Již rok a půl mám notebook, bohužel bez antiviru. Bratr odjel do Anglie a od té doby mi ho tam nemá kdo nainstalovat. Bratranec mi poradil toto forum, protože se mi od pátku přestávají fungovat jednotlivé internetové stránky a po přepnutí do režimu spánku se mi odpojí wifi a po nastartování se musí zase znovu připojit. Hlavně se mi nejde připojit k emailu jak na seznamu tak na gmailu, kde mi chodí věci ze školy.
Zde je log z RSIT
Logfile of random's system information tool 1.09 (written by random/random)
Run by Ivuška at 2012-12-02 13:22:00
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 175 GB (57%) free of 305 GB
Total RAM: 1976 MB (53% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:22:04, on 2.12.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\Ivuška\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ivuška\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ivuška\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ivuška\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ivuška\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Ivuška.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Ivuška\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 92.240.237.20 l2authd.lineage2.com # Forbidden Lands Lineage 2 Server
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QipLI - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - (no file)
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Ivuška\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bcool - {E430627F-2CA8-D185-2170-0726586247FF} - C:\ProgramData\Bcool\507c161443358.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [QIP2005] C:\Program Files (x86)\QIP\qip.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ivuška\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8360 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\iPod\bin\iPodService.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Users\Ivuška\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Ivuška\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3052.1.787511013\1243382614" --disable-image-transport-surface --gpu-vendor-id=0x8086 --gpu-device-id=0x2a42 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.1749 --ignored=" --type=renderer " /prefetch:12
"C:\Users\Ivuška\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled_default/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/InstantChannel/Stable/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/17/OneClickSignIn/Standard/Prerender/PrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwndMin16/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-1-Percent/group_35/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/last_accessed_socket/ --extension-process --renderer-print-preview --disable-accelerated-2d-canvas --channel="3052.2.716801638\1088396605" /prefetch:3
"C:\Users\Ivuška\AppData\Local\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="3052.4.270346610\1546931199" --lang=cs --ignored=" --type=renderer " /prefetch:13
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
"C:\Users\Ivuška\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AsyncDns/disabled/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/EnableStage3D/enabled_default/ForceCompositingMode/disable/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/InfiniteCache/No/InstantChannel/Stable/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxSearchSuggest/17/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwndMin16/SpeculativePrefetchingLearning/SpeculativePrefetchingDisabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-1-Percent/group_35/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_19/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/last_accessed_socket/ --renderer-print-preview --disable-accelerated-2d-canvas --channel="3052.6.1583141796\1531112023" /prefetch:3
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
"C:\Users\Ivuška\Downloads\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-388973960-3056124186-2550549774-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-388973960-3056124186-2550549774-1001UA.job
C:\Windows\tasks\OptimizerPro1UpdaterTask{BFFFE492-C24E-49E8-AF4A-0D07166E5C02}.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Ivuška\AppData\Roaming\Mozilla\Firefox\Profiles\wixq9vkd.default
prefs.js - "browser.startup.homepage" - "seznam.cz"
prefs.js - "keyword.URL" - "http://www.questscan.com/?tmp=nemo_resu ... &keywords="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.287 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.287 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{F0E1168A-B4B5-484C-B77E-0D28E6B64096}
C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Users\Ivuška\AppData\Roaming\Mozilla\Firefox\Profiles\wixq9vkd.default\extensions\
507c1614431c3@507c1614431fc.com
{32a1fd71-835e-4b11-8e54-886fda0b4c89}
{ea614400-e918-4741-9a97-7a972ff7c30b}
C:\Users\Ivuška\AppData\Roaming\Mozilla\Firefox\Profiles\wixq9vkd.default\searchplugins\
qip-search.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Users\Ivuška\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2010-06-09 138240]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-08-16 3942048]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E430627F-2CA8-D185-2170-0726586247FF}]
Bcool Class - C:\ProgramData\Bcool\507c161443358.ocx [2012-10-15 129024]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-01-22 2028328]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"QIP2005"=C:\Program Files (x86)\QIP\qip.exe [2010-06-28 3332608]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-01-05 1305408]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
"Google Update"=C:\Users\Ivuška\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-01 116648]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2011-07-05 421888]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2011-08-19 421736]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-12-02 13:22:00 ----D---- C:\rsit
2012-12-02 13:22:00 ----D---- C:\Program Files\trend micro
2012-11-20 16:57:36 ----D---- C:\ProgramData\Microsoft Games
2012-11-19 21:55:49 ----D---- C:\Users\Ivuška\AppData\Roaming\Microsoft Games
2012-11-19 21:46:45 ----D---- C:\Program Files (x86)\Microsoft Games
======List of files/folders modified in the last 1 month======
2012-12-02 13:22:04 ----D---- C:\Windows\Prefetch
2012-12-02 13:22:00 ----RD---- C:\Program Files
2012-12-02 13:07:06 ----D---- C:\Windows\System32
2012-12-02 13:07:06 ----D---- C:\Windows\inf
2012-12-02 13:07:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-12-01 21:54:45 ----D---- C:\Windows\Temp
2012-12-01 17:02:50 ----D---- C:\Program Files (x86)\Lineage II
2012-12-01 14:21:33 ----D---- C:\Program Files (x86)\The KMPlayer
2012-12-01 13:40:04 ----D---- C:\Windows
2012-12-01 12:49:12 ----RD---- C:\Program Files (x86)
2012-12-01 12:44:21 ----D---- C:\Windows\Tasks
2012-12-01 12:44:21 ----D---- C:\Windows\system32\Tasks
2012-12-01 12:43:55 ----D---- C:\ProgramData\Bcool
2012-12-01 11:20:24 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-12-01 10:46:17 ----D---- C:\Windows\Minidump
2012-12-01 10:46:17 ----D---- C:\Windows\debug
2012-11-29 19:30:10 ----D---- C:\Windows\system32\config
2012-11-29 19:17:25 ----SHD---- C:\System Volume Information
2012-11-29 08:20:49 ----D---- C:\Windows\system32\catroot2
2012-11-25 17:03:53 ----D---- C:\Users\Ivuška\AppData\Roaming\Skype
2012-11-20 16:57:36 ----HD---- C:\ProgramData
2012-11-20 15:34:20 ----D---- C:\Program Files (x86)\Google
2012-11-19 17:13:10 ----D---- C:\Windows\system32\NDF
2012-11-18 15:46:17 ----D---- C:\Windows\system32\wdi
2012-11-17 12:21:08 ----SD---- C:\Users\Ivuška\AppData\Roaming\Microsoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-30 254528]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416]
R3 netr28x;Ralink 802.11n – bezdrátový ovladač pro systém Windows Vista; C:\Windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-01-22 305200]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-05-25 37664]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2011-07-12 387944]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-08-19 934760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-21 250808]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-09 136120]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-08-26 1255736]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Pravděpodobně zavirovaný notebook - nefunkční webowé stránky
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
ivadrgacova
- Návštěvník
- Příspěvky: 16
- Registrován: 02 pro 2012 13:16
Re: Pravděpodobně zavirovaný notebook - nefunkční webowé str
Zdravim 
Jak je to s legalitou systemu? Ultimate neni zrovna bezna domaci verze 
A proc si tam nejaky antivir nenainstalujete sama? 
Udelejte !!!uplnou!!! kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce
Jak je to s legalitou systemu? Ultimate neni zrovna bezna domaci verze A proc si tam nejaky antivir nenainstalujete sama? Udelejte !!!uplnou!!! kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekcePokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
-
ivadrgacova
- Návštěvník
- Příspěvky: 16
- Registrován: 02 pro 2012 13:16
Re: Pravděpodobně zavirovaný notebook - nefunkční webowé str
Zdravím také
Windowsi jsou instalované z DVD od matky z práce. Notebook přišel s Linuxem a potřebovala jsem tam windowse a jí to dal jejich ajťák, že se mu to tam válí. Takže by to mělo byt legální.
A abych se přiznala, bála jsem se tam instalovat něco sama.
Log z MBAM dám během večera nebo zítra, vypadá to na dlouho.
Windowsi jsou instalované z DVD od matky z práce. Notebook přišel s Linuxem a potřebovala jsem tam windowse a jí to dal jejich ajťák, že se mu to tam válí. Takže by to mělo byt legální.
A abych se přiznala, bála jsem se tam instalovat něco sama.
Log z MBAM dám během večera nebo zítra, vypadá to na dlouho.
Re: Pravděpodobně zavirovaný notebook - nefunkční webowé str
OK
No ja bych se spis bal pouzivat ho bez zabezpeceni
Jen at to poradne projede, kdyz tam celou dobu antivir nebyl. Pak to docistime
No ja bych se spis bal pouzivat ho bez zabezpeceni
Jen at to poradne projede, kdyz tam celou dobu antivir nebyl. Pak to docistime
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
-
ivadrgacova
- Návštěvník
- Příspěvky: 16
- Registrován: 02 pro 2012 13:16
Re: Pravděpodobně zavirovaný notebook - nefunkční webowé str
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Verze databáze: v2012.12.02.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ivuška :: IVUŠKA-PC [administrátor]
2.12.2012 16:36:00
mbam-log-2012-12-02 (19-11-40).txt
Typ: Úplná kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 324996
Uplynulý čas: 43 minut, 1 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C} (Adware.QuestScan) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\QUESTSCAN (Adware.QuestScan) -> Žádná instrukce nebyla provedena.
Nalezené hodnoty v registru: 1
HKLM\SOFTWARE\QuestScan|DllPath (Adware.QuestScan) -> Data: C:\Program Files (x86)\QuestScan\questscan.dll -> Žádná instrukce nebyla provedena.
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 4
C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096} (Adware.QuestScan) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\chrome (Adware.QuestScan) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\defaults (Adware.QuestScan) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\defaults\preferences (Adware.QuestScan) -> Žádná instrukce nebyla provedena.
Nalezené soubory: 6
C:\Windows\Installer\{b55bd398-fcf2-b496-26bd-cc19c0818866}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Žádná instrukce nebyla provedena.
C:\Windows\Installer\{b55bd398-fcf2-b496-26bd-cc19c0818866}\U\000000cb.@ (Rootkit.0Access) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\chrome.manifest (Adware.QuestScan) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\install.rdf (Adware.QuestScan) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\chrome\questscan.jar (Adware.QuestScan) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\defaults\preferences\prefs.js (Adware.QuestScan) -> Žádná instrukce nebyla provedena.
(konec)
www.malwarebytes.org
Verze databáze: v2012.12.02.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ivuška :: IVUŠKA-PC [administrátor]
2.12.2012 16:36:00
mbam-log-2012-12-02 (19-11-40).txt
Typ: Úplná kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 324996
Uplynulý čas: 43 minut, 1 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C} (Adware.QuestScan) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\QUESTSCAN (Adware.QuestScan) -> Žádná instrukce nebyla provedena.
Nalezené hodnoty v registru: 1
HKLM\SOFTWARE\QuestScan|DllPath (Adware.QuestScan) -> Data: C:\Program Files (x86)\QuestScan\questscan.dll -> Žádná instrukce nebyla provedena.
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 4
C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096} (Adware.QuestScan) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\chrome (Adware.QuestScan) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\defaults (Adware.QuestScan) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\defaults\preferences (Adware.QuestScan) -> Žádná instrukce nebyla provedena.
Nalezené soubory: 6
C:\Windows\Installer\{b55bd398-fcf2-b496-26bd-cc19c0818866}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Žádná instrukce nebyla provedena.
C:\Windows\Installer\{b55bd398-fcf2-b496-26bd-cc19c0818866}\U\000000cb.@ (Rootkit.0Access) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\chrome.manifest (Adware.QuestScan) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\install.rdf (Adware.QuestScan) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\chrome\questscan.jar (Adware.QuestScan) -> Žádná instrukce nebyla provedena.
C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\defaults\preferences\prefs.js (Adware.QuestScan) -> Žádná instrukce nebyla provedena.
(konec)
Re: Pravděpodobně zavirovaný notebook - nefunkční webowé str
Ajajaj, tohle je spatne C:\Windows\Installer\{b55bd398-fcf2-b496-26bd-cc19c0818866}\U\000000cb.@ (Rootkit.0Access)
Tohle je pekny parchant. Bude to delsi a slozitejsi. Co cekat, kdyz byl pc bez ochrany
Snad se nam podari zbavit se ho 
Vsechny nalezy nechte odstranit a rad uvidim log, ktery by mel po restartu pc MBAM ukazat. Chci videt, jestli se mu povedlo odstraneni.
Za chvili uz jdu spat, protoze kolem 2 vstavam do prace. Takze pokracovani zitra.
