Notebook nejde zapnout

Zpráva

curt-xx · #1 Příspěvek od **curt-xx** » 02 led 2014 11:12

Dobrý den,

předpokládám, že se bude jednat spíše o hardwarový problém, ale stejně raději poprosím o kontrolu. Před časem jsem chtěl zapnout notebook, ale jen se rozsvítila kontrolka a nic dalšího. Notebook jsem dal do opravy, kde mi rekli, ze bude problem pravdepodobne v grafickem cipu a ze ho objednaji. Po vice jak mesici mi notebook vratili s tim, ze jim ten cip neprisel a asi ani neprijde. Udajne ale nahrali cip a diky tomu aspon nejakou dobu provizorne pobezi. 2x jsem notebook zapnul, kvuli zaloze dat, potreti jiz zapnout nesel. Kdyz byl vyndan disk tak notebook udajne bezel bez problemu. Nyni jsem chtel vse zacit resit znovu, ale notebook se najednou prekvapive znovu zapnul, byt predpokaldam, ze zas jen na nejakou dobu.

Prosim tedy o kontrolu logu pripadne o dalsi rady. Diky moc

Logfile of random's system information tool 1.09 (written by random/random)

Run by Jíra at 2014-01-02 09:58:33

Microsoft Windows 7 Professional Service Pack 1

System drive C: has 58 GB (13%) free of 459 GB

Total RAM: 3830 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:58:48, on 2.1.2014

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16720)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\Nokia\PC Internet Access\NPCIA.exe

C:\Program Files (x86)\DoubleDesktop\dd.exe

C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe

C:\Program Files (x86)\Automatické vypnutí počítače\avp.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

C:\Program Files\trend micro\Jíra.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://search.conduit.com/?ctid=CT32985 ... urce=61&CU
I=UN95309548010729130&UM=2&UP=SPB03DEEFC-9373-4F60-B05C-489F704ABBF4

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: Shell=C:\PROGRA~3\qpopgtawqlivptjnadb.bat

O1 - Hosts: ˙ţ127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program
Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll

O2 - BHO: HP ProtectTools Security Manager Extension -
{395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files
(x86)\Hewlett-Packard\HP ProtectTools Security
Manager\Bin\DpOtsPluginIe8.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
- C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Java(tm) Plug-In SSV Helper -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files
(x86)\Java\jre7\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -
C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} -
C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files
(x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -
C:\Program Files (x86)\Yontoo\YontooIEClient.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -
C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP
HotKey Support\QLBController.exe /start

O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files
(x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe

O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files
(x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe"
UNATTENDED

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST
Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common
Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common
Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [NokiaPCInternetAccess] "C:\Program Files (x86)\Nokia\PC
Internet Access\NPCIA.exe" /b

O4 - Startup: Automatické vypnutí počítače.lnk = ?

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: DoubleDesktop.lnk = C:\Program Files
(x86)\DoubleDesktop\dd.exe

O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel -
res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Od&eslat do aplikace OneNote -
res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... -
C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... -
C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Odeslat do aplikace OneNote -
{2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft
Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote -
{2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft
Office\Office14\ONBttnIE.dll

O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} -
C:\Program Files (x86)\ICQ7.2\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}
- C:\Program Files (x86)\ICQ7.2\ICQ.exe

O9 - Extra button: P&ropojené poznámky aplikace OneNote -
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft
Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote -
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft
Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Send To Bluetooth -
{CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth
Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... -
{CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth
Software\btsendto_ie.htm

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common
files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common
files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} -
C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)

O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) -
ActivIdentity - C:\Program Files\Common
Files\ActivIdentity\ac.sharedstore.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe
Systems Incorporated - C:\Program Files (x86)\Common
Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics
Corporation -
C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20
011ea53a6b83e\AESTSr64.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI
Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner -
C:\windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner -
C:\windows\system32\atiesrxx.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST
Software\Avast\AvastSvc.exe

O23 - Service: BrowserProtect - Unknown owner -
C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fe
c8e8}\BrowserProtect.exe (file missing)

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. -
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: DEBridge - McAfee, Inc. - c:\Program
Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe

O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security
Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program
Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner
- C:\windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner
- C:\windows\system32\fxssvc.exe (file missing)

O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) -
Hewlett-Packard Ltd - c:\Windows\SysWOW64\flcdlock.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files
(x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: HP Power Assistant Service - Hewlett-Packard - C:\Program
Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe

O23 - Service: HP ProtectTools Service - Hewlett-Packard Development
Company, L.P - c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter
for HP ProtectTools\PTChangeFilterService.exe

O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program
Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

O23 - Service: HP DayStarter Service (HPDayStarterService) - Hewlett-Packard
Company - c:\Program Files\Hewlett-Packard\HP
QuickLook\32-bit\HPDayStarterService.exe

O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) -
Hewlett-Packard Company - c:\Program Files
(x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. -
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe

O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) -
Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\File
Sanitizer\HPFSService.exe

O23 - Service: HP Hotkey Monitor (hpHotkeyMonitor) - Hewlett-Packard Company
- C:\Program Files (x86)\Hewlett-Packard\HP HotKey
Support\hpHotkeyMonitor.exe

O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files
(x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Unknown owner -
C:\windows\system32\Hpservice.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner -
C:\windows\system32\lsass.exe (file missing)

O23 - Service: KMService - Unknown owner - C:\windows\system32\srvany.exe

O23 - Service: LightScribeService Direct Disc Labeling Service
(LightScribeService) - Hewlett-Packard Company - C:\Program Files
(x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files
(x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files
(x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla
Foundation - C:\Program Files (x86)\Mozilla Maintenance
Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner -
C:\windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown
owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. -
C:\windows\SysWOW64\NLSSRV32.EXE

O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program
Files (x86)\OpenVPN\bin\openvpnserv.exe

O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files
(x86)\PANDORA.TV\PanService\PandoraService.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) -
Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files
(x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown
owner - C:\windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner
- C:\windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program
Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown
owner - C:\windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown
owner - C:\windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown
owner - C:\windows\system32\sppsvc.exe (file missing)

O23 - Service: Audio Service (STacSV) - IDT, Inc. -
C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20
011ea53a6b83e\STacSV64.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files
(x86)\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program
Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) -
Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) -
Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity
Sensors, Inc. - C:\windows\system32\vcsFPService.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner -
C:\windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner -
C:\windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) -
Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown
owner - C:\windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) -
Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101
(WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media
Player\wmpnetwk.exe (file missing)

--

End of file - 14056 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows
SharedSection=1024,20480,768 Windows=On SubSystemType=Windows
ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3
ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4
ProfileControl=Off MaxRequestThreads=16

wininit.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows
SharedSection=1024,20480,768 Windows=On SubSystemType=Windows
ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3
ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4
ProfileControl=Off MaxRequestThreads=16

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

"C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe"

"c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe"

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\system32\atiesrxx.exe

winlogon.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20
011ea53a6b83e\STacSV64.exe

C:\windows\system32\svchost.exe -k GPSvcGroup

C:\windows\system32\Hpservice.exe

atieclxx

C:\windows\system32\svchost.exe -k NetworkService

"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"

C:\windows\system32\WLANExt.exe 21190512

\??\C:\windows\system32\conhost.exe
"45632347111662868745903074651428179945-5732102611573592101-2141195519975854
499

C:\windows\System32\spoolsv.exe

taskeng.exe {6B41E133-6A5D-482B-8D79-2553988D76B5}

"C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe"

"c:\Program Files\Hewlett-Packard\HP ProtectTools Security
Manager\Bin\DpHostW.exe"

"C:\Program Files\ActivIdentity\ActivClient\acevents.exe"

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20
011ea53a6b83e\AESTSr64.exe

"C:\Program Files\LSI SoftModem\agr64svc.exe"

"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

"c:\Program Files\Hewlett-Packard\HP
QuickLook\32-bit\HPDayStarterService.exe"

"c:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"

"C:\Program Files (x86)\Hewlett-Packard\HP HotKey
Support\hpHotkeyMonitor.exe"

"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"

C:\windows\SysWOW64\NLSSRV32.EXE

"C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe"

"C:\Program Files (x86)\Skype\Updater\Updater.exe"

C:\windows\system32\svchost.exe -k imgsvc

"C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe"

"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

"C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe"
"C:\Users\JÝra\AppData\Roaming\Yontoo\YontooDesktop.exe"

"taskhost.exe"

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

WLIDSvcM.exe 2676

"C:\windows\system32\Dwm.exe"

C:\windows\Explorer.EXE

"C:\Program Files (x86)\Common
Files\LightScribe\LightScribeControlPanel.exe" -hidden

"C:\Program Files (x86)\Nokia\PC Internet Access\NPCIA.exe" /b

"C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe"
/start

"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"

"C:\Program Files (x86)\DoubleDesktop\dd.exe"

"C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe"

"C:\Program Files (x86)\Automatické vypnutí počítače\avp.exe"

"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

"C:\Program Files\AVAST Software\Avast\setup\avast.setup" /downloadpkgs
/noreboot /updatevps /verysilent /session "0" /limitcpu

"c:\Program Files\Hewlett-Packard\Drive
Encryption\SbHpAuthenticatorService.exe"

C:\windows\system32\SearchIndexer.exe /Embedding

C:\windows\servicing\TrustedInstaller.exe

"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"

C:\windows\system32\wbem\unsecapp.exe -Embedding

C:\windows\system32\wbem\wmiprvse.exe

"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe"
--channel=4508.7af8900.1907183116
"C:\Users\Jíra\AppData\Roaming\Mozilla\Firefox\Profiles\0i7xvw87.default\ext
ensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\plugins\npConduitFirefoxPlugi
n.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni
"C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program
Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 4508
"\\.\pipe\gecko-crash-server-pipe.4508" plugin

"C:\Users\Jíra\Desktop\Ostatní\Programy\RSITx64.exe"

"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe"
--channel=4508.cd6f200.710908647
"C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll" -greomni
"C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files
(x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files
(x86)\Mozilla Firefox\browser" E7CF176E110C211B 4508
"\\.\pipe\gecko-crash-server-pipe.4508" plugin

"C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe"
--proxy-stub-channel=Flash5224.6991A550.729
--host-broker-channel=Flash5224.6991A550.10131 --host-pid=5224
--host-npapi-version=27
--plugin-path="C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll"

"C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe"
--channel=2856.003DF8B4.1828820063
--proxy-stub-channel=Flash5224.6991A550.729
--plugin-path="C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll"
--host-npapi-version=27 --type=renderer

C:\windows\system32\wbem\wmiprvse.exe

"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"

======Scheduled tasks folder======

C:\windows\tasks\AutoKMS.job

C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-4237429555-3320718254-153430
5600-1003Core.job

C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-4237429555-3320718254-153430
5600-1003UA.job

=========Mozilla firefox=========

ProfilePath -
C:\Users\Jíra\AppData\Roaming\Mozilla\Firefox\Profiles\0i7xvw87.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

prefs.js - "extensions.enabledItems" - "otis@digitalpersona.com:5.0.0.4238,
{B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0.0.479,
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23,
{800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7,
{e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2,
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6,
{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"

prefs.js - "keyword.URL" -
"http://search.conduit.com/ResultsExt.as ... urce=2&CUI
=UN98488942621762913&UM=2&q="

"{77BEC163-D389-42c1-91A4-C758846296A5}"=C:\Program Files\Video
downloader\Firefox

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlay
er]

"Description"=AdobeR FlashR Player 11.7.700.224 Plugin

"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@docu-track.com/PDF-
XChange Viewer Plugin,version=1.0,application/pdf]

"Description"=

"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,v
ersion=10.17.2]

"Description"=JavaT Deployment Toolkit

"Path"=C:\windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin
,version=10.17.2]

"Description"=OracleR Next Generation JavaT Plug-In

"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUI
NE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtr
l,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Offic
eAuthz,version=14.0]

"Description"=Office Authorization plug-in for NPAPI browsers

"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Share
Point,version=14.0]

"Description"=Microsoft SharePoint Plug-in for Firefox

"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,ve
rsion=2.0.8]

"Description"=VLC Multimedia Plugin

"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=AdobeR FlashR Player 11.7.700.224 Plugin

"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@docu-track.com/PDF-XChange
Viewer Plugin,version=1.0,application/pdf]

"Description"=

"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.17
.2]

"Description"=JavaT Deployment Toolkit

"Path"=C:\windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.
17.2]

"Description"=OracleR Next Generation JavaT Plug-In

"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.
0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,versi
on=14.0]

"Description"=Office Authorization plug-in for NPAPI browsers

"Path"=C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\plugins\

np-mswmp.dll

nppdf32.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\

babylon.xml

mall-cz.xml

C:\Users\Jíra\AppData\Roaming\Mozilla\Firefox\Profiles\0i7xvw87.default\exte
nsions\

plugin@yontoo.com

staged

{1122b43d-30ee-403f-9bfa-3cc99b0caddd}

{3d7eb24f-2740-49df-8937-200b1cc08f8a}

{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

C:\Users\Jíra\AppData\Roaming\Mozilla\Firefox\Profiles\0i7xvw87.default\sear
chplugins\

babylon.xml

BrowserProtect.xml

conduit.xml

sweetim.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows
er Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]

avast! WebRep - C:\Program Files\AVAST Sof [2012-09-09 6516280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows
er Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]

HP ProtectTools Security Manager Extension - c:\Program
Files\Hewlett-Packard\HP ProtectTools Security
Manager\Bin\DpOtsPluginIe8.dll [2010-04-02 2132232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows
er Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
[2012-08-16 6670496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows
er Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll
[2013-03-13 551840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows
er Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft
Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows
er Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
[2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows
er Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll
[2013-03-13 209824]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Ex
plorer\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}]

File Sanitizer for HP ProtectTools - C:\Program Files
(x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2010-01-19 117248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Ex
plorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]

HP ProtectTools Security Manager Extension - c:\Program Files
(x86)\Hewlett-Packard\HP ProtectTools Security
Manager\Bin\DpOtsPluginIe8.dll [2010-04-02 1471752]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Ex
plorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
[2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Ex
plorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
[2013-03-19 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Ex
plorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]

avast! WebRep - C:\Program Files\AVAST Sof [2012-09-09 6516280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Ex
plorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
[2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Ex
plorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java(tm) Plug-In 2 SSV Helper - C:\Program Files
(x86)\Java\jre7\bin\jp2ssv.dll [2013-03-19 170912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Ex
plorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

Yontoo - C:\Program Files (x86)\Yontoo\YontooIEClient.dll [2013-03-23
197920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program
Files\AVAST Sof [2012-09-09 6516280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet
Explorer\Toolbar]

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program
Files\AVAST Sof [2012-09-09 6516280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13
112512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"=C:\Program Files (x86)\Common
Files\LightScribe\LightScribeControlPanel.exe [2010-02-22 2363392]

"NokiaPCInternetAccess"=C:\Program Files (x86)\Nokia\PC Internet
Access\NPCIA.exe [2009-05-26 651264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\Facebook Update]

C:\Users\Jíra\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-08
138096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\Yontoo Desktop]

C:\Users\Jíra\AppData\Roaming\Yontoo\YontooDesktop.exe [2013-03-23 42784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupfolder\C:^Users^Jíra^AppData^Roaming^Microsoft^Windows
^Start Menu^Programs^Startup^Facebook Messenger.lnk]

C:\Users\JRA~1\AppData\Local\Facebook\MESSEN~1\214814~1.0\FACEBO~1.EXE
[2013-03-07 248240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupfolder\C:^Users^Jíra^AppData^Roaming^Microsoft^Windows
^Start Menu^Programs^Startup^qpopgtawqlivptjnadb.lnk]

C:\Users\JRA~1\AppData\Local\Temp\bdanjtpvilqwatgpopq.exe,OKL00 []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Ru
n]

"QLBController"=C:\Program Files (x86)\Hewlett-Packard\HP HotKey
Support\QLBController.exe [2010-03-01 256056]

"File Sanitizer"=C:\Program Files (x86)\Hewlett-Packard\File
Sanitizer\CoreShredder.exe [2010-01-19 11266048]

"NortonOnlineBackupReminder"=C:\Program Files (x86)\Symantec\Norton Online
Backup\Activation\NOBuActivation.exe [2009-12-03 3331944]

"avast"=C:\Program Files\AVAST Sof [2012-09-09 6516280]

"EfficientDiary"= []

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[2013-04-04 958576]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\shared
tools\msconfig\startupreg\SunJavaUpdateSched]

[]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

DoubleDesktop.lnk - C:\Program Files (x86)\DoubleDesktop\dd.exe

C:\Users\Jíra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Automatické vypnutí počítače.lnk - C:\Program Files (x86)\Automatické
vypnutí počítače\avp.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb
jectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -
C:\windows\system32\webcheck.dll [2013-05-25 247296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell
ExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOV
EEX.DLL [2012-08-16 6670496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Ex
plorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOV
EEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSISer
ver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSISer
ver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Syste
m]

"ConsentPromptBehaviorAdmin"=0

"ConsentPromptBehaviorUser"=3

"EnableLUA"=0

"EnableUIADesktopToggle"=0

"PromptOnSecureDesktop"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explor
er]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter
s\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter
s\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"MSVideo8"=VfWWDM32.dll

