 3636 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:51:41.0478 3636 TapiSrv - ok
16:51:41.0501 3636 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:51:41.0548 3636 TBS - ok
16:51:41.0620 3636 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:51:41.0659 3636 Tcpip - ok
16:51:41.0719 3636 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:51:41.0760 3636 TCPIP6 - ok
16:51:41.0796 3636 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:51:41.0849 3636 tcpipreg - ok
16:51:41.0881 3636 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:51:41.0922 3636 TDPIPE - ok
16:51:41.0952 3636 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:51:41.0979 3636 TDTCP - ok
16:51:42.0010 3636 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:51:42.0069 3636 tdx - ok
16:51:42.0082 3636 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:51:42.0110 3636 TermDD - ok
16:51:42.0149 3636 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:51:42.0198 3636 TermService - ok
16:51:42.0222 3636 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:51:42.0239 3636 Themes - ok
16:51:42.0249 3636 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:51:42.0283 3636 THREADORDER - ok
16:51:42.0297 3636 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:51:42.0333 3636 TrkWks - ok
16:51:42.0393 3636 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:51:42.0445 3636 TrustedInstaller - ok
16:51:42.0477 3636 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:51:42.0526 3636 tssecsrv - ok
16:51:42.0566 3636 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:51:42.0637 3636 TsUsbFlt - ok
16:51:42.0681 3636 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:51:42.0750 3636 tunnel - ok
16:51:42.0785 3636 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:51:42.0814 3636 uagp35 - ok
16:51:42.0912 3636 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:51:43.0082 3636 udfs - ok
16:51:43.0122 3636 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:51:43.0138 3636 UI0Detect - ok
16:51:43.0152 3636 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:51:43.0184 3636 uliagpkx - ok
16:51:43.0223 3636 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
16:51:43.0260 3636 umbus - ok
16:51:43.0271 3636 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:51:43.0301 3636 UmPass - ok
16:51:43.0320 3636 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
16:51:43.0347 3636 UmRdpService - ok
16:51:43.0369 3636 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:51:43.0426 3636 upnphost - ok
16:51:43.0458 3636 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:51:43.0503 3636 usbccgp - ok
16:51:43.0547 3636 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:51:43.0567 3636 usbcir - ok
16:51:43.0582 3636 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:51:43.0619 3636 usbehci - ok
16:51:43.0649 3636 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:51:43.0738 3636 usbhub - ok
16:51:43.0767 3636 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:51:43.0815 3636 usbohci - ok
16:51:43.0848 3636 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:51:43.0888 3636 usbprint - ok
16:51:43.0908 3636 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:51:43.0979 3636 USBSTOR - ok
16:51:44.0009 3636 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:51:44.0045 3636 usbuhci - ok
16:51:44.0066 3636 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:51:44.0104 3636 UxSms - ok
16:51:44.0115 3636 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:51:44.0127 3636 VaultSvc - ok
16:51:44.0178 3636 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:51:44.0226 3636 vdrvroot - ok
16:51:44.0271 3636 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:51:44.0326 3636 vds - ok
16:51:44.0355 3636 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:51:44.0371 3636 vga - ok
16:51:44.0385 3636 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:51:44.0446 3636 VgaSave - ok
16:51:44.0480 3636 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:51:44.0517 3636 vhdmp - ok
16:51:44.0544 3636 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:51:44.0572 3636 viaide - ok
16:51:44.0605 3636 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
16:51:44.0676 3636 vmbus - ok
16:51:44.0708 3636 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
16:51:44.0753 3636 VMBusHID - ok
16:51:44.0784 3636 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:51:44.0828 3636 volmgr - ok
16:51:44.0866 3636 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:51:44.0889 3636 volmgrx - ok
16:51:44.0903 3636 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:51:44.0949 3636 volsnap - ok
16:51:44.0972 3636 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:51:45.0003 3636 vsmraid - ok
16:51:45.0068 3636 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:51:45.0166 3636 VSS - ok
16:51:45.0177 3636 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
16:51:45.0217 3636 vwifibus - ok
16:51:45.0248 3636 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:51:45.0300 3636 W32Time - ok
16:51:45.0308 3636 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:51:45.0337 3636 WacomPen - ok
16:51:45.0383 3636 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:51:45.0445 3636 WANARP - ok
16:51:45.0477 3636 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:51:45.0513 3636 Wanarpv6 - ok
16:51:45.0573 3636 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:51:45.0619 3636 WatAdminSvc - ok
16:51:45.0684 3636 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:51:45.0758 3636 wbengine - ok
16:51:45.0785 3636 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:51:45.0806 3636 WbioSrvc - ok
16:51:45.0838 3636 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:51:45.0861 3636 wcncsvc - ok
16:51:45.0874 3636 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:51:45.0902 3636 WcsPlugInService - ok
16:51:45.0919 3636 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:51:45.0932 3636 Wd - ok
16:51:45.0954 3636 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:51:45.0985 3636 Wdf01000 - ok
16:51:46.0018 3636 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:51:46.0421 3636 WdiServiceHost - ok
16:51:46.0439 3636 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:51:46.0458 3636 WdiSystemHost - ok
16:51:46.0508 3636 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:51:46.0538 3636 WebClient - ok
16:51:46.0567 3636 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:51:46.0624 3636 Wecsvc - ok
16:51:46.0656 3636 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:51:46.0690 3636 wercplsupport - ok
16:51:46.0720 3636 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:51:46.0766 3636 WerSvc - ok
16:51:46.0801 3636 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:51:46.0849 3636 WfpLwf - ok
16:51:46.0863 3636 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:51:46.0890 3636 WIMMount - ok
16:51:46.0897 3636 WinHttpAutoProxySvc - ok
16:51:46.0949 3636 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:51:46.0992 3636 Winmgmt - ok
16:51:47.0063 3636 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:51:47.0186 3636 WinRM - ok
16:51:47.0249 3636 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:51:47.0293 3636 WinUsb - ok
16:51:47.0344 3636 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:51:47.0395 3636 Wlansvc - ok
16:51:47.0553 3636 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:51:47.0596 3636 wlidsvc - ok
16:51:47.0628 3636 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:51:47.0662 3636 WmiAcpi - ok
16:51:47.0693 3636 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:51:47.0719 3636 wmiApSrv - ok
16:51:47.0752 3636 WMPNetworkSvc - ok
16:51:47.0774 3636 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:51:47.0797 3636 WPCSvc - ok
16:51:47.0829 3636 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:51:47.0859 3636 WPDBusEnum - ok
16:51:47.0879 3636 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:51:47.0936 3636 ws2ifsl - ok
16:51:47.0940 3636 WSearch - ok
16:51:48.0025 3636 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:51:48.0105 3636 wuauserv - ok
16:51:48.0142 3636 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:51:48.0255 3636 WudfPf - ok
16:51:48.0283 3636 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:51:48.0340 3636 WUDFRd - ok
16:51:48.0375 3636 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:51:48.0410 3636 wudfsvc - ok
16:51:48.0442 3636 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:51:48.0471 3636 WwanSvc - ok
16:51:48.0475 3636 ================ Scan global ===============================
16:51:48.0497 3636 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:51:48.0538 3636 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
16:51:48.0554 3636 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
16:51:48.0582 3636 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:51:48.0612 3636 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:51:48.0636 3636 [Global] - ok
16:51:48.0637 3636 ================ Scan MBR ==================================
16:51:48.0639 3636 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
16:51:48.0690 3636 \Device\Harddisk0\DR0 - ok
16:51:48.0701 3636 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
16:51:48.0895 3636 \Device\Harddisk1\DR1 - ok
16:51:48.0895 3636 ================ Scan VBR ==================================
16:51:48.0898 3636 [ 27FBAB60B913802AA10A4E27CDC89811 ] \Device\Harddisk0\DR0\Partition1
16:51:48.0901 3636 \Device\Harddisk0\DR0\Partition1 - ok
16:51:48.0904 3636 [ C52B5B805E8B9CAC0AF61A6FA47E5BBB ] \Device\Harddisk1\DR1\Partition1
16:51:48.0905 3636 \Device\Harddisk1\DR1\Partition1 - ok
16:51:48.0935 3636 [ A71EFC39C82A7BD29EC3CC64CF4C1887 ] \Device\Harddisk1\DR1\Partition2
16:51:48.0936 3636 \Device\Harddisk1\DR1\Partition2 - ok
16:51:48.0937 3636 ============================================================
16:51:48.0937 3636 Scan finished
16:51:48.0937 3636 ============================================================
16:51:48.0945 3260 Detected object count: 2
16:51:48.0945 3260 Actual detected object count: 2
16:51:57.0630 3260 Samsung Network Fax Server ( UnsignedFile.Multi.Generic ) - skipped by user
16:51:57.0630 3260 Samsung Network Fax Server ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:51:57.0632 3260 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:51:57.0632 3260 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:51:02.0807 3620 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:51:02.0941 3620 ============================================================
16:51:02.0941 3620 Current date / time: 2012/11/05 16:51:02.0941
16:51:02.0941 3620 SystemInfo:
16:51:02.0941 3620
16:51:02.0941 3620 OS Version: 6.1.7601 ServicePack: 1.0
16:51:02.0941 3620 Product type: Workstation
16:51:02.0942 3620 ComputerName: TIBOR
16:51:02.0942 3620 UserName: USER
16:51:02.0942 3620 Windows directory: C:\Windows
16:51:02.0942 3620 System windows directory: C:\Windows
16:51:02.0942 3620 Running under WOW64
16:51:02.0942 3620 Processor architecture: Intel x64
16:51:02.0942 3620 Number of processors: 2