Tohle je pekny parchant. Bude to delsi a slozitejsi. Co cekat, kdyz byl pc bez ochrany
Snad se nam podari zbavit se ho Vsechny nalezy nechte odstranit a rad uvidim log, ktery by mel po restartu pc MBAM ukazat. Chci videt, jestli se mu povedlo odstraneni.
vyosek píše:
- Kliknete na volbu Change parametrs
- V okne Additional Option zakliknete vsechny moznosti
- Kliknete na OK
- Utilite prikazte, at skenuje - klik na Start Scan
- Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
- Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
- Pokud mate vsude Skip, kliknete na Continue
- Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte
Za chvili uz jdu spat, protoze kolem 2 vstavam do prace. Takze pokracovani zitra.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
-
ivadrgacova
- Návštěvník
- Příspěvky: 16
- Registrován: 02 pro 2012 13:16
Re: Pravděpodobně zavirovaný notebook - nefunkční webowé str
v MBAM jsem vše smazala, ale nevyskočil mi žádný LOG Hledala jsem všude možně i podle návodu na netu, kde měl být podle všeho na C:/ProgramData, ale ve šložce, která tam byla nic nebylo.
Jdu provést úkony v tom killeru.
Hledala jsem všude možně i podle návodu na netu, kde měl být podle všeho na C:/ProgramData, ale ve šložce, která tam byla nic nebylo. Jdu provést úkony v tom killeru.
-
ivadrgacova
- Návštěvník
- Příspěvky: 16
- Registrován: 02 pro 2012 13:16
Re: Pravděpodobně zavirovaný notebook - nefunkční webowé str
19:34:56.0104 3908 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:34:56.0412 3908 ============================================================
19:34:56.0412 3908 Current date / time: 2012/12/03 19:34:56.0412
19:34:56.0413 3908 SystemInfo:
19:34:56.0413 3908
19:34:56.0413 3908 OS Version: 6.1.7601 ServicePack: 1.0
19:34:56.0413 3908 Product type: Workstation
19:34:56.0413 3908 ComputerName: IVUŠKA-PC
19:34:56.0413 3908 UserName: Ivuška
19:34:56.0413 3908 Windows directory: C:\Windows
19:34:56.0413 3908 System windows directory: C:\Windows
19:34:56.0413 3908 Running under WOW64
19:34:56.0413 3908 Processor architecture: Intel x64
19:34:56.0413 3908 Number of processors: 2
19:34:56.0413 3908 Page size: 0x1000
19:34:56.0413 3908 Boot type: Normal boot
19:34:56.0413 3908 ============================================================
19:34:57.0633 3908 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:34:57.0643 3908 ============================================================
19:34:57.0643 3908 \Device\Harddisk0\DR0:
19:34:57.0644 3908 MBR partitions:
19:34:57.0644 3908 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:34:57.0644 3908 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
19:34:57.0644 3908 ============================================================
19:34:57.0671 3908 C: <-> \Device\Harddisk0\DR0\Partition2
19:34:57.0671 3908 ============================================================
19:34:57.0671 3908 Initialize success
19:34:57.0671 3908 ============================================================
19:35:31.0019 2456 ============================================================
19:35:31.0019 2456 Scan started
19:35:31.0019 2456 Mode: Manual; SigCheck; TDLFS;
19:35:31.0019 2456 ============================================================
19:35:31.0937 2456 ================ Scan system memory ========================
19:35:31.0937 2456 System memory - ok
19:35:31.0938 2456 ================ Scan services =============================
19:35:32.0109 2456 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:35:32.0218 2456 1394ohci - ok
19:35:32.0285 2456 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:35:32.0315 2456 ACPI - ok
19:35:32.0365 2456 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:35:32.0454 2456 AcpiPmi - ok
19:35:32.0738 2456 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:35:32.0758 2456 AdobeARMservice - ok
19:35:32.0876 2456 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:35:32.0891 2456 AdobeFlashPlayerUpdateSvc - ok
19:35:32.0951 2456 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:35:32.0977 2456 adp94xx - ok
19:35:33.0011 2456 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:35:33.0031 2456 adpahci - ok
19:35:33.0058 2456 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:35:33.0073 2456 adpu320 - ok
19:35:33.0110 2456 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:35:33.0246 2456 AeLookupSvc - ok
19:35:33.0315 2456 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:35:33.0380 2456 AFD - ok
19:35:33.0431 2456 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
19:35:33.0511 2456 AgereSoftModem - ok
19:35:33.0554 2456 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:35:33.0567 2456 agp440 - ok
19:35:33.0606 2456 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:35:33.0658 2456 ALG - ok
19:35:33.0690 2456 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:35:33.0703 2456 aliide - ok
19:35:33.0715 2456 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:35:33.0733 2456 amdide - ok
19:35:33.0776 2456 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:35:33.0833 2456 AmdK8 - ok
19:35:33.0856 2456 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:35:33.0907 2456 AmdPPM - ok
19:35:33.0985 2456 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:35:34.0002 2456 amdsata - ok
19:35:34.0028 2456 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:35:34.0050 2456 amdsbs - ok
19:35:34.0067 2456 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:35:34.0081 2456 amdxata - ok
19:35:34.0138 2456 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:35:34.0329 2456 AppID - ok
19:35:34.0362 2456 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:35:34.0432 2456 AppIDSvc - ok
19:35:34.0493 2456 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:35:34.0549 2456 Appinfo - ok
19:35:34.0611 2456 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:35:34.0621 2456 Apple Mobile Device - ok
19:35:34.0675 2456 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
19:35:34.0713 2456 AppMgmt - ok
19:35:34.0751 2456 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:35:34.0767 2456 arc - ok
19:35:34.0778 2456 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:35:34.0792 2456 arcsas - ok
19:35:34.0826 2456 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:35:34.0883 2456 AsyncMac - ok
19:35:34.0924 2456 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:35:34.0937 2456 atapi - ok
19:35:34.0989 2456 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:35:35.0063 2456 AudioEndpointBuilder - ok
19:35:35.0079 2456 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:35:35.0121 2456 AudioSrv - ok
19:35:35.0185 2456 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:35:35.0261 2456 AxInstSV - ok
19:35:35.0306 2456 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:35:35.0372 2456 b06bdrv - ok
19:35:35.0420 2456 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:35:35.0464 2456 b57nd60a - ok
19:35:35.0515 2456 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:35:35.0560 2456 BDESVC - ok
19:35:35.0595 2456 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:35:35.0644 2456 Beep - ok
19:35:35.0685 2456 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:35:35.0698 2456 blbdrive - ok
19:35:35.0755 2456 [ 1C87705CCB2F60172B0FC86B5D82F00D ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
19:35:35.0773 2456 Bonjour Service - ok
19:35:35.0823 2456 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:35:35.0863 2456 bowser - ok
19:35:35.0900 2456 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:35:36.0006 2456 BrFiltLo - ok
19:35:36.0024 2456 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:35:36.0040 2456 BrFiltUp - ok
19:35:36.0079 2456 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:35:36.0122 2456 Browser - ok
19:35:36.0159 2456 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:35:36.0199 2456 Brserid - ok
19:35:36.0219 2456 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:35:36.0256 2456 BrSerWdm - ok
19:35:36.0294 2456 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:35:36.0329 2456 BrUsbMdm - ok
19:35:36.0341 2456 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:35:36.0373 2456 BrUsbSer - ok
19:35:36.0425 2456 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
19:35:36.0520 2456 BthEnum - ok
19:35:36.0553 2456 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:35:36.0589 2456 BTHMODEM - ok
19:35:36.0625 2456 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:35:36.0655 2456 BthPan - ok
19:35:36.0709 2456 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
19:35:36.0774 2456 BTHPORT - ok
19:35:36.0830 2456 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:35:36.0881 2456 bthserv - ok
19:35:36.0909 2456 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
19:35:36.0936 2456 BTHUSB - ok
19:35:36.0966 2456 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:35:37.0026 2456 cdfs - ok
19:35:37.0086 2456 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:35:37.0115 2456 cdrom - ok
19:35:37.0175 2456 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:35:37.0233 2456 CertPropSvc - ok
19:35:37.0278 2456 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:35:37.0334 2456 circlass - ok
19:35:37.0376 2456 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:35:37.0396 2456 CLFS - ok
19:35:37.0480 2456 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:35:37.0505 2456 clr_optimization_v2.0.50727_32 - ok
19:35:37.0593 2456 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:35:37.0605 2456 clr_optimization_v2.0.50727_64 - ok
19:35:37.0705 2456 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:35:37.0800 2456 clr_optimization_v4.0.30319_32 - ok
19:35:37.0848 2456 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:35:37.0859 2456 clr_optimization_v4.0.30319_64 - ok
19:35:37.0891 2456 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:35:37.0929 2456 CmBatt - ok
19:35:37.0959 2456 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:35:37.0972 2456 cmdide - ok
19:35:38.0024 2456 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:35:38.0060 2456 CNG - ok
19:35:38.0110 2456 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:35:38.0122 2456 Compbatt - ok
19:35:38.0170 2456 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:35:38.0205 2456 CompositeBus - ok
19:35:38.0222 2456 COMSysApp - ok
19:35:38.0249 2456 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:35:38.0262 2456 crcdisk - ok
19:35:38.0321 2456 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:35:38.0365 2456 CryptSvc - ok
19:35:38.0412 2456 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
19:35:38.0488 2456 CSC - ok
19:35:38.0529 2456 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
19:35:38.0571 2456 CscService - ok
19:35:38.0635 2456 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:35:38.0694 2456 DcomLaunch - ok
19:35:38.0733 2456 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:35:38.0797 2456 defragsvc - ok
19:35:38.0835 2456 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:35:38.0889 2456 DfsC - ok
19:35:38.0965 2456 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:35:39.0058 2456 Dhcp - ok
19:35:39.0096 2456 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:35:39.0148 2456 discache - ok
19:35:39.0190 2456 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:35:39.0204 2456 Disk - ok
19:35:39.0257 2456 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:35:39.0299 2456 Dnscache - ok
19:35:39.0344 2456 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:35:39.0405 2456 dot3svc - ok
19:35:39.0447 2456 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:35:39.0506 2456 DPS - ok
19:35:39.0553 2456 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:35:39.0588 2456 drmkaud - ok
19:35:39.0649 2456 [ 9F98D7AFA293947A0DFC6FFD4671FE70 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:35:39.0678 2456 dtsoftbus01 - ok
19:35:39.0730 2456 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:35:39.0768 2456 DXGKrnl - ok
19:35:39.0818 2456 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:35:39.0892 2456 EapHost - ok
19:35:39.0999 2456 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:35:40.0113 2456 ebdrv - ok
19:35:40.0146 2456 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:35:40.0194 2456 EFS - ok
19:35:40.0269 2456 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:35:40.0340 2456 ehRecvr - ok
19:35:40.0368 2456 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:35:40.0401 2456 ehSched - ok
19:35:40.0445 2456 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:35:40.0470 2456 elxstor - ok
19:35:40.0496 2456 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:35:40.0530 2456 ErrDev - ok
19:35:40.0583 2456 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:35:40.0655 2456 EventSystem - ok
19:35:40.0696 2456 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:35:40.0748 2456 exfat - ok
19:35:40.0791 2456 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:35:40.0849 2456 fastfat - ok
19:35:40.0909 2456 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:35:40.0969 2456 Fax - ok
19:35:40.0982 2456 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:35:40.0997 2456 fdc - ok
19:35:41.0019 2456 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:35:41.0074 2456 fdPHost - ok
19:35:41.0100 2456 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:35:41.0163 2456 FDResPub - ok
19:35:41.0197 2456 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:35:41.0213 2456 FileInfo - ok
19:35:41.0222 2456 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:35:41.0285 2456 Filetrace - ok
19:35:41.0302 2456 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:35:41.0316 2456 flpydisk - ok
19:35:41.0358 2456 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:35:41.0376 2456 FltMgr - ok
19:35:41.0444 2456 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:35:41.0527 2456 FontCache - ok
19:35:41.0612 2456 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:35:41.0638 2456 FontCache3.0.0.0 - ok
19:35:41.0663 2456 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:35:41.0676 2456 FsDepends - ok
19:35:41.0735 2456 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:35:41.0747 2456 Fs_Rec - ok
19:35:41.0799 2456 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:35:41.0818 2456 fvevol - ok
19:35:41.0849 2456 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:35:41.0864 2456 gagp30kx - ok
19:35:41.0910 2456 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:35:41.0921 2456 GEARAspiWDM - ok
19:35:41.0975 2456 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:35:42.0047 2456 gpsvc - ok
19:35:42.0121 2456 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:35:42.0137 2456 gusvc - ok
19:35:42.0170 2456 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:35:42.0204 2456 hcw85cir - ok
19:35:42.0249 2456 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:35:42.0288 2456 HdAudAddService - ok
19:35:42.0320 2456 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:35:42.0355 2456 HDAudBus - ok
19:35:42.0388 2456 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:35:42.0413 2456 HidBatt - ok
19:35:42.0436 2456 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:35:42.0471 2456 HidBth - ok
19:35:42.0489 2456 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:35:42.0513 2456 HidIr - ok
19:35:42.0550 2456 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:35:42.0610 2456 hidserv - ok
19:35:42.0668 2456 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:35:42.0683 2456 HidUsb - ok