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

======List of files/folders modified in the last 1 month======

2014-01-02 09:58:43 ----D---- C:\Program Files\trend micro

2014-01-02 09:58:01 ----D---- C:\windows\Prefetch

2014-01-02 09:57:49 ----D---- C:\windows\temp

2014-01-02 09:57:35 ----A---- C:\windows\avp.ini

2013-12-13 10:10:02 ----D---- C:\windows\system32\config

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto,
3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\windows\system32\drivers\aswRvrt.sys [2013-08-30
65336]

R0 aswVmm;aswVmm; C:\windows\system32\drivers\aswVmm.sys [2013-08-30 204880]

R0 AtiPcie;AMD PCI Express (3GIO) Filter;
C:\windows\system32\DRIVERS\AtiPcie.sys [2009-08-23 16440]

R0 hpdskflt;HP Filter; C:\windows\system32\DRIVERS\hpdskflt.sys [2009-07-08
30008]

R0 PxHlpa64;PxHlpa64; C:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09
55280]

R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20
213888]

R0 SafeBoot;SafeBoot; C:\windows\system32\drivers\SafeBoot.sys [2010-02-02
56648]

R0 SbAlg;SbAlg; C:\windows\system32\drivers\SbAlg.sys [2009-06-04 60160]

R0 SbFsLock;SbFsLock; C:\windows\system32\drivers\SbFsLock.sys [2010-02-02
15688]

R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2010-12-26 834544]

R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000;
C:\windows\system32\drivers\vmbus.sys [2010-11-20 199552]

R1 aswRdr;aswRdr; C:\windows\System32\Drivers\aswrdr2.sys [2013-08-30 72016]

R1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2013-08-30
1030952]

R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2013-08-30 378944]

R1 aswTdi;avast! Network Shield Support;
C:\windows\system32\drivers\aswTdi.sys [2013-08-30 64288]

R1 CSC;@%systemroot%\system32\cscsvc.dll,-202;
C:\windows\system32\drivers\csc.sys [2010-11-20 514560]

R1 RsvLock;RsvLock; C:\windows\system32\drivers\RsvLock.sys [2010-02-02
58184]

R1 vpcnfltr;Virtual PC Network Filter Driver;
C:\windows\system32\DRIVERS\vpcnfltr.sys [2010-11-20 59392]

R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100;
C:\windows\system32\drivers\vpcvmm.sys [2010-11-20 360832]

R1 vwififlt;Virtual WiFi Filter Driver;
C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

R2 aswFsBlk;aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [2013-08-30
33400]

R2 aswMonFlt;aswMonFlt; \??\C:\windows\system32\drivers\aswMonFlt.sys
[2013-08-30 80816]

R2 rimspci;rimspci; C:\windows\system32\DRIVERS\rimspe64.sys [2009-10-26
61952]

R2 risdpcie;risdpcie; C:\windows\system32\DRIVERS\risdpe64.sys [2009-10-29
79360]

R2 rixdpcie;rixdpcie; C:\windows\system32\DRIVERS\rixdpe64.sys [2009-12-11
55808]

R3 Accelerometer;HP Accelerometer;
C:\windows\system32\DRIVERS\Accelerometer.sys [2009-07-08 41272]

R3 AgereSoftModem;Agere Systems Soft Modem;
C:\windows\system32\DRIVERS\agrsm64.sys [2010-01-21 1209856]

R3 amdkmdag;amdkmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2010-04-08
6657536]

R3 amdkmdap;amdkmdap; C:\windows\system32\DRIVERS\atikmpag.sys [2010-04-08
195584]

R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service;
C:\windows\system32\drivers\AtiHdmi.sys [2010-03-09 123408]

R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11;
C:\windows\system32\DRIVERS\bcmwl664.sys [2011-04-23 2838008]

R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys
[2010-02-16 25912]

R3 MBAMProtector;MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys
[2013-04-04 25928]

R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);
C:\windows\system32\DRIVERS\snp2uvc.sys [2010-01-19 1803904]

R3 STHDA;IDT High Definition Audio CODEC;
C:\windows\system32\DRIVERS\stwrt64.sys [2010-03-17 505856]

R3 tap0901;TAP-Win32 Adapter V9; C:\windows\system32\DRIVERS\tap0901.sys
[2011-07-01 31232]

R3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2009-07-14 38400]

R3 vpcbus;Služba hostitelské sběrnice programu Virtual PC;
C:\windows\system32\DRIVERS\vpchbus.sys [2010-11-20 194944]

R3 vpcusb;Služba konektoru virtualizace rozhraní USB;
C:\windows\system32\DRIVERS\vpcusb.sys [2010-11-20 95232]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;
C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

S3 BthEnum;Ovladač pro Bluetooth Request Block;
C:\windows\system32\drivers\BthEnum.sys [2009-07-14 41984]

S3 BthPan;Bluetooth Device (Personal Area Network);
C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]

S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys
[2011-04-28 552960]

S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth;
C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]

S3 btwaudio;Bluetooth Audio Device Service;
C:\windows\system32\drivers\btwaudio.sys [2010-01-07 98344]

S3 btwavdt;Bluetooth AVDT; C:\windows\system32\drivers\btwavdt.sys
[2010-01-07 132648]

S3 btwl2cap;Bluetooth L2CAP Service;
C:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-07 35104]

S3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2010-01-07
21160]

S3 DAMDrv;DAMDrv; C:\windows\system32\DRIVERS\DAMDrv64.sys [2009-10-21
40760]

S3 hwdatacard;Huawei DataCard USB Modem and USB Serial;
C:\windows\system32\DRIVERS\ewusbmdm.sys [2008-09-26 115328]

S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;
C:\windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]

S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]

S3 RDPDR;Terminal Server Device Redirector Driver;
C:\windows\System32\drivers\rdpdr.sys [2010-11-20 165888]

S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI);
C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]

S3 s3cap;s3cap; C:\windows\system32\drivers\vms3cap.sys [2010-11-20 6656]

S3 sdbus;sdbus; C:\windows\system32\drivers\sdbus.sys [2010-11-20 109056]

S3 storvsc;storvsc; C:\windows\system32\drivers\storvsc.sys [2010-11-20
34688]

S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-20
59392]

S3 VMBusHID;VMBusHID; C:\windows\system32\drivers\VMBusHID.sys [2010-11-20
21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto,
3=Demand, 4=Disabled)======

R2 ac.sharedstore;ActivIdentity Shared Store Service; C:\Program
Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-04 277032]

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files
(x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-11 65640]

R2 AESTFilters;Andrea ST Filters Service;
C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20
011ea53a6b83e\AESTSr64.exe [2009-03-03 89600]

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI
SoftModem\agr64svc.exe [2010-01-21 16896]

R2 AMD External Events Utility;AMD External Events Utility;
C:\windows\system32\atiesrxx.exe [2010-04-08 202752]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Sof [2012-09-09
6516280]

R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth
Software\btwdins.exe [2009-12-29 873248]

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200;
C:\windows\System32\svchost.exe [2009-07-14 27136]

R2 DpHost;@c:\Program Files\Hewlett-Packard\HP ProtectTools Security
Manager\Bin\DpHostW.exe,-128; c:\Program Files\Hewlett-Packard\HP
ProtectTools Security Manager\Bin\DpHostW.exe [2010-03-31 462088]

R2 HPDayStarterService;HP DayStarter Service; c:\Program
Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
[2010-06-14 90112]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; c:\Program Files
(x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2009-12-10 251448]

R2 HpFkCryptService;Drive Encryption Service; c:\Program
Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-02 281192]

R2 HPFSService;File Sanitizer for HP ProtectTools; C:\Program Files
(x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2010-01-19 297984]

R2 hpHotkeyMonitor;HP Hotkey Monitor; C:\Program Files
(x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01
264248]

R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2009-07-08 30520]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service;
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-02-22
73728]

R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes'
Anti-Malware\mbamservice.exe [2013-04-04 701512]

R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes'
Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

R2 nlsX86cc;Nalpeiron Licensing Service; C:\windows\SysWOW64\NLSSRV32.EXE
[2012-04-12 69640]

R2 PanService;PandoraService; C:\Program Files
(x86)\PANDORA.TV\PanService\PandoraService.exe [2012-04-06 624856]

R2 SkypeUpdate;Skype Updater; C:\Program Files
(x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R2 STacSV;Audio Service;
C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20
011ea53a6b83e\STacSV64.exe [2010-03-17 244736]

R2 TeamViewer7;TeamViewer 7; C:\Program Files
(x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-02 2923392]

R3 DEBridge;DEBridge; c:\Program Files\Hewlett-Packard\Drive
Encryption\SbHpAuthenticatorService.exe [2010-02-02 704512]

R3 hpqwmiex;hpqwmiex; C:\Program Files
(x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2010-02-08 230968]

S2 BrowserProtect;BrowserProtect;
C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fe
c8e8}\BrowserProtect.exe []

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN
v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
[2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN
v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
[2010-03-18 138576]

S2 HP Health Check Service;HP Health Check Service; C:\Program Files
(x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2010-03-24 121344]

S2 HP Power Assistant Service;HP Power Assistant Service; C:\Program
Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-04-05
103992]

S2 HP ProtectTools Service;HP ProtectTools Service; c:\Program Files
(x86)\Hewlett-Packard\2009 Password Filter for HP
ProtectTools\PTChangeFilterService.exe [2010-03-17 36864]

S2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program
Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05
103992]

S2 KMService;KMService; C:\windows\syswow64\srvany.exe [2012-11-14 8192]

S2 vcsFPService;Validity VCS Fingerprint Service;
C:\windows\system32\vcsFPService.exe [2010-02-18 2045232]

S3 AppMgmt;@appmgmts.dll,-3250; C:\windows\system32\svchost.exe [2009-07-14
27136]

S3 aspnet_state;ASP.NET State Service;
C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18
44376]

S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;
c:\Windows\SysWOW64\flcdlock.exe [2009-12-07 362040]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint
Workspace Audit Service; C:\Program Files\Microsoft
Office\Office14\GROOVE.EXE [2012-09-20 50899608]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files
(x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-08-17 117656]

S3 OpenVPNService;OpenVPN Service; C:\Program Files
(x86)\OpenVPN\bin\openvpnserv.exe [2011-07-01 14848]

S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft
Shared\Source Engine\OSE.EXE [2010-01-09 174440]

S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common
Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
[2010-01-09 4925184]

S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000;
C:\windows\System32\svchost.exe [2009-07-14 27136]

S3 RoxMediaDB10;RoxMediaDB10; c:\Program Files (x86)\Common Files\Roxio
Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-11-23 1120752]

S3 stllssvr;stllssvr; c:\Program Files (x86)\Common Files\SureThing
Shared\stllssvr.exe [2009-10-16 74392]

S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100;
C:\windows\System32\svchost.exe [2009-07-14 27136]

S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000;
C:\windows\System32\svchost.exe [2009-07-14 27136]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601;
C:\windows\system32\Wat\WatAdminSvc.exe [2010-12-26 1255736]

S4
NetMsmqActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceMo
delInstallRC.dll,-8195;
c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18
124240]

S4
NetPipeActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceMo
delInstallRC.dll,-8197;
c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18
124240]

S4
NetTcpActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceMod
elInstallRC.dll,-8199;
c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18
124240]

#2 Příspěvek od **JaRon** » 02 led 2014 11:22

ahoj,
nuz pokial nabehol a este nemas zazalohovane data na supky na to
ak mas data v suchu, tak urob nasledovne:
- ZMAZ subor C:\PROGRA~3\qpopgtawqlivptjnadb.bat
- vycisti PC s ADWCleanerom

curt-xx · #3 Příspěvek od **curt-xx** » 02 led 2014 11:30

Dekuji za odpoved. Jen se zeptam, to je tedy nejaky vir ci co? a o data muzu i tak ted prijit, kdyz rikate, ze mam vse ted zalohovat? ja mam totiz notebook ted zapnuty, ale dnes to zazalohovat nezvladnu a zitra uz zase nemusi jit notebook zapnout, proto se radeji ptam. Jeste jednou diky

#4 Příspěvek od **JaRon** » 02 led 2014 11:43

no asi takto - ak tam mas nejake zivotne dolezite data, fotky apod. to rozhodne zazalohuj -
myslim, vsak, ze potrebne data moze jeden uzivatel zazalohovat za polhodinu ,,,
ak nie je jadrom problemu samotny disk, tak ostatne veci ako filmy a ine kraviny budes mat cas
zalohovat hocikedy neskor ,,,
mozno sa tu pletu dva problemy - HW + AV >> no ten NTB urcite cisty nie je

curt-xx · #5 Příspěvek od **curt-xx** » 02 led 2014 13:57

Tak se snazim zalohovat (bude to jeste trvat) a pritom jsem prisel na dalsi vec. Kdyz pocitac odpojim z elektriky, tak se sam vypne. Premyslim, zda to tedy nemohlo byt od zacatku timhle - kdyz pocitac zapinam, tak ho v tu chvili casto jeste neamm v elektrice a je to vec, ktzerou si clovek neuvedomi a nenapadne ho to. Myslite, ze muze byt treba jen odpalena baterie uvnitr notebooku?

#6 Příspěvek od **JaRon** » 02 led 2014 14:01

i to je mozne ,,,
mna vsak zaujima AV cast tohto problemu, takze po vykonani doporucenych krokov nezabudni vlozit aktualny log

curt-xx · #7 Příspěvek od **curt-xx** » 03 led 2014 13:04

Dobrý den,

níže přikládám logy z obou programů.

# AdwCleaner v3.016 - Report created 03/01/2014 at 12:56:52
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Jíra - HP
# Running from : C:\Users\Jíra\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : BrowserProtect
Service Deleted : Yontoo Desktop Updater

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\ICQ6Toolbar
Folder Deleted : C:\Program Files (x86)\LSHunter.TV
Folder Deleted : C:\Program Files (x86)\Searchprotect
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\windows\assembly\GAC_MSIL\QuickStoresToolbar
Folder Deleted : C:\Users\Jíra\AppData\Local\Conduit
Folder Deleted : C:\Users\Jíra\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Jíra\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Jíra\AppData\Roaming\Searchprotect
Folder Deleted : C:\Users\Jíra\AppData\Roaming\Yontoo
Folder Deleted : C:\Users\Jíra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LSHunter.TV
Folder Deleted : C:\Users\Jíra\AppData\Roaming\Mozilla\Firefox\Profiles\0i7xvw87.default\ICQToolbarData
Folder Deleted : C:\Users\Jíra\AppData\Roaming\Mozilla\Firefox\Profiles\0i7xvw87.default\Smartbar
Folder Deleted : C:\Users\Jíra\AppData\Roaming\Mozilla\Firefox\Profiles\0i7xvw87.default\SweetPacksToolbarData
Folder Deleted : C:\Users\Jíra\AppData\Roaming\Mozilla\Firefox\Profiles\0i7xvw87.default\CT3298566
Folder Deleted : C:\Users\Jíra\AppData\Roaming\Mozilla\Firefox\Profiles\0i7xvw87.default\Extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}
Folder Deleted : C:\Users\Jíra\AppData\Roaming\Mozilla\Firefox\Profiles\0i7xvw87.default\Extensions\plugin@yontoo.com
File Deleted : C:\Users\Jíra\AppData\Roaming\Mozilla\Firefox\Profiles\0i7xvw87.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Deleted : C:\Users\Jíra\AppData\Roaming\Mozilla\Firefox\Profiles\0i7xvw87.default\Extensions\freehdsport@freehdsport.tv.xpi
File Deleted : C:\END
File Deleted : C:\Users\Jíra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
File Deleted : C:\Users\Jíra\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
File Deleted : C:\Users\Jíra\AppData\Roaming\Mozilla\Firefox\Profiles\0i7xvw87.default\bProtector_extensions.rdf
File Deleted : C:\Users\Jíra\AppData\Roaming\Mozilla\Firefox\Profiles\0i7xvw87.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Jíra\AppData\Roaming\Mozilla\Firefox\Profiles\0i7xvw87.default\bprotector_prefs.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js
File Deleted : C:\Users\Jíra\AppData\Roaming\Mozilla\Firefox\Profiles\0i7xvw87.default\searchplugins\Babylon.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Users\Jíra\AppData\Roaming\Mozilla\Firefox\Profiles\0i7xvw87.default\searchplugins\BrowserProtect.xml
File Deleted : C:\Users\Jíra\AppData\Roaming\Mozilla\Firefox\Profiles\0i7xvw87.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Jíra\AppData\Roaming\Mozilla\Firefox\Profiles\0i7xvw87.default\searchplugins\SweetIm.xml
File Deleted : C:\Users\Jíra\AppData\Roaming\Mozilla\Firefox\Profiles\0i7xvw87.default\user.js
File Deleted : C:\Users\Jíra\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Jíra\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Users\Jíra\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
File Deleted : C:\windows\System32\Tasks\BrowserProtect
File Deleted : C:\windows\System32\Tasks\EPUpdater

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{77BEC163-D389-42c1-91A4-C758846296A5}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKCU\Software\52558f8be76db8
Key Deleted : HKCU\Software\52558f8be76db845
Key Deleted : HKLM\SOFTWARE\52558f8be76db845
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_easycapture_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_easycapture_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\Software\dt soft\daemon tools toolbar
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Video downloader
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Video downloader