16:51:02.0942 3620 Page size: 0x1000
16:51:02.0942 3620 Boot type: Normal boot
16:51:02.0942 3620 ============================================================
16:51:04.0108 3620 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:51:04.0113 3620 Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:51:04.0132 3620 ============================================================
16:51:04.0132 3620 \Device\Harddisk0\DR0:
16:51:04.0132 3620 MBR partitions:
16:51:04.0132 3620 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800
16:51:04.0132 3620 \Device\Harddisk1\DR1:
16:51:04.0133 3620 MBR partitions:
16:51:04.0133 3620 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:51:04.0133 3620 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x94DC800
16:51:04.0133 3620 ============================================================
16:51:04.0160 3620 C: <-> \Device\Harddisk1\DR1\Partition2
16:51:04.0186 3620 D: <-> \Device\Harddisk0\DR0\Partition1
16:51:04.0186 3620 ============================================================
16:51:04.0186 3620 Initialize success
16:51:04.0186 3620 ============================================================
16:51:16.0346 3636 ============================================================
16:51:16.0346 3636 Scan started
16:51:16.0346 3636 Mode: Manual; SigCheck; TDLFS;
16:51:16.0346 3636 ============================================================
16:51:16.0973 3636 ================ Scan system memory ========================
16:51:16.0973 3636 System memory - ok
16:51:16.0974 3636 ================ Scan services =============================
16:51:17.0118 3636 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:51:17.0234 3636 1394ohci - ok
16:51:17.0277 3636 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:51:17.0298 3636 ACPI - ok
16:51:17.0331 3636 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:51:17.0424 3636 AcpiPmi - ok
16:51:17.0593 3636 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:51:17.0609 3636 AdobeFlashPlayerUpdateSvc - ok
16:51:17.0645 3636 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:51:17.0709 3636 adp94xx - ok
16:51:17.0722 3636 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:51:17.0770 3636 adpahci - ok
16:51:17.0791 3636 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:51:17.0808 3636 adpu320 - ok
16:51:17.0830 3636 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:51:17.0947 3636 AeLookupSvc - ok
16:51:18.0007 3636 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:51:18.0089 3636 AFD - ok
16:51:18.0134 3636 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:51:18.0170 3636 agp440 - ok
16:51:18.0190 3636 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:51:18.0245 3636 ALG - ok
16:51:18.0264 3636 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:51:18.0295 3636 aliide - ok
16:51:18.0304 3636 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:51:18.0332 3636 amdide - ok
16:51:18.0361 3636 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:51:18.0430 3636 AmdK8 - ok
16:51:18.0436 3636 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:51:18.0525 3636 AmdPPM - ok
16:51:18.0569 3636 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:51:18.0617 3636 amdsata - ok
16:51:18.0655 3636 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:51:18.0686 3636 amdsbs - ok
16:51:18.0703 3636 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:51:18.0730 3636 amdxata - ok
16:51:18.0751 3636 Angelnt - ok
16:51:18.0793 3636 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:51:18.0969 3636 AppID - ok
16:51:18.0996 3636 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:51:19.0048 3636 AppIDSvc - ok
16:51:19.0095 3636 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:51:19.0136 3636 Appinfo - ok
16:51:19.0176 3636 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
16:51:19.0220 3636 AppMgmt - ok
16:51:19.0251 3636 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
16:51:19.0280 3636 arc - ok
16:51:19.0285 3636 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:51:19.0299 3636 arcsas - ok
16:51:19.0325 3636 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:51:19.0370 3636 AsyncMac - ok
16:51:19.0400 3636 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:51:19.0412 3636 atapi - ok
16:51:19.0467 3636 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:51:19.0533 3636 AudioEndpointBuilder - ok
16:51:19.0554 3636 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:51:19.0592 3636 AudioSrv - ok
16:51:19.0635 3636 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:51:19.0715 3636 AxInstSV - ok
16:51:19.0758 3636 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
16:51:19.0812 3636 b06bdrv - ok
16:51:19.0850 3636 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:51:19.0909 3636 b57nd60a - ok
16:51:19.0944 3636 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:51:19.0990 3636 BDESVC - ok
16:51:20.0020 3636 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:51:20.0077 3636 Beep - ok
16:51:20.0144 3636 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:51:20.0210 3636 BFE - ok
16:51:20.0265 3636 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
16:51:20.0347 3636 BITS - ok
16:51:20.0379 3636 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:51:20.0415 3636 blbdrive - ok
16:51:20.0452 3636 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:51:20.0533 3636 bowser - ok
16:51:20.0562 3636 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:51:20.0626 3636 BrFiltLo - ok
16:51:20.0630 3636 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:51:20.0649 3636 BrFiltUp - ok
16:51:20.0682 3636 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:51:20.0715 3636 Browser - ok
16:51:20.0731 3636 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:51:20.0792 3636 Brserid - ok
16:51:20.0797 3636 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:51:20.0841 3636 BrSerWdm - ok
16:51:20.0845 3636 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:51:20.0906 3636 BrUsbMdm - ok
16:51:20.0910 3636 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:51:20.0945 3636 BrUsbSer - ok
16:51:20.0952 3636 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:51:20.0992 3636 BTHMODEM - ok
16:51:21.0020 3636 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:51:21.0068 3636 bthserv - ok
16:51:21.0095 3636 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:51:21.0145 3636 cdfs - ok
16:51:21.0190 3636 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:51:21.0238 3636 cdrom - ok
16:51:21.0291 3636 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:51:21.0343 3636 CertPropSvc - ok
16:51:21.0364 3636 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:51:21.0393 3636 circlass - ok
16:51:21.0420 3636 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:51:21.0500 3636 CLFS - ok
16:51:21.0539 3636 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:51:21.0549 3636 clr_optimization_v2.0.50727_32 - ok
16:51:21.0595 3636 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:51:21.0608 3636 clr_optimization_v2.0.50727_64 - ok
16:51:21.0665 3636 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:51:21.0677 3636 clr_optimization_v4.0.30319_32 - ok
16:51:21.0701 3636 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:51:21.0711 3636 clr_optimization_v4.0.30319_64 - ok
16:51:21.0741 3636 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:51:21.0778 3636 CmBatt - ok
16:51:21.0803 3636 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:51:21.0840 3636 cmdide - ok
16:51:21.0882 3636 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
16:51:21.0936 3636 CNG - ok
16:51:21.0955 3636 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:51:21.0980 3636 Compbatt - ok
16:51:22.0001 3636 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:51:22.0028 3636 CompositeBus - ok
16:51:22.0041 3636 COMSysApp - ok
16:51:22.0046 3636 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:51:22.0060 3636 crcdisk - ok
16:51:22.0107 3636 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:51:22.0168 3636 CryptSvc - ok
16:51:22.0214 3636 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
16:51:22.0274 3636 CSC - ok
16:51:22.0316 3636 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
16:51:22.0367 3636 CscService - ok
16:51:22.0414 3636 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:51:22.0470 3636 DcomLaunch - ok
16:51:22.0507 3636 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:51:22.0566 3636 defragsvc - ok
16:51:22.0614 3636 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:51:22.0665 3636 DfsC - ok
16:51:22.0711 3636 [ 2D589A2C024B2FB238535DB9F7B3597D ] DgiVecp C:\Windows\system32\Drivers\DgiVecp.sys
16:51:22.0744 3636 DgiVecp - ok
16:51:22.0791 3636 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:51:22.0846 3636 Dhcp - ok
16:51:22.0877 3636 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:51:22.0963 3636 discache - ok
16:51:22.0999 3636 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:51:23.0032 3636 Disk - ok
16:51:23.0066 3636 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:51:23.0109 3636 Dnscache - ok
16:51:23.0146 3636 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:51:23.0201 3636 dot3svc - ok
16:51:23.0236 3636 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:51:23.0279 3636 DPS - ok
16:51:23.0305 3636 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:51:23.0349 3636 drmkaud - ok
16:51:23.0397 3636 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:51:23.0441 3636 DXGKrnl - ok
16:51:23.0480 3636 [ 416A2007878ED1D6FC5DDDB9E1F6DB3E ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys
16:51:23.0510 3636 e1express - ok
16:51:23.0556 3636 [ 72A1AA3C6C79B928D02A6FAD387B1349 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
16:51:23.0567 3636 eamonm - ok
16:51:23.0589 3636 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:51:23.0640 3636 EapHost - ok
16:51:23.0725 3636 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
16:51:23.0875 3636 ebdrv - ok
16:51:23.0900 3636 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:51:23.0954 3636 EFS - ok
16:51:23.0985 3636 [ E99457900012B53B2226F146ECAF9136 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
16:51:23.0996 3636 ehdrv - ok
16:51:24.0059 3636 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:51:24.0110 3636 ehRecvr - ok
16:51:24.0132 3636 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:51:24.0166 3636 ehSched - ok
16:51:24.0231 3636 [ A18464CF1F1EF4B898EB5B31AD8A0956 ] EhttpSrv C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
16:51:24.0241 3636 EhttpSrv - ok
16:51:24.0293 3636 [ 672F6D4AA61A8F5615A4A5D9387890ED ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
16:51:24.0317 3636 ekrn - ok
16:51:24.0366 3636 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:51:24.0396 3636 elxstor - ok
16:51:24.0423 3636 [ A2AF094DCBE8BFF7E898D327750506A0 ] epfwwfpr C:\Windows\system32\DRIVERS\epfwwfpr.sys
16:51:24.0449 3636 epfwwfpr - ok
16:51:24.0481 3636 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:51:24.0516 3636 ErrDev - ok
16:51:24.0555 3636 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:51:24.0607 3636 EventSystem - ok