19:35:42.0723 2456 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:35:42.0772 2456 hkmsvc - ok
19:35:42.0868 2456 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:35:42.0948 2456 HomeGroupListener - ok
19:35:43.0114 2456 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:35:43.0146 2456 HomeGroupProvider - ok
19:35:43.0191 2456 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:35:43.0205 2456 HpSAMD - ok
19:35:43.0253 2456 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:35:43.0322 2456 HTTP - ok
19:35:43.0346 2456 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:35:43.0359 2456 hwpolicy - ok
19:35:43.0416 2456 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:35:43.0432 2456 i8042prt - ok
19:35:43.0487 2456 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:35:43.0509 2456 iaStorV - ok
19:35:43.0575 2456 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:35:43.0605 2456 idsvc - ok
19:35:43.0804 2456 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
19:35:44.0007 2456 igfx - ok
19:35:44.0050 2456 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:35:44.0064 2456 iirsp - ok
19:35:44.0119 2456 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:35:44.0218 2456 IKEEXT - ok
19:35:44.0240 2456 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:35:44.0255 2456 intelide - ok
19:35:44.0285 2456 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:35:44.0314 2456 intelppm - ok
19:35:44.0356 2456 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:35:44.0426 2456 IPBusEnum - ok
19:35:44.0466 2456 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:35:44.0524 2456 IpFilterDriver - ok
19:35:44.0562 2456 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:35:44.0594 2456 IPMIDRV - ok
19:35:44.0644 2456 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:35:44.0707 2456 IPNAT - ok
19:35:44.0797 2456 [ B7CB0B121962CD89F98C0DD89331B0C0 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:35:44.0829 2456 iPod Service - ok
19:35:44.0864 2456 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:35:44.0943 2456 IRENUM - ok
19:35:44.0963 2456 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:35:44.0976 2456 isapnp - ok
19:35:45.0016 2456 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:35:45.0037 2456 iScsiPrt - ok
19:35:45.0055 2456 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:35:45.0069 2456 kbdclass - ok
19:35:45.0108 2456 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:35:45.0138 2456 kbdhid - ok
19:35:45.0169 2456 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:35:45.0187 2456 KeyIso - ok
19:35:45.0223 2456 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:35:45.0244 2456 KSecDD - ok
19:35:45.0280 2456 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:35:45.0298 2456 KSecPkg - ok
19:35:45.0337 2456 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:35:45.0394 2456 ksthunk - ok
19:35:45.0441 2456 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:35:45.0508 2456 KtmRm - ok
19:35:45.0551 2456 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:35:45.0614 2456 LanmanServer - ok
19:35:45.0675 2456 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:35:45.0726 2456 LanmanWorkstation - ok
19:35:45.0767 2456 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:35:45.0830 2456 lltdio - ok
19:35:45.0871 2456 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:35:45.0947 2456 lltdsvc - ok
19:35:45.0975 2456 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:35:46.0016 2456 lmhosts - ok
19:35:46.0069 2456 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:35:46.0085 2456 LSI_FC - ok
19:35:46.0094 2456 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:35:46.0113 2456 LSI_SAS - ok
19:35:46.0139 2456 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:35:46.0156 2456 LSI_SAS2 - ok
19:35:46.0173 2456 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:35:46.0193 2456 LSI_SCSI - ok
19:35:46.0214 2456 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:35:46.0276 2456 luafv - ok
19:35:46.0316 2456 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:35:46.0344 2456 Mcx2Svc - ok
19:35:46.0369 2456 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:35:46.0384 2456 megasas - ok
19:35:46.0412 2456 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:35:46.0430 2456 MegaSR - ok
19:35:46.0455 2456 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:35:46.0513 2456 MMCSS - ok
19:35:46.0541 2456 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:35:46.0603 2456 Modem - ok
19:35:46.0642 2456 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:35:46.0679 2456 monitor - ok
19:35:46.0731 2456 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:35:46.0744 2456 mouclass - ok
19:35:46.0785 2456 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:35:46.0823 2456 mouhid - ok
19:35:46.0861 2456 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:35:46.0874 2456 mountmgr - ok
19:35:46.0913 2456 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:35:46.0929 2456 mpio - ok
19:35:46.0950 2456 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:35:47.0014 2456 mpsdrv - ok
19:35:47.0050 2456 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:35:47.0091 2456 MRxDAV - ok
19:35:47.0123 2456 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:35:47.0173 2456 mrxsmb - ok
19:35:47.0199 2456 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:35:47.0241 2456 mrxsmb10 - ok
19:35:47.0279 2456 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:35:47.0300 2456 mrxsmb20 - ok
19:35:47.0337 2456 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:35:47.0353 2456 msahci - ok
19:35:47.0377 2456 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:35:47.0393 2456 msdsm - ok
19:35:47.0432 2456 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:35:47.0473 2456 MSDTC - ok
19:35:47.0519 2456 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:35:47.0567 2456 Msfs - ok
19:35:47.0589 2456 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:35:47.0654 2456 mshidkmdf - ok
19:35:47.0690 2456 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:35:47.0703 2456 msisadrv - ok
19:35:47.0748 2456 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:35:47.0791 2456 MSiSCSI - ok
19:35:47.0799 2456 msiserver - ok
19:35:47.0839 2456 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:35:47.0904 2456 MSKSSRV - ok
19:35:47.0928 2456 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:35:47.0981 2456 MSPCLOCK - ok
19:35:48.0005 2456 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:35:48.0056 2456 MSPQM - ok
19:35:48.0104 2456 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:35:48.0161 2456 MsRPC - ok
19:35:48.0204 2456 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:35:48.0217 2456 mssmbios - ok
19:35:48.0254 2456 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:35:48.0306 2456 MSTEE - ok
19:35:48.0324 2456 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:35:48.0339 2456 MTConfig - ok
19:35:48.0346 2456 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:35:48.0361 2456 Mup - ok
19:35:48.0413 2456 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:35:48.0486 2456 napagent - ok
19:35:48.0535 2456 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:35:48.0574 2456 NativeWifiP - ok
19:35:48.0644 2456 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:35:48.0685 2456 NDIS - ok
19:35:48.0720 2456 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:35:48.0779 2456 NdisCap - ok
19:35:48.0817 2456 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:35:48.0879 2456 NdisTapi - ok
19:35:48.0915 2456 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:35:48.0959 2456 Ndisuio - ok
19:35:49.0000 2456 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:35:49.0055 2456 NdisWan - ok
19:35:49.0092 2456 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:35:49.0146 2456 NDProxy - ok
19:35:49.0183 2456 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:35:49.0246 2456 NetBIOS - ok
19:35:49.0321 2456 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:35:49.0375 2456 NetBT - ok
19:35:49.0402 2456 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:35:49.0417 2456 Netlogon - ok
19:35:49.0466 2456 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:35:49.0532 2456 Netman - ok
19:35:49.0563 2456 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:35:49.0630 2456 netprofm - ok
19:35:49.0675 2456 [ B72BB9496A126FCFC7FC5945DED9B411 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
19:35:49.0702 2456 netr28x - ok
19:35:49.0729 2456 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:35:49.0746 2456 NetTcpPortSharing - ok
19:35:49.0792 2456 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:35:49.0805 2456 nfrd960 - ok
19:35:49.0857 2456 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:35:49.0921 2456 NlaSvc - ok
19:35:49.0947 2456 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:35:49.0997 2456 Npfs - ok
19:35:50.0026 2456 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:35:50.0089 2456 nsi - ok
19:35:50.0112 2456 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:35:50.0176 2456 nsiproxy - ok
19:35:50.0265 2456 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:35:50.0325 2456 Ntfs - ok
19:35:50.0370 2456 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:35:50.0428 2456 Null - ok
19:35:50.0470 2456 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:35:50.0492 2456 nvraid - ok
19:35:50.0534 2456 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:35:50.0555 2456 nvstor - ok
19:35:50.0572 2456 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:35:50.0588 2456 nv_agp - ok
19:35:50.0689 2456 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:35:50.0713 2456 odserv - ok
19:35:50.0760 2456 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:35:50.0775 2456 ohci1394 - ok
19:35:50.0815 2456 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:35:50.0828 2456 ose - ok
19:35:50.0865 2456 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:35:50.0918 2456 p2pimsvc - ok
19:35:50.0943 2456 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:35:50.0965 2456 p2psvc - ok
19:35:51.0002 2456 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:35:51.0017 2456 Parport - ok
19:35:51.0042 2456 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:35:51.0056 2456 partmgr - ok
19:35:51.0072 2456 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:35:51.0105 2456 PcaSvc - ok
19:35:51.0136 2456 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:35:51.0154 2456 pci - ok
19:35:51.0173 2456 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:35:51.0191 2456 pciide - ok
19:35:51.0230 2456 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:35:51.0248 2456 pcmcia - ok
19:35:51.0263 2456 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:35:51.0279 2456 pcw - ok
19:35:51.0300 2456 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:35:51.0371 2456 PEAUTH - ok
19:35:51.0437 2456 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:35:51.0520 2456 PeerDistSvc - ok
19:35:51.0614 2456 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:35:51.0646 2456 PerfHost - ok
19:35:51.0719 2456 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:35:51.0829 2456 pla - ok
19:35:51.0890 2456 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:35:51.0928 2456 PlugPlay - ok
19:35:51.0954 2456 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:35:51.0980 2456 PNRPAutoReg - ok
19:35:52.0009 2456 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:35:52.0027 2456 PNRPsvc - ok
19:35:52.0069 2456 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:35:52.0135 2456 PolicyAgent - ok
19:35:52.0169 2456 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:35:52.0233 2456 Power - ok
19:35:52.0272 2456 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:35:52.0325 2456 PptpMiniport - ok
19:35:52.0345 2456 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:35:52.0377 2456 Processor - ok
19:35:52.0412 2456 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:35:52.0446 2456 ProfSvc - ok
19:35:52.0468 2456 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:35:52.0485 2456 ProtectedStorage - ok
19:35:52.0533 2456 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:35:52.0597 2456 Psched - ok
19:35:52.0662 2456 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:35:52.0721 2456 ql2300 - ok
19:35:52.0744 2456 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:35:52.0760 2456 ql40xx - ok
19:35:52.0804 2456 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:35:52.0828 2456 QWAVE - ok
19:35:52.0856 2456 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:35:52.0886 2456 QWAVEdrv - ok
19:35:52.0916 2456 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:35:52.0957 2456 RasAcd - ok
19:35:52.0994 2456 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:35:53.0041 2456 RasAgileVpn - ok
19:35:53.0073 2456 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:35:53.0139 2456 RasAuto - ok
19:35:53.0176 2456 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:35:53.0230 2456 Rasl2tp - ok
19:35:53.0269 2456 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:35:53.0325 2456 RasMan - ok
19:35:53.0352 2456 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:35:53.0402 2456 RasPppoe - ok
19:35:53.0428 2456 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:35:53.0487 2456 RasSstp - ok
19:35:53.0519 2456 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:35:53.0578 2456 rdbss - ok
19:35:53.0611 2456 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:35:53.0647 2456 rdpbus - ok
19:35:53.0670 2456 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:35:53.0725 2456 RDPCDD - ok
19:35:53.0773 2456 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:35:53.0823 2456 RDPDR - ok
19:35:53.0850 2456 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:35:53.0909 2456 RDPENCDD - ok
19:35:53.0932 2456 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:35:53.0971 2456 RDPREFMP - ok
19:35:54.0056 2456 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:35:54.0095 2456 RdpVideoMiniport - ok
19:35:54.0132 2456 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:35:54.0182 2456 RDPWD - ok
19:35:54.0230 2456 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:35:54.0251 2456 rdyboost - ok
19:35:54.0305 2456 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:35:54.0360 2456 RemoteAccess - ok
19:35:54.0398 2456 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:35:54.0457 2456 RemoteRegistry - ok
19:35:54.0518 2456 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:35:54.0554 2456 RFCOMM - ok
19:35:54.0586 2456 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:35:54.0641 2456 RpcEptMapper - ok
19:35:54.0673 2456 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:35:54.0690 2456 RpcLocator - ok
19:35:54.0712 2456 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:35:54.0769 2456 RpcSs - ok
19:35:54.0806 2456 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:35:54.0862 2456 rspndr - ok
19:35:54.0898 2456 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:35:54.0915 2456 RTL8167 - ok
19:35:54.0954 2456 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
19:35:54.0992 2456 s3cap - ok
19:35:55.0012 2456 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:35:55.0027 2456 SamSs - ok
19:35:55.0071 2456 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:35:55.0092 2456 sbp2port - ok
19:35:55.0128 2456 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:35:55.0187 2456 SCardSvr - ok
19:35:55.0222 2456 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:35:55.0268 2456 scfilter - ok