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16750

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

-\\ Mozilla Firefox v23.0.1 (cs)

[ File : C:\Users\Jíra\AppData\Roaming\Mozilla\Firefox\Profiles\0i7xvw87.default\prefs.js ]

Line Deleted : user_pref("CT3298566.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3298566.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Deleted : user_pref("CT3298566.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3298566.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3298566.FF19Solved", "true");
Line Deleted : user_pref("CT3298566.FirstTime", "true");
Line Deleted : user_pref("CT3298566.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3298566.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&SearchSource=2&CUI=UN98488942621762913&UM=2&q=");
Line Deleted : user_pref("CT3298566.TopHitsConfig.enc", "ew0KICAgICJzcHJpdGVVcmwiOiAiaHR0cDovL3N0b3JhZ2UuY29uZHVpdC5jb20vcHMvVG9wSGl0c0dlbmVyaWNBcHAvY29uZmlncy9VUy1VSy1EYW5jZS1Sb2NrLVJhcC9zcHJpdGUucG5nIiwNCiAgICAiaX[...]
Line Deleted : user_pref("CT3298566.UserID", "UN98488942621762913");
Line Deleted : user_pref("CT3298566.YTbyClickFavorites.enc", "W10=");
Line Deleted : user_pref("CT3298566.YTbyClickRecent.enc", "W10=");
Line Deleted : user_pref("CT3298566.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3298566.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3298566.countryCode", "CZ");
Line Deleted : user_pref("CT3298566.defaultSearch", "true");
Line Deleted : user_pref("CT3298566.embeddedsData", "[{\"appId\":\"130110228003246321\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3298566.enableAlerts", "true");
Line Deleted : user_pref("CT3298566.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3298566.enlargeSearchBox", "{\"enabled\":true,\"maxWidth\":1000,\"minWidth\":250,\"width\":500}");
Line Deleted : user_pref("CT3298566.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3298566.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3298566.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3298566.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3298566.fullUserID", "UN98488942621762913.IN.20130902003940");
Line Deleted : user_pref("CT3298566.homepageuserchanged", true);
Line Deleted : user_pref("CT3298566.installDate", "02/09/2013 00:39:42");
Line Deleted : user_pref("CT3298566.installId", "cid111");
Line Deleted : user_pref("CT3298566.installSessionId", "{AE4DFD45-AEAE-4C3C-B4B5-542429532815}");
Line Deleted : user_pref("CT3298566.installSp", "TRUE");
Line Deleted : user_pref("CT3298566.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3298566.installUsage", "2013-09-02T01:40:12.8560584+03:00");
Line Deleted : user_pref("CT3298566.installUsageEarly", "2013-09-02T01:40:09.5643951+03:00");
Line Deleted : user_pref("CT3298566.installerVersion", "1.6.1.2");
Line Deleted : user_pref("CT3298566.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3298566.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3298566.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3298566.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3298566.keyword", "true");
Line Deleted : user_pref("CT3298566.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3298566&octid=CT3298566&SearchSource=15&CUI=UN98488942621762913&SSPV=&Lay=1&UM=2\"}");
Line Deleted : user_pref("CT3298566.lastVersion", "10.20.0.513");
Line Deleted : user_pref("CT3298566.mam_gk_appStateReportTime.enc", "MTM3ODA3Njc0NDQ0Nw==");
Line Deleted : user_pref("CT3298566.mam_gk_appState_CouponBuddy.enc", "b2Zm");
Line Deleted : user_pref("CT3298566.mam_gk_appState_Easytobook.enc", "b2Zm");
Line Deleted : user_pref("CT3298566.mam_gk_appState_Easytobook_targeted.enc", "b2Zm");
Line Deleted : user_pref("CT3298566.mam_gk_appState_PriceGong.enc", "b2Zm");
Line Deleted : user_pref("CT3298566.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsInNjcmlwdFVybCI6bnVsbCwib3B0aW9uc0Rp[...]
Line Deleted : user_pref("CT3298566.mam_gk_appsDefaultEnabled.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3298566.mam_gk_calledSetupService.enc", "MQ==");
Line Deleted : user_pref("CT3298566.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkVhc3l0b2Jvb2tfdGFyZ2V0ZWQiLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiI2MDU1ZDFlZS1hYThiLTRlODItODk0Yy04NjliZDA1ZjE4NTgiLCJ[...]
Line Deleted : user_pref("CT3298566.mam_gk_currentVersion.enc", "MS4xMC40LjA=");
Line Deleted : user_pref("CT3298566.mam_gk_eventsCache.enc", "eyI3ZDQ1YzQxMy01OTZiLTRhOWUtOWM5OS0xNzE2NDJkNjFmZDQiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjp7ImNhdGVnb3J5IjoiV2VsY29tZSIsImFjdGlvbiI6IlZpZXciLCJsYWJlbCI6I[...]
Line Deleted : user_pref("CT3298566.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Deleted : user_pref("CT3298566.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3298566.mam_gk_gadgetOpen.enc", "d2VsY29tZQ==");
Line Deleted : user_pref("CT3298566.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3298566.mam_gk_lastLoginTime.enc", "MTM3ODA3NjczMzQwOQ==");
Line Deleted : user_pref("CT3298566.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Deleted : user_pref("CT3298566.mam_gk_new_welcome_experience.enc", "MQ==");
Line Deleted : user_pref("CT3298566.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3298566.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNTRfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiQ1oiLCJpc1dlbGNvbWVFeHBl[...]
Line Deleted : user_pref("CT3298566.mam_gk_showWelcomeGadget.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3298566.mam_gk_userId.enc", "MzAxMWZhMjgtMTQ5Yy00YmYwLTk0ZjItNTk1ZjNkMzgwN2I2");
Line Deleted : user_pref("CT3298566.mam_gk_user_approval_interacted.enc", "MA==");
Line Deleted : user_pref("CT3298566.mam_gk_welcomeDialogMode.enc", "MA==");
Line Deleted : user_pref("CT3298566.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fforum.viry.cz%2Fviewtopic.php%3Ff%3D13%26t%3D135133\",\"EB_MAIN_FRAME_TITLE\":\"VIRY.CZ%20%E[...]
Line Deleted : user_pref("CT3298566.openThankYouPage", "false");
Line Deleted : user_pref("CT3298566.openUninstallPage", "true");
Line Deleted : user_pref("CT3298566.originalHomepage", "hxxp://www.seznam.cz/");
Line Deleted : user_pref("CT3298566.originalSearchAddressUrl", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=");
Line Deleted : user_pref("CT3298566.originalSearchEngine", "Google");
Line Deleted : user_pref("CT3298566.originalSearchEngineName", "");
Line Deleted : user_pref("CT3298566.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3298566.search.searchAppId", "130110228003246321");
Line Deleted : user_pref("CT3298566.search.searchCount", "0");
Line Deleted : user_pref("CT3298566.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3298566.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3298566.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3298566.searchRevert", "false");
Line Deleted : user_pref("CT3298566.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3298566.searchUserMode", "2");
Line Deleted : user_pref("CT3298566.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3298566.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3298566.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3298566.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3298566\"}");
Line Deleted : user_pref("CT3298566.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://MixiDJV30.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3298566.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"MixiDJ V30 \"}");
Line Deleted : user_pref("CT3298566.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3298566.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3298566.serviceLayer_services_Configuration_lastUpdate", "1379058187161");
Line Deleted : user_pref("CT3298566.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1378075214637");
Line Deleted : user_pref("CT3298566.serviceLayer_services_appsMetadata_lastUpdate", "1378076736740");
Line Deleted : user_pref("CT3298566.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1378075218567");
Line Deleted : user_pref("CT3298566.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1378075208535");
Line Deleted : user_pref("CT3298566.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1378075212809");
Line Deleted : user_pref("CT3298566.serviceLayer_services_login_10.19.2.505_lastUpdate", "1378655605083");
Line Deleted : user_pref("CT3298566.serviceLayer_services_login_10.19.2.5_lastUpdate", "1378076758674");
Line Deleted : user_pref("CT3298566.serviceLayer_services_login_10.20.0.513_lastUpdate", "1379086971426");
Line Deleted : user_pref("CT3298566.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1378075217644");
Line Deleted : user_pref("CT3298566.serviceLayer_services_searchAPI_lastUpdate", "1379058177636");
Line Deleted : user_pref("CT3298566.serviceLayer_services_serviceMap_lastUpdate", "1379058173142");
Line Deleted : user_pref("CT3298566.serviceLayer_services_toolbarContextMenu_lastUpdate", "1378075219930");
Line Deleted : user_pref("CT3298566.serviceLayer_services_toolbarSettings_lastUpdate", "1379094174220");
Line Deleted : user_pref("CT3298566.serviceLayer_services_translation_lastUpdate", "1379058172482");
Line Deleted : user_pref("CT3298566.settingsINI", true);
Line Deleted : user_pref("CT3298566.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3298566.showToolbarPermission", "false");
Line Deleted : user_pref("CT3298566.smartbar.CTID", "CT3298566");
Line Deleted : user_pref("CT3298566.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3298566.smartbar.homepage", "true");
Line Deleted : user_pref("CT3298566.smartbar.isHidden", true);
Line Deleted : user_pref("CT3298566.smartbar.toolbarName", "MixiDJ V30 ");
Line Deleted : user_pref("CT3298566.startPage", "true");
Line Deleted : user_pref("CT3298566.toolbarBornServerTime", "2-9-2013");
Line Deleted : user_pref("CT3298566.toolbarCurrentServerTime", "13-9-2013");
Line Deleted : user_pref("CT3298566.toolbarLoginClientTime", "Mon Sep 02 2013 00:40:15 GMT+0200");
Line Deleted : user_pref("CT3298566.versionFromInstaller", "10.19.2.5");
Line Deleted : user_pref("CT3298566.xpeMode", "0");
Line Deleted : user_pref("CT3298566_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1388749285876,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3298566");
Line Deleted : user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=119776&tt=0 ... FF7ED8418F");
Line Deleted : user_pref("avg.install.userSPSettings", "Delta Search");
Line Deleted : user_pref("browser.newtab.url", "hxxp://home.sweetim.com/?src=97&barid={5B5EBCC1-6798-11E2-8EC1-9161E1411F78}");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "MixiDJ V30 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&CUI=UN98488942621762913&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("extensions.greasemonkey.scriptvals.frantacz1.wz.cz/csfd.cz - users - ratings - my.ratings", "257643-abaj-a-zabaj;2\n183181-abba-our-last-video-ever;3\n278787-abbey-road-live-ii;3\n237318-ab[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Deleted : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");
Line Deleted : user_pref("extentions.y2layers.installId", "63eb0fa4-014b-495c-be75-0b3b54d28d52");
Line Deleted : user_pref("icqtoolbar.allowSendURL", false);
Line Deleted : user_pref("icqtoolbar.defSearchChange", true);
Line Deleted : user_pref("icqtoolbar.engineVerified", true);
Line Deleted : user_pref("icqtoolbar.geolastmodified", 1316777711);
Line Deleted : user_pref("icqtoolbar.hiddenElements", "itb_options");
Line Deleted : user_pref("icqtoolbar.history", "odinstalovat%20icq%20toolbar||Fighters%20jesse%20jane||Fighters%20||music%20club%20krc%20praha%204||starobyl%C3%A1%20873%2C%20praha||music%20club%20praha%204||olga%20s[...]
Line Deleted : user_pref("icqtoolbar.hpChange", true);
Line Deleted : user_pref("icqtoolbar.icqgeo", 42);
Line Deleted : user_pref("icqtoolbar.installTime", "1317132021");
Line Deleted : user_pref("icqtoolbar.newtab_state", "1");
Line Deleted : user_pref("icqtoolbar.numberOfSearches", 0);
Line Deleted : user_pref("icqtoolbar.previousFFVersion", "6.0.2");
Line Deleted : user_pref("icqtoolbar.skip_default_search", "no");
Line Deleted : user_pref("icqtoolbar.suggestions", false);
Line Deleted : user_pref("icqtoolbar.uninstStatSent", true);
Line Deleted : user_pref("icqtoolbar.uniqueID", "129423404412942336721294351270529");
Line Deleted : user_pref("icqtoolbar.usageStatstTimestamp", 1317221511);
Line Deleted : user_pref("icqtoolbar.userEngineApproved", true);
Line Deleted : user_pref("icqtoolbar.userHpApproved", true);
Line Deleted : user_pref("icqtoolbar.voucherHideClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Line Deleted : user_pref("icqtoolbar.voucherWasShown", 0);
Line Deleted : user_pref("icqtoolbar.xmlEnableHomePageDsGuard", true);
Line Deleted : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Line Deleted : user_pref("icqtoolbar.xmlLanguage", "cs");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&SearchSource=2&CUI=UN98488942621762913&UM=2&q=");
Line Deleted : user_pref("quickstores.toolbar.affid", "");
Line Deleted : user_pref("quickstores.toolbar.guid", "");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3298566");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3298566&CUI=UN98488942621762913&UM=2&SearchSource=13");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&SearchSource=2&CUI=UN98488942621762913&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3298566");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3298566");
Line Deleted : user_pref("smartbar.machineId", "RWZPSVIQGSFUB6TW9K4DHM6X/HTDWK0GFDCVFVEIGEW5RXWIJQ2UNKLRYTMH027M7WFNXCVTRESMEJVQNZZBPQ");
Line Deleted : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Line Deleted : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
Line Deleted : user_pref("sweetim.toolbar.Visibility.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Line Deleted : user_pref("sweetim.toolbar.cargo", "3.1010000.10005");
Line Deleted : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.cda.returnValue", "none");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote ... crg=$cargo;");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Line Deleted : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube.com/.*|.*.yahoo.com/.*|.[...]
Line Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Line Deleted : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Line Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Line Deleted : user_pref("sweetim.toolbar.newtab.created", "true");
Line Deleted : user_pref("sweetim.toolbar.newtab.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.newtab.url", "about:newtab");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolba ... crg=$cargo;");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.callback", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
Line Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...]
Line Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Line Deleted : user_pref("sweetim.toolbar.simapp_id", "{5B5EBCC1-6798-11E2-8EC1-9161E1411F78}");
Line Deleted : user_pref("sweetim.toolbar.version", "1.9.0.0");

-\\ Google Chrome v

[ File : C:\Users\Jíra\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [35141 octets] - [03/01/2014 12:49:09]
AdwCleaner[S0].txt - [34915 octets] - [03/01/2014 12:56:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [34976 octets] ##########

curt-xx · #8 Příspěvek od **curt-xx** » 03 led 2014 13:06

Logfile of random's system information tool 1.09 (written by random/random)
Run by Jíra at 2014-01-03 13:05:49
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 326 GB (71%) free of 459 GB
Total RAM: 3830 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:05:55, on 3.1.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16750)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Nokia\PC Internet Access\NPCIA.exe
C:\Program Files (x86)\DoubleDesktop\dd.exe
C:\Program Files (x86)\Automatické vypnutí počítače\avp.exe
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\Jíra.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=C:\PROGRA~3\qpopgtawqlivptjnadb.bat
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [NokiaPCInternetAccess] "C:\Program Files (x86)\Nokia\PC Internet Access\NPCIA.exe" /b
O4 - Startup: Automatické vypnutí počítače.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DoubleDesktop.lnk = C:\Program Files (x86)\DoubleDesktop\dd.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: DEBridge - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\Windows\SysWOW64\flcdlock.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Power Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP DayStarter Service (HPDayStarterService) - Hewlett-Packard Company - c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - c:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: HP Hotkey Monitor (hpHotkeyMonitor) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\windows\system32\srvany.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\windows\SysWOW64\NLSSRV32.EXE
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13422 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
winlogon.exe
C:\windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe"
"c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe"
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\Hpservice.exe
C:\windows\system32\svchost.exe -k NetworkService
atieclxx
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\windows\system32\WLANExt.exe 36227904
\??\C:\windows\system32\conhost.exe "33731817-11543424031219601523-2101461430606366378-594802297-87789980-351806939
C:\windows\System32\spoolsv.exe
taskeng.exe {6E2E64D8-4690-492A-8D2C-A597304CCE05}
"C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe"
"C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe"
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"taskhost.exe"
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe
"C:\Program Files\LSI SoftModem\agr64svc.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe"
"c:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
C:\windows\SysWOW64\NLSSRV32.EXE
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"C:\Program Files (x86)\Nokia\PC Internet Access\NPCIA.exe" /b
"C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe"
C:\windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\DoubleDesktop\dd.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" /start
"C:\Program Files (x86)\Automatické vypnutí počítače\avp.exe"
"C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
C:\windows\system32\wbem\unsecapp.exe -Embedding
C:\windows\system32\wbem\wmiprvse.exe
WLIDSvcM.exe 3808
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
"c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe"
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\SearchIndexer.exe /Embedding
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe"
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe"
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe"
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\sppsvc.exe
C:\windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=1524.93d3b00.1065930925 "C:\Users\Jíra\AppData\Roaming\Mozilla\Firefox\Profiles\0i7xvw87.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\plugins\npConduitFirefoxPlugin.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 1524 "\\.\pipe\gecko-crash-server-pipe.1524" plugin
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=1524.19680600.455059831 "C:\Users\Jíra\AppData\Roaming\Mozilla\Firefox\Profiles\0i7xvw87.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\plugins\np-mswmp.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 1524 "\\.\pipe\gecko-crash-server-pipe.1524" plugin
C:\windows\system32\svchost.exe -k SDRSVC
"C:\windows\system32\SearchFilterHost.exe" 0 528 532 540 65536 536
"C:\Users\Jíra\Desktop\Ostatní\Programy\RSITx64.exe"