16:51:24.0623 3636 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:51:24.0695 3636 exfat - ok
16:51:24.0715 3636 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:51:24.0782 3636 fastfat - ok
16:51:24.0833 3636 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:51:24.0895 3636 Fax - ok
16:51:24.0915 3636 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:51:24.0969 3636 fdc - ok
16:51:24.0983 3636 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:51:25.0017 3636 fdPHost - ok
16:51:25.0025 3636 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:51:25.0078 3636 FDResPub - ok
16:51:25.0095 3636 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:51:25.0125 3636 FileInfo - ok
16:51:25.0143 3636 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:51:25.0225 3636 Filetrace - ok
16:51:25.0247 3636 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:51:25.0260 3636 flpydisk - ok
16:51:25.0301 3636 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:51:25.0356 3636 FltMgr - ok
16:51:25.0414 3636 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
16:51:25.0531 3636 FontCache - ok
16:51:25.0596 3636 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:51:25.0610 3636 FontCache3.0.0.0 - ok
16:51:25.0635 3636 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:51:25.0664 3636 FsDepends - ok
16:51:25.0701 3636 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:51:25.0729 3636 Fs_Rec - ok
16:51:25.0786 3636 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:51:25.0895 3636 fvevol - ok
16:51:25.0918 3636 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:51:25.0986 3636 gagp30kx - ok
16:51:26.0031 3636 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:51:26.0094 3636 gpsvc - ok
16:51:26.0111 3636 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:51:26.0140 3636 hcw85cir - ok
16:51:26.0203 3636 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:51:26.0241 3636 HdAudAddService - ok
16:51:26.0273 3636 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:51:26.0296 3636 HDAudBus - ok
16:51:26.0310 3636 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:51:26.0366 3636 HidBatt - ok
16:51:26.0388 3636 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:51:26.0433 3636 HidBth - ok
16:51:26.0450 3636 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:51:26.0500 3636 HidIr - ok
16:51:26.0521 3636 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
16:51:26.0559 3636 hidserv - ok
16:51:26.0611 3636 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:51:26.0644 3636 HidUsb - ok
16:51:26.0675 3636 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:51:26.0724 3636 hkmsvc - ok
16:51:26.0759 3636 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:51:26.0820 3636 HomeGroupListener - ok
16:51:26.0855 3636 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:51:26.0883 3636 HomeGroupProvider - ok
16:51:26.0927 3636 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:51:26.0942 3636 HpSAMD - ok
16:51:27.0002 3636 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:51:27.0075 3636 HTTP - ok
16:51:27.0107 3636 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:51:27.0135 3636 hwpolicy - ok
16:51:27.0192 3636 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:51:27.0221 3636 i8042prt - ok
16:51:27.0277 3636 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:51:27.0316 3636 iaStorV - ok
16:51:27.0378 3636 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:51:27.0417 3636 idsvc - ok
16:51:27.0580 3636 [ 24CC43ECDEEFD4C19FBBEE4951B647F1 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
16:51:27.0704 3636 igfx - ok
16:51:27.0734 3636 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:51:27.0749 3636 iirsp - ok
16:51:27.0791 3636 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:51:27.0867 3636 IKEEXT - ok
16:51:27.0887 3636 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:51:27.0899 3636 intelide - ok
16:51:27.0920 3636 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:51:27.0945 3636 intelppm - ok
16:51:27.0969 3636 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:51:28.0020 3636 IPBusEnum - ok
16:51:28.0050 3636 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:51:28.0102 3636 IpFilterDriver - ok
16:51:28.0137 3636 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:51:28.0169 3636 IPMIDRV - ok
16:51:28.0190 3636 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:51:28.0275 3636 IPNAT - ok
16:51:28.0302 3636 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:51:28.0363 3636 IRENUM - ok
16:51:28.0405 3636 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:51:28.0436 3636 isapnp - ok
16:51:28.0472 3636 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:51:28.0509 3636 iScsiPrt - ok
16:51:28.0532 3636 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:51:28.0545 3636 kbdclass - ok
16:51:28.0581 3636 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:51:28.0605 3636 kbdhid - ok
16:51:28.0625 3636 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:51:28.0636 3636 KeyIso - ok
16:51:28.0674 3636 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:51:28.0691 3636 KSecDD - ok
16:51:28.0721 3636 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:51:28.0739 3636 KSecPkg - ok
16:51:28.0762 3636 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:51:28.0822 3636 ksthunk - ok
16:51:28.0850 3636 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:51:28.0902 3636 KtmRm - ok
16:51:28.0956 3636 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:51:29.0013 3636 LanmanServer - ok
16:51:29.0047 3636 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:51:29.0093 3636 LanmanWorkstation - ok
16:51:29.0126 3636 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:51:29.0190 3636 lltdio - ok
16:51:29.0215 3636 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:51:29.0266 3636 lltdsvc - ok
16:51:29.0279 3636 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:51:29.0313 3636 lmhosts - ok
16:51:29.0348 3636 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:51:29.0377 3636 LSI_FC - ok
16:51:29.0382 3636 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:51:29.0412 3636 LSI_SAS - ok
16:51:29.0416 3636 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:51:29.0446 3636 LSI_SAS2 - ok
16:51:29.0457 3636 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:51:29.0486 3636 LSI_SCSI - ok
16:51:29.0503 3636 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:51:29.0547 3636 luafv - ok
16:51:29.0577 3636 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:51:29.0591 3636 Mcx2Svc - ok
16:51:29.0596 3636 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:51:29.0639 3636 megasas - ok
16:51:29.0661 3636 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:51:29.0698 3636 MegaSR - ok
16:51:29.0716 3636 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:51:29.0780 3636 MMCSS - ok
16:51:29.0799 3636 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:51:29.0840 3636 Modem - ok
16:51:29.0862 3636 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:51:29.0904 3636 monitor - ok
16:51:29.0924 3636 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:51:29.0938 3636 mouclass - ok
16:51:29.0964 3636 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:51:29.0993 3636 mouhid - ok
16:51:30.0028 3636 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:51:30.0060 3636 mountmgr - ok
16:51:30.0100 3636 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:51:30.0153 3636 mpio - ok
16:51:30.0168 3636 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:51:30.0223 3636 mpsdrv - ok
16:51:30.0256 3636 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:51:30.0289 3636 MRxDAV - ok
16:51:30.0321 3636 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:51:30.0356 3636 mrxsmb - ok
16:51:30.0397 3636 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:51:30.0475 3636 mrxsmb10 - ok
16:51:30.0497 3636 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:51:30.0552 3636 mrxsmb20 - ok
16:51:30.0600 3636 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:51:30.0631 3636 msahci - ok
16:51:30.0664 3636 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:51:30.0694 3636 msdsm - ok
16:51:30.0711 3636 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:51:30.0740 3636 MSDTC - ok
16:51:30.0781 3636 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:51:30.0818 3636 Msfs - ok
16:51:30.0831 3636 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:51:30.0881 3636 mshidkmdf - ok
16:51:30.0908 3636 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:51:30.0935 3636 msisadrv - ok
16:51:30.0976 3636 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:51:31.0024 3636 MSiSCSI - ok
16:51:31.0028 3636 msiserver - ok
16:51:31.0048 3636 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:51:31.0091 3636 MSKSSRV - ok
16:51:31.0110 3636 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:51:31.0146 3636 MSPCLOCK - ok
16:51:31.0162 3636 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:51:31.0218 3636 MSPQM - ok
16:51:31.0260 3636 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:51:31.0282 3636 MsRPC - ok
16:51:31.0295 3636 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:51:31.0308 3636 mssmbios - ok
16:51:31.0318 3636 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:51:31.0363 3636 MSTEE - ok
16:51:31.0375 3636 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:51:31.0393 3636 MTConfig - ok
16:51:31.0414 3636 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:51:31.0442 3636 Mup - ok
16:51:31.0484 3636 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:51:31.0541 3636 napagent - ok
16:51:31.0584 3636 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:51:31.0650 3636 NativeWifiP - ok
16:51:31.0716 3636 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:51:31.0743 3636 NDIS - ok
16:51:31.0760 3636 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:51:31.0816 3636 NdisCap - ok
16:51:31.0838 3636 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:51:31.0883 3636 NdisTapi - ok
16:51:31.0925 3636 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:51:31.0969 3636 Ndisuio - ok
16:51:31.0999 3636 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:51:32.0068 3636 NdisWan - ok
16:51:32.0097 3636 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:51:32.0160 3636 NDProxy - ok
16:51:32.0188 3636 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:51:32.0246 3636 NetBIOS - ok
16:51:32.0288 3636 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:51:32.0352 3636 NetBT - ok
16:51:32.0366 3636 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:51:32.0378 3636 Netlogon - ok
16:51:32.0414 3636 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:51:32.0486 3636 Netman - ok
16:51:32.0528 3636 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:51:32.0582 3636 netprofm - ok
16:51:32.0623 3636 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:51:32.0633 3636 NetTcpPortSharing - ok
16:51:32.0712 3636 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:51:32.0779 3636 nfrd960 - ok
16:51:32.0821 3636 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:51:32.0872 3636 NlaSvc - ok