19:35:55.0327 2456 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:35:55.0426 2456 Schedule - ok
19:35:55.0452 2456 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:35:55.0492 2456 SCPolicySvc - ok
19:35:55.0538 2456 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:35:55.0568 2456 SDRSVC - ok
19:35:55.0605 2456 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:35:55.0665 2456 secdrv - ok
19:35:55.0696 2456 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:35:55.0734 2456 seclogon - ok
19:35:55.0773 2456 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:35:55.0836 2456 SENS - ok
19:35:55.0863 2456 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:35:55.0910 2456 SensrSvc - ok
19:35:55.0946 2456 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:35:55.0961 2456 Serenum - ok
19:35:55.0986 2456 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:35:56.0003 2456 Serial - ok
19:35:56.0017 2456 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:35:56.0048 2456 sermouse - ok
19:35:56.0097 2456 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:35:56.0162 2456 SessionEnv - ok
19:35:56.0196 2456 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:35:56.0227 2456 sffdisk - ok
19:35:56.0245 2456 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:35:56.0272 2456 sffp_mmc - ok
19:35:56.0295 2456 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:35:56.0328 2456 sffp_sd - ok
19:35:56.0360 2456 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:35:56.0395 2456 sfloppy - ok
19:35:56.0438 2456 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:35:56.0498 2456 ShellHWDetection - ok
19:35:56.0536 2456 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:35:56.0550 2456 SiSRaid2 - ok
19:35:56.0568 2456 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:35:56.0594 2456 SiSRaid4 - ok
19:35:56.0618 2456 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:35:56.0675 2456 Smb - ok
19:35:56.0740 2456 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:35:56.0778 2456 SNMPTRAP - ok
19:35:56.0799 2456 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:35:56.0816 2456 spldr - ok
19:35:56.0868 2456 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:35:56.0930 2456 Spooler - ok
19:35:57.0031 2456 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:35:57.0174 2456 sppsvc - ok
19:35:57.0207 2456 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:35:57.0269 2456 sppuinotify - ok
19:35:57.0302 2456 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:35:57.0344 2456 srv - ok
19:35:57.0377 2456 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:35:57.0418 2456 srv2 - ok
19:35:57.0452 2456 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:35:57.0480 2456 srvnet - ok
19:35:57.0529 2456 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:35:57.0593 2456 SSDPSRV - ok
19:35:57.0610 2456 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:35:57.0657 2456 SstpSvc - ok
19:35:57.0690 2456 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:35:57.0703 2456 stexstor - ok
19:35:57.0755 2456 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:35:57.0804 2456 stisvc - ok
19:35:57.0837 2456 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
19:35:57.0855 2456 storflt - ok
19:35:57.0874 2456 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:35:57.0888 2456 storvsc - ok
19:35:57.0914 2456 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:35:57.0933 2456 swenum - ok
19:35:57.0974 2456 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:35:58.0041 2456 swprv - ok
19:35:58.0047 2456 Synth3dVsc - ok
19:35:58.0124 2456 [ BE2B928DE9AF2848289DB7A54C7E2398 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:35:58.0142 2456 SynTP - ok
19:35:58.0217 2456 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:35:58.0306 2456 SysMain - ok
19:35:58.0349 2456 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:35:58.0389 2456 TabletInputService - ok
19:35:58.0424 2456 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:35:58.0490 2456 TapiSrv - ok
19:35:58.0528 2456 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:35:58.0571 2456 TBS - ok
19:35:58.0656 2456 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:35:58.0731 2456 Tcpip - ok
19:35:58.0787 2456 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:35:58.0832 2456 TCPIP6 - ok
19:35:58.0874 2456 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:35:58.0932 2456 tcpipreg - ok
19:35:58.0966 2456 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:35:58.0996 2456 TDPIPE - ok
19:35:59.0035 2456 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:35:59.0057 2456 TDTCP - ok
19:35:59.0098 2456 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:35:59.0137 2456 tdx - ok
19:35:59.0176 2456 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:35:59.0198 2456 TermDD - ok
19:35:59.0251 2456 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:35:59.0330 2456 TermService - ok
19:35:59.0369 2456 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:35:59.0405 2456 Themes - ok
19:35:59.0432 2456 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:35:59.0473 2456 THREADORDER - ok
19:35:59.0523 2456 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:35:59.0588 2456 TrkWks - ok
19:35:59.0650 2456 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:35:59.0693 2456 TrustedInstaller - ok
19:35:59.0741 2456 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:35:59.0781 2456 tssecsrv - ok
19:35:59.0823 2456 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:35:59.0871 2456 TsUsbFlt - ok
19:35:59.0900 2456 tsusbhub - ok
19:35:59.0963 2456 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:36:00.0022 2456 tunnel - ok
19:36:00.0062 2456 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:36:00.0075 2456 uagp35 - ok
19:36:00.0112 2456 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:36:00.0174 2456 udfs - ok
19:36:00.0206 2456 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:36:00.0223 2456 UI0Detect - ok
19:36:00.0244 2456 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:36:00.0260 2456 uliagpkx - ok
19:36:00.0303 2456 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
19:36:00.0338 2456 umbus - ok
19:36:00.0363 2456 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:36:00.0378 2456 UmPass - ok
19:36:00.0416 2456 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
19:36:00.0440 2456 UmRdpService - ok
19:36:00.0482 2456 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:36:00.0549 2456 upnphost - ok
19:36:00.0603 2456 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:36:00.0630 2456 usbccgp - ok
19:36:00.0665 2456 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:36:00.0697 2456 usbcir - ok
19:36:00.0726 2456 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:36:00.0750 2456 usbehci - ok
19:36:00.0790 2456 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:36:00.0821 2456 usbhub - ok
19:36:00.0845 2456 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:36:00.0879 2456 usbohci - ok
19:36:00.0915 2456 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:36:00.0950 2456 usbprint - ok
19:36:00.0991 2456 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:36:01.0047 2456 USBSTOR - ok
19:36:01.0087 2456 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:36:01.0121 2456 usbuhci - ok
19:36:01.0182 2456 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
19:36:01.0201 2456 usbvideo - ok
19:36:01.0231 2456 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:36:01.0284 2456 UxSms - ok
19:36:01.0302 2456 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:36:01.0317 2456 VaultSvc - ok
19:36:01.0355 2456 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:36:01.0369 2456 vdrvroot - ok
19:36:01.0430 2456 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:36:01.0486 2456 vds - ok
19:36:01.0507 2456 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:36:01.0524 2456 vga - ok
19:36:01.0538 2456 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:36:01.0595 2456 VgaSave - ok
19:36:01.0603 2456 VGPU - ok
19:36:01.0644 2456 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:36:01.0664 2456 vhdmp - ok
19:36:01.0713 2456 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:36:01.0728 2456 viaide - ok
19:36:01.0762 2456 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
19:36:01.0778 2456 vmbus - ok
19:36:01.0814 2456 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
19:36:01.0841 2456 VMBusHID - ok
19:36:01.0882 2456 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:36:01.0896 2456 volmgr - ok
19:36:01.0938 2456 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:36:01.0960 2456 volmgrx - ok
19:36:02.0014 2456 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:36:02.0034 2456 volsnap - ok
19:36:02.0064 2456 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:36:02.0079 2456 vsmraid - ok
19:36:02.0147 2456 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:36:02.0251 2456 VSS - ok
19:36:02.0273 2456 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:36:02.0302 2456 vwifibus - ok
19:36:02.0341 2456 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:36:02.0372 2456 vwififlt - ok
19:36:02.0421 2456 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
19:36:02.0439 2456 vwifimp - ok
19:36:02.0475 2456 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:36:02.0522 2456 W32Time - ok
19:36:02.0544 2456 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:36:02.0579 2456 WacomPen - ok
19:36:02.0628 2456 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:36:02.0691 2456 WANARP - ok
19:36:02.0708 2456 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:36:02.0747 2456 Wanarpv6 - ok
19:36:02.0818 2456 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:36:02.0879 2456 WatAdminSvc - ok
19:36:02.0936 2456 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:36:03.0020 2456 wbengine - ok
19:36:03.0053 2456 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:36:03.0081 2456 WbioSrvc - ok
19:36:03.0117 2456 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:36:03.0147 2456 wcncsvc - ok
19:36:03.0165 2456 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:36:03.0218 2456 WcsPlugInService - ok
19:36:03.0246 2456 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:36:03.0259 2456 Wd - ok
19:36:03.0286 2456 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:36:03.0318 2456 Wdf01000 - ok
19:36:03.0337 2456 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:36:03.0419 2456 WdiServiceHost - ok
19:36:03.0425 2456 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:36:03.0450 2456 WdiSystemHost - ok
19:36:03.0490 2456 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:36:03.0527 2456 WebClient - ok
19:36:03.0570 2456 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:36:03.0623 2456 Wecsvc - ok
19:36:03.0644 2456 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:36:03.0687 2456 wercplsupport - ok
19:36:03.0722 2456 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:36:03.0781 2456 WerSvc - ok
19:36:03.0826 2456 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:36:03.0865 2456 WfpLwf - ok
19:36:03.0881 2456 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:36:03.0900 2456 WIMMount - ok
19:36:03.0910 2456 WinHttpAutoProxySvc - ok
19:36:04.0070 2456 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:36:04.0110 2456 Winmgmt - ok
19:36:04.0185 2456 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:36:04.0293 2456 WinRM - ok
19:36:04.0368 2456 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:36:04.0425 2456 Wlansvc - ok
19:36:04.0480 2456 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:36:04.0494 2456 WmiAcpi - ok
19:36:04.0530 2456 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:36:04.0571 2456 wmiApSrv - ok
19:36:04.0617 2456 WMPNetworkSvc - ok
19:36:04.0642 2456 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:36:04.0676 2456 WPCSvc - ok
19:36:04.0724 2456 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:36:04.0757 2456 WPDBusEnum - ok
19:36:04.0792 2456 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:36:04.0854 2456 ws2ifsl - ok
19:36:04.0862 2456 WSearch - ok
19:36:04.0920 2456 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:36:04.0958 2456 WudfPf - ok
19:36:04.0984 2456 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:36:05.0023 2456 WUDFRd - ok
19:36:05.0073 2456 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:36:05.0125 2456 wudfsvc - ok
19:36:05.0162 2456 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:36:05.0202 2456 WwanSvc - ok
19:36:05.0242 2456 ================ Scan global ===============================
19:36:05.0272 2456 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:36:05.0317 2456 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
19:36:05.0339 2456 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
19:36:05.0367 2456 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:36:05.0412 2456 [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
19:36:05.0418 2456 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
19:36:05.0418 2456 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
19:36:05.0419 2456 ================ Scan MBR ==================================
19:36:05.0430 2456 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:36:05.0890 2456 \Device\Harddisk0\DR0 - ok
19:36:05.0891 2456 ================ Scan VBR ==================================
19:36:05.0894 2456 [ D397A6344B09F561E27C95DBF9B35323 ] \Device\Harddisk0\DR0\Partition1
19:36:05.0896 2456 \Device\Harddisk0\DR0\Partition1 - ok
19:36:05.0932 2456 [ E4F92B7A7BCF636B7E78354DB8BD8A1D ] \Device\Harddisk0\DR0\Partition2
19:36:05.0934 2456 \Device\Harddisk0\DR0\Partition2 - ok
19:36:05.0935 2456 ============================================================
19:36:05.0935 2456 Scan finished
19:36:05.0935 2456 ============================================================
19:36:05.0960 3800 Detected object count: 1
19:36:05.0960 3800 Actual detected object count: 1
19:37:18.0149 3800 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - skipped by user
19:37:18.0149 3800 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Skip
19:37:21.0583 3032 Deinitialize success
19:34:56.0412 3908 ============================================================
19:34:56.0412 3908 Current date / time: 2012/12/03 19:34:56.0412
19:34:56.0413 3908 SystemInfo:
19:34:56.0413 3908
19:34:56.0413 3908 OS Version: 6.1.7601 ServicePack: 1.0
19:34:56.0413 3908 Product type: Workstation
19:34:56.0413 3908 ComputerName: IVUŠKA-PC
19:34:56.0413 3908 UserName: Ivuška
19:34:56.0413 3908 Windows directory: C:\Windows
19:34:56.0413 3908 System windows directory: C:\Windows
19:34:56.0413 3908 Running under WOW64
19:34:56.0413 3908 Processor architecture: Intel x64
19:34:56.0413 3908 Number of processors: 2
19:34:56.0413 3908 Page size: 0x1000
19:34:56.0413 3908 Boot type: Normal boot
19:34:56.0413 3908 ============================================================
19:34:57.0633 3908 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:34:57.0643 3908 ============================================================
19:34:57.0643 3908 \Device\Harddisk0\DR0:
19:34:57.0644 3908 MBR partitions:
19:34:57.0644 3908 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:34:57.0644 3908 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
19:34:57.0644 3908 ============================================================
19:34:57.0671 3908 C: <-> \Device\Harddisk0\DR0\Partition2
19:34:57.0671 3908 ============================================================