======Scheduled tasks folder======

C:\windows\tasks\AutoKMS.job
C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-4237429555-3320718254-1534305600-1003Core.job
C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-4237429555-3320718254-1534305600-1003UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Jíra\AppData\Roaming\Mozilla\Firefox\Profiles\0i7xvw87.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "otis@digitalpersona.com:5.0.0.4238, {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0.0.479, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7, {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.224 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.17.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.224 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.17.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
nppdf32.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
mall-cz.xml

C:\Users\Jíra\AppData\Roaming\Mozilla\Firefox\Profiles\0i7xvw87.default\extensions\
{1122b43d-30ee-403f-9bfa-3cc99b0caddd}
{3d7eb24f-2740-49df-8937-200b1cc08f8a}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Sof [2012-09-09 6516280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
HP ProtectTools Security Manager Extension - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2010-04-02 2132232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 6670496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-03-13 551840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-03-13 209824]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}]
File Sanitizer for HP ProtectTools - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2010-01-19 117248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
HP ProtectTools Security Manager Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2010-04-02 1471752]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-03-19 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Sof [2012-09-09 6516280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-03-19 170912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Sof [2012-09-09 6516280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Sof [2012-09-09 6516280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 112512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2010-02-22 2363392]
"NokiaPCInternetAccess"=C:\Program Files (x86)\Nokia\PC Internet Access\NPCIA.exe [2009-05-26 651264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
C:\Users\Jíra\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-08 138096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yontoo Desktop]
C:\Users\Jíra\AppData\Roaming\Yontoo\YontooDesktop.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Jíra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk]
C:\Users\JRA~1\AppData\Local\Facebook\MESSEN~1\214814~1.0\FACEBO~1.EXE [2013-03-07 248240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Jíra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^qpopgtawqlivptjnadb.lnk]
C:\Users\JRA~1\AppData\Local\Temp\bdanjtpvilqwatgpopq.exe,OKL00 []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"QLBController"=C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [2010-03-01 256056]
"File Sanitizer"=C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [2010-01-19 11266048]
"NortonOnlineBackupReminder"=C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe [2009-12-03 3331944]
"avast"=C:\Program Files\AVAST Sof [2012-09-09 6516280]
"EfficientDiary"= []
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
DoubleDesktop.lnk - C:\Program Files (x86)\DoubleDesktop\dd.exe

C:\Users\Jíra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Automatické vypnutí počítače.lnk - C:\Program Files (x86)\Automatické vypnutí počítače\avp.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\windows\system32\webcheck.dll [2013-05-25 247296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 6670496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-01-03 12:48:58 ----D---- C:\AdwCleaner
2014-01-02 16:14:03 ----A---- C:\windows\system32\wmploc.DLL
2014-01-02 16:14:02 ----A---- C:\windows\SYSWOW64\wmploc.DLL
2014-01-02 16:14:01 ----A---- C:\windows\SYSWOW64\wmp.dll
2014-01-02 16:13:59 ----A---- C:\windows\system32\wmp.dll
2014-01-02 16:10:32 ----A---- C:\windows\SYSWOW64\ieui.dll
2014-01-02 16:10:31 ----A---- C:\windows\system32\ieui.dll
2014-01-02 16:10:30 ----A---- C:\windows\SYSWOW64\iesetup.dll
2014-01-02 16:10:29 ----A---- C:\windows\SYSWOW64\iernonce.dll
2014-01-02 16:10:29 ----A---- C:\windows\system32\iesetup.dll
2014-01-02 16:10:29 ----A---- C:\windows\system32\iernonce.dll
2014-01-02 16:10:28 ----A---- C:\windows\SYSWOW64\RegisterIEPKEYs.exe
2014-01-02 16:10:28 ----A---- C:\windows\SYSWOW64\iesysprep.dll
2014-01-02 16:10:28 ----A---- C:\windows\system32\RegisterIEPKEYs.exe
2014-01-02 16:10:28 ----A---- C:\windows\system32\iesysprep.dll
2014-01-02 16:10:28 ----A---- C:\windows\system32\ie4uinit.exe
2014-01-02 16:10:27 ----A---- C:\windows\SYSWOW64\iertutil.dll
2014-01-02 16:10:26 ----A---- C:\windows\system32\iertutil.dll
2014-01-02 16:10:24 ----A---- C:\windows\SYSWOW64\msfeeds.dll
2014-01-02 16:10:24 ----A---- C:\windows\system32\msfeeds.dll
2014-01-02 16:10:23 ----A---- C:\windows\SYSWOW64\jscript.dll
2014-01-02 16:10:23 ----A---- C:\windows\system32\jscript.dll
2014-01-02 16:10:22 ----A---- C:\windows\system32\jscript9.dll
2014-01-02 16:10:21 ----A---- C:\windows\SYSWOW64\jscript9.dll
2014-01-02 16:10:19 ----A---- C:\windows\SYSWOW64\urlmon.dll
2014-01-02 16:10:19 ----A---- C:\windows\system32\urlmon.dll
2014-01-02 16:10:17 ----A---- C:\windows\SYSWOW64\jsproxy.dll
2014-01-02 16:10:17 ----A---- C:\windows\system32\jsproxy.dll
2014-01-02 16:10:16 ----A---- C:\windows\SYSWOW64\wininet.dll
2014-01-02 16:10:15 ----A---- C:\windows\system32\wininet.dll
2014-01-02 16:10:14 ----A---- C:\windows\SYSWOW64\ieframe.dll
2014-01-02 16:10:11 ----A---- C:\windows\system32\ieframe.dll
2014-01-02 16:10:09 ----A---- C:\windows\SYSWOW64\mshtml.dll
2014-01-02 16:10:05 ----A---- C:\windows\system32\mshtml.dll
2014-01-02 10:47:06 ----A---- C:\windows\system32\msieftp.dll
2014-01-02 10:47:05 ----A---- C:\windows\SYSWOW64\msieftp.dll
2014-01-02 10:47:03 ----A---- C:\windows\system32\win32k.sys
2014-01-02 10:46:48 ----A---- C:\windows\SYSWOW64\WMPhoto.dll
2014-01-02 10:46:48 ----A---- C:\windows\system32\WMPhoto.dll
2014-01-02 10:46:40 ----A---- C:\windows\system32\crypt32.dll
2014-01-02 10:46:39 ----A---- C:\windows\SYSWOW64\crypt32.dll
2014-01-02 10:46:28 ----A---- C:\windows\SYSWOW64\imagehlp.dll
2014-01-02 10:46:28 ----A---- C:\windows\system32\imagehlp.dll
2014-01-02 10:45:55 ----A---- C:\windows\SYSWOW64\tzres.dll
2014-01-02 10:45:55 ----A---- C:\windows\system32\tzres.dll
2014-01-02 10:44:08 ----A---- C:\windows\system32\drivers\afd.sys
2014-01-02 10:44:06 ----A---- C:\windows\system32\drivers\portcls.sys
2014-01-02 10:44:06 ----A---- C:\windows\system32\drivers\drmk.sys
2014-01-02 10:43:24 ----A---- C:\windows\SYSWOW64\authui.dll
2014-01-02 10:43:24 ----A---- C:\windows\system32\authui.dll
2014-01-02 10:43:23 ----A---- C:\windows\system32\SmartcardCredentialProvider.dll
2014-01-02 10:43:23 ----A---- C:\windows\system32\credui.dll
2014-01-02 10:43:22 ----A---- C:\windows\SYSWOW64\SmartcardCredentialProvider.dll
2014-01-02 10:43:22 ----A---- C:\windows\SYSWOW64\credui.dll
2014-01-02 10:42:06 ----A---- C:\windows\SYSWOW64\schannel.dll
2014-01-02 10:42:06 ----A---- C:\windows\system32\schannel.dll
2014-01-02 10:42:06 ----A---- C:\windows\system32\drivers\ksecpkg.sys
2014-01-02 10:42:06 ----A---- C:\windows\system32\drivers\cng.sys
2014-01-02 10:42:05 ----A---- C:\windows\system32\lsasrv.dll
2014-01-02 10:42:05 ----A---- C:\windows\system32\drivers\ksecdd.sys
2014-01-02 10:42:04 ----A---- C:\windows\SYSWOW64\sspicli.dll
2014-01-02 10:42:04 ----A---- C:\windows\SYSWOW64\secur32.dll
2014-01-02 10:42:04 ----A---- C:\windows\system32\sspicli.dll
2014-01-02 10:42:04 ----A---- C:\windows\system32\ncrypt.dll
2014-01-02 10:42:04 ----A---- C:\windows\system32\lsass.exe
2014-01-02 10:42:03 ----A---- C:\windows\SYSWOW64\ncrypt.dll
2014-01-02 10:42:03 ----A---- C:\windows\system32\secur32.dll
2014-01-02 10:41:59 ----A---- C:\windows\system32\sspisrv.dll
2014-01-02 10:40:04 ----A---- C:\windows\SYSWOW64\gdi32.dll
2014-01-02 10:40:04 ----A---- C:\windows\system32\gdi32.dll
2014-01-02 10:39:28 ----A---- C:\windows\system32\cscript.exe
2014-01-02 10:39:27 ----A---- C:\windows\system32\scrrun.dll
2014-01-02 10:39:26 ----A---- C:\windows\SYSWOW64\wscript.exe
2014-01-02 10:39:25 ----A---- C:\windows\system32\wscript.exe
2014-01-02 10:39:18 ----A---- C:\windows\SYSWOW64\scrrun.dll
2014-01-02 10:39:18 ----A---- C:\windows\SYSWOW64\cscript.exe
2014-01-02 10:39:00 ----A---- C:\windows\system32\IKEEXT.DLL
2014-01-02 10:38:58 ----A---- C:\windows\SYSWOW64\FWPUCLNT.DLL
2014-01-02 10:38:58 ----A---- C:\windows\system32\nshwfp.dll
2014-01-02 10:38:58 ----A---- C:\windows\system32\FWPUCLNT.DLL
2014-01-02 10:38:57 ----A---- C:\windows\SYSWOW64\nshwfp.dll

======List of files/folders modified in the last 1 month======

2014-01-03 13:05:53 ----D---- C:\Program Files\trend micro
2014-01-03 13:05:52 ----D---- C:\windows\temp
2014-01-03 13:04:23 ----D---- C:\windows\System32
2014-01-03 13:04:23 ----D---- C:\windows\inf
2014-01-03 13:04:23 ----A---- C:\windows\system32\PerfStringBackup.INI
2014-01-03 13:03:21 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-01-03 12:59:52 ----D---- C:\windows\system32\config
2014-01-03 12:59:14 ----A---- C:\windows\avp.ini
2014-01-03 12:58:19 ----AD---- C:\Windows
2014-01-03 12:57:00 ----D---- C:\windows\system32\Tasks
2014-01-03 12:56:55 ----D---- C:\ProgramData
2014-01-03 12:56:55 ----D---- C:\Program Files (x86)
2014-01-03 12:47:59 ----D---- C:\windows\Panther
2014-01-03 12:47:49 ----D---- C:\windows\Logs
2014-01-03 12:44:53 ----D---- C:\windows\Prefetch
2014-01-03 12:09:47 ----D---- C:\windows\rescache
2014-01-03 09:30:22 ----D---- C:\windows\winsxs
2014-01-03 09:27:06 ----D---- C:\windows\SysWOW64
2014-01-03 09:27:06 ----D---- C:\Program Files\Windows Media Player
2014-01-03 09:27:06 ----D---- C:\Program Files (x86)\Windows Media Player
2014-01-03 09:27:05 ----D---- C:\Program Files (x86)\Internet Explorer
2014-01-03 09:27:04 ----D---- C:\windows\SYSWOW64\cs-CZ
2014-01-03 09:27:04 ----D---- C:\Program Files\Internet Explorer
2014-01-03 09:27:03 ----D---- C:\windows\system32\cs-CZ
2014-01-03 09:27:02 ----D---- C:\windows\system32\drivers
2014-01-03 09:26:56 ----D---- C:\windows\system32\DriverStore
2014-01-02 16:14:23 ----D---- C:\windows\system32\catroot2
2014-01-02 16:14:22 ----D---- C:\windows\system32\catroot
2014-01-02 16:12:19 ----SHD---- C:\windows\Installer
2014-01-02 16:12:19 ----SHD---- C:\Config.Msi
2014-01-02 16:12:13 ----D---- C:\ProgramData\Microsoft Help
2014-01-02 16:04:55 ----SHD---- C:\System Volume Information
2014-01-02 10:25:14 ----D---- C:\Users\Jíra\AppData\Roaming\vlc

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\windows\system32\drivers\aswRvrt.sys [2013-08-30 65336]
R0 aswVmm;aswVmm; C:\windows\system32\drivers\aswVmm.sys [2013-08-30 204880]
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\windows\system32\DRIVERS\AtiPcie.sys [2009-08-23 16440]
R0 hpdskflt;HP Filter; C:\windows\system32\DRIVERS\hpdskflt.sys [2009-07-08 30008]
R0 PxHlpa64;PxHlpa64; C:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 SafeBoot;SafeBoot; C:\windows\system32\drivers\SafeBoot.sys [2010-02-02 56648]
R0 SbAlg;SbAlg; C:\windows\system32\drivers\SbAlg.sys [2009-06-04 60160]
R0 SbFsLock;SbFsLock; C:\windows\system32\drivers\SbFsLock.sys [2010-02-02 15688]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2010-12-26 834544]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 aswRdr;aswRdr; C:\windows\System32\Drivers\aswrdr2.sys [2013-08-30 72016]
R1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2013-08-30 1030952]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2013-08-30 378944]
R1 aswTdi;avast! Network Shield Support; C:\windows\system32\drivers\aswTdi.sys [2013-08-30 64288]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 RsvLock;RsvLock; C:\windows\system32\drivers\RsvLock.sys [2010-02-02 58184]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\windows\system32\DRIVERS\vpcnfltr.sys [2010-11-20 59392]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\windows\system32\drivers\vpcvmm.sys [2010-11-20 360832]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswFsBlk;aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [2013-08-30 33400]
R2 aswMonFlt;aswMonFlt; \??\C:\windows\system32\drivers\aswMonFlt.sys [2013-08-30 80816]
R2 rimspci;rimspci; C:\windows\system32\DRIVERS\rimspe64.sys [2009-10-26 61952]
R2 risdpcie;risdpcie; C:\windows\system32\DRIVERS\risdpe64.sys [2009-10-29 79360]
R2 rixdpcie;rixdpcie; C:\windows\system32\DRIVERS\rixdpe64.sys [2009-12-11 55808]
R3 Accelerometer;HP Accelerometer; C:\windows\system32\DRIVERS\Accelerometer.sys [2009-07-08 41272]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\agrsm64.sys [2010-01-21 1209856]
R3 amdkmdag;amdkmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2010-04-08 6657536]
R3 amdkmdap;amdkmdap; C:\windows\system32\DRIVERS\atikmpag.sys [2010-04-08 195584]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\windows\system32\drivers\AtiHdmi.sys [2010-03-09 123408]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\windows\system32\DRIVERS\bcmwl664.sys [2011-04-23 2838008]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2010-02-16 25912]
R3 MBAMProtector;MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\windows\system32\DRIVERS\snp2uvc.sys [2010-01-19 1803904]
R3 STHDA;IDT High Definition Audio CODEC; C:\windows\system32\DRIVERS\stwrt64.sys [2010-03-17 505856]
R3 tap0901;TAP-Win32 Adapter V9; C:\windows\system32\DRIVERS\tap0901.sys [2011-07-01 31232]
R3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2009-07-14 38400]
R3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\windows\system32\DRIVERS\vpchbus.sys [2010-11-20 194944]
R3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\windows\system32\DRIVERS\vpcusb.sys [2010-11-20 95232]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2010-01-07 98344]
S3 btwavdt;Bluetooth AVDT; C:\windows\system32\drivers\btwavdt.sys [2010-01-07 132648]
S3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-07 35104]
S3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2010-01-07 21160]
S3 DAMDrv;DAMDrv; C:\windows\system32\DRIVERS\DAMDrv64.sys [2009-10-21 40760]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\windows\system32\DRIVERS\ewusbmdm.sys [2008-09-26 115328]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 s3cap;s3cap; C:\windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 sdbus;sdbus; C:\windows\system32\drivers\sdbus.sys [2010-11-20 109056]
S3 storvsc;storvsc; C:\windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 VMBusHID;VMBusHID; C:\windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ac.sharedstore;ActivIdentity Shared Store Service; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-04 277032]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-11 65640]
R2 AESTFilters;Andrea ST Filters Service; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [2009-03-03 89600]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agr64svc.exe [2010-01-21 16896]
R2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe [2010-04-08 202752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Sof [2012-09-09 6516280]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-12-29 873248]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\windows\System32\svchost.exe [2009-07-14 27136]
R2 DpHost;@c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2010-03-31 462088]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2010-03-24 121344]
R2 HP Power Assistant Service;HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-04-05 103992]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
R2 HPDayStarterService;HP DayStarter Service; c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [2010-06-14 90112]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; c:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2009-12-10 251448]
R2 HpFkCryptService;Drive Encryption Service; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-02 281192]
R2 HPFSService;File Sanitizer for HP ProtectTools; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2010-01-19 297984]
R2 hpHotkeyMonitor;HP Hotkey Monitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]
R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2009-07-08 30520]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-02-22 73728]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 nlsX86cc;Nalpeiron Licensing Service; C:\windows\SysWOW64\NLSSRV32.EXE [2012-04-12 69640]
R2 PanService;PandoraService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-04-06 624856]
R2 STacSV;Audio Service; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe [2010-03-17 244736]
R2 TeamViewer7;TeamViewer 7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-02 2923392]
R3 DEBridge;DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-02-02 704512]
R3 hpqwmiex;hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2010-02-08 230968]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 HP ProtectTools Service;HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-03-17 36864]
S2 KMService;KMService; C:\windows\syswow64\srvany.exe [2012-11-14 8192]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S2 vcsFPService;Validity VCS Fingerprint Service; C:\windows\system32\vcsFPService.exe [2010-02-18 2045232]
S3 AppMgmt;@appmgmts.dll,-3250; C:\windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\Windows\SysWOW64\flcdlock.exe [2009-12-07 362040]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2012-09-20 50899608]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-08-17 117656]
S3 OpenVPNService;OpenVPN Service; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [2011-07-01 14848]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\windows\System32\svchost.exe [2009-07-14 27136]
S3 RoxMediaDB10;RoxMediaDB10; c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-11-23 1120752]
S3 stllssvr;stllssvr; c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [2009-10-16 74392]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2010-12-26 1255736]
S4 NetMsmqActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#9 Příspěvek od **JaRon** » 03 led 2014 13:15