16:51:32.0889 3636 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:51:32.0952 3636 Npfs - ok
16:51:32.0977 3636 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:51:33.0039 3636 nsi - ok
16:51:33.0055 3636 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:51:33.0114 3636 nsiproxy - ok
16:51:33.0185 3636 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:51:33.0240 3636 Ntfs - ok
16:51:33.0257 3636 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:51:33.0318 3636 Null - ok
16:51:33.0614 3636 [ E55CAB397F77D5208DB18A78B1B7C0D5 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:51:34.0044 3636 nvlddmkm - ok
16:51:34.0067 3636 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:51:34.0097 3636 nvraid - ok
16:51:34.0133 3636 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:51:34.0182 3636 nvstor - ok
16:51:34.0223 3636 [ 43BC8151893AE6AFE42E149D663C2221 ] nvsvc C:\Windows\system32\nvvsvc.exe
16:51:34.0235 3636 nvsvc - ok
16:51:34.0250 3636 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:51:34.0280 3636 nv_agp - ok
16:51:34.0308 3636 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:51:34.0351 3636 ohci1394 - ok
16:51:34.0381 3636 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:51:34.0426 3636 p2pimsvc - ok
16:51:34.0458 3636 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:51:34.0481 3636 p2psvc - ok
16:51:34.0508 3636 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:51:34.0538 3636 Parport - ok
16:51:34.0571 3636 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:51:34.0600 3636 partmgr - ok
16:51:34.0614 3636 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:51:34.0642 3636 PcaSvc - ok
16:51:34.0656 3636 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:51:34.0669 3636 pci - ok
16:51:34.0702 3636 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:51:34.0733 3636 pciide - ok
16:51:34.0748 3636 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:51:34.0781 3636 pcmcia - ok
16:51:34.0795 3636 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:51:34.0824 3636 pcw - ok
16:51:34.0851 3636 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:51:34.0928 3636 PEAUTH - ok
16:51:34.0971 3636 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
16:51:35.0040 3636 PeerDistSvc - ok
16:51:35.0095 3636 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:51:35.0123 3636 PerfHost - ok
16:51:35.0182 3636 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:51:35.0284 3636 pla - ok
16:51:35.0333 3636 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:51:35.0389 3636 PlugPlay - ok
16:51:35.0416 3636 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:51:35.0440 3636 PNRPAutoReg - ok
16:51:35.0457 3636 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:51:35.0471 3636 PNRPsvc - ok
16:51:35.0504 3636 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:51:35.0553 3636 PolicyAgent - ok
16:51:35.0578 3636 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:51:35.0619 3636 Power - ok
16:51:35.0663 3636 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:51:35.0747 3636 PptpMiniport - ok
16:51:35.0759 3636 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:51:35.0799 3636 Processor - ok
16:51:35.0841 3636 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:51:35.0889 3636 ProfSvc - ok
16:51:35.0899 3636 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:51:35.0913 3636 ProtectedStorage - ok
16:51:35.0960 3636 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:51:36.0002 3636 Psched - ok
16:51:36.0057 3636 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:51:36.0123 3636 ql2300 - ok
16:51:36.0137 3636 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:51:36.0153 3636 ql40xx - ok
16:51:36.0191 3636 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:51:36.0224 3636 QWAVE - ok
16:51:36.0249 3636 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:51:36.0305 3636 QWAVEdrv - ok
16:51:36.0316 3636 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:51:36.0389 3636 RasAcd - ok
16:51:36.0439 3636 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:51:36.0473 3636 RasAgileVpn - ok
16:51:36.0488 3636 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:51:36.0533 3636 RasAuto - ok
16:51:36.0561 3636 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:51:36.0638 3636 Rasl2tp - ok
16:51:36.0668 3636 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:51:36.0708 3636 RasMan - ok
16:51:36.0752 3636 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:51:36.0804 3636 RasPppoe - ok
16:51:36.0833 3636 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:51:36.0893 3636 RasSstp - ok
16:51:36.0926 3636 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:51:36.0977 3636 rdbss - ok
16:51:36.0988 3636 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:51:37.0041 3636 rdpbus - ok
16:51:37.0054 3636 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:51:37.0101 3636 RDPCDD - ok
16:51:37.0133 3636 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
16:51:37.0162 3636 RDPDR - ok
16:51:37.0179 3636 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:51:37.0227 3636 RDPENCDD - ok
16:51:37.0267 3636 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:51:37.0311 3636 RDPREFMP - ok
16:51:37.0341 3636 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:51:37.0398 3636 RDPWD - ok
16:51:37.0445 3636 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:51:37.0462 3636 rdyboost - ok
16:51:37.0493 3636 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:51:37.0535 3636 RemoteAccess - ok
16:51:37.0570 3636 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:51:37.0624 3636 RemoteRegistry - ok
16:51:37.0635 3636 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:51:37.0687 3636 RpcEptMapper - ok
16:51:37.0712 3636 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:51:37.0742 3636 RpcLocator - ok
16:51:37.0795 3636 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:51:37.0836 3636 RpcSs - ok
16:51:37.0863 3636 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:51:37.0914 3636 rspndr - ok
16:51:37.0941 3636 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
16:51:37.0983 3636 s3cap - ok
16:51:37.0999 3636 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:51:38.0011 3636 SamSs - ok
16:51:38.0086 3636 [ 90AFEDD698D05E0798EC11A4C55DA13D ] Samsung Network Fax Server C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe
16:51:38.0101 3636 Samsung Network Fax Server ( UnsignedFile.Multi.Generic ) - warning
16:51:38.0101 3636 Samsung Network Fax Server - detected UnsignedFile.Multi.Generic (1)
16:51:38.0135 3636 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:51:38.0165 3636 sbp2port - ok
16:51:38.0202 3636 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:51:38.0251 3636 SCardSvr - ok
16:51:38.0279 3636 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:51:38.0336 3636 scfilter - ok
16:51:38.0389 3636 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:51:38.0465 3636 Schedule - ok
16:51:38.0498 3636 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:51:38.0530 3636 SCPolicySvc - ok
16:51:38.0556 3636 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:51:38.0599 3636 SDRSVC - ok
16:51:38.0628 3636 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:51:38.0678 3636 secdrv - ok
16:51:38.0711 3636 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:51:38.0744 3636 seclogon - ok
16:51:38.0773 3636 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
16:51:38.0807 3636 SENS - ok
16:51:38.0830 3636 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:51:38.0853 3636 SensrSvc - ok
16:51:38.0867 3636 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:51:38.0904 3636 Serenum - ok
16:51:38.0920 3636 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:51:39.0004 3636 Serial - ok
16:51:39.0040 3636 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:51:39.0068 3636 sermouse - ok
16:51:39.0102 3636 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:51:39.0148 3636 SessionEnv - ok
16:51:39.0184 3636 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:51:39.0224 3636 sffdisk - ok
16:51:39.0242 3636 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:51:39.0283 3636 sffp_mmc - ok
16:51:39.0299 3636 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:51:39.0322 3636 sffp_sd - ok
16:51:39.0335 3636 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:51:39.0364 3636 sfloppy - ok
16:51:39.0403 3636 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:51:39.0442 3636 ShellHWDetection - ok
16:51:39.0468 3636 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:51:39.0512 3636 SiSRaid2 - ok
16:51:39.0517 3636 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:51:39.0545 3636 SiSRaid4 - ok
16:51:39.0562 3636 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:51:39.0612 3636 Smb - ok
16:51:39.0649 3636 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:51:39.0674 3636 SNMPTRAP - ok
16:51:39.0721 3636 [ 4945020BC094C322571184A6E8056B3A ] SolidWorks Licensing Service C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
16:51:39.0738 3636 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - warning
16:51:39.0738 3636 SolidWorks Licensing Service - detected UnsignedFile.Multi.Generic (1)
16:51:39.0825 3636 [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
16:51:39.0834 3636 Sony PC Companion - ok
16:51:39.0846 3636 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:51:39.0878 3636 spldr - ok
16:51:39.0915 3636 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:51:39.0967 3636 Spooler - ok
16:51:40.0068 3636 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:51:40.0209 3636 sppsvc - ok
16:51:40.0231 3636 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:51:40.0283 3636 sppuinotify - ok
16:51:40.0322 3636 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:51:40.0407 3636 srv - ok
16:51:40.0447 3636 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:51:40.0492 3636 srv2 - ok
16:51:40.0504 3636 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:51:40.0532 3636 srvnet - ok
16:51:40.0565 3636 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:51:40.0615 3636 SSDPSRV - ok
16:51:40.0641 3636 [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
16:51:40.0651 3636 SSPORT - ok
16:51:40.0668 3636 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:51:40.0704 3636 SstpSvc - ok
16:51:40.0724 3636 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:51:40.0737 3636 stexstor - ok
16:51:40.0787 3636 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:51:40.0830 3636 stisvc - ok
16:51:40.0863 3636 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
16:51:40.0878 3636 storflt - ok
16:51:40.0896 3636 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
16:51:40.0933 3636 StorSvc - ok
16:51:40.0965 3636 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
16:51:40.0998 3636 storvsc - ok
16:51:41.0029 3636 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
16:51:41.0062 3636 swenum - ok
16:51:41.0084 3636 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:51:41.0166 3636 swprv - ok