19:34:57.0671 3908 Initialize success
19:34:57.0671 3908 ============================================================
19:35:31.0019 2456 ============================================================
19:35:31.0019 2456 Scan started
19:35:31.0019 2456 Mode: Manual; SigCheck; TDLFS;
19:35:31.0019 2456 ============================================================
19:35:31.0937 2456 ================ Scan system memory ========================
19:35:31.0937 2456 System memory - ok
19:35:31.0938 2456 ================ Scan services =============================
19:35:32.0109 2456 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:35:32.0218 2456 1394ohci - ok
19:35:32.0285 2456 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:35:32.0315 2456 ACPI - ok
19:35:32.0365 2456 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:35:32.0454 2456 AcpiPmi - ok
19:35:32.0738 2456 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:35:32.0758 2456 AdobeARMservice - ok
19:35:32.0876 2456 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:35:32.0891 2456 AdobeFlashPlayerUpdateSvc - ok
19:35:32.0951 2456 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:35:32.0977 2456 adp94xx - ok
19:35:33.0011 2456 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:35:33.0031 2456 adpahci - ok
19:35:33.0058 2456 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:35:33.0073 2456 adpu320 - ok
19:35:33.0110 2456 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:35:33.0246 2456 AeLookupSvc - ok
19:35:33.0315 2456 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:35:33.0380 2456 AFD - ok
19:35:33.0431 2456 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
19:35:33.0511 2456 AgereSoftModem - ok
19:35:33.0554 2456 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:35:33.0567 2456 agp440 - ok
19:35:33.0606 2456 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:35:33.0658 2456 ALG - ok
19:35:33.0690 2456 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:35:33.0703 2456 aliide - ok
19:35:33.0715 2456 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:35:33.0733 2456 amdide - ok
19:35:33.0776 2456 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:35:33.0833 2456 AmdK8 - ok
19:35:33.0856 2456 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:35:33.0907 2456 AmdPPM - ok
19:35:33.0985 2456 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:35:34.0002 2456 amdsata - ok
19:35:34.0028 2456 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:35:34.0050 2456 amdsbs - ok
19:35:34.0067 2456 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:35:34.0081 2456 amdxata - ok
19:35:34.0138 2456 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:35:34.0329 2456 AppID - ok
19:35:34.0362 2456 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:35:34.0432 2456 AppIDSvc - ok
19:35:34.0493 2456 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:35:34.0549 2456 Appinfo - ok
19:35:34.0611 2456 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:35:34.0621 2456 Apple Mobile Device - ok
19:35:34.0675 2456 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
19:35:34.0713 2456 AppMgmt - ok
19:35:34.0751 2456 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:35:34.0767 2456 arc - ok
19:35:34.0778 2456 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:35:34.0792 2456 arcsas - ok
19:35:34.0826 2456 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:35:34.0883 2456 AsyncMac - ok
19:35:34.0924 2456 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:35:34.0937 2456 atapi - ok
19:35:34.0989 2456 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:35:35.0063 2456 AudioEndpointBuilder - ok
19:35:35.0079 2456 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:35:35.0121 2456 AudioSrv - ok
19:35:35.0185 2456 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:35:35.0261 2456 AxInstSV - ok
19:35:35.0306 2456 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:35:35.0372 2456 b06bdrv - ok
19:35:35.0420 2456 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:35:35.0464 2456 b57nd60a - ok
19:35:35.0515 2456 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:35:35.0560 2456 BDESVC - ok
19:35:35.0595 2456 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:35:35.0644 2456 Beep - ok
19:35:35.0685 2456 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:35:35.0698 2456 blbdrive - ok
19:35:35.0755 2456 [ 1C87705CCB2F60172B0FC86B5D82F00D ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
19:35:35.0773 2456 Bonjour Service - ok
19:35:35.0823 2456 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:35:35.0863 2456 bowser - ok
19:35:35.0900 2456 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:35:36.0006 2456 BrFiltLo - ok
19:35:36.0024 2456 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:35:36.0040 2456 BrFiltUp - ok
19:35:36.0079 2456 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:35:36.0122 2456 Browser - ok
19:35:36.0159 2456 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:35:36.0199 2456 Brserid - ok
19:35:36.0219 2456 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:35:36.0256 2456 BrSerWdm - ok
19:35:36.0294 2456 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:35:36.0329 2456 BrUsbMdm - ok
19:35:36.0341 2456 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:35:36.0373 2456 BrUsbSer - ok
19:35:36.0425 2456 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
19:35:36.0520 2456 BthEnum - ok
19:35:36.0553 2456 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:35:36.0589 2456 BTHMODEM - ok
19:35:36.0625 2456 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:35:36.0655 2456 BthPan - ok
19:35:36.0709 2456 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
19:35:36.0774 2456 BTHPORT - ok
19:35:36.0830 2456 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:35:36.0881 2456 bthserv - ok
19:35:36.0909 2456 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
19:35:36.0936 2456 BTHUSB - ok
19:35:36.0966 2456 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:35:37.0026 2456 cdfs - ok
19:35:37.0086 2456 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:35:37.0115 2456 cdrom - ok
19:35:37.0175 2456 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:35:37.0233 2456 CertPropSvc - ok
19:35:37.0278 2456 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:35:37.0334 2456 circlass - ok
19:35:37.0376 2456 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:35:37.0396 2456 CLFS - ok
19:35:37.0480 2456 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:35:37.0505 2456 clr_optimization_v2.0.50727_32 - ok
19:35:37.0593 2456 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:35:37.0605 2456 clr_optimization_v2.0.50727_64 - ok
19:35:37.0705 2456 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:35:37.0800 2456 clr_optimization_v4.0.30319_32 - ok
19:35:37.0848 2456 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:35:37.0859 2456 clr_optimization_v4.0.30319_64 - ok
19:35:37.0891 2456 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:35:37.0929 2456 CmBatt - ok
19:35:37.0959 2456 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:35:37.0972 2456 cmdide - ok
19:35:38.0024 2456 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:35:38.0060 2456 CNG - ok
19:35:38.0110 2456 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:35:38.0122 2456 Compbatt - ok
19:35:38.0170 2456 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:35:38.0205 2456 CompositeBus - ok
19:35:38.0222 2456 COMSysApp - ok
19:35:38.0249 2456 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:35:38.0262 2456 crcdisk - ok
19:35:38.0321 2456 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:35:38.0365 2456 CryptSvc - ok
19:35:38.0412 2456 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
19:35:38.0488 2456 CSC - ok
19:35:38.0529 2456 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
19:35:38.0571 2456 CscService - ok
19:35:38.0635 2456 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:35:38.0694 2456 DcomLaunch - ok
19:35:38.0733 2456 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:35:38.0797 2456 defragsvc - ok
19:35:38.0835 2456 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:35:38.0889 2456 DfsC - ok
19:35:38.0965 2456 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:35:39.0058 2456 Dhcp - ok
19:35:39.0096 2456 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:35:39.0148 2456 discache - ok
19:35:39.0190 2456 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:35:39.0204 2456 Disk - ok
19:35:39.0257 2456 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:35:39.0299 2456 Dnscache - ok
19:35:39.0344 2456 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:35:39.0405 2456 dot3svc - ok
19:35:39.0447 2456 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:35:39.0506 2456 DPS - ok
19:35:39.0553 2456 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:35:39.0588 2456 drmkaud - ok
19:35:39.0649 2456 [ 9F98D7AFA293947A0DFC6FFD4671FE70 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:35:39.0678 2456 dtsoftbus01 - ok
19:35:39.0730 2456 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:35:39.0768 2456 DXGKrnl - ok
19:35:39.0818 2456 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:35:39.0892 2456 EapHost - ok
19:35:39.0999 2456 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:35:40.0113 2456 ebdrv - ok
19:35:40.0146 2456 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:35:40.0194 2456 EFS - ok
19:35:40.0269 2456 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:35:40.0340 2456 ehRecvr - ok
19:35:40.0368 2456 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:35:40.0401 2456 ehSched - ok
19:35:40.0445 2456 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:35:40.0470 2456 elxstor - ok
19:35:40.0496 2456 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:35:40.0530 2456 ErrDev - ok
19:35:40.0583 2456 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:35:40.0655 2456 EventSystem - ok
19:35:40.0696 2456 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:35:40.0748 2456 exfat - ok
19:35:40.0791 2456 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:35:40.0849 2456 fastfat - ok
19:35:40.0909 2456 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:35:40.0969 2456 Fax - ok
19:35:40.0982 2456 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:35:40.0997 2456 fdc - ok
19:35:41.0019 2456 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:35:41.0074 2456 fdPHost - ok
19:35:41.0100 2456 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:35:41.0163 2456 FDResPub - ok
19:35:41.0197 2456 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:35:41.0213 2456 FileInfo - ok
19:35:41.0222 2456 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:35:41.0285 2456 Filetrace - ok
19:35:41.0302 2456 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:35:41.0316 2456 flpydisk - ok
19:35:41.0358 2456 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:35:41.0376 2456 FltMgr - ok
19:35:41.0444 2456 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:35:41.0527 2456 FontCache - ok
19:35:41.0612 2456 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:35:41.0638 2456 FontCache3.0.0.0 - ok
19:35:41.0663 2456 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:35:41.0676 2456 FsDepends - ok
19:35:41.0735 2456 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:35:41.0747 2456 Fs_Rec - ok
19:35:41.0799 2456 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:35:41.0818 2456 fvevol - ok
19:35:41.0849 2456 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:35:41.0864 2456 gagp30kx - ok
19:35:41.0910 2456 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:35:41.0921 2456 GEARAspiWDM - ok
19:35:41.0975 2456 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:35:42.0047 2456 gpsvc - ok
19:35:42.0121 2456 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:35:42.0137 2456 gusvc - ok
19:35:42.0170 2456 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:35:42.0204 2456 hcw85cir - ok
19:35:42.0249 2456 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:35:42.0288 2456 HdAudAddService - ok
19:35:42.0320 2456 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:35:42.0355 2456 HDAudBus - ok
19:35:42.0388 2456 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:35:42.0413 2456 HidBatt - ok
19:35:42.0436 2456 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:35:42.0471 2456 HidBth - ok
19:35:42.0489 2456 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:35:42.0513 2456 HidIr - ok
19:35:42.0550 2456 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:35:42.0610 2456 hidserv - ok
19:35:42.0668 2456 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:35:42.0683 2456 HidUsb - ok
19:35:42.0723 2456 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:35:42.0772 2456 hkmsvc - ok
19:35:42.0868 2456 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:35:42.0948 2456 HomeGroupListener - ok
19:35:43.0114 2456 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:35:43.0146 2456 HomeGroupProvider - ok
19:35:43.0191 2456 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:35:43.0205 2456 HpSAMD - ok
19:35:43.0253 2456 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:35:43.0322 2456 HTTP - ok
19:35:43.0346 2456 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:35:43.0359 2456 hwpolicy - ok
19:35:43.0416 2456 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:35:43.0432 2456 i8042prt - ok
19:35:43.0487 2456 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:35:43.0509 2456 iaStorV - ok
19:35:43.0575 2456 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:35:43.0605 2456 idsvc - ok
19:35:43.0804 2456 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
19:35:44.0007 2456 igfx - ok
19:35:44.0050 2456 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:35:44.0064 2456 iirsp - ok
19:35:44.0119 2456 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:35:44.0218 2456 IKEEXT - ok
19:35:44.0240 2456 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:35:44.0255 2456 intelide - ok
19:35:44.0285 2456 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:35:44.0314 2456 intelppm - ok
19:35:44.0356 2456 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:35:44.0426 2456 IPBusEnum - ok
19:35:44.0466 2456 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:35:44.0524 2456 IpFilterDriver - ok
19:35:44.0562 2456 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:35:44.0594 2456 IPMIDRV - ok
19:35:44.0644 2456 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:35:44.0707 2456 IPNAT - ok
19:35:44.0797 2456 [ B7CB0B121962CD89F98C0DD89331B0C0 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:35:44.0829 2456 iPod Service - ok
19:35:44.0864 2456 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:35:44.0943 2456 IRENUM - ok
19:35:44.0963 2456 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:35:44.0976 2456 isapnp - ok
19:35:45.0016 2456 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:35:45.0037 2456 iScsiPrt - ok
19:35:45.0055 2456 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:35:45.0069 2456 kbdclass - ok
19:35:45.0108 2456 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:35:45.0138 2456 kbdhid - ok
19:35:45.0169 2456 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:35:45.0187 2456 KeyIso - ok
19:35:45.0223 2456 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:35:45.0244 2456 KSecDD - ok
19:35:45.0280 2456 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:35:45.0298 2456 KSecPkg - ok
19:35:45.0337 2456 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:35:45.0394 2456 ksthunk - ok