Presun ComboFix
na plochu (ak tam este nie je)

otvor si Poznamkovy blok - notepad

do neho zkopiruj skript z nasledujiceho okna:

Kód: Vybrat vše

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yontoo Desktop]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Jíra^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^qpopgtawqlivptjnadb.lnk]


File::
C:\windows\tasks\AutoKMS.job

uloz vytvoreny textovy soubor ako CFScript.txt na plochu

po ulozeni uchop vytvoreny skript lavym tlacitkom mysi a presun ho nad ikonu Combofixu, nad nim skript upust:

Obrázek

po aplikacii by mal vzniknut dalsi log, ten vloz sem

curt-xx · #10 Příspěvek od **curt-xx** » 03 led 2014 13:37

ComboFix 14-01-01.01 - Jíra 03.01.2014 13:24:28.5.3 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3830.1884 [GMT 1:00]
Spuštěný z: c:\users\JÝra\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\JÝra\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - windows: deleted 192 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\HP
c:\programdata\HP\HP SoftPaq Download Manager\SoftPaqDownloadManager.log
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-12-03 do 2014-01-03 )))))))))))))))))))))))))))))))
.
.
2014-01-03 12:32 . 2014-01-03 12:32 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-01-03 12:32 . 2014-01-03 12:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-03 12:27 . 2014-01-03 12:27 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A7746BF2-4005-4EB9-861B-1754763075FD}\offreg.dll
2014-01-03 11:48 . 2014-01-03 11:57 -------- d-----w- C:\AdwCleaner
2014-01-03 08:36 . 2013-12-16 00:54 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A7746BF2-4005-4EB9-861B-1754763075FD}\mpengine.dll
2014-01-02 15:14 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-01-02 15:14 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-01-02 15:14 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-01-02 15:14 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-01-02 15:13 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-01-02 09:47 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2014-01-02 09:47 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2014-01-02 09:47 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys
2014-01-02 09:46 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2014-01-02 09:46 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2014-01-02 09:46 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
2014-01-02 09:46 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2014-01-02 09:46 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll
2014-01-02 09:46 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2014-01-02 09:45 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-01-02 09:45 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-01-02 09:44 . 2013-09-28 01:09 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2014-01-02 09:44 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
2014-01-02 09:44 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
2014-01-02 09:43 . 2013-10-04 02:24 1930752 ----a-w- c:\windows\system32\authui.dll
2014-01-02 09:43 . 2013-10-04 01:56 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2014-01-02 09:43 . 2013-10-04 02:28 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2014-01-02 09:43 . 2013-10-04 02:25 197120 ----a-w- c:\windows\system32\credui.dll
2014-01-02 09:43 . 2013-10-04 01:58 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2014-01-02 09:43 . 2013-10-04 01:56 168960 ----a-w- c:\windows\SysWow64\credui.dll
2014-01-02 09:41 . 2013-09-25 02:23 28672 ----a-w- c:\windows\system32\sspisrv.dll
2014-01-02 09:40 . 2013-10-03 02:23 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-01-02 09:40 . 2013-10-03 02:00 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-01-02 09:39 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx
2014-01-02 09:39 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx
2014-01-02 09:39 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe
2014-01-02 09:39 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll
2014-01-02 09:39 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe
2014-01-02 09:39 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe
2014-01-02 09:39 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll
2014-01-02 09:39 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe
2014-01-02 09:39 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2014-01-02 09:38 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll
2014-01-02 09:38 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2014-01-02 09:38 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2014-01-02 09:38 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-26 11:25 . 2011-09-28 20:39 267936 ------w- c:\windows\system32\MpSigStub.exe
2012-09-09 10:04 . 2013-08-25 08:36 6516280 ----a-w- c:\program files\AVAST Sof
2006-05-03 09:06 163328 --sh--r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\SysWOW64\nbDX.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392]
"NokiaPCInternetAccess"="c:\program files (x86)\Nokia\PC Internet Access\NPCIA.exe" [2009-05-26 651264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-03-01 256056]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2010-01-19 11266048]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-03 3331944]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\users\Jíra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Automatické vypnutí počítače.lnk - c:\program files (x86)\Automatické vypnutí počítače\avp.exe [2004-12-28 443392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
DoubleDesktop.lnk - c:\program files (x86)\DoubleDesktop\dd.exe [2012-12-11 90112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="c:\progra~3\qpopgtawqlivptjnadb.bat"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-12-07 18:36 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys;c:\windows\SYSNATIVE\DRIVERS\DAMDrv64.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe;c:\windows\SysWOW64\flcdlock.exe [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;Podpora skenování WSD přes UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 RsvLock;RsvLock; [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe;c:\program files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [x]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\rixdpe64.sys [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 18:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Jíra\AppData\Roaming\Mozilla\Firefox\Profiles\0i7xvw87.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-EfficientDiary - (no file)
AddRemove-{B60DCA15-56A3-4D2D-8747-22CF7D7B588B} - c:\program files (x86)\InstallShield Installation Information\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-01-03 13:36:24
ComboFix-quarantined-files.txt 2014-01-03 12:36
.
Před spuštěním: Volných bajtů: 341 638 459 392
Po spuštění: Volných bajtů: 341 440 151 552
.
- - End Of File - - 66224455E99902E3708A83D1264255B7
A36C5E4F47E84449FF07ED3517B43A31

#11 Příspěvek od **JaRon** » 03 led 2014 13:48

zopakuj akciu - novy script:

Kód: Vybrat vše

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"=-

Driver::
KMService

curt-xx · #12 Příspěvek od **curt-xx** » 03 led 2014 21:37

ComboFix 14-01-01.01 - Jíra 03.01.2014 20:25:50.6.3 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3830.2173 [GMT 1:00]
Spuštěný z: c:\users\JÝra\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\JÝra\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - windows: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-12-03 do 2014-01-03 )))))))))))))))))))))))))))))))
.
.
2014-01-03 20:31 . 2014-01-03 20:31 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-01-03 20:31 . 2014-01-03 20:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-03 14:51 . 2013-10-14 17:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-01-03 12:27 . 2014-01-03 14:14 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A7746BF2-4005-4EB9-861B-1754763075FD}\offreg.dll
2014-01-03 11:48 . 2014-01-03 11:57 -------- d-----w- C:\AdwCleaner
2014-01-03 08:36 . 2013-12-16 00:54 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A7746BF2-4005-4EB9-861B-1754763075FD}\mpengine.dll
2014-01-02 15:14 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-01-02 15:14 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-01-02 15:14 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-01-02 15:14 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-01-02 15:13 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-01-02 09:47 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2014-01-02 09:47 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2014-01-02 09:47 . 2013-10-30 01:24 3155968 ----a-w- c:\windows\system32\win32k.sys
2014-01-02 09:46 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2014-01-02 09:46 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2014-01-02 09:46 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
2014-01-02 09:46 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2014-01-02 09:46 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll
2014-01-02 09:46 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2014-01-02 09:45 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-01-02 09:45 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-01-02 09:44 . 2013-09-28 01:09 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2014-01-02 09:44 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
2014-01-02 09:44 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
2014-01-02 09:43 . 2013-10-04 02:24 1930752 ----a-w- c:\windows\system32\authui.dll
2014-01-02 09:43 . 2013-10-04 01:56 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2014-01-02 09:43 . 2013-10-04 02:28 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2014-01-02 09:43 . 2013-10-04 02:25 197120 ----a-w- c:\windows\system32\credui.dll
2014-01-02 09:43 . 2013-10-04 01:58 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2014-01-02 09:43 . 2013-10-04 01:56 168960 ----a-w- c:\windows\SysWow64\credui.dll
2014-01-02 09:41 . 2013-09-25 02:23 28672 ----a-w- c:\windows\system32\sspisrv.dll
2014-01-02 09:40 . 2013-10-03 02:23 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-01-02 09:40 . 2013-10-03 02:00 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-01-02 09:39 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx
2014-01-02 09:39 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx
2014-01-02 09:39 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe
2014-01-02 09:39 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll
2014-01-02 09:39 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe
2014-01-02 09:39 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe
2014-01-02 09:39 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll
2014-01-02 09:39 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe
2014-01-02 09:39 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2014-01-02 09:38 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll
2014-01-02 09:38 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2014-01-02 09:38 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2014-01-02 09:38 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-26 11:25 . 2011-09-28 20:39 267936 ------w- c:\windows\system32\MpSigStub.exe
2012-09-09 10:04 . 2013-08-25 08:36 6516280 ----a-w- c:\program files\AVAST Sof
2006-05-03 09:06 163328 --sh--r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\SysWOW64\nbDX.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392]
"NokiaPCInternetAccess"="c:\program files (x86)\Nokia\PC Internet Access\NPCIA.exe" [2009-05-26 651264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-03-01 256056]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2010-01-19 11266048]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-03 3331944]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\users\Jíra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Automatické vypnutí počítače.lnk - c:\program files (x86)\Automatické vypnutí počítače\avp.exe [2004-12-28 443392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
DoubleDesktop.lnk - c:\program files (x86)\DoubleDesktop\dd.exe [2012-12-11 90112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="c:\progra~3\qpopgtawqlivptjnadb.bat"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-12-07 18:36 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys;c:\windows\SYSNATIVE\DRIVERS\DAMDrv64.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe;c:\windows\SysWOW64\flcdlock.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;Podpora skenování WSD přes UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 RsvLock;RsvLock; [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe;c:\program files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [x]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\rixdpe64.sys [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 18:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Jíra\AppData\Roaming\Mozilla\Firefox\Profiles\0i7xvw87.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{B60DCA15-56A3-4D2D-8747-22CF7D7B588B} - c:\program files (x86)\InstallShield Installation Information\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-01-03 21:35:16
ComboFix-quarantined-files.txt 2014-01-03 20:35
ComboFix2.txt 2014-01-03 12:36
.
Před spuštěním: Volných bajtů: 340 611 502 080
Po spuštění: Volných bajtů: 340 120 150 016
.
- - End Of File - - 22E759901280BBE2EF972A89E59C6B16
A36C5E4F47E84449FF07ED3517B43A31

#13 Příspěvek od **JaRon** » 04 led 2014 14:14

- vycisti PC s MBAM - log vloz
- pridaj log z TDSSKiller

curt-xx · #14 Příspěvek od **curt-xx** » 04 led 2014 16:15

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Verze: v2014.01.04.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Jíra :: HP [administrátor]

4.1.2014 14:49:58
MBAM-log-2014-01-04 (16-12-48).txt

Typ: Kompletní kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 429645
Uplynulý čas: 1 hodin, 22 minut, 5 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 2
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Nebyla provedena žádná instrukce.
HKCU\Software\Conduit\ValueApps (PUP.Optional.ValueApps.A) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 1
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir (PUP.Optional.Conduit) -> Nebyla provedena žádná instrukce.

(konec)