16:51:41.0230 3636 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:51:41.0318 3636 SysMain - ok
16:51:41.0347 3636 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:51:41.0378 3636 TabletInputService - ok
16:51:41.0424 3636 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:51:41.0478 3636 TapiSrv - ok
16:51:41.0501 3636 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:51:41.0548 3636 TBS - ok
16:51:41.0620 3636 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:51:41.0659 3636 Tcpip - ok
16:51:41.0719 3636 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:51:41.0760 3636 TCPIP6 - ok
16:51:41.0796 3636 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:51:41.0849 3636 tcpipreg - ok
16:51:41.0881 3636 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:51:41.0922 3636 TDPIPE - ok
16:51:41.0952 3636 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:51:41.0979 3636 TDTCP - ok
16:51:42.0010 3636 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:51:42.0069 3636 tdx - ok
16:51:42.0082 3636 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:51:42.0110 3636 TermDD - ok
16:51:42.0149 3636 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:51:42.0198 3636 TermService - ok
16:51:42.0222 3636 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:51:42.0239 3636 Themes - ok
16:51:42.0249 3636 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:51:42.0283 3636 THREADORDER - ok
16:51:42.0297 3636 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:51:42.0333 3636 TrkWks - ok
16:51:42.0393 3636 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:51:42.0445 3636 TrustedInstaller - ok
16:51:42.0477 3636 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:51:42.0526 3636 tssecsrv - ok
16:51:42.0566 3636 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:51:42.0637 3636 TsUsbFlt - ok
16:51:42.0681 3636 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:51:42.0750 3636 tunnel - ok
16:51:42.0785 3636 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:51:42.0814 3636 uagp35 - ok
16:51:42.0912 3636 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:51:43.0082 3636 udfs - ok
16:51:43.0122 3636 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:51:43.0138 3636 UI0Detect - ok
16:51:43.0152 3636 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:51:43.0184 3636 uliagpkx - ok
16:51:43.0223 3636 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
16:51:43.0260 3636 umbus - ok
16:51:43.0271 3636 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:51:43.0301 3636 UmPass - ok
16:51:43.0320 3636 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
16:51:43.0347 3636 UmRdpService - ok
16:51:43.0369 3636 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:51:43.0426 3636 upnphost - ok
16:51:43.0458 3636 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:51:43.0503 3636 usbccgp - ok
16:51:43.0547 3636 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:51:43.0567 3636 usbcir - ok
16:51:43.0582 3636 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:51:43.0619 3636 usbehci - ok
16:51:43.0649 3636 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:51:43.0738 3636 usbhub - ok
16:51:43.0767 3636 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:51:43.0815 3636 usbohci - ok
16:51:43.0848 3636 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:51:43.0888 3636 usbprint - ok
16:51:43.0908 3636 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:51:43.0979 3636 USBSTOR - ok
16:51:44.0009 3636 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:51:44.0045 3636 usbuhci - ok
16:51:44.0066 3636 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:51:44.0104 3636 UxSms - ok
16:51:44.0115 3636 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:51:44.0127 3636 VaultSvc - ok
16:51:44.0178 3636 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:51:44.0226 3636 vdrvroot - ok
16:51:44.0271 3636 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:51:44.0326 3636 vds - ok
16:51:44.0355 3636 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:51:44.0371 3636 vga - ok
16:51:44.0385 3636 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:51:44.0446 3636 VgaSave - ok
16:51:44.0480 3636 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:51:44.0517 3636 vhdmp - ok
16:51:44.0544 3636 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:51:44.0572 3636 viaide - ok
16:51:44.0605 3636 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
16:51:44.0676 3636 vmbus - ok
16:51:44.0708 3636 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
16:51:44.0753 3636 VMBusHID - ok
16:51:44.0784 3636 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:51:44.0828 3636 volmgr - ok
16:51:44.0866 3636 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:51:44.0889 3636 volmgrx - ok
16:51:44.0903 3636 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:51:44.0949 3636 volsnap - ok
16:51:44.0972 3636 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:51:45.0003 3636 vsmraid - ok
16:51:45.0068 3636 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:51:45.0166 3636 VSS - ok
16:51:45.0177 3636 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
16:51:45.0217 3636 vwifibus - ok
16:51:45.0248 3636 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:51:45.0300 3636 W32Time - ok
16:51:45.0308 3636 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:51:45.0337 3636 WacomPen - ok
16:51:45.0383 3636 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:51:45.0445 3636 WANARP - ok
16:51:45.0477 3636 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:51:45.0513 3636 Wanarpv6 - ok
16:51:45.0573 3636 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:51:45.0619 3636 WatAdminSvc - ok
16:51:45.0684 3636 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:51:45.0758 3636 wbengine - ok
16:51:45.0785 3636 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:51:45.0806 3636 WbioSrvc - ok
16:51:45.0838 3636 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:51:45.0861 3636 wcncsvc - ok
16:51:45.0874 3636 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:51:45.0902 3636 WcsPlugInService - ok
16:51:45.0919 3636 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:51:45.0932 3636 Wd - ok
16:51:45.0954 3636 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:51:45.0985 3636 Wdf01000 - ok
16:51:46.0018 3636 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:51:46.0421 3636 WdiServiceHost - ok
16:51:46.0439 3636 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:51:46.0458 3636 WdiSystemHost - ok
16:51:46.0508 3636 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:51:46.0538 3636 WebClient - ok
16:51:46.0567 3636 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:51:46.0624 3636 Wecsvc - ok
16:51:46.0656 3636 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:51:46.0690 3636 wercplsupport - ok
16:51:46.0720 3636 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:51:46.0766 3636 WerSvc - ok
16:51:46.0801 3636 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:51:46.0849 3636 WfpLwf - ok
16:51:46.0863 3636 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:51:46.0890 3636 WIMMount - ok
16:51:46.0897 3636 WinHttpAutoProxySvc - ok
16:51:46.0949 3636 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:51:46.0992 3636 Winmgmt - ok
16:51:47.0063 3636 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:51:47.0186 3636 WinRM - ok
16:51:47.0249 3636 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:51:47.0293 3636 WinUsb - ok
16:51:47.0344 3636 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:51:47.0395 3636 Wlansvc - ok
16:51:47.0553 3636 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:51:47.0596 3636 wlidsvc - ok
16:51:47.0628 3636 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:51:47.0662 3636 WmiAcpi - ok
16:51:47.0693 3636 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:51:47.0719 3636 wmiApSrv - ok
16:51:47.0752 3636 WMPNetworkSvc - ok
16:51:47.0774 3636 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:51:47.0797 3636 WPCSvc - ok
16:51:47.0829 3636 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:51:47.0859 3636 WPDBusEnum - ok
16:51:47.0879 3636 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:51:47.0936 3636 ws2ifsl - ok
16:51:47.0940 3636 WSearch - ok
16:51:48.0025 3636 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:51:48.0105 3636 wuauserv - ok
16:51:48.0142 3636 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:51:48.0255 3636 WudfPf - ok
16:51:48.0283 3636 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:51:48.0340 3636 WUDFRd - ok
16:51:48.0375 3636 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:51:48.0410 3636 wudfsvc - ok
16:51:48.0442 3636 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:51:48.0471 3636 WwanSvc - ok
16:51:48.0475 3636 ================ Scan global ===============================
16:51:48.0497 3636 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:51:48.0538 3636 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
16:51:48.0554 3636 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
16:51:48.0582 3636 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:51:48.0612 3636 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:51:48.0636 3636 [Global] - ok
16:51:48.0637 3636 ================ Scan MBR ==================================
16:51:48.0639 3636 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
16:51:48.0690 3636 \Device\Harddisk0\DR0 - ok
16:51:48.0701 3636 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
16:51:48.0895 3636 \Device\Harddisk1\DR1 - ok
16:51:48.0895 3636 ================ Scan VBR ==================================
16:51:48.0898 3636 [ 27FBAB60B913802AA10A4E27CDC89811 ] \Device\Harddisk0\DR0\Partition1
16:51:48.0901 3636 \Device\Harddisk0\DR0\Partition1 - ok
16:51:48.0904 3636 [ C52B5B805E8B9CAC0AF61A6FA47E5BBB ] \Device\Harddisk1\DR1\Partition1
16:51:48.0905 3636 \Device\Harddisk1\DR1\Partition1 - ok
16:51:48.0935 3636 [ A71EFC39C82A7BD29EC3CC64CF4C1887 ] \Device\Harddisk1\DR1\Partition2
16:51:48.0936 3636 \Device\Harddisk1\DR1\Partition2 - ok
16:51:48.0937 3636 ============================================================
16:51:48.0937 3636 Scan finished
16:51:48.0937 3636 ============================================================
16:51:48.0945 3260 Detected object count: 2
16:51:48.0945 3260 Actual detected object count: 2
16:51:57.0630 3260 Samsung Network Fax Server ( UnsignedFile.Multi.Generic ) - skipped by user
16:51:57.0630 3260 Samsung Network Fax Server ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:51:57.0632 3260 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:51:57.0632 3260 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
Re: Zavireny PC - System Progressive Protection
PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Zavireny PC - System Progressive Protection
eset som vypol, aj tak combofix pisal ze je aktivny, ale urcite bol vypnuty
ComboFix 12-11-05.03 - USER . 11. 2012 19:45:11.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.2021.1055 [GMT 1:00]
Running from: c:\users\USER\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Files Created from 2012-10-05 to 2012-11-05 )))))))))))))))))))))))))))))))
.