19:35:45.0441 2456 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:35:45.0508 2456 KtmRm - ok
19:35:45.0551 2456 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:35:45.0614 2456 LanmanServer - ok
19:35:45.0675 2456 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:35:45.0726 2456 LanmanWorkstation - ok
19:35:45.0767 2456 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:35:45.0830 2456 lltdio - ok
19:35:45.0871 2456 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:35:45.0947 2456 lltdsvc - ok
19:35:45.0975 2456 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:35:46.0016 2456 lmhosts - ok
19:35:46.0069 2456 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:35:46.0085 2456 LSI_FC - ok
19:35:46.0094 2456 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:35:46.0113 2456 LSI_SAS - ok
19:35:46.0139 2456 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:35:46.0156 2456 LSI_SAS2 - ok
19:35:46.0173 2456 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:35:46.0193 2456 LSI_SCSI - ok
19:35:46.0214 2456 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:35:46.0276 2456 luafv - ok
19:35:46.0316 2456 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:35:46.0344 2456 Mcx2Svc - ok
19:35:46.0369 2456 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:35:46.0384 2456 megasas - ok
19:35:46.0412 2456 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:35:46.0430 2456 MegaSR - ok
19:35:46.0455 2456 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:35:46.0513 2456 MMCSS - ok
19:35:46.0541 2456 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:35:46.0603 2456 Modem - ok
19:35:46.0642 2456 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:35:46.0679 2456 monitor - ok
19:35:46.0731 2456 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:35:46.0744 2456 mouclass - ok
19:35:46.0785 2456 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:35:46.0823 2456 mouhid - ok
19:35:46.0861 2456 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:35:46.0874 2456 mountmgr - ok
19:35:46.0913 2456 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:35:46.0929 2456 mpio - ok
19:35:46.0950 2456 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:35:47.0014 2456 mpsdrv - ok
19:35:47.0050 2456 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:35:47.0091 2456 MRxDAV - ok
19:35:47.0123 2456 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:35:47.0173 2456 mrxsmb - ok
19:35:47.0199 2456 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:35:47.0241 2456 mrxsmb10 - ok
19:35:47.0279 2456 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:35:47.0300 2456 mrxsmb20 - ok
19:35:47.0337 2456 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:35:47.0353 2456 msahci - ok
19:35:47.0377 2456 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:35:47.0393 2456 msdsm - ok
19:35:47.0432 2456 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:35:47.0473 2456 MSDTC - ok
19:35:47.0519 2456 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:35:47.0567 2456 Msfs - ok
19:35:47.0589 2456 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:35:47.0654 2456 mshidkmdf - ok
19:35:47.0690 2456 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:35:47.0703 2456 msisadrv - ok
19:35:47.0748 2456 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:35:47.0791 2456 MSiSCSI - ok
19:35:47.0799 2456 msiserver - ok
19:35:47.0839 2456 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:35:47.0904 2456 MSKSSRV - ok
19:35:47.0928 2456 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:35:47.0981 2456 MSPCLOCK - ok
19:35:48.0005 2456 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:35:48.0056 2456 MSPQM - ok
19:35:48.0104 2456 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:35:48.0161 2456 MsRPC - ok
19:35:48.0204 2456 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:35:48.0217 2456 mssmbios - ok
19:35:48.0254 2456 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:35:48.0306 2456 MSTEE - ok
19:35:48.0324 2456 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:35:48.0339 2456 MTConfig - ok
19:35:48.0346 2456 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:35:48.0361 2456 Mup - ok
19:35:48.0413 2456 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:35:48.0486 2456 napagent - ok
19:35:48.0535 2456 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:35:48.0574 2456 NativeWifiP - ok
19:35:48.0644 2456 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:35:48.0685 2456 NDIS - ok
19:35:48.0720 2456 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:35:48.0779 2456 NdisCap - ok
19:35:48.0817 2456 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:35:48.0879 2456 NdisTapi - ok
19:35:48.0915 2456 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:35:48.0959 2456 Ndisuio - ok
19:35:49.0000 2456 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:35:49.0055 2456 NdisWan - ok
19:35:49.0092 2456 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:35:49.0146 2456 NDProxy - ok
19:35:49.0183 2456 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:35:49.0246 2456 NetBIOS - ok
19:35:49.0321 2456 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:35:49.0375 2456 NetBT - ok
19:35:49.0402 2456 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:35:49.0417 2456 Netlogon - ok
19:35:49.0466 2456 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:35:49.0532 2456 Netman - ok
19:35:49.0563 2456 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:35:49.0630 2456 netprofm - ok
19:35:49.0675 2456 [ B72BB9496A126FCFC7FC5945DED9B411 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
19:35:49.0702 2456 netr28x - ok
19:35:49.0729 2456 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:35:49.0746 2456 NetTcpPortSharing - ok
19:35:49.0792 2456 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:35:49.0805 2456 nfrd960 - ok
19:35:49.0857 2456 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:35:49.0921 2456 NlaSvc - ok
19:35:49.0947 2456 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:35:49.0997 2456 Npfs - ok
19:35:50.0026 2456 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:35:50.0089 2456 nsi - ok
19:35:50.0112 2456 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:35:50.0176 2456 nsiproxy - ok
19:35:50.0265 2456 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:35:50.0325 2456 Ntfs - ok
19:35:50.0370 2456 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:35:50.0428 2456 Null - ok
19:35:50.0470 2456 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:35:50.0492 2456 nvraid - ok
19:35:50.0534 2456 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:35:50.0555 2456 nvstor - ok
19:35:50.0572 2456 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:35:50.0588 2456 nv_agp - ok
19:35:50.0689 2456 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:35:50.0713 2456 odserv - ok
19:35:50.0760 2456 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:35:50.0775 2456 ohci1394 - ok
19:35:50.0815 2456 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:35:50.0828 2456 ose - ok
19:35:50.0865 2456 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:35:50.0918 2456 p2pimsvc - ok
19:35:50.0943 2456 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:35:50.0965 2456 p2psvc - ok
19:35:51.0002 2456 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:35:51.0017 2456 Parport - ok
19:35:51.0042 2456 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:35:51.0056 2456 partmgr - ok
19:35:51.0072 2456 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:35:51.0105 2456 PcaSvc - ok
19:35:51.0136 2456 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:35:51.0154 2456 pci - ok
19:35:51.0173 2456 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:35:51.0191 2456 pciide - ok
19:35:51.0230 2456 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:35:51.0248 2456 pcmcia - ok
19:35:51.0263 2456 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:35:51.0279 2456 pcw - ok
19:35:51.0300 2456 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:35:51.0371 2456 PEAUTH - ok
19:35:51.0437 2456 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:35:51.0520 2456 PeerDistSvc - ok
19:35:51.0614 2456 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:35:51.0646 2456 PerfHost - ok
19:35:51.0719 2456 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:35:51.0829 2456 pla - ok
19:35:51.0890 2456 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:35:51.0928 2456 PlugPlay - ok
19:35:51.0954 2456 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:35:51.0980 2456 PNRPAutoReg - ok
19:35:52.0009 2456 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:35:52.0027 2456 PNRPsvc - ok
19:35:52.0069 2456 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:35:52.0135 2456 PolicyAgent - ok
19:35:52.0169 2456 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:35:52.0233 2456 Power - ok
19:35:52.0272 2456 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:35:52.0325 2456 PptpMiniport - ok
19:35:52.0345 2456 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:35:52.0377 2456 Processor - ok
19:35:52.0412 2456 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:35:52.0446 2456 ProfSvc - ok
19:35:52.0468 2456 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:35:52.0485 2456 ProtectedStorage - ok
19:35:52.0533 2456 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:35:52.0597 2456 Psched - ok
19:35:52.0662 2456 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:35:52.0721 2456 ql2300 - ok
19:35:52.0744 2456 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:35:52.0760 2456 ql40xx - ok
19:35:52.0804 2456 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:35:52.0828 2456 QWAVE - ok
19:35:52.0856 2456 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:35:52.0886 2456 QWAVEdrv - ok
19:35:52.0916 2456 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:35:52.0957 2456 RasAcd - ok
19:35:52.0994 2456 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:35:53.0041 2456 RasAgileVpn - ok
19:35:53.0073 2456 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:35:53.0139 2456 RasAuto - ok
19:35:53.0176 2456 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:35:53.0230 2456 Rasl2tp - ok
19:35:53.0269 2456 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:35:53.0325 2456 RasMan - ok
19:35:53.0352 2456 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:35:53.0402 2456 RasPppoe - ok
19:35:53.0428 2456 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:35:53.0487 2456 RasSstp - ok
19:35:53.0519 2456 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:35:53.0578 2456 rdbss - ok
19:35:53.0611 2456 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:35:53.0647 2456 rdpbus - ok
19:35:53.0670 2456 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:35:53.0725 2456 RDPCDD - ok
19:35:53.0773 2456 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:35:53.0823 2456 RDPDR - ok
19:35:53.0850 2456 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:35:53.0909 2456 RDPENCDD - ok
19:35:53.0932 2456 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:35:53.0971 2456 RDPREFMP - ok
19:35:54.0056 2456 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:35:54.0095 2456 RdpVideoMiniport - ok
19:35:54.0132 2456 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:35:54.0182 2456 RDPWD - ok
19:35:54.0230 2456 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:35:54.0251 2456 rdyboost - ok
19:35:54.0305 2456 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:35:54.0360 2456 RemoteAccess - ok
19:35:54.0398 2456 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:35:54.0457 2456 RemoteRegistry - ok
19:35:54.0518 2456 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:35:54.0554 2456 RFCOMM - ok
19:35:54.0586 2456 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:35:54.0641 2456 RpcEptMapper - ok
19:35:54.0673 2456 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:35:54.0690 2456 RpcLocator - ok
19:35:54.0712 2456 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:35:54.0769 2456 RpcSs - ok
19:35:54.0806 2456 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:35:54.0862 2456 rspndr - ok
19:35:54.0898 2456 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:35:54.0915 2456 RTL8167 - ok
19:35:54.0954 2456 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
19:35:54.0992 2456 s3cap - ok
19:35:55.0012 2456 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:35:55.0027 2456 SamSs - ok
19:35:55.0071 2456 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:35:55.0092 2456 sbp2port - ok
19:35:55.0128 2456 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:35:55.0187 2456 SCardSvr - ok
19:35:55.0222 2456 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:35:55.0268 2456 scfilter - ok
19:35:55.0327 2456 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:35:55.0426 2456 Schedule - ok
19:35:55.0452 2456 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:35:55.0492 2456 SCPolicySvc - ok
19:35:55.0538 2456 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:35:55.0568 2456 SDRSVC - ok
19:35:55.0605 2456 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:35:55.0665 2456 secdrv - ok
19:35:55.0696 2456 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:35:55.0734 2456 seclogon - ok
19:35:55.0773 2456 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:35:55.0836 2456 SENS - ok
19:35:55.0863 2456 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:35:55.0910 2456 SensrSvc - ok
19:35:55.0946 2456 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:35:55.0961 2456 Serenum - ok
19:35:55.0986 2456 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:35:56.0003 2456 Serial - ok
19:35:56.0017 2456 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:35:56.0048 2456 sermouse - ok
19:35:56.0097 2456 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:35:56.0162 2456 SessionEnv - ok
19:35:56.0196 2456 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:35:56.0227 2456 sffdisk - ok
19:35:56.0245 2456 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:35:56.0272 2456 sffp_mmc - ok
19:35:56.0295 2456 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:35:56.0328 2456 sffp_sd - ok
19:35:56.0360 2456 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:35:56.0395 2456 sfloppy - ok
19:35:56.0438 2456 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:35:56.0498 2456 ShellHWDetection - ok
19:35:56.0536 2456 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:35:56.0550 2456 SiSRaid2 - ok
19:35:56.0568 2456 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:35:56.0594 2456 SiSRaid4 - ok
19:35:56.0618 2456 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:35:56.0675 2456 Smb - ok
19:35:56.0740 2456 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:35:56.0778 2456 SNMPTRAP - ok
19:35:56.0799 2456 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:35:56.0816 2456 spldr - ok
19:35:56.0868 2456 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:35:56.0930 2456 Spooler - ok
19:35:57.0031 2456 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:35:57.0174 2456 sppsvc - ok
19:35:57.0207 2456 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:35:57.0269 2456 sppuinotify - ok
19:35:57.0302 2456 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:35:57.0344 2456 srv - ok
19:35:57.0377 2456 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:35:57.0418 2456 srv2 - ok
19:35:57.0452 2456 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:35:57.0480 2456 srvnet - ok