curt-xx · #15 Příspěvek od **curt-xx** » 04 led 2014 16:21

16:18:22.0926 0x1d88 TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
16:18:26.0072 0x1d88 ============================================================
16:18:26.0072 0x1d88 Current date / time: 2014/01/04 16:18:26.0072
16:18:26.0072 0x1d88 SystemInfo:
16:18:26.0072 0x1d88
16:18:26.0072 0x1d88 OS Version: 6.1.7601 ServicePack: 1.0
16:18:26.0072 0x1d88 Product type: Workstation
16:18:26.0072 0x1d88 ComputerName: HP
16:18:26.0073 0x1d88 UserName: Jíra
16:18:26.0073 0x1d88 Windows directory: C:\windows
16:18:26.0073 0x1d88 System windows directory: C:\windows
16:18:26.0073 0x1d88 Running under WOW64
16:18:26.0073 0x1d88 Processor architecture: Intel x64
16:18:26.0073 0x1d88 Number of processors: 3
16:18:26.0073 0x1d88 Page size: 0x1000
16:18:26.0073 0x1d88 Boot type: Normal boot
16:18:26.0073 0x1d88 ============================================================
16:18:28.0103 0x1d88 KLMD registered as C:\windows\system32\drivers\84895275.sys
16:18:28.0380 0x1d88 System UUID: {8F303366-CBF4-D4D4-44C5-9E2D2E9A6349}
16:18:29.0250 0x1d88 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:18:29.0267 0x1d88 ============================================================
16:18:29.0267 0x1d88 \Device\Harddisk0\DR0:
16:18:29.0267 0x1d88 MBR partitions:
16:18:29.0267 0x1d88 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
16:18:29.0267 0x1d88 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x380EF800
16:18:29.0267 0x1d88 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38186000, BlocksNum 0x1E00000
16:18:29.0267 0x1d88 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x39F86000, BlocksNum 0x3FC800
16:18:29.0267 0x1d88 ============================================================
16:18:29.0299 0x1d88 C: <-> \Device\Harddisk0\DR0\Partition2
16:18:29.0325 0x1d88 F: <-> \Device\Harddisk0\DR0\Partition4
16:18:29.0394 0x1d88 ============================================================
16:18:29.0395 0x1d88 Initialize success
16:18:29.0395 0x1d88 ============================================================
16:18:30.0796 0x1dbc ============================================================
16:18:30.0796 0x1dbc Scan started
16:18:30.0796 0x1dbc Mode: Manual;
16:18:30.0796 0x1dbc ============================================================
16:18:30.0796 0x1dbc KSN ping started
16:18:33.0613 0x1dbc KSN ping finished: true
16:18:35.0010 0x1dbc ================ Scan system memory ========================
16:18:35.0010 0x1dbc System memory - ok
16:18:35.0011 0x1dbc ================ Scan services =============================
16:18:35.0371 0x1dbc [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\windows\system32\DRIVERS\1394ohci.sys
16:18:35.0385 0x1dbc 1394ohci - ok
16:18:35.0542 0x1dbc [ 5E8EFEB338DEB1F485420B090FE6C85E, 1F80E36F10A9F3B25D218B903CB0045F3EE0796D9E73A7744C414CA7ECF0EF51 ] ac.sharedstore C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
16:18:35.0559 0x1dbc ac.sharedstore - ok
16:18:35.0582 0x1dbc [ 1CFFE9C06E66A57DAE1452E449A58240, F337852EEF9DCF33FB1B85EEF61FA8D28A780B13488B144DFAD2234FC24CB430 ] Accelerometer C:\windows\system32\DRIVERS\Accelerometer.sys
16:18:35.0586 0x1dbc Accelerometer - ok
16:18:35.0632 0x1dbc [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\windows\system32\drivers\ACPI.sys
16:18:35.0649 0x1dbc ACPI - ok
16:18:35.0670 0x1dbc [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
16:18:35.0672 0x1dbc AcpiPmi - ok
16:18:35.0747 0x1dbc [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:18:35.0750 0x1dbc AdobeARMservice - ok
16:18:35.0831 0x1dbc [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
16:18:35.0849 0x1dbc adp94xx - ok
16:18:35.0886 0x1dbc [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
16:18:35.0897 0x1dbc adpahci - ok
16:18:35.0949 0x1dbc [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
16:18:35.0956 0x1dbc adpu320 - ok
16:18:36.0006 0x1dbc [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
16:18:36.0009 0x1dbc AeLookupSvc - ok
16:18:36.0610 0x1dbc [ A6FB9DB8F1A86861D955FD6975977AE0, 788C6EE50719227D7A9B7F08C8D5E1289FCD0E8AC23A1021A5093D2E8368F696 ] AESTFilters C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe
16:18:36.0625 0x1dbc AESTFilters - ok
16:18:36.0793 0x1dbc [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\windows\system32\drivers\afd.sys
16:18:36.0808 0x1dbc AFD - ok
16:18:36.0856 0x1dbc [ B65F8DBA54F251906BBE8611B5A0E7AB, 9ADE347CB4E7C33D668DAC79A316C97C78D94D296B158F481F3E32F9DA4D647E ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
16:18:36.0860 0x1dbc AgereModemAudio - ok
16:18:36.0988 0x1dbc [ A6AB6F0ACE87DA76B4C401813D18BE95, 6AE72E0F07DF2164A3198E14A6AE7E15F0B8EB467D2D68960A006E360DBBA891 ] AgereSoftModem C:\windows\system32\DRIVERS\agrsm64.sys
16:18:37.0024 0x1dbc AgereSoftModem - ok
16:18:37.0056 0x1dbc [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\windows\system32\drivers\agp440.sys
16:18:37.0059 0x1dbc agp440 - ok
16:18:37.0075 0x1dbc [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\windows\System32\alg.exe
16:18:37.0079 0x1dbc ALG - ok
16:18:37.0117 0x1dbc [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\windows\system32\drivers\aliide.sys
16:18:37.0119 0x1dbc aliide - ok
16:18:37.0194 0x1dbc [ 27F0DDAAC4FE42974FCC033182178EC5, 4EFF7D92D834649E7620893A95C3F520D0AB9921FE15E36E40B7329F1678C7C6 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
16:18:37.0201 0x1dbc AMD External Events Utility - ok
16:18:37.0277 0x1dbc [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\windows\system32\drivers\amdide.sys
16:18:37.0293 0x1dbc amdide - ok
16:18:37.0342 0x1dbc [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
16:18:37.0345 0x1dbc AmdK8 - ok
16:18:37.0797 0x1dbc [ 304E20CEF03295F65C6EF3AEB058F012, 6D4ABC0EF8885399654FBA420FFCD5F569217947A45EBCBB2DF223F49277635E ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
16:18:38.0042 0x1dbc amdkmdag - ok
16:18:38.0169 0x1dbc [ A9008F0515249A91FC78B900D59AEF0C, 6562C8291A2BF4FFF8B84B6C8FD5BBE0B5DAC1558A8EE531140422A02E515E03 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
16:18:38.0176 0x1dbc amdkmdap - ok
16:18:38.0220 0x1dbc [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
16:18:38.0223 0x1dbc AmdPPM - ok
16:18:38.0265 0x1dbc [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\windows\system32\drivers\amdsata.sys
16:18:38.0270 0x1dbc amdsata - ok
16:18:38.0300 0x1dbc [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
16:18:38.0308 0x1dbc amdsbs - ok
16:18:38.0327 0x1dbc [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\windows\system32\drivers\amdxata.sys
16:18:38.0330 0x1dbc amdxata - ok
16:18:38.0360 0x1dbc [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\windows\system32\drivers\appid.sys
16:18:38.0364 0x1dbc AppID - ok
16:18:38.0393 0x1dbc [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\windows\System32\appidsvc.dll
16:18:38.0396 0x1dbc AppIDSvc - ok
16:18:38.0429 0x1dbc [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\windows\System32\appinfo.dll
16:18:38.0433 0x1dbc Appinfo - ok
16:18:38.0509 0x1dbc [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\windows\System32\appmgmts.dll
16:18:38.0516 0x1dbc AppMgmt - ok
16:18:38.0547 0x1dbc [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\windows\system32\DRIVERS\arc.sys
16:18:38.0551 0x1dbc arc - ok
16:18:38.0570 0x1dbc [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
16:18:38.0575 0x1dbc arcsas - ok
16:18:38.0726 0x1dbc [ 9217D874131AE6FF8F642F124F00A555, BE2923D5AA7748FDAAED73AF567D015517B36F1C739C6E5637DD15112EFDF495 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:18:38.0742 0x1dbc aspnet_state - ok
16:18:38.0810 0x1dbc [ 9C2BEA3957EFFD45F352F0938DFB3721, 7006CC604C480CF512A29AD03BA17FFA564FDDF34CE768ACBD805611503D5012 ] aswMonFlt C:\windows\system32\drivers\aswMonFlt.sys
16:18:38.0814 0x1dbc aswMonFlt - ok
16:18:38.0870 0x1dbc [ 679712B7A353EE665B9301592164A172, CA3C918106A355BAFD0833BB493DF2CCBC2D0F90CA7EBF5E27CC088C7170B0E0 ] aswRdr C:\windows\system32\drivers\aswRdr2.sys
16:18:38.0874 0x1dbc aswRdr - ok
16:18:38.0937 0x1dbc [ C04F7B373881009D7994D9BF55D24AB4, 5DEEA804F4F9862024F40A204E88DBCFFBDD2DC87CA86145E3FB649CFCCDC624 ] aswRvrt C:\windows\system32\drivers\aswRvrt.sys
16:18:38.0941 0x1dbc aswRvrt - ok
16:18:39.0043 0x1dbc [ 52B5F8FAF7E78C02D26B0B6E3A05F596, 7C45BA507529F822D4397BD5F001EC861C85E9CBB1F75927E48843B15D5C0B8E ] aswSnx C:\windows\system32\drivers\aswSnx.sys
16:18:39.0087 0x1dbc aswSnx - ok
16:18:39.0146 0x1dbc [ 251360C2FCA22BAFE0583314B3262F98, 1EB1B4620E3AFA8ACDDE5F1A6EC4AAEDD40AE2FC5C013AF1B13B03C4B60F6CEB ] aswSP C:\windows\system32\drivers\aswSP.sys
16:18:39.0159 0x1dbc aswSP - ok
16:18:39.0240 0x1dbc [ AAB5F5336EDBB5D99CC7E1A9F4D8F63F, 01B40475DCA40E7B426DB0578A33DB62D62640F3A7F9F95A6BBF0AD3CF0F2941 ] aswStm C:\windows\system32\drivers\aswStm.sys
16:18:39.0244 0x1dbc aswStm - ok
16:18:39.0265 0x1dbc [ 42886789F6A5A3DE69686BDE84806A38, 96D5FBC5BFDBDEB497EC26C2224CF37032F0D20852E4E1FE382E9F80F6E1618A ] aswTdi C:\windows\system32\drivers\aswTdi.sys
16:18:39.0269 0x1dbc aswTdi - ok
16:18:39.0349 0x1dbc [ 90399625F341AB76BA4B85A5E860EB1F, 92DD461B14240222F451F971642844A4DAD9DF4FFEAA8F12D16EA117822BEEF3 ] aswVmm C:\windows\system32\drivers\aswVmm.sys
16:18:39.0356 0x1dbc aswVmm - ok
16:18:39.0371 0x1dbc [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
16:18:39.0373 0x1dbc AsyncMac - ok
16:18:39.0396 0x1dbc [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\windows\system32\drivers\atapi.sys
16:18:39.0397 0x1dbc atapi - ok
16:18:39.0475 0x1dbc [ 7E2F5A758F63F80F8B03F889B4E6B19F, 5A911F1E9DB2894A7459D072F8D02F884AEF695B51EC17DEEAF874DB5A6F783C ] AtiHdmiService C:\windows\system32\drivers\AtiHdmi.sys
16:18:39.0480 0x1dbc AtiHdmiService - ok
16:18:39.0536 0x1dbc [ C07A040D6B5A42DD41EE386CF90974C8, 8D47815F99C79B795504C3172B5FBBDBA6AFACC004B17AA3954A06BE713FACAE ] AtiPcie C:\windows\system32\DRIVERS\AtiPcie.sys
16:18:39.0538 0x1dbc AtiPcie - ok
16:18:39.0590 0x1dbc [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
16:18:39.0619 0x1dbc AudioEndpointBuilder - ok
16:18:39.0649 0x1dbc [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\windows\System32\Audiosrv.dll
16:18:39.0665 0x1dbc AudioSrv - ok
16:18:39.0747 0x1dbc [ D74884939D53612FD84AC82C59CCFE27, 07BFB34A3748E018C0A674A6253A03FFA522B31AE1942E84B3CC4DDDED9C16A9 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:18:39.0750 0x1dbc avast! Antivirus - ok
16:18:39.0777 0x1dbc [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\windows\System32\AxInstSV.dll
16:18:39.0781 0x1dbc AxInstSV - ok
16:18:39.0817 0x1dbc [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
16:18:39.0843 0x1dbc b06bdrv - ok
16:18:39.0885 0x1dbc [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
16:18:39.0894 0x1dbc b57nd60a - ok
16:18:40.0040 0x1dbc [ 7B6EAAA086DDE01D4C7FF215720987C6, 83FD154271D4134DD16E9EF3C245BD5085EFF39CF081F63B311AD2C5E3504AB7 ] BCM43XX C:\windows\system32\DRIVERS\bcmwl664.sys
16:18:40.0153 0x1dbc BCM43XX - ok
16:18:40.0194 0x1dbc [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\windows\System32\bdesvc.dll
16:18:40.0199 0x1dbc BDESVC - ok
16:18:40.0223 0x1dbc [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\windows\system32\drivers\Beep.sys
16:18:40.0523 0x1dbc Beep - ok
16:18:40.0604 0x1dbc [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\windows\System32\bfe.dll
16:18:40.0640 0x1dbc BFE - ok
16:18:40.0721 0x1dbc [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\windows\system32\qmgr.dll
16:18:40.0806 0x1dbc BITS - ok
16:18:40.0933 0x1dbc [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
16:18:40.0954 0x1dbc blbdrive - ok
16:18:40.0988 0x1dbc [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\windows\system32\DRIVERS\bowser.sys
16:18:40.0993 0x1dbc bowser - ok
16:18:41.0024 0x1dbc [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
16:18:41.0026 0x1dbc BrFiltLo - ok
16:18:41.0041 0x1dbc [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
16:18:41.0043 0x1dbc BrFiltUp - ok
16:18:41.0072 0x1dbc [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
16:18:41.0076 0x1dbc BridgeMP - ok
16:18:41.0106 0x1dbc [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\windows\System32\browser.dll
16:18:41.0130 0x1dbc Browser - ok
16:18:41.0219 0x1dbc [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\windows\System32\Drivers\Brserid.sys
16:18:41.0229 0x1dbc Brserid - ok
16:18:41.0271 0x1dbc [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
16:18:41.0274 0x1dbc BrSerWdm - ok
16:18:41.0316 0x1dbc [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
16:18:41.0336 0x1dbc BrUsbMdm - ok
16:18:41.0357 0x1dbc [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
16:18:41.0359 0x1dbc BrUsbSer - ok
16:18:41.0395 0x1dbc [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
16:18:41.0398 0x1dbc BthEnum - ok
16:18:41.0415 0x1dbc [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
16:18:41.0418 0x1dbc BTHMODEM - ok
16:18:41.0452 0x1dbc [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
16:18:41.0457 0x1dbc BthPan - ok
16:18:41.0564 0x1dbc [ 64C198198501F7560EE41D8D1EFA7952, 53CE5FDD1866FC8A0B91C7A620F7555D197488C4C8F3DEFD4398D8E3ED2AEBD0 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
16:18:41.0584 0x1dbc BTHPORT - ok
16:18:41.0611 0x1dbc [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\windows\system32\bthserv.dll
16:18:41.0615 0x1dbc bthserv - ok
16:18:41.0677 0x1dbc [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
16:18:41.0681 0x1dbc BTHUSB - ok
16:18:41.0728 0x1dbc [ AF838D8029AE7C27470862D63FA54D24, 96247094D2446CEE594AD765B98DE8583762A96FE83223CB18B4CDB3A4958376 ] btwaudio C:\windows\system32\drivers\btwaudio.sys
16:18:41.0733 0x1dbc btwaudio - ok
16:18:41.0774 0x1dbc [ 5C849BD7C78791C5CEE9F4651D7FE38D, BC93A1B911FB4A44EC4DB64AF9AFC6F2013CD76BFB6FA9E4834CFDAAAF4BCD9F ] btwavdt C:\windows\system32\drivers\btwavdt.sys
16:18:41.0780 0x1dbc btwavdt - ok
16:18:41.0903 0x1dbc [ 10FFB5FA51D5713D872B41A59DFC2213, E0C0EA99C862E3FCE4D121BB34DEC00E74A371DF4093A44055E70E9F4CFA3DC6 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
16:18:41.0936 0x1dbc btwdins - ok
16:18:41.0970 0x1dbc [ 6149301DC3F81D6F9667A3FBAC410975, 120E201AFB07054C7F6321461D194843C695012431DBD791E36BBF73FDD41E8A ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
16:18:41.0973 0x1dbc btwl2cap - ok
16:18:42.0006 0x1dbc [ 3E1991AFA851A36DC978B0A1B0535C8B, F55F7FDDD2A71532F163E4F14B26A09DCDB7C970E806D803418D4CE0DFF09FB6 ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
16:18:42.0008 0x1dbc btwrchid - ok
16:18:42.0053 0x1dbc catchme - ok
16:18:42.0097 0x1dbc [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
16:18:42.0102 0x1dbc cdfs - ok
16:18:42.0145 0x1dbc [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
16:18:42.0152 0x1dbc cdrom - ok
16:18:42.0198 0x1dbc [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\windows\System32\certprop.dll
16:18:42.0207 0x1dbc CertPropSvc - ok
16:18:42.0262 0x1dbc [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\windows\system32\DRIVERS\circlass.sys
16:18:42.0267 0x1dbc circlass - ok
16:18:42.0349 0x1dbc [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\windows\system32\CLFS.sys
16:18:42.0383 0x1dbc CLFS - ok
16:18:42.0447 0x1dbc [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:18:42.0454 0x1dbc clr_optimization_v2.0.50727_32 - ok
16:18:42.0505 0x1dbc [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:18:42.0509 0x1dbc clr_optimization_v2.0.50727_64 - ok
16:18:42.0562 0x1dbc [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:18:42.0589 0x1dbc clr_optimization_v4.0.30319_32 - ok
16:18:42.0636 0x1dbc [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:18:42.0670 0x1dbc clr_optimization_v4.0.30319_64 - ok
16:18:42.0708 0x1dbc [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
16:18:42.0712 0x1dbc CmBatt - ok
16:18:42.0740 0x1dbc [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\windows\system32\drivers\cmdide.sys
16:18:42.0743 0x1dbc cmdide - ok
16:18:42.0789 0x1dbc [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\windows\system32\Drivers\cng.sys
16:18:42.0876 0x1dbc CNG - ok
16:18:42.0941 0x1dbc [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
16:18:42.0945 0x1dbc Compbatt - ok
16:18:42.0998 0x1dbc [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
16:18:43.0004 0x1dbc CompositeBus - ok
16:18:43.0016 0x1dbc COMSysApp - ok
16:18:43.0069 0x1dbc [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
16:18:43.0072 0x1dbc crcdisk - ok