.
2012-11-05 18:58 . 2012-11-05 18:58 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9C807EB-F93F-4CBF-B136-4C5749FBDB1E}\offreg.dll
2012-11-05 18:52 . 2012-11-05 18:52 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-11-05 18:52 . 2012-11-05 18:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-05 15:37 . 2012-11-05 15:37 -------- d-----w- c:\programdata\HitmanPro
2012-11-05 15:27 . 2012-11-05 15:27 -------- d-----w- c:\users\USER\AppData\Roaming\Malwarebytes
2012-11-05 15:26 . 2012-11-05 15:26 -------- d-----w- c:\programdata\Malwarebytes
2012-11-05 15:26 . 2012-11-05 15:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-05 15:26 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-05 15:11 . 2012-11-05 15:48 -------- d-----w- c:\program files\trend micro
2012-11-05 15:11 . 2012-11-05 15:15 -------- d-----w- C:\rsit
2012-11-05 08:53 . 2012-11-05 15:07 -------- d-----w- c:\programdata\E4381869515235020000E4373435381D
2012-11-05 08:51 . 2012-11-05 08:51 -------- d-----w- c:\users\USER\AppData\Local\ESET
2012-11-02 07:57 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9C807EB-F93F-4CBF-B136-4C5749FBDB1E}\mpengine.dll
2012-10-10 06:08 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 06:08 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 14:44 . 2010-12-07 14:14 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 08:11 . 2012-07-03 05:39 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 08:11 . 2012-07-03 05:39 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-24 11:15 . 2012-09-24 15:12 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-24 15:12 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-24 15:13 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-24 15:13 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-24 15:13 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-24 15:13 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-24 15:13 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-24 15:12 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-24 15:13 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-24 15:12 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-24 15:12 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-24 15:12 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-24 15:13 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-24 15:13 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-24 15:13 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-24 15:13 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-24 15:12 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-24 15:13 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-24 15:13 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-24 15:13 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-24 15:13 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-24 15:13 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 05:50 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 05:50 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 05:50 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 05:50 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 05:44 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 17:38 . 2012-10-10 06:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2012-09-12 445624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2011-07-06 688128]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-12-02 1316248]
"CLX3180_Scan2Pc"="c:\windows\Twain_32\Samsung\CLX3180\Scan2pc.exe" [2011-04-29 1990144]
"3180 Scan2PC"="c:\windows\twain_32\Samsung\CLX3180\Scan2Pc.exe" [2011-04-29 1990144]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
R2 Angelnt;Angelnt;c:\windows\System32\Drivers\ANGELNT.SYS [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-07 1255736]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-09-03 170104]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-11-08 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 126320]
S2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [2011-04-28 229888]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-07-13 11576]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-03 08:11]
.
2012-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-259793603-2597556968-308381179-1000Core.job
- c:\users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-11 06:15]
.
2012-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-259793603-2597556968-308381179-1000UA.job
- c:\users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-11 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-08 2919168]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.sme.sk/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
TCP: Interfaces\{0AC4B240-B84D-45B7-B66F-86A8D85E6A56}: NameServer = 10.0.0.138,195.80.171.4
DPF: {4D21BDFC-A621-4DE6-87DA-7C952D0ADF7E} - hxxp://10.0.0.50/push04.cab
DPF: {8A96EAE5-D262-4226-A517-304C88B53F1F} - hxxp://10.0.0.50/access01.cab
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-05 20:05:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-05 19:05
.
Pre-Run: 35 531 972 608 bytes free
Post-Run: 36 056 866 816 bytes free
.
- - End Of File - - 3B6695E1AB589F43A331E7C308030300
ComboFix 12-11-05.03 - USER . 11. 2012 19:45:11.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.2021.1055 [GMT 1:00]
Running from: c:\users\USER\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Files Created from 2012-10-05 to 2012-11-05 )))))))))))))))))))))))))))))))
.
.
2012-11-05 18:58 . 2012-11-05 18:58 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9C807EB-F93F-4CBF-B136-4C5749FBDB1E}\offreg.dll
2012-11-05 18:52 . 2012-11-05 18:52 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-11-05 18:52 . 2012-11-05 18:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-05 15:37 . 2012-11-05 15:37 -------- d-----w- c:\programdata\HitmanPro
2012-11-05 15:27 . 2012-11-05 15:27 -------- d-----w- c:\users\USER\AppData\Roaming\Malwarebytes
2012-11-05 15:26 . 2012-11-05 15:26 -------- d-----w- c:\programdata\Malwarebytes
2012-11-05 15:26 . 2012-11-05 15:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-05 15:26 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-05 15:11 . 2012-11-05 15:48 -------- d-----w- c:\program files\trend micro
2012-11-05 15:11 . 2012-11-05 15:15 -------- d-----w- C:\rsit
2012-11-05 08:53 . 2012-11-05 15:07 -------- d-----w- c:\programdata\E4381869515235020000E4373435381D
2012-11-05 08:51 . 2012-11-05 08:51 -------- d-----w- c:\users\USER\AppData\Local\ESET
2012-11-02 07:57 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9C807EB-F93F-4CBF-B136-4C5749FBDB1E}\mpengine.dll
2012-10-10 06:08 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 06:08 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 14:44 . 2010-12-07 14:14 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 08:11 . 2012-07-03 05:39 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 08:11 . 2012-07-03 05:39 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-24 11:15 . 2012-09-24 15:12 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-24 15:12 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-24 15:13 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-24 15:13 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-24 15:13 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-24 15:13 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-24 15:13 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-24 15:12 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-24 15:13 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-24 15:12 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-24 15:12 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-24 15:12 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-24 15:13 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-24 15:13 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-24 15:13 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-24 15:13 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-24 15:12 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-24 15:13 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-24 15:13 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-24 15:13 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-24 15:13 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-24 15:13 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 05:50 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 05:50 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 05:50 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 05:50 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 05:44 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 17:38 . 2012-10-10 06:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2012-09-12 445624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2011-07-06 688128]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-12-02 1316248]
"CLX3180_Scan2Pc"="c:\windows\Twain_32\Samsung\CLX3180\Scan2pc.exe" [2011-04-29 1990144]
"3180 Scan2PC"="c:\windows\twain_32\Samsung\CLX3180\Scan2Pc.exe" [2011-04-29 1990144]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
R2 Angelnt;Angelnt;c:\windows\System32\Drivers\ANGELNT.SYS [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-07 1255736]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-09-03 170104]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-11-08 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 126320]
S2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [2011-04-28 229888]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-07-13 11576]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-03 08:11]
.
2012-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-259793603-2597556968-308381179-1000Core.job
- c:\users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-11 06:15]
.
2012-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-259793603-2597556968-308381179-1000UA.job
- c:\users\USER\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-11 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-08 2919168]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.sme.sk/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
TCP: Interfaces\{0AC4B240-B84D-45B7-B66F-86A8D85E6A56}: NameServer = 10.0.0.138,195.80.171.4
DPF: {4D21BDFC-A621-4DE6-87DA-7C952D0ADF7E} - hxxp://10.0.0.50/push04.cab
DPF: {8A96EAE5-D262-4226-A517-304C88B53F1F} - hxxp://10.0.0.50/access01.cab
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-05 20:05:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-05 19:05
.
Pre-Run: 35 531 972 608 bytes free
Post-Run: 36 056 866 816 bytes free
.