19:35:57.0529 2456 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:35:57.0593 2456 SSDPSRV - ok
19:35:57.0610 2456 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:35:57.0657 2456 SstpSvc - ok
19:35:57.0690 2456 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:35:57.0703 2456 stexstor - ok
19:35:57.0755 2456 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:35:57.0804 2456 stisvc - ok
19:35:57.0837 2456 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
19:35:57.0855 2456 storflt - ok
19:35:57.0874 2456 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:35:57.0888 2456 storvsc - ok
19:35:57.0914 2456 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:35:57.0933 2456 swenum - ok
19:35:57.0974 2456 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:35:58.0041 2456 swprv - ok
19:35:58.0047 2456 Synth3dVsc - ok
19:35:58.0124 2456 [ BE2B928DE9AF2848289DB7A54C7E2398 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:35:58.0142 2456 SynTP - ok
19:35:58.0217 2456 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:35:58.0306 2456 SysMain - ok
19:35:58.0349 2456 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:35:58.0389 2456 TabletInputService - ok
19:35:58.0424 2456 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:35:58.0490 2456 TapiSrv - ok
19:35:58.0528 2456 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:35:58.0571 2456 TBS - ok
19:35:58.0656 2456 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:35:58.0731 2456 Tcpip - ok
19:35:58.0787 2456 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:35:58.0832 2456 TCPIP6 - ok
19:35:58.0874 2456 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:35:58.0932 2456 tcpipreg - ok
19:35:58.0966 2456 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:35:58.0996 2456 TDPIPE - ok
19:35:59.0035 2456 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:35:59.0057 2456 TDTCP - ok
19:35:59.0098 2456 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:35:59.0137 2456 tdx - ok
19:35:59.0176 2456 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:35:59.0198 2456 TermDD - ok
19:35:59.0251 2456 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:35:59.0330 2456 TermService - ok
19:35:59.0369 2456 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:35:59.0405 2456 Themes - ok
19:35:59.0432 2456 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:35:59.0473 2456 THREADORDER - ok
19:35:59.0523 2456 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:35:59.0588 2456 TrkWks - ok
19:35:59.0650 2456 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:35:59.0693 2456 TrustedInstaller - ok
19:35:59.0741 2456 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:35:59.0781 2456 tssecsrv - ok
19:35:59.0823 2456 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:35:59.0871 2456 TsUsbFlt - ok
19:35:59.0900 2456 tsusbhub - ok
19:35:59.0963 2456 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:36:00.0022 2456 tunnel - ok
19:36:00.0062 2456 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:36:00.0075 2456 uagp35 - ok
19:36:00.0112 2456 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:36:00.0174 2456 udfs - ok
19:36:00.0206 2456 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:36:00.0223 2456 UI0Detect - ok
19:36:00.0244 2456 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:36:00.0260 2456 uliagpkx - ok
19:36:00.0303 2456 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
19:36:00.0338 2456 umbus - ok
19:36:00.0363 2456 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:36:00.0378 2456 UmPass - ok
19:36:00.0416 2456 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
19:36:00.0440 2456 UmRdpService - ok
19:36:00.0482 2456 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:36:00.0549 2456 upnphost - ok
19:36:00.0603 2456 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:36:00.0630 2456 usbccgp - ok
19:36:00.0665 2456 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:36:00.0697 2456 usbcir - ok
19:36:00.0726 2456 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:36:00.0750 2456 usbehci - ok
19:36:00.0790 2456 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:36:00.0821 2456 usbhub - ok
19:36:00.0845 2456 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:36:00.0879 2456 usbohci - ok
19:36:00.0915 2456 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:36:00.0950 2456 usbprint - ok
19:36:00.0991 2456 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:36:01.0047 2456 USBSTOR - ok
19:36:01.0087 2456 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:36:01.0121 2456 usbuhci - ok
19:36:01.0182 2456 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
19:36:01.0201 2456 usbvideo - ok
19:36:01.0231 2456 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:36:01.0284 2456 UxSms - ok
19:36:01.0302 2456 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:36:01.0317 2456 VaultSvc - ok
19:36:01.0355 2456 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:36:01.0369 2456 vdrvroot - ok
19:36:01.0430 2456 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:36:01.0486 2456 vds - ok
19:36:01.0507 2456 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:36:01.0524 2456 vga - ok
19:36:01.0538 2456 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:36:01.0595 2456 VgaSave - ok
19:36:01.0603 2456 VGPU - ok
19:36:01.0644 2456 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:36:01.0664 2456 vhdmp - ok
19:36:01.0713 2456 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:36:01.0728 2456 viaide - ok
19:36:01.0762 2456 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
19:36:01.0778 2456 vmbus - ok
19:36:01.0814 2456 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
19:36:01.0841 2456 VMBusHID - ok
19:36:01.0882 2456 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:36:01.0896 2456 volmgr - ok
19:36:01.0938 2456 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:36:01.0960 2456 volmgrx - ok
19:36:02.0014 2456 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:36:02.0034 2456 volsnap - ok
19:36:02.0064 2456 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:36:02.0079 2456 vsmraid - ok
19:36:02.0147 2456 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:36:02.0251 2456 VSS - ok
19:36:02.0273 2456 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:36:02.0302 2456 vwifibus - ok
19:36:02.0341 2456 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:36:02.0372 2456 vwififlt - ok
19:36:02.0421 2456 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
19:36:02.0439 2456 vwifimp - ok
19:36:02.0475 2456 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:36:02.0522 2456 W32Time - ok
19:36:02.0544 2456 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:36:02.0579 2456 WacomPen - ok
19:36:02.0628 2456 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:36:02.0691 2456 WANARP - ok
19:36:02.0708 2456 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:36:02.0747 2456 Wanarpv6 - ok
19:36:02.0818 2456 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:36:02.0879 2456 WatAdminSvc - ok
19:36:02.0936 2456 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:36:03.0020 2456 wbengine - ok
19:36:03.0053 2456 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:36:03.0081 2456 WbioSrvc - ok
19:36:03.0117 2456 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:36:03.0147 2456 wcncsvc - ok
19:36:03.0165 2456 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:36:03.0218 2456 WcsPlugInService - ok
19:36:03.0246 2456 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:36:03.0259 2456 Wd - ok
19:36:03.0286 2456 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:36:03.0318 2456 Wdf01000 - ok
19:36:03.0337 2456 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:36:03.0419 2456 WdiServiceHost - ok
19:36:03.0425 2456 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:36:03.0450 2456 WdiSystemHost - ok
19:36:03.0490 2456 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:36:03.0527 2456 WebClient - ok
19:36:03.0570 2456 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:36:03.0623 2456 Wecsvc - ok
19:36:03.0644 2456 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:36:03.0687 2456 wercplsupport - ok
19:36:03.0722 2456 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:36:03.0781 2456 WerSvc - ok
19:36:03.0826 2456 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:36:03.0865 2456 WfpLwf - ok
19:36:03.0881 2456 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:36:03.0900 2456 WIMMount - ok
19:36:03.0910 2456 WinHttpAutoProxySvc - ok
19:36:04.0070 2456 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:36:04.0110 2456 Winmgmt - ok
19:36:04.0185 2456 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:36:04.0293 2456 WinRM - ok
19:36:04.0368 2456 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:36:04.0425 2456 Wlansvc - ok
19:36:04.0480 2456 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:36:04.0494 2456 WmiAcpi - ok
19:36:04.0530 2456 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:36:04.0571 2456 wmiApSrv - ok
19:36:04.0617 2456 WMPNetworkSvc - ok
19:36:04.0642 2456 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:36:04.0676 2456 WPCSvc - ok
19:36:04.0724 2456 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:36:04.0757 2456 WPDBusEnum - ok
19:36:04.0792 2456 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:36:04.0854 2456 ws2ifsl - ok
19:36:04.0862 2456 WSearch - ok
19:36:04.0920 2456 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:36:04.0958 2456 WudfPf - ok
19:36:04.0984 2456 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:36:05.0023 2456 WUDFRd - ok
19:36:05.0073 2456 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:36:05.0125 2456 wudfsvc - ok
19:36:05.0162 2456 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:36:05.0202 2456 WwanSvc - ok
19:36:05.0242 2456 ================ Scan global ===============================
19:36:05.0272 2456 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:36:05.0317 2456 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
19:36:05.0339 2456 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
19:36:05.0367 2456 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:36:05.0412 2456 [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
19:36:05.0418 2456 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
19:36:05.0418 2456 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
19:36:05.0419 2456 ================ Scan MBR ==================================
19:36:05.0430 2456 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:36:05.0890 2456 \Device\Harddisk0\DR0 - ok
19:36:05.0891 2456 ================ Scan VBR ==================================
19:36:05.0894 2456 [ D397A6344B09F561E27C95DBF9B35323 ] \Device\Harddisk0\DR0\Partition1
19:36:05.0896 2456 \Device\Harddisk0\DR0\Partition1 - ok
19:36:05.0932 2456 [ E4F92B7A7BCF636B7E78354DB8BD8A1D ] \Device\Harddisk0\DR0\Partition2
19:36:05.0934 2456 \Device\Harddisk0\DR0\Partition2 - ok
19:36:05.0935 2456 ============================================================
19:36:05.0935 2456 Scan finished
19:36:05.0935 2456 ============================================================
19:36:05.0960 3800 Detected object count: 1
19:36:05.0960 3800 Actual detected object count: 1
19:37:18.0149 3800 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - skipped by user
19:37:18.0149 3800 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Skip
19:37:21.0583 3032 Deinitialize success
Re: Pravděpodobně zavirovaný notebook - nefunkční webowé str
Pokud nemate, zazalohujte si dulezita data (fotky, dokumenty, atd.) Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc! Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte
Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace Kdyz windows nabehne, ale pri spousteni programu bude hlasena chyba, staci restartovat pc a bude to v poradkuPokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
-
ivadrgacova
- Návštěvník
- Příspěvky: 16
- Registrován: 02 pro 2012 13:16
Re: Pravděpodobně zavirovaný notebook - nefunkční webowé str
ComboFix 12-12-02.01 - Ivuška 03.12.2012 20:25:49.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.1976.1172 [GMT 1:00]
Spuštěný z: c:\users\Ivuška\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\9b28fc5325fd2041253b10b4c21f3bcc_c
c:\programdata\Bcool
c:\programdata\Bcool\507c161443358.ocx
c:\programdata\Bcool\507c161443391.html
c:\programdata\Bcool\507c1614433ca.js
c:\programdata\Bcool\data\507c1614433ca.js
c:\programdata\Bcool\data\jsondb.js
c:\programdata\Bcool\jlbcjnmdebolhoimggpjidnngieendlc.crx
c:\programdata\Bcool\settings.ini
c:\programdata\Bcool\uninstall.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{b55bd398-fcf2-b496-26bd-cc19c0818866}\@
c:\windows\Installer\{b55bd398-fcf2-b496-26bd-cc19c0818866}\L\00000004.@
c:\windows\Installer\{b55bd398-fcf2-b496-26bd-cc19c0818866}\L\201d3dde
c:\windows\Installer\{b55bd398-fcf2-b496-26bd-cc19c0818866}\L\4cce1f70
c:\windows\Installer\{b55bd398-fcf2-b496-26bd-cc19c0818866}\L\55490ac4
c:\windows\Installer\{b55bd398-fcf2-b496-26bd-cc19c0818866}\U\00000004.@
c:\windows\Installer\{b55bd398-fcf2-b496-26bd-cc19c0818866}\U\00000008.@
c:\windows\Installer\{b55bd398-fcf2-b496-26bd-cc19c0818866}\U\000000cb.@
c:\windows\Installer\{b55bd398-fcf2-b496-26bd-cc19c0818866}\U\80000000.@
c:\windows\Installer\{b55bd398-fcf2-b496-26bd-cc19c0818866}\U\80000032.@
c:\windows\Installer\{b55bd398-fcf2-b496-26bd-cc19c0818866}\U\80000064.@
c:\windows\PFRO.log
.
Nakažená kopie c:\windows\system32\services.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-03 do 2012-12-03 )))))))))))))))))))))))))))))))
.
.
2012-12-03 19:31 . 2012-12-03 19:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-03 18:13 . 2012-12-03 18:13 -------- d-----w- c:\users\Ivuška\AppData\Roaming\TeamViewer
2012-12-02 15:34 . 2012-12-02 15:34 -------- d-----w- c:\users\Ivuška\AppData\Roaming\Malwarebytes
2012-12-02 15:33 . 2012-12-02 15:33 -------- d-----w- c:\programdata\Malwarebytes
2012-12-02 15:33 . 2012-12-02 15:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-02 15:33 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-02 12:22 . 2012-12-02 12:22 -------- d-----w- C:\rsit
2012-12-02 12:22 . 2012-12-02 12:22 -------- d-----w- c:\program files\trend micro
2012-11-20 15:57 . 2012-11-20 15:57 -------- d-----w- c:\programdata\Microsoft Games
2012-11-19 20:55 . 2012-11-19 20:55 -------- d-----w- c:\users\Ivuška\AppData\Roaming\Microsoft Games
2012-11-19 20:46 . 2012-11-19 20:46 -------- d-----w- c:\program files (x86)\Microsoft Games
2012-11-07 19:59 . 2012-11-07 19:59 -------- d-----w- c:\users\Ivuška\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-21 19:35 . 2012-10-21 18:48 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-21 19:35 . 2011-08-25 10:46 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-12 07:19 . 2012-10-19 07:34 9291768 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5D931324-C6C8-4F2C-B9CE-D26AD1CAA71A}\mpengine.dll
2012-10-11 07:03 . 2011-09-29 09:03 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-14 19:19 . 2012-10-10 18:36 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 18:36 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QIP2005"="c:\program files (x86)\QIP\qip.exe" [2010-06-28 3332608]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-05 1305408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-18 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-26 1255736]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-30 254528]
S3 netr28x;Ralink 802.11n – bezdrátový ovladač pro systém Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-21 19:35]
.