16:18:43.0103 0x1dbc [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\windows\system32\cryptsvc.dll
16:18:43.0112 0x1dbc CryptSvc - ok
16:18:43.0167 0x1dbc [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\windows\system32\drivers\csc.sys
16:18:43.0192 0x1dbc CSC - ok
16:18:43.0276 0x1dbc [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\windows\System32\cscsvc.dll
16:18:43.0346 0x1dbc CscService - ok
16:18:43.0452 0x1dbc [ A8BA4DA23AC20BDA23CA15234D42A3FA, 951C59CD83F7D931EFE68CC950602834187E2225B11261C92F9E0DC0A6F5F544 ] DAMDrv C:\windows\system32\DRIVERS\DAMDrv64.sys
16:18:43.0462 0x1dbc DAMDrv - ok
16:18:43.0584 0x1dbc [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\windows\system32\rpcss.dll
16:18:43.0670 0x1dbc DcomLaunch - ok
16:18:43.0813 0x1dbc [ E6E9610D76418357A7EC725989687CB4, 20C4DBACED35221F9B43284B82A5B203A822FBF1B4FAB0701AB3730E508B9892 ] DEBridge c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
16:18:43.0838 0x1dbc DEBridge - ok
16:18:43.0867 0x1dbc [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\windows\System32\defragsvc.dll
16:18:43.0877 0x1dbc defragsvc - ok
16:18:43.0912 0x1dbc [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\windows\system32\Drivers\dfsc.sys
16:18:43.0916 0x1dbc DfsC - ok
16:18:43.0938 0x1dbc [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\windows\system32\dhcpcore.dll
16:18:43.0948 0x1dbc Dhcp - ok
16:18:43.0966 0x1dbc [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\windows\system32\drivers\discache.sys
16:18:43.0969 0x1dbc discache - ok
16:18:43.0993 0x1dbc [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\windows\system32\DRIVERS\disk.sys
16:18:43.0996 0x1dbc Disk - ok
16:18:44.0029 0x1dbc [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\windows\System32\dnsrslvr.dll
16:18:44.0036 0x1dbc Dnscache - ok
16:18:44.0061 0x1dbc [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\windows\System32\dot3svc.dll
16:18:44.0070 0x1dbc dot3svc - ok
16:18:44.0166 0x1dbc [ 723E663FD14A7FBE4B1C8C8FDE1C406C, 69DDBDB9CF0875863FF2D414E89EA5809ADF40D019B169DBA37B05E22EE5ABD3 ] DpHost c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
16:18:44.0186 0x1dbc DpHost - ok
16:18:44.0220 0x1dbc [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\windows\system32\dps.dll
16:18:44.0231 0x1dbc DPS - ok
16:18:44.0270 0x1dbc [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
16:18:44.0272 0x1dbc drmkaud - ok
16:18:44.0320 0x1dbc [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
16:18:44.0362 0x1dbc DXGKrnl - ok
16:18:44.0401 0x1dbc [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\windows\System32\eapsvc.dll
16:18:44.0406 0x1dbc EapHost - ok
16:18:44.0539 0x1dbc [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
16:18:44.0659 0x1dbc ebdrv - ok
16:18:44.0689 0x1dbc [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS C:\windows\System32\lsass.exe
16:18:44.0693 0x1dbc EFS - ok
16:18:44.0742 0x1dbc [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\windows\ehome\ehRecvr.exe
16:18:44.0775 0x1dbc ehRecvr - ok
16:18:44.0804 0x1dbc [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\windows\ehome\ehsched.exe
16:18:44.0809 0x1dbc ehSched - ok
16:18:44.0844 0x1dbc [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
16:18:44.0869 0x1dbc elxstor - ok
16:18:44.0885 0x1dbc [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\windows\system32\drivers\errdev.sys
16:18:44.0887 0x1dbc ErrDev - ok
16:18:44.0947 0x1dbc [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\windows\system32\es.dll
16:18:44.0963 0x1dbc EventSystem - ok
16:18:45.0001 0x1dbc [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\windows\system32\drivers\exfat.sys
16:18:45.0008 0x1dbc exfat - ok
16:18:45.0036 0x1dbc [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\windows\system32\drivers\fastfat.sys
16:18:45.0044 0x1dbc fastfat - ok
16:18:45.0094 0x1dbc [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\windows\system32\fxssvc.exe
16:18:45.0137 0x1dbc Fax - ok
16:18:45.0160 0x1dbc [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\windows\system32\DRIVERS\fdc.sys
16:18:45.0163 0x1dbc fdc - ok
16:18:45.0181 0x1dbc [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\windows\system32\fdPHost.dll
16:18:45.0184 0x1dbc fdPHost - ok
16:18:45.0208 0x1dbc [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\windows\system32\fdrespub.dll
16:18:45.0212 0x1dbc FDResPub - ok
16:18:45.0230 0x1dbc [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\windows\system32\drivers\fileinfo.sys
16:18:45.0235 0x1dbc FileInfo - ok
16:18:45.0256 0x1dbc [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\windows\system32\drivers\filetrace.sys
16:18:45.0259 0x1dbc Filetrace - ok
16:18:45.0368 0x1dbc [ 614B050875190FFE7ABBAF0CBB4FBBBA, CB7FEDE44B7BE276C86E63B3BF2E83D21986DE85500FA298F569B3C7AE051BEF ] FLCDLOCK c:\Windows\SysWOW64\flcdlock.exe
16:18:45.0384 0x1dbc FLCDLOCK - ok
16:18:45.0417 0x1dbc [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
16:18:45.0419 0x1dbc flpydisk - ok
16:18:45.0443 0x1dbc [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
16:18:45.0453 0x1dbc FltMgr - ok
16:18:45.0579 0x1dbc [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\windows\system32\FntCache.dll
16:18:45.0645 0x1dbc FontCache - ok
16:18:45.0862 0x1dbc [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:18:45.0867 0x1dbc FontCache3.0.0.0 - ok
16:18:45.0889 0x1dbc [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\windows\system32\drivers\FsDepends.sys
16:18:45.0893 0x1dbc FsDepends - ok
16:18:45.0910 0x1dbc [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
16:18:45.0913 0x1dbc Fs_Rec - ok
16:18:45.0951 0x1dbc [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
16:18:45.0959 0x1dbc fvevol - ok
16:18:45.0982 0x1dbc [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
16:18:45.0986 0x1dbc gagp30kx - ok
16:18:46.0070 0x1dbc [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\windows\System32\gpsvc.dll
16:18:46.0098 0x1dbc gpsvc - ok
16:18:46.0123 0x1dbc [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
16:18:46.0125 0x1dbc hcw85cir - ok
16:18:46.0179 0x1dbc [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
16:18:46.0196 0x1dbc HdAudAddService - ok
16:18:46.0219 0x1dbc [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
16:18:46.0224 0x1dbc HDAudBus - ok
16:18:46.0245 0x1dbc [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
16:18:46.0247 0x1dbc HidBatt - ok
16:18:46.0280 0x1dbc [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
16:18:46.0285 0x1dbc HidBth - ok
16:18:46.0306 0x1dbc [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\windows\system32\DRIVERS\hidir.sys
16:18:46.0309 0x1dbc HidIr - ok
16:18:46.0337 0x1dbc [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\windows\System32\hidserv.dll
16:18:46.0341 0x1dbc hidserv - ok
16:18:46.0380 0x1dbc [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\windows\system32\drivers\hidusb.sys
16:18:46.0383 0x1dbc HidUsb - ok
16:18:46.0407 0x1dbc [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\windows\system32\kmsvc.dll
16:18:46.0413 0x1dbc hkmsvc - ok
16:18:46.0440 0x1dbc [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
16:18:46.0450 0x1dbc HomeGroupListener - ok
16:18:46.0472 0x1dbc [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
16:18:46.0482 0x1dbc HomeGroupProvider - ok
16:18:46.0559 0x1dbc [ 58C91CCA61A948DC6E789C93C05A1D6F, 6377D940052CA104DD45A7030829014F39C465C1DFCCB3FC1762F35B1A93D663 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
16:18:46.0569 0x1dbc HP Health Check Service - ok
16:18:46.0611 0x1dbc [ F2889318AB3CD87CCA17CB3769CDC1E4, F8A9F1EF064B1B30772FAB8047AFED4C20172A854932028F086C24729E14E59E ] HP Power Assistant Service C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
16:18:46.0618 0x1dbc HP Power Assistant Service - ok
16:18:46.0661 0x1dbc [ 3891D3993065D392E0DE541BEA0A9EA5, C67AD1CEA46A28103657C5C765082C5ED6B6318C32732CB810513AFE392340E1 ] HP ProtectTools Service c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
16:18:46.0678 0x1dbc HP ProtectTools Service - ok
16:18:46.0704 0x1dbc [ 58CC11D14D88EF70EF7ABBC75B5EEBD8, 769FAE57F3BDF81890976DA51FB9C89D520653E5D0072A6DB98C7B8FACD54E87 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
16:18:46.0711 0x1dbc HP Wireless Assistant Service - ok
16:18:46.0784 0x1dbc [ A4A0E006A1826EA2629E59DE2008BB9D, 8DCA9854D401996937F79DF502BB9B7B5BDA003A00D34019B376B7037861E738 ] HPDayStarterService c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
16:18:46.0793 0x1dbc HPDayStarterService - ok
16:18:46.0818 0x1dbc [ 50AFB68513014A6894D78014483F0432, E2F60636CFABDAA639C9A10C715A0E24D81ED8C54806080D4E51B3B2C1D77E2C ] HPDrvMntSvc.exe c:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
16:18:46.0828 0x1dbc HPDrvMntSvc.exe - ok
16:18:46.0852 0x1dbc [ 05712FDDBD45A5864EB326FAABC6A4E3, 8BACA990971A331E6EC7F896EF2404F09E381DAA3519FC6E3027C0DBD991BA7F ] hpdskflt C:\windows\system32\DRIVERS\hpdskflt.sys
16:18:46.0854 0x1dbc hpdskflt - ok
16:18:46.0878 0x1dbc [ 5AFB3F9B74553BD933555E1C800D2CE1, 30255CE35AA23C46771A6428C9519BE7645A3AE4494A15C50FE3C45F00712272 ] HpFkCryptService c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
16:18:46.0888 0x1dbc HpFkCryptService - ok
16:18:47.0118 0x1dbc [ 8205DA7B4191ACD96F76B81E42945754, 67CE632760A1AEB2A04610088A83CA355162DAA00A4AE93A872AB446675030EC ] HPFSService C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
16:18:47.0128 0x1dbc HPFSService - ok
16:18:47.0264 0x1dbc [ 4D94F4D7782657E79EB1352570B563DB, 5563BF93070EEA43BB15E2FE05C80374129B04B6F773502C21AA3D51BF61ECF5 ] hpHotkeyMonitor C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
16:18:47.0284 0x1dbc hpHotkeyMonitor - ok
16:18:47.0306 0x1dbc [ B98EE5D4535A685634B90F7E04DE0DF7, E37D26EF83B70E84742498D2F53037F83BE13F0E01484D85A20C872F1F02ADDA ] HpqKbFiltr C:\windows\system32\DRIVERS\HpqKbFiltr.sys
16:18:47.0309 0x1dbc HpqKbFiltr - ok
16:18:47.0342 0x1dbc [ EF3EA06057132138B4E5895A61601DBE, ABFA2DA02271486DD1D52D68727403C6F6D4C355B62E627E247340E2B7F85A1A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
16:18:47.0352 0x1dbc hpqwmiex - ok
16:18:47.0373 0x1dbc [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
16:18:47.0378 0x1dbc HpSAMD - ok
16:18:47.0395 0x1dbc [ AA036CC5F5221D9B915F4D4DCE74BA9A, B90B9F7753B45387AD56A7CE1365BEBC9EB67011B6D2F8C785717942133775AA ] hpsrv C:\windows\system32\Hpservice.exe
16:18:47.0399 0x1dbc hpsrv - ok
16:18:47.0459 0x1dbc [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\windows\system32\drivers\HTTP.sys
16:18:47.0548 0x1dbc HTTP - ok
16:18:47.0598 0x1dbc [ CDAA8E257BB625B2387219E605DDE37D, 2AAA32AFC3576DBBC422557F871B934F544642EB9B85E89971F0146E2021C187 ] hwdatacard C:\windows\system32\DRIVERS\ewusbmdm.sys
16:18:47.0602 0x1dbc hwdatacard - ok
16:18:47.0627 0x1dbc [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
16:18:47.0629 0x1dbc hwpolicy - ok
16:18:47.0669 0x1dbc [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\windows\system32\drivers\i8042prt.sys
16:18:47.0674 0x1dbc i8042prt - ok
16:18:47.0733 0x1dbc [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
16:18:47.0751 0x1dbc iaStorV - ok
16:18:47.0815 0x1dbc [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:18:47.0849 0x1dbc idsvc - ok
16:18:47.0892 0x1dbc IEEtwCollectorService - ok
16:18:47.0921 0x1dbc [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
16:18:47.0925 0x1dbc iirsp - ok
16:18:47.0986 0x1dbc [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\windows\System32\ikeext.dll
16:18:48.0024 0x1dbc IKEEXT - ok
16:18:48.0048 0x1dbc [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\windows\system32\drivers\intelide.sys
16:18:48.0050 0x1dbc intelide - ok
16:18:48.0075 0x1dbc [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
16:18:48.0078 0x1dbc intelppm - ok
16:18:48.0118 0x1dbc [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\windows\system32\ipbusenum.dll
16:18:48.0123 0x1dbc IPBusEnum - ok
16:18:48.0173 0x1dbc [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
16:18:48.0182 0x1dbc IpFilterDriver - ok
16:18:48.0252 0x1dbc [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\windows\System32\iphlpsvc.dll
16:18:48.0339 0x1dbc iphlpsvc - ok
16:18:48.0366 0x1dbc [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
16:18:48.0371 0x1dbc IPMIDRV - ok
16:18:48.0394 0x1dbc [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\windows\system32\drivers\ipnat.sys
16:18:48.0400 0x1dbc IPNAT - ok
16:18:48.0422 0x1dbc [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\windows\system32\drivers\irenum.sys
16:18:48.0425 0x1dbc IRENUM - ok
16:18:48.0436 0x1dbc [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\windows\system32\drivers\isapnp.sys
16:18:48.0439 0x1dbc isapnp - ok
16:18:48.0468 0x1dbc [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
16:18:48.0485 0x1dbc iScsiPrt - ok
16:18:48.0509 0x1dbc [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
16:18:48.0513 0x1dbc kbdclass - ok
16:18:48.0536 0x1dbc [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
16:18:48.0540 0x1dbc kbdhid - ok
16:18:48.0564 0x1dbc [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso C:\windows\system32\lsass.exe
16:18:48.0568 0x1dbc KeyIso - ok
16:18:48.0635 0x1dbc KMService - ok
16:18:48.0788 0x1dbc [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
16:18:48.0806 0x1dbc KSecDD - ok
16:18:48.0908 0x1dbc [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
16:18:48.0934 0x1dbc KSecPkg - ok
16:18:48.0957 0x1dbc [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\windows\system32\drivers\ksthunk.sys
16:18:48.0960 0x1dbc ksthunk - ok
16:18:49.0007 0x1dbc [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\windows\system32\msdtckrm.dll
16:18:49.0033 0x1dbc KtmRm - ok
16:18:49.0104 0x1dbc [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\windows\System32\srvsvc.dll
16:18:49.0121 0x1dbc LanmanServer - ok
16:18:49.0150 0x1dbc [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
16:18:49.0166 0x1dbc LanmanWorkstation - ok
16:18:49.0219 0x1dbc [ 47269F0DE1E5089C6F23BC1EC48CFC31, 20B0B428E1EB140778AEE4BFDD6AD45DCA5C5526DB8FEC8CAA0FDA08D2C10A7A ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
16:18:49.0222 0x1dbc LightScribeService - ok
16:18:49.0252 0x1dbc [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
16:18:49.0255 0x1dbc lltdio - ok
16:18:49.0284 0x1dbc [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\windows\System32\lltdsvc.dll
16:18:49.0295 0x1dbc lltdsvc - ok
16:18:49.0308 0x1dbc [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\windows\System32\lmhsvc.dll
16:18:49.0311 0x1dbc lmhosts - ok
16:18:49.0333 0x1dbc [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
16:18:49.0338 0x1dbc LSI_FC - ok
16:18:49.0359 0x1dbc [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
16:18:49.0365 0x1dbc LSI_SAS - ok
16:18:49.0383 0x1dbc [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
16:18:49.0387 0x1dbc LSI_SAS2 - ok
16:18:49.0400 0x1dbc [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
16:18:49.0405 0x1dbc LSI_SCSI - ok
16:18:49.0432 0x1dbc [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\windows\system32\drivers\luafv.sys
16:18:49.0436 0x1dbc luafv - ok
16:18:49.0493 0x1dbc [ 0BB97D43299910CBFBA59C461B99B910, 27C22D9D9EE8A410D7396960DA93E9E260D4DCDD38DCE06E85E45C5E24C067DE ] MBAMProtector C:\windows\system32\drivers\mbam.sys
16:18:49.0495 0x1dbc MBAMProtector - ok
16:18:49.0551 0x1dbc [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:18:49.0570 0x1dbc MBAMScheduler - ok
16:18:49.0686 0x1dbc [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:18:49.0711 0x1dbc MBAMService - ok
16:18:49.0766 0x1dbc [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
16:18:49.0772 0x1dbc Mcx2Svc - ok
16:18:49.0811 0x1dbc [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\windows\system32\DRIVERS\megasas.sys
16:18:49.0813 0x1dbc megasas - ok
16:18:49.0842 0x1dbc [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
16:18:49.0852 0x1dbc MegaSR - ok
16:18:49.0906 0x1dbc Microsoft SharePoint Workspace Audit Service - ok
16:18:49.0931 0x1dbc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\windows\system32\mmcss.dll
16:18:49.0936 0x1dbc MMCSS - ok
16:18:49.0959 0x1dbc [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\windows\system32\drivers\modem.sys
16:18:49.0962 0x1dbc Modem - ok
16:18:49.0979 0x1dbc [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\windows\system32\DRIVERS\monitor.sys
16:18:49.0982 0x1dbc monitor - ok