- - End Of File - - 3B6695E1AB589F43A331E7C308030300
Re: Zavireny PC - System Progressive Protection
Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
- Ukoncete vsechny programy
- Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
- Pockejte na dokonceni PreScanu
- Zvolte moznost Prohledat (scan)
- Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte
- Detailni postup vc. obrazku mate zde http://forum.viry.cz/viewtopic.php?f=24&t=120452
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Zavireny PC - System Progressive Protection
RogueKiller V8.2.2 [11/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operačný systém: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spustené v : Normálny režim
Užívateľ : USER [Práva Správcu]
Režim : Kontrola -- Dátum : 11/05/2012 22:07:40
¤¤¤ Škodlivé procesy : 0 ¤¤¤
¤¤¤ Záznamy Registrov : 7 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{0AC4B240-B84D-45B7-B66F-86A8D85E6A56} : NameServer (10.0.0.138,195.80.171.4) -> NÁJDENÉ
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{0AC4B240-B84D-45B7-B66F-86A8D85E6A56} : NameServer (10.0.0.138,195.80.171.4) -> NÁJDENÉ
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> NÁJDENÉ
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> NÁJDENÉ
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NÁJDENÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NÁJDENÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NÁJDENÉ
¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤
¤¤¤ Ovládač : [NENAHRATÉ] ¤¤¤
¤¤¤ Súbor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: WDC WD1600JB-00REA0 ATA Device +++++
--- User ---
[MBR] d9d38337847311e6afb7d07953bf75bb
[BSP] 60677cec13ba31e046ccf89b49731127 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: WDC WD800AAJS-00PSA0 ATA Device +++++
--- User ---
[MBR] a7851604c19e7cce0f446de14479ab87
[BSP] 963f4013515b534ebc686210c47ee3f1 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 76217 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončené : << RKreport[1]_S_11052012_02d2207.txt >>
RKreport[1]_S_11052012_02d2207.txt
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operačný systém: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spustené v : Normálny režim
Užívateľ : USER [Práva Správcu]
Režim : Kontrola -- Dátum : 11/05/2012 22:07:40
¤¤¤ Škodlivé procesy : 0 ¤¤¤
¤¤¤ Záznamy Registrov : 7 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{0AC4B240-B84D-45B7-B66F-86A8D85E6A56} : NameServer (10.0.0.138,195.80.171.4) -> NÁJDENÉ
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{0AC4B240-B84D-45B7-B66F-86A8D85E6A56} : NameServer (10.0.0.138,195.80.171.4) -> NÁJDENÉ
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> NÁJDENÉ
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> NÁJDENÉ
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NÁJDENÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NÁJDENÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NÁJDENÉ
¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤
¤¤¤ Ovládač : [NENAHRATÉ] ¤¤¤
¤¤¤ Súbor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: WDC WD1600JB-00REA0 ATA Device +++++
--- User ---
[MBR] d9d38337847311e6afb7d07953bf75bb
[BSP] 60677cec13ba31e046ccf89b49731127 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: WDC WD800AAJS-00PSA0 ATA Device +++++
--- User ---
[MBR] a7851604c19e7cce0f446de14479ab87
[BSP] 963f4013515b534ebc686210c47ee3f1 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 76217 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončené : << RKreport[1]_S_11052012_02d2207.txt >>
RKreport[1]_S_11052012_02d2207.txt
Re: Zavireny PC - System Progressive Protection
Spustte znovu RogueKiller
- Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
- Zvolte moznost Prohledat a pote Smazat a nasledne Zprava - otevre se log, ten sem vlozte
- Pak kliknete na Oprava Host a Zprava - otevre se log, ten sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Zavireny PC - System Progressive Protection
RogueKiller V8.2.2 [11/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operačný systém: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spustené v : Normálny režim
Užívateľ : USER [Práva Správcu]
Režim : Odebrať -- Dátum : 11/06/2012 19:27:46
¤¤¤ Škodlivé procesy : 0 ¤¤¤
¤¤¤ Záznamy Registrov : 6 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{0AC4B240-B84D-45B7-B66F-86A8D85E6A56} : NameServer (10.0.0.138,195.80.171.4) -> NEBOLO ODSTRÁNENÉ, POUŽITE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{0AC4B240-B84D-45B7-B66F-86A8D85E6A56} : NameServer (10.0.0.138,195.80.171.4) -> NEBOLO ODSTRÁNENÉ, POUŽITE DNSFIX
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> VYMAZANÉ
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NAHRADENÉ (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRADENÉ (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRADENÉ (0)
¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤
¤¤¤ Ovládač : [NENAHRATÉ] ¤¤¤
¤¤¤ Súbor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: WDC WD1600JB-00REA0 ATA Device +++++
--- User ---
[MBR] d9d38337847311e6afb7d07953bf75bb
[BSP] 60677cec13ba31e046ccf89b49731127 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: WDC WD800AAJS-00PSA0 ATA Device +++++
--- User ---
[MBR] a7851604c19e7cce0f446de14479ab87
[BSP] 963f4013515b534ebc686210c47ee3f1 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 76217 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončené : << RKreport[3]_D_11062012_02d1927.txt >>
RKreport[1]_S_11052012_02d2207.txt ; RKreport[2]_S_11062012_02d1927.txt ; RKreport[3]_D_11062012_02d1927.txt
Oprava Host
RogueKiller V8.2.2 [11/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operačný systém: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spustené v : Normálny režim
Užívateľ : USER [Práva Správcu]
Režim : Oprava HOSTS -- Dátum : 11/06/2012 19:29:09
¤¤¤ Škodlivé procesy : 0 ¤¤¤
¤¤¤ Záznamy Registrov : 0 ¤¤¤
¤¤¤ Ovládač : [NENAHRATÉ] ¤¤¤
¤¤¤ Súbor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Resetovaný HOSTS: ¤¤¤
Dokončené : << RKreport[5]_H_11062012_02d1929.txt >>
RKreport[1]_S_11052012_02d2207.txt ; RKreport[2]_S_11062012_02d1927.txt ; RKreport[3]_D_11062012_02d1927.txt ; RKreport[4]_S_11062012_02d1928.txt ; RKreport[5]_H_11062012_02d1929.txt
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operačný systém: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spustené v : Normálny režim
Užívateľ : USER [Práva Správcu]
Režim : Odebrať -- Dátum : 11/06/2012 19:27:46
¤¤¤ Škodlivé procesy : 0 ¤¤¤
¤¤¤ Záznamy Registrov : 6 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{0AC4B240-B84D-45B7-B66F-86A8D85E6A56} : NameServer (10.0.0.138,195.80.171.4) -> NEBOLO ODSTRÁNENÉ, POUŽITE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{0AC4B240-B84D-45B7-B66F-86A8D85E6A56} : NameServer (10.0.0.138,195.80.171.4) -> NEBOLO ODSTRÁNENÉ, POUŽITE DNSFIX
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> VYMAZANÉ
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> NAHRADENÉ (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRADENÉ (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRADENÉ (0)
¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤
¤¤¤ Ovládač : [NENAHRATÉ] ¤¤¤
¤¤¤ Súbor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: WDC WD1600JB-00REA0 ATA Device +++++
--- User ---
[MBR] d9d38337847311e6afb7d07953bf75bb
[BSP] 60677cec13ba31e046ccf89b49731127 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: WDC WD800AAJS-00PSA0 ATA Device +++++
--- User ---
[MBR] a7851604c19e7cce0f446de14479ab87
[BSP] 963f4013515b534ebc686210c47ee3f1 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 76217 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončené : << RKreport[3]_D_11062012_02d1927.txt >>
RKreport[1]_S_11052012_02d2207.txt ; RKreport[2]_S_11062012_02d1927.txt ; RKreport[3]_D_11062012_02d1927.txt
Oprava Host
RogueKiller V8.2.2 [11/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operačný systém: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spustené v : Normálny režim
Užívateľ : USER [Práva Správcu]
Režim : Oprava HOSTS -- Dátum : 11/06/2012 19:29:09
¤¤¤ Škodlivé procesy : 0 ¤¤¤
¤¤¤ Záznamy Registrov : 0 ¤¤¤
¤¤¤ Ovládač : [NENAHRATÉ] ¤¤¤
¤¤¤ Súbor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Resetovaný HOSTS: ¤¤¤
Dokončené : << RKreport[5]_H_11062012_02d1929.txt >>
RKreport[1]_S_11052012_02d2207.txt ; RKreport[2]_S_11062012_02d1927.txt ; RKreport[3]_D_11062012_02d1927.txt ; RKreport[4]_S_11062012_02d1928.txt ; RKreport[5]_H_11062012_02d1929.txt
Re: Zavireny PC - System Progressive Protection
Pokud nemate, tak presunte Combofix na plochu
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
KillAll:: Folder:: c:\programdata\E4381869515235020000E4373435381D Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"=- "Adobe ARM"=- "SunJavaUpdateSched"=- File:: c:\windows\Tasks\Adobe Flash Player Updater.job c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-259793603-2597556968-308381179-1000Core.job c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-259793603-2597556968-308381179-1000UA.job RegLock:: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] ClearJavaCache:: Reboot::- Ulozte vytvoreny TXT jako CFScript.txt
- Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
- Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Zavireny PC - System Progressive Protection
ospravedlnujem sa za oneskorenie
ComboFix 12-11-08.01 - USER . 11. 2012 18:22:35.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.2021.1009 [GMT 1:00]
Running from: c:\users\USER\Desktop\ComboFix.exe
Command switches used :: c:\users\USER\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-259793603-2597556968-308381179-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-259793603-2597556968-308381179-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\E4381869515235020000E4373435381D
c:\programdata\E4381869515235020000E4373435381D\E4381869515235020000E4373435381D
c:\programdata\E4381869515235020000E4373435381D\E4381869515235020000E4373435381D.ico
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-259793603-2597556968-308381179-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-259793603-2597556968-308381179-1000UA.job
.
.
((((((((((((((((((((((((( Files Created from 2012-10-09 to 2012-11-09 )))))))))))))))))))))))))))))))
.
.