.
--------- X64 Entries -----------
.
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\Ivuška\AppData\Roaming\Mozilla\Firefox\Profiles\wixq9vkd.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: keyword.URL - hxxp://www.questscan.com/?tmp=nemo_results_rem ... &keywords=
FF - ExtSQL: 2012-10-15 15:56; 507c1614431c3@507c1614431fc.com; c:\users\Ivuška\AppData\Roaming\Mozilla\Firefox\Profiles\wixq9vkd.default\extensions\507c1614431c3@507c1614431fc.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{6B5863A0-C43F-4C0A-982B-CC0E9125783F} - (no file)
BHO-{E430627F-2CA8-D185-2170-0726586247FF} - c:\programdata\Bcool\507c161443358.ocx
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{20E7BC40-33F6-4A81-9D52-B58349326206} - c:\programdata\Bcool\uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
Celkový čas: 2012-12-03 20:38:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-03 19:38
.
Před spuštěním: Volných bajtů: 188 001 538 048
Po spuštění: Volných bajtů: 187 497 402 368
.
- - End Of File - - A7C0498FB4C0A3AB93726ACD2CA5FB58
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.1976.1172 [GMT 1:00]
Spuštěný z: c:\users\Ivuška\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\9b28fc5325fd2041253b10b4c21f3bcc_c
c:\programdata\Bcool
c:\programdata\Bcool\507c161443358.ocx
c:\programdata\Bcool\507c161443391.html
c:\programdata\Bcool\507c1614433ca.js
c:\programdata\Bcool\data\507c1614433ca.js
c:\programdata\Bcool\data\jsondb.js
c:\programdata\Bcool\jlbcjnmdebolhoimggpjidnngieendlc.crx
c:\programdata\Bcool\settings.ini
c:\programdata\Bcool\uninstall.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{b55bd398-fcf2-b496-26bd-cc19c0818866}\@
c:\windows\Installer\{b55bd398-fcf2-b496-26bd-cc19c0818866}\L\00000004.@
c:\windows\Installer\{b55bd398-fcf2-b496-26bd-cc19c0818866}\L\201d3dde
c:\windows\Installer\{b55bd398-fcf2-b496-26bd-cc19c0818866}\L\4cce1f70
c:\windows\Installer\{b55bd398-fcf2-b496-26bd-cc19c0818866}\L\55490ac4
c:\windows\Installer\{b55bd398-fcf2-b496-26bd-cc19c0818866}\U\00000004.@
c:\windows\Installer\{b55bd398-fcf2-b496-26bd-cc19c0818866}\U\00000008.@
c:\windows\Installer\{b55bd398-fcf2-b496-26bd-cc19c0818866}\U\000000cb.@
c:\windows\Installer\{b55bd398-fcf2-b496-26bd-cc19c0818866}\U\80000000.@
c:\windows\Installer\{b55bd398-fcf2-b496-26bd-cc19c0818866}\U\80000032.@
c:\windows\Installer\{b55bd398-fcf2-b496-26bd-cc19c0818866}\U\80000064.@
c:\windows\PFRO.log
.
Nakažená kopie c:\windows\system32\services.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-03 do 2012-12-03 )))))))))))))))))))))))))))))))
.
.
2012-12-03 19:31 . 2012-12-03 19:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-03 18:13 . 2012-12-03 18:13 -------- d-----w- c:\users\Ivuška\AppData\Roaming\TeamViewer
2012-12-02 15:34 . 2012-12-02 15:34 -------- d-----w- c:\users\Ivuška\AppData\Roaming\Malwarebytes
2012-12-02 15:33 . 2012-12-02 15:33 -------- d-----w- c:\programdata\Malwarebytes
2012-12-02 15:33 . 2012-12-02 15:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-02 15:33 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-02 12:22 . 2012-12-02 12:22 -------- d-----w- C:\rsit
2012-12-02 12:22 . 2012-12-02 12:22 -------- d-----w- c:\program files\trend micro
2012-11-20 15:57 . 2012-11-20 15:57 -------- d-----w- c:\programdata\Microsoft Games
2012-11-19 20:55 . 2012-11-19 20:55 -------- d-----w- c:\users\Ivuška\AppData\Roaming\Microsoft Games
2012-11-19 20:46 . 2012-11-19 20:46 -------- d-----w- c:\program files (x86)\Microsoft Games
2012-11-07 19:59 . 2012-11-07 19:59 -------- d-----w- c:\users\Ivuška\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-21 19:35 . 2012-10-21 18:48 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-21 19:35 . 2011-08-25 10:46 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-12 07:19 . 2012-10-19 07:34 9291768 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5D931324-C6C8-4F2C-B9CE-D26AD1CAA71A}\mpengine.dll
2012-10-11 07:03 . 2011-09-29 09:03 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-14 19:19 . 2012-10-10 18:36 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 18:36 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QIP2005"="c:\program files (x86)\QIP\qip.exe" [2010-06-28 3332608]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-05 1305408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-18 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-26 1255736]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-30 254528]
S3 netr28x;Ralink 802.11n – bezdrátový ovladač pro systém Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-21 19:35]
.
.
--------- X64 Entries -----------
.
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\Ivuška\AppData\Roaming\Mozilla\Firefox\Profiles\wixq9vkd.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: keyword.URL - hxxp://www.questscan.com/?tmp=nemo_results_rem ... &keywords=
FF - ExtSQL: 2012-10-15 15:56; 507c1614431c3@507c1614431fc.com; c:\users\Ivuška\AppData\Roaming\Mozilla\Firefox\Profiles\wixq9vkd.default\extensions\507c1614431c3@507c1614431fc.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{6B5863A0-C43F-4C0A-982B-CC0E9125783F} - (no file)
BHO-{E430627F-2CA8-D185-2170-0726586247FF} - c:\programdata\Bcool\507c161443358.ocx
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{20E7BC40-33F6-4A81-9D52-B58349326206} - c:\programdata\Bcool\uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
.
**************************************************************************
.
Celkový čas: 2012-12-03 20:38:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-03 19:38
.
Před spuštěním: Volných bajtů: 188 001 538 048
Po spuštění: Volných bajtů: 187 497 402 368
.
- - End Of File - - A7C0498FB4C0A3AB93726ACD2CA5FB58
Re: Pravděpodobně zavirovaný notebook - nefunkční webowé str
Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe , ulozte ho na plochu, kliknete na nej pravym mysidlem a levym na Spustit jako spravce.Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Zprava a objevi se log. Ten mi sem vlozte
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
-
ivadrgacova
- Návštěvník
- Příspěvky: 16
- Registrován: 02 pro 2012 13:16
Re: Pravděpodobně zavirovaný notebook - nefunkční webowé str
Provedeno! A dobrá zpráva je, že stránky, které nefungovaly už zase jedou, hurá! Jenom ta wifi se po probuzení notebooku musí znovu ručně zapínat. Možná bude ale problém někde jinde
RogueKiller V8.3.1 [Dec 2 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Ivuška [Práva správce]
Mód : Kontrola -- Datum : 12/04/2012 19:39:35
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 8 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NALEZENO
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> NALEZENO
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> NALEZENO
[HJ] HKLM\[...]\System : EnableLUA (0) -> NALEZENO
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{b55bd398-fcf2-b496-26bd-cc19c0818866}\U --> NALEZENO
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{b55bd398-fcf2-b496-26bd-cc19c0818866}\L --> NALEZENO
¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤
¤¤¤ Nákaza : ZeroAccess ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-60A23T0 ATA Device +++++
--- User ---
[MBR] 9d3f68317bc69848fda1a7c530c6813c
[BSP] edd42d651a2a6f92b7a59ebc1ab7398d : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305143 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[1]_S_12042012_02d1939.txt >>
RKreport[1]_S_12042012_02d1939.txt
RogueKiller V8.3.1 [Dec 2 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Ivuška [Práva správce]
Mód : Kontrola -- Datum : 12/04/2012 19:39:35
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 8 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NALEZENO
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> NALEZENO
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> NALEZENO
[HJ] HKLM\[...]\System : EnableLUA (0) -> NALEZENO
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{b55bd398-fcf2-b496-26bd-cc19c0818866}\U --> NALEZENO
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{b55bd398-fcf2-b496-26bd-cc19c0818866}\L --> NALEZENO
¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤
¤¤¤ Nákaza : ZeroAccess ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-60A23T0 ATA Device +++++
--- User ---
[MBR] 9d3f68317bc69848fda1a7c530c6813c
[BSP] edd42d651a2a6f92b7a59ebc1ab7398d : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305143 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[1]_S_12042012_02d1939.txt >>
RKreport[1]_S_12042012_02d1939.txt
Re: Pravděpodobně zavirovaný notebook - nefunkční webowé str
Jeste je to porad zavirovane! Uvidime az po uplnem docisteni, jestli to dela vir, nebo je problem jinde Znovu spustte RogueKiller jako spravce (pokud jste ho jeste nezavrel/a, rovnou kliknete na napis Smazat)Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Smazat.
Pak kliknete na napis Zprava a objevi se log. Ten mi sem vlozte.
Pak kliknete na napis Oprava Host a Zprava.
Objevi se dalsi log. I ten mi sem vlozte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Pravděpodobně zavirovaný notebook - nefunkční webowé str
Az tu date ty logy z RogueKilleru, zopakujte sken TDSSkillerem a dejte sem i jeho log.
Za chvili jdu zase spat, takze pokracovani opet zitra.
Za chvili jdu zase spat, takze pokracovani opet zitra.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
-
ivadrgacova
- Návštěvník
- Příspěvky: 16
- Registrován: 02 pro 2012 13:16
Re: Pravděpodobně zavirovaný notebook - nefunkční webowé str
RogueKiller V8.3.1 [Dec 2 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Ivuška [Práva správce]
Mód : Odebrat -- Datum : 12/04/2012 20:31:28
¤¤¤ Škodlivé procesy: : 1 ¤¤¤
[SUSP PATH] tv_x64.exe -- C:\Users\Ivuška\AppData\Local\Temp\TeamViewer\Version8\tv_x64.exe -> SMAZÁNO [TermProc]
¤¤¤ ¤¤¤ Záznamy Registrů: : 5 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NAHRAZENO (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> NAHRAZENO (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{b55bd398-fcf2-b496-26bd-cc19c0818866}\U --> ODSTRANĚN
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{b55bd398-fcf2-b496-26bd-cc19c0818866}\L --> ODSTRANĚN
¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤
¤¤¤ Nákaza : ZeroAccess ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-60A23T0 ATA Device +++++
--- User ---
[MBR] 9d3f68317bc69848fda1a7c530c6813c
[BSP] edd42d651a2a6f92b7a59ebc1ab7398d : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305143 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[3]_D_12042012_02d2031.txt >>
RKreport[1]_S_12042012_02d1939.txt ; RKreport[2]_S_12042012_02d2031.txt ; RKreport[3]_D_12042012_02d2031.txt
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/
Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Ivuška [Práva správce]
Mód : Odebrat -- Datum : 12/04/2012 20:31:28
¤¤¤ Škodlivé procesy: : 1 ¤¤¤
[SUSP PATH] tv_x64.exe -- C:\Users\Ivuška\AppData\Local\Temp\TeamViewer\Version8\tv_x64.exe -> SMAZÁNO [TermProc]
¤¤¤ ¤¤¤ Záznamy Registrů: : 5 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NAHRAZENO (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> NAHRAZENO (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{b55bd398-fcf2-b496-26bd-cc19c0818866}\U --> ODSTRANĚN
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{b55bd398-fcf2-b496-26bd-cc19c0818866}\L --> ODSTRANĚN
¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤
¤¤¤ Nákaza : ZeroAccess ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-60A23T0 ATA Device +++++
--- User ---
[MBR] 9d3f68317bc69848fda1a7c530c6813c
[BSP] edd42d651a2a6f92b7a59ebc1ab7398d : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305143 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[3]_D_12042012_02d2031.txt >>
RKreport[1]_S_12042012_02d1939.txt ; RKreport[2]_S_12042012_02d2031.txt ; RKreport[3]_D_12042012_02d2031.txt
Přispějete na provoz fóra?