16:18:50.0002 0x1dbc [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
16:18:50.0005 0x1dbc mouclass - ok
16:18:50.0035 0x1dbc [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
16:18:50.0037 0x1dbc mouhid - ok
16:18:50.0059 0x1dbc [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\windows\system32\drivers\mountmgr.sys
16:18:50.0063 0x1dbc mountmgr - ok
16:18:50.0136 0x1dbc [ 3B9398E0146855B1DC0E3D9769C80F01, DF69DB5CA30A5577648635C27DD468AF98515D07DF379B3FFDCC6B40744EDE66 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:18:50.0142 0x1dbc MozillaMaintenance - ok
16:18:50.0174 0x1dbc [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\windows\system32\drivers\mpio.sys
16:18:50.0180 0x1dbc mpio - ok
16:18:50.0205 0x1dbc [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
16:18:50.0209 0x1dbc mpsdrv - ok
16:18:50.0264 0x1dbc [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\windows\system32\mpssvc.dll
16:18:50.0330 0x1dbc MpsSvc - ok
16:18:50.0577 0x1dbc [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
16:18:50.0583 0x1dbc MRxDAV - ok
16:18:50.0645 0x1dbc [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
16:18:50.0652 0x1dbc mrxsmb - ok
16:18:50.0691 0x1dbc [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
16:18:50.0702 0x1dbc mrxsmb10 - ok
16:18:50.0718 0x1dbc [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
16:18:50.0724 0x1dbc mrxsmb20 - ok
16:18:50.0748 0x1dbc [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\windows\system32\drivers\msahci.sys
16:18:50.0751 0x1dbc msahci - ok
16:18:50.0765 0x1dbc [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\windows\system32\drivers\msdsm.sys
16:18:50.0771 0x1dbc msdsm - ok
16:18:50.0790 0x1dbc [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\windows\System32\msdtc.exe
16:18:50.0798 0x1dbc MSDTC - ok
16:18:50.0839 0x1dbc [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\windows\system32\drivers\Msfs.sys
16:18:50.0861 0x1dbc Msfs - ok
16:18:50.0874 0x1dbc [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
16:18:50.0876 0x1dbc mshidkmdf - ok
16:18:50.0886 0x1dbc [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
16:18:50.0888 0x1dbc msisadrv - ok
16:18:50.0918 0x1dbc [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\windows\system32\iscsiexe.dll
16:18:50.0925 0x1dbc MSiSCSI - ok
16:18:50.0930 0x1dbc msiserver - ok
16:18:50.0946 0x1dbc [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
16:18:50.0948 0x1dbc MSKSSRV - ok
16:18:50.0968 0x1dbc [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
16:18:50.0970 0x1dbc MSPCLOCK - ok
16:18:50.0994 0x1dbc [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\windows\system32\drivers\MSPQM.sys
16:18:50.0996 0x1dbc MSPQM - ok
16:18:51.0026 0x1dbc [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
16:18:51.0043 0x1dbc MsRPC - ok
16:18:51.0056 0x1dbc [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
16:18:51.0059 0x1dbc mssmbios - ok
16:18:51.0075 0x1dbc [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\windows\system32\drivers\MSTEE.sys
16:18:51.0076 0x1dbc MSTEE - ok
16:18:51.0087 0x1dbc [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
16:18:51.0089 0x1dbc MTConfig - ok
16:18:51.0108 0x1dbc [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\windows\system32\Drivers\mup.sys
16:18:51.0112 0x1dbc Mup - ok
16:18:51.0145 0x1dbc [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\windows\system32\qagentRT.dll
16:18:51.0171 0x1dbc napagent - ok
16:18:51.0212 0x1dbc [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
16:18:51.0228 0x1dbc NativeWifiP - ok
16:18:51.0273 0x1dbc [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\windows\system32\drivers\ndis.sys
16:18:51.0375 0x1dbc NDIS - ok
16:18:51.0429 0x1dbc [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
16:18:51.0432 0x1dbc NdisCap - ok
16:18:51.0488 0x1dbc [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
16:18:51.0492 0x1dbc NdisTapi - ok
16:18:51.0536 0x1dbc [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
16:18:51.0539 0x1dbc Ndisuio - ok
16:18:51.0568 0x1dbc [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
16:18:51.0574 0x1dbc NdisWan - ok
16:18:51.0590 0x1dbc [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
16:18:51.0594 0x1dbc NDProxy - ok
16:18:51.0622 0x1dbc [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
16:18:51.0625 0x1dbc NetBIOS - ok
16:18:51.0673 0x1dbc [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
16:18:51.0682 0x1dbc NetBT - ok
16:18:51.0730 0x1dbc [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon C:\windows\system32\lsass.exe
16:18:51.0739 0x1dbc Netlogon - ok
16:18:51.0775 0x1dbc [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\windows\System32\netman.dll
16:18:51.0790 0x1dbc Netman - ok
16:18:51.0922 0x1dbc [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:18:51.0952 0x1dbc NetMsmqActivator - ok
16:18:51.0995 0x1dbc [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:18:52.0004 0x1dbc NetPipeActivator - ok
16:18:52.0061 0x1dbc [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\windows\System32\netprofm.dll
16:18:52.0088 0x1dbc netprofm - ok
16:18:52.0097 0x1dbc [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:18:52.0101 0x1dbc NetTcpActivator - ok
16:18:52.0109 0x1dbc [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:18:52.0113 0x1dbc NetTcpPortSharing - ok
16:18:52.0156 0x1dbc [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
16:18:52.0163 0x1dbc nfrd960 - ok
16:18:52.0216 0x1dbc [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\windows\System32\nlasvc.dll
16:18:52.0246 0x1dbc NlaSvc - ok
16:18:52.0354 0x1dbc [ 0543FA119CF3FD2203851FD71202FFE1, C589D617CE2D68BC50D409001C12C568C174AE31DDCFD89972E9D05AC06446A4 ] nlsX86cc C:\windows\SysWOW64\NLSSRV32.EXE
16:18:52.0361 0x1dbc nlsX86cc - ok
16:18:52.0391 0x1dbc [ 9573223E205907247AE6D948E3453770, 35D32A415F74863D7408229508F134D53CA0FA7EDD8B0E5FEEFC9DE588D0607B ] nmwcdnsux64 C:\windows\system32\drivers\nmwcdnsux64.sys
16:18:52.0399 0x1dbc nmwcdnsux64 - ok
16:18:52.0416 0x1dbc [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\windows\system32\drivers\Npfs.sys
16:18:52.0420 0x1dbc Npfs - ok
16:18:52.0430 0x1dbc [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\windows\system32\nsisvc.dll
16:18:52.0436 0x1dbc nsi - ok
16:18:52.0451 0x1dbc [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
16:18:52.0454 0x1dbc nsiproxy - ok
16:18:52.0542 0x1dbc [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\windows\system32\drivers\Ntfs.sys
16:18:52.0614 0x1dbc Ntfs - ok
16:18:52.0636 0x1dbc [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\windows\system32\drivers\Null.sys
16:18:52.0638 0x1dbc Null - ok
16:18:52.0664 0x1dbc [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\windows\system32\drivers\nvraid.sys
16:18:52.0670 0x1dbc nvraid - ok
16:18:52.0684 0x1dbc [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\windows\system32\drivers\nvstor.sys
16:18:52.0691 0x1dbc nvstor - ok
16:18:52.0716 0x1dbc [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\windows\system32\drivers\nv_agp.sys
16:18:52.0721 0x1dbc nv_agp - ok
16:18:52.0861 0x1dbc [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
16:18:53.0029 0x1dbc ohci1394 - ok
16:18:53.0259 0x1dbc [ D29D5E61A5722630BB58940D1E4E231A, 82DDE4F3A8B2913890B14BCC8A01E1A5D7328CFF38B4FE52C022DDB7F56ED154 ] OpenVPNService C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
16:18:53.0261 0x1dbc OpenVPNService - ok
16:18:53.0358 0x1dbc [ 4965B005492CBA7719E82B71E3245495, 52AD72C05FACC1E0E416A1FA25F34FDD3CB274FAB973BEAAE911A2FACA42B650 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:18:53.0373 0x1dbc ose64 - ok
16:18:53.0648 0x1dbc [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:18:53.0850 0x1dbc osppsvc - ok
16:18:53.0961 0x1dbc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\windows\system32\pnrpsvc.dll
16:18:53.0974 0x1dbc p2pimsvc - ok
16:18:54.0003 0x1dbc [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\windows\system32\p2psvc.dll
16:18:54.0019 0x1dbc p2psvc - ok
16:18:54.0122 0x1dbc [ 77CDC6C43D8C3E05D0E21B36EAABEBAE, 4B81147E8ACD04636F5381BC5D121F428F946C7735C97CD3E1C3BCCD47D0F5BB ] PanService C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
16:18:54.0147 0x1dbc PanService - ok
16:18:54.0171 0x1dbc [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\windows\system32\DRIVERS\parport.sys
16:18:54.0176 0x1dbc Parport - ok
16:18:54.0195 0x1dbc [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\windows\system32\drivers\partmgr.sys
16:18:54.0199 0x1dbc partmgr - ok
16:18:54.0225 0x1dbc [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\windows\System32\pcasvc.dll
16:18:54.0234 0x1dbc PcaSvc - ok
16:18:54.0280 0x1dbc [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\windows\system32\drivers\pci.sys
16:18:54.0287 0x1dbc pci - ok
16:18:54.0312 0x1dbc [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\windows\system32\drivers\pciide.sys
16:18:54.0315 0x1dbc pciide - ok
16:18:54.0333 0x1dbc [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
16:18:54.0341 0x1dbc pcmcia - ok
16:18:54.0365 0x1dbc [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\windows\system32\drivers\pcw.sys
16:18:54.0369 0x1dbc pcw - ok
16:18:54.0401 0x1dbc [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\windows\system32\drivers\peauth.sys
16:18:54.0428 0x1dbc PEAUTH - ok
16:18:54.0498 0x1dbc [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\windows\system32\peerdistsvc.dll
16:18:54.0558 0x1dbc PeerDistSvc - ok
16:18:54.0594 0x1dbc [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\windows\SysWow64\perfhost.exe
16:18:54.0599 0x1dbc PerfHost - ok
16:18:54.0675 0x1dbc [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\windows\system32\pla.dll
16:18:54.0726 0x1dbc pla - ok
16:18:54.0802 0x1dbc [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\windows\system32\umpnpmgr.dll
16:18:54.0827 0x1dbc PlugPlay - ok
16:18:54.0852 0x1dbc [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
16:18:54.0857 0x1dbc PNRPAutoReg - ok
16:18:54.0886 0x1dbc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\windows\system32\pnrpsvc.dll
16:18:54.0897 0x1dbc PNRPsvc - ok
16:18:54.0932 0x1dbc [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
16:18:54.0959 0x1dbc PolicyAgent - ok
16:18:54.0993 0x1dbc [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\windows\system32\umpo.dll
16:18:55.0002 0x1dbc Power - ok
16:18:55.0018 0x1dbc [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
16:18:55.0023 0x1dbc PptpMiniport - ok
16:18:55.0042 0x1dbc [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\windows\system32\DRIVERS\processr.sys
16:18:55.0046 0x1dbc Processor - ok
16:18:55.0075 0x1dbc [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\windows\system32\profsvc.dll
16:18:55.0085 0x1dbc ProfSvc - ok
16:18:55.0115 0x1dbc [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\windows\system32\lsass.exe
16:18:55.0118 0x1dbc ProtectedStorage - ok
16:18:55.0177 0x1dbc [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\windows\system32\DRIVERS\pacer.sys
16:18:55.0184 0x1dbc Psched - ok
16:18:55.0225 0x1dbc [ 4712CC14E720ECCCC0AA16949D18AAF1, AF0223D118A25CA14EC1AF8A40A793D3CBCBE3576CCACBCD4F9A3D3F10407262 ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys
16:18:55.0229 0x1dbc PxHlpa64 - ok
16:18:55.0301 0x1dbc [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
16:18:55.0365 0x1dbc ql2300 - ok
16:18:55.0398 0x1dbc [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
16:18:55.0404 0x1dbc ql40xx - ok
16:18:55.0420 0x1dbc [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\windows\system32\qwave.dll
16:18:55.0431 0x1dbc QWAVE - ok
16:18:55.0466 0x1dbc [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
16:18:55.0469 0x1dbc QWAVEdrv - ok
16:18:55.0486 0x1dbc [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
16:18:55.0488 0x1dbc RasAcd - ok
16:18:55.0515 0x1dbc [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
16:18:55.0519 0x1dbc RasAgileVpn - ok
16:18:55.0528 0x1dbc [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\windows\System32\rasauto.dll
16:18:55.0534 0x1dbc RasAuto - ok
16:18:55.0548 0x1dbc [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
16:18:55.0553 0x1dbc Rasl2tp - ok
16:18:55.0600 0x1dbc [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\windows\System32\rasmans.dll
16:18:55.0617 0x1dbc RasMan - ok
16:18:55.0637 0x1dbc [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
16:18:55.0642 0x1dbc RasPppoe - ok
16:18:55.0657 0x1dbc [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
16:18:55.0661 0x1dbc RasSstp - ok
16:18:55.0703 0x1dbc [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
16:18:55.0714 0x1dbc rdbss - ok
16:18:55.0739 0x1dbc [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
16:18:55.0743 0x1dbc rdpbus - ok
16:18:55.0774 0x1dbc [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
16:18:55.0776 0x1dbc RDPCDD - ok
16:18:55.0816 0x1dbc [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\windows\system32\drivers\rdpdr.sys
16:18:55.0822 0x1dbc RDPDR - ok
16:18:55.0839 0x1dbc [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
16:18:55.0842 0x1dbc RDPENCDD - ok
16:18:55.0855 0x1dbc [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
16:18:55.0857 0x1dbc RDPREFMP - ok
16:18:55.0940 0x1dbc [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
16:18:55.0983 0x1dbc RDPWD - ok
16:18:56.0112 0x1dbc [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\windows\system32\drivers\rdyboost.sys
16:18:56.0121 0x1dbc rdyboost - ok
16:18:56.0150 0x1dbc [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\windows\System32\mprdim.dll
16:18:56.0156 0x1dbc RemoteAccess - ok
16:18:56.0176 0x1dbc [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\windows\system32\regsvc.dll
16:18:56.0185 0x1dbc RemoteRegistry - ok
16:18:56.0229 0x1dbc [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
16:18:56.0235 0x1dbc RFCOMM - ok
16:18:56.0256 0x1dbc [ 3DCA561AAF776AA2E356FB5B142AA5F8, E11F6776F02A09D64FDBB23D7169AB5467E0D8684AACB3D7CA8FAC42F3A02677 ] rimspci C:\windows\system32\DRIVERS\rimspe64.sys
16:18:56.0260 0x1dbc rimspci - ok
16:18:56.0267 0x1dbc [ C4581F04AA130892555B821F1FBAA151, 8D517EE442A331AFE768A23067AAFE1491F94F66A58C5184823DF1CEB8DC53A0 ] risdpcie C:\windows\system32\DRIVERS\risdpe64.sys
16:18:56.0271 0x1dbc risdpcie - ok
16:18:56.0307 0x1dbc [ A4579105A3C5B6290701EAD0C153E07A, C1070C93309FBD3D67E8BAFDF2B8FFE83D4F877396B21816F8AAC0FDE68335CC ] rixdpcie C:\windows\system32\DRIVERS\rixdpe64.sys
16:18:56.0311 0x1dbc rixdpcie - ok
16:18:56.0495 0x1dbc [ C48AE8B3067261A48FCC31979A3A1EB9, 90C1AE8D76905BA49D9973DE16E1D9C5EC27E44DFCBA955499CC6E9270DF884D ] RoxMediaDB10 c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
16:18:56.0562 0x1dbc RoxMediaDB10 - ok
16:18:56.0581 0x1dbc [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
16:18:56.0586 0x1dbc RpcEptMapper - ok
16:18:56.0606 0x1dbc [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\windows\system32\locator.exe
16:18:56.0609 0x1dbc RpcLocator - ok
16:18:56.0657 0x1dbc [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\windows\System32\rpcss.dll
16:18:56.0673 0x1dbc RpcSs - ok
16:18:56.0709 0x1dbc [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
16:18:56.0713 0x1dbc rspndr - ok
16:18:56.0745 0x1dbc [ 26E0D15FB1835F7ED638F157CCD2E04D, BA9BCC97B1A28B5A3882291B3284782547030FAE9903C82D110B6A2809D4EB8B ] RsvLock C:\windows\system32\drivers\RsvLock.sys
16:18:56.0748 0x1dbc RsvLock - ok
16:18:56.0774 0x1dbc [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\windows\system32\drivers\vms3cap.sys
16:18:56.0776 0x1dbc s3cap - ok
16:18:56.0782 0x1dbc [ 6EF8E5E3A079C97C70915CF740E89977, E7A0FBBE734C79385DD620C16C2337EF1D97161C67CBE84C50CDDDC3E22991C8 ] SafeBoot C:\windows\system32\drivers\SafeBoot.sys
16:18:56.0783 0x1dbc Suspicious file ( NoAccess ): C:\windows\system32\drivers\SafeBoot.sys. md5: 6EF8E5E3A079C97C70915CF740E89977, sha256: E7A0FBBE734C79385DD620C16C2337EF1D97161C67CBE84C50CDDDC3E22991C8
16:18:56.0793 0x1dbc SafeBoot - detected LockedFile.Multi.Generic ( 1 )

VIRY.CZ

Notebook nejde zapnout

Notebook nejde zapnout

Re: Notebook nejde zapnout

Re: Notebook nejde zapnout

Re: Notebook nejde zapnout

Re: Notebook nejde zapnout

Re: Notebook nejde zapnout

Re: Notebook nejde zapnout

Re: Notebook nejde zapnout

Re: Notebook nejde zapnout

Re: Notebook nejde zapnout

Re: Notebook nejde zapnout

Re: Notebook nejde zapnout

Re: Notebook nejde zapnout

Re: Notebook nejde zapnout

Re: Notebook nejde zapnout