2012-11-08 17:36 . 2012-11-08 17:36 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B8D3252D-A2C4-43B3-BD74-3A149AF5D64B}\offreg.dll
2012-11-08 17:33 . 2012-11-08 17:33 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-11-08 17:33 . 2012-11-08 17:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-08 17:33 . 2012-11-08 17:33 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-11-06 23:50 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B8D3252D-A2C4-43B3-BD74-3A149AF5D64B}\mpengine.dll
2012-11-05 15:37 . 2012-11-05 15:37 -------- d-----w- c:\programdata\HitmanPro
2012-11-05 15:27 . 2012-11-05 15:27 -------- d-----w- c:\users\USER\AppData\Roaming\Malwarebytes
2012-11-05 15:26 . 2012-11-05 15:26 -------- d-----w- c:\programdata\Malwarebytes
2012-11-05 15:26 . 2012-11-05 15:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-05 15:26 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-05 15:11 . 2012-11-05 15:48 -------- d-----w- c:\program files\trend micro
2012-11-05 15:11 . 2012-11-05 15:15 -------- d-----w- C:\rsit
2012-11-05 08:51 . 2012-11-05 08:51 -------- d-----w- c:\users\USER\AppData\Local\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 14:44 . 2010-12-07 14:14 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 08:11 . 2012-07-03 05:39 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 08:11 . 2012-07-03 05:39 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-14 19:19 . 2012-10-10 06:07 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 06:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-31 18:19 . 2012-10-10 06:08 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-10 06:08 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 06:07 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 06:07 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05 . 2012-10-10 06:07 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-10 06:07 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-24 11:15 . 2012-09-24 15:12 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-24 15:12 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-24 15:13 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-24 15:13 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-24 15:13 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-24 15:13 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-24 15:13 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-24 15:12 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-24 15:13 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-24 15:12 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-24 15:12 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-24 15:12 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-24 15:13 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-24 15:13 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-24 15:13 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-24 15:13 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-24 15:12 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-24 15:13 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-24 15:13 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-24 15:13 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-24 15:13 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-24 15:13 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 05:50 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 05:50 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 05:50 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 05:50 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 05:44 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 18:48 . 2012-10-10 06:07 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-08-20 18:48 . 2012-10-10 06:07 243200 ----a-w- c:\windows\system32\wow64.dll
2012-08-20 18:48 . 2012-10-10 06:07 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-08-20 18:48 . 2012-10-10 06:07 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 18:48 . 2012-10-10 06:07 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-08-20 18:48 . 2012-10-10 06:07 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 18:48 . 2012-10-10 06:07 1162240 ----a-w- c:\windows\system32\kernel32.dll
2012-08-20 18:46 . 2012-10-10 06:07 338432 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 18:38 . 2012-10-10 06:07 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 17:40 . 2012-10-10 06:07 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38 . 2012-10-10 06:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-20 17:38 . 2012-10-10 06:07 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2012-08-20 17:37 . 2012-10-10 06:07 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-08-20 17:37 . 2012-10-10 06:07 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-08-20 17:32 . 2012-10-10 06:07 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:07 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:07 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:07 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:07 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:07 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:07 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:07 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:07 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:07 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:07 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:07 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2012-09-12 445624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2011-07-06 688128]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-12-02 1316248]
"CLX3180_Scan2Pc"="c:\windows\Twain_32\Samsung\CLX3180\Scan2pc.exe" [2011-04-29 1990144]
"3180 Scan2PC"="c:\windows\twain_32\Samsung\CLX3180\Scan2Pc.exe" [2011-04-29 1990144]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
R2 Angelnt;Angelnt;c:\windows\System32\Drivers\ANGELNT.SYS [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-07 1255736]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-09-03 170104]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-11-08 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 126320]
S2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [2011-04-28 229888]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-07-13 11576]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-08 2919168]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.sme.sk/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
TCP: Interfaces\{0AC4B240-B84D-45B7-B66F-86A8D85E6A56}: NameServer = 10.0.0.138,195.80.171.4
DPF: {4D21BDFC-A621-4DE6-87DA-7C952D0ADF7E} - hxxp://10.0.0.50/push04.cab
DPF: {8A96EAE5-D262-4226-A517-304C88B53F1F} - hxxp://10.0.0.50/access01.cab
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2012-11-09 07:29:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-09 06:29
ComboFix2.txt 2012-11-05 19:05
.
Pre-Run: 36 764 573 696 bytes free
Post-Run: 36 455 256 064 bytes free
.
- - End Of File - - 78807EDFA9DFFFEF5C6A61F652CCA7C4
ComboFix 12-11-08.01 - USER . 11. 2012 18:22:35.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.2021.1009 [GMT 1:00]
Running from: c:\users\USER\Desktop\ComboFix.exe
Command switches used :: c:\users\USER\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-259793603-2597556968-308381179-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-259793603-2597556968-308381179-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\E4381869515235020000E4373435381D
c:\programdata\E4381869515235020000E4373435381D\E4381869515235020000E4373435381D
c:\programdata\E4381869515235020000E4373435381D\E4381869515235020000E4373435381D.ico
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-259793603-2597556968-308381179-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-259793603-2597556968-308381179-1000UA.job
.
.
((((((((((((((((((((((((( Files Created from 2012-10-09 to 2012-11-09 )))))))))))))))))))))))))))))))
.
.
2012-11-08 17:36 . 2012-11-08 17:36 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B8D3252D-A2C4-43B3-BD74-3A149AF5D64B}\offreg.dll
2012-11-08 17:33 . 2012-11-08 17:33 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-11-08 17:33 . 2012-11-08 17:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-08 17:33 . 2012-11-08 17:33 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-11-06 23:50 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B8D3252D-A2C4-43B3-BD74-3A149AF5D64B}\mpengine.dll
2012-11-05 15:37 . 2012-11-05 15:37 -------- d-----w- c:\programdata\HitmanPro
2012-11-05 15:27 . 2012-11-05 15:27 -------- d-----w- c:\users\USER\AppData\Roaming\Malwarebytes
2012-11-05 15:26 . 2012-11-05 15:26 -------- d-----w- c:\programdata\Malwarebytes
2012-11-05 15:26 . 2012-11-05 15:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-05 15:26 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-05 15:11 . 2012-11-05 15:48 -------- d-----w- c:\program files\trend micro
2012-11-05 15:11 . 2012-11-05 15:15 -------- d-----w- C:\rsit
2012-11-05 08:51 . 2012-11-05 08:51 -------- d-----w- c:\users\USER\AppData\Local\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 14:44 . 2010-12-07 14:14 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 08:11 . 2012-07-03 05:39 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 08:11 . 2012-07-03 05:39 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-14 19:19 . 2012-10-10 06:07 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 06:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-31 18:19 . 2012-10-10 06:08 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-10 06:08 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 06:07 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 06:07 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05 . 2012-10-10 06:07 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-10 06:07 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-24 11:15 . 2012-09-24 15:12 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-24 15:12 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-24 15:13 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-24 15:13 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-24 15:13 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-24 15:13 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-24 15:13 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-24 15:12 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-24 15:13 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-24 15:12 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-24 15:12 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-24 15:12 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-24 15:13 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-24 15:13 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-24 15:13 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-24 15:13 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-24 15:12 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-24 15:13 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-24 15:13 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-24 15:13 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-24 15:13 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-24 15:13 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 05:50 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 05:50 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 05:50 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 05:50 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 05:44 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 18:48 . 2012-10-10 06:07 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-08-20 18:48 . 2012-10-10 06:07 243200 ----a-w- c:\windows\system32\wow64.dll
2012-08-20 18:48 . 2012-10-10 06:07 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-08-20 18:48 . 2012-10-10 06:07 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 18:48 . 2012-10-10 06:07 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-08-20 18:48 . 2012-10-10 06:07 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 18:48 . 2012-10-10 06:07 1162240 ----a-w- c:\windows\system32\kernel32.dll
2012-08-20 18:46 . 2012-10-10 06:07 338432 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 18:38 . 2012-10-10 06:07 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 17:40 . 2012-10-10 06:07 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38 . 2012-10-10 06:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-20 17:38 . 2012-10-10 06:07 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2012-08-20 17:37 . 2012-10-10 06:07 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-08-20 17:37 . 2012-10-10 06:07 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-08-20 17:32 . 2012-10-10 06:07 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:07 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:07 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:07 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:07 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:07 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:07 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:07 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:07 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:07 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:07 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:07 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:07 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2012-09-12 445624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2011-07-06 688128]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-12-02 1316248]
"CLX3180_Scan2Pc"="c:\windows\Twain_32\Samsung\CLX3180\Scan2pc.exe" [2011-04-29 1990144]
"3180 Scan2PC"="c:\windows\twain_32\Samsung\CLX3180\Scan2Pc.exe" [2011-04-29 1990144]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
R2 Angelnt;Angelnt;c:\windows\System32\Drivers\ANGELNT.SYS [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-07 1255736]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-09-03 170104]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-11-08 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 126320]
S2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [2011-04-28 229888]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-07-13 11576]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-08 2919168]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.sme.sk/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
TCP: Interfaces\{0AC4B240-B84D-45B7-B66F-86A8D85E6A56}: NameServer = 10.0.0.138,195.80.171.4
DPF: {4D21BDFC-A621-4DE6-87DA-7C952D0ADF7E} - hxxp://10.0.0.50/push04.cab
DPF: {8A96EAE5-D262-4226-A517-304C88B53F1F} - hxxp://10.0.0.50/access01.cab
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2012-11-09 07:29:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-09 06:29
ComboFix2.txt 2012-11-05 19:05
.
Pre-Run: 36 764 573 696 bytes free
Post-Run: 36 455 256 064 bytes free
.
- - End Of File - - 78807EDFA9DFFFEF5C6A61F652CCA7C4
Přispějete na provoz fóra?