igfxupdate.exe

[cernohous13]

Můžeš kouknout do složky
C:\Windows\SYSWOW64\update ?

u C:\1 předpokládám, že to je tvoje

[valda]

tak v té složce update už ten soubor není.vymazal jsem ho.

[cernohous13]

O vymazání vím - jsou v té složce další soubory nebo ji můžu smazat (nemám Win7 abych se přesvědčil)

Je v současné době problém vytížení CPU odstraněn?

[valda]

tu je screen.nevěděl jsem jak jinak napsat co je v té složce update.a pc už nejede na 100% a vypadá to lepší. http://ulozto.cz/xY7iwpz/soubor-update-jpg

[cernohous13]

v pořádku, složka se tváří jako systémová, tak ji necháme být

ještě maličko uklidíme

Stáhni OTM z jednoho odkazu a rozbal nejlépe na plochu.
http://oldtimer.geekstogo.com/OTM.exe
http://www.itxassociates.com/OT-Tools/OTM.exe

Spusť program „OTM.exe“ (pro Vistu a Win7 – pravým a „Run As Administrator“).
Do okna pod žlutou čáru vlož celý text zeleným písmem ze „Scriptu“

Klikni na červené „Moveit!“

Při nabídce restartu „YES“
a log potom najdeš v C:\_OTM\MovedFiles\ - dej mi ho sem na kontrolu

Script OTM

Kód: Vybrat vše

:commands
[emptytemp]
[emptyflash]
[emptyjava]
[clearallrestorepoints]
[reboot]
:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s
C:\Windows\system32\SearchEngine.dat
C:\Windows\system32\SearchIndexer.dll

[valda]

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: Administrator.tata-PC
->Temp folder emptied: 155262 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 11218454 bytes
->Flash cache emptied: 492 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: tata
->Temp folder emptied: 2823038 bytes
->Temporary Internet Files folder emptied: 4620207 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 65217377 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 30981 bytes
->Flash cache emptied: 931 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 5517826 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 216719 bytes

Total Files Cleaned = 86,00 mb


[EMPTYFLASH]

User: Administrator

User: Administrator.tata-PC
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

User: tata
->Flash cache emptied: 0 bytes

User: UpdatusUser

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: Administrator

User: Administrator.tata-PC

User: All Users

User: Default

User: Default User

User: Public

User: tata
->Java cache emptied: 0 bytes

User: UpdatusUser

Total Java Files Cleaned = 0,00 mb


Error creating restore point.
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP434.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP54E4.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP718A.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP71D5.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7741.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP79C9.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE7BF.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP1117.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP1748.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP1860.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP2433.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP2D3B.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP2F9B.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP4CF7.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP5714.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6455.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP8ED8.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPAD7D.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPB3B5.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPBC0E.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPC16B.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPC9B5.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPCCB0.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPD8B.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE81.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPEE75.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPF2F5.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPF664.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPF9DB.tmp folder moved successfully.
C:\Windows\System32\catroot\TMP2E20.tmp moved successfully.
File/Folder C:\Windows\system32\SearchEngine.dat not found.
File/Folder C:\Windows\system32\SearchIndexer.dll not found.

OTM by OldTimer - Version 3.1.21.0 log created on 12102012_231620

Files moved on Reboot...
C:\Users\tata\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File C:\Users\tata\AppData\Local\Mozilla\Firefox\Profiles\3m1obsv1.default-1353393322373\startupCache\startupCache.4.little not found!
File C:\Users\tata\AppData\Local\Mozilla\Firefox\Profiles\3m1obsv1.default-1353393322373\safebrowsing\test-phish-simple-1.cache not found!

Registry entries deleted on Reboot...

[cernohous13]

Spusť opět OTM -> CleanUp! - odinstaluje a vyčistí po sobě.

Můžeš mi dát aktuální RSIT?

[valda]

Logfile of random's system information tool 1.09 (written by random/random)
Run by tata at 2012-12-11 06:34:21
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 69 GB (39%) free of 175 GB
Total RAM: 4095 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:34:33, on 11.12.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
C:\Program Files\trend micro\tata.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Norton Disk Doctor Service (DiskDoctorService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Guard.Mail.ru - Unknown owner - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Utilities 16 Start Manager Service (NU16StartManagerSvc) - Unknown owner - C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Norton SpeedDisk Service (SpeedDiskService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9252 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE 0x134
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
taskeng.exe {A2C3F0BC-9E6F-49BE-805B-AD3E9651E23D}
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\alg.exe
"C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\diMaster.dll" /prefetch:1
"C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe"
"C:\Program Files\Raxco\PerfectDisk\PDAgent.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe"
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\vssvc.exe
"C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe"
"C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe" /TUStart /pid:2284
"C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe" /c /a /s UserSession2
"C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\explorer.exe /factory,{ceff45ee-c862-41de-aee2-a022c81eda92} -Embedding
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-1290298582-1327034294-2791487122-10001_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-1290298582-1327034294-2791487122-10001 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\tata\Downloads\RSITx64.exe"
C:\Windows\servicing\TrustedInstaller.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\NUAutoUpdate.job
C:\Windows\tasks\Registry Winner Schedule.job

=========Mozilla firefox=========

ProfilePath - C:\Users\tata\AppData\Roaming\Mozilla\Firefox\Profiles\3m1obsv1.default-1353393322373

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.110 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon Easy-PhotoPrint EX
"Path"=C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.7.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nokia.com/EnablerPlugin]
"Description"=Nokia Suite Enabler Plugin
"Path"=C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@software602.cz/602XML Filler]
"Description"=602XML Filler Plugin
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.110 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\extensions\
{5ddeb737-082c-48fb-8c06-aa4b38d61e5f}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\plugins\
nppdf32.dll
npwachk.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\tata\AppData\Roaming\Mozilla\Firefox\Profiles\3m1obsv1.default-1353393322373\extensions\
synchronize@nokia.suite
{ea614400-e918-4741-9a97-7a972ff7c30b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 6670496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coIEPlg.dll [2012-09-26 511968]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Norton Vulnerability Protection - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\IPS\IPSBHO.DLL [2012-06-21 210400]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-09-02 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-09-02 157672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-02-13 3481408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4Sync]
C:\Program Files (x86)\4Sync\4Sync.exe [2012-10-11 11926560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AshSnap]
C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe [2011-12-12 3249032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 112512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CachemanTray]
C:\Program Files (x86)\Cacheman\CachemanTray.exe [2012-01-07 392544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2010-07-26 2782096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\Program Files (x86)\Free Download Manager\fdm.exe [2011-12-28 6148096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\tata\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-14 116648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Guard.Mail.ru.gui]
C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [2012-04-14 1564368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files (x86)\ICQ7.7\ICQ.exe [2012-04-14 127040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
C:\Windows\RaidTool\xInsIDE.exe [2010-09-07 43608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeePass 2 PreLoad]
C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2012-01-05 1823744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
C:\Windows\PixArt\PAC207\Monitor.exe [2006-11-03 319488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSU_agent]
C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe [2012-02-28 190768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\Program Files\OO Software\Defrag\oodtray.exe [2011-11-17 3994960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerDVD12Agent]
C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe [2012-01-12 371256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerDVD12DMREngine]
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe [2012-01-02 501544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Print2PDF Print Monitor]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2012-09-26 13196432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-11-09 17877168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSDMonitor]
C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe [2012-09-29 104480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files (x86)\Winamp\winampa.exe [2012-06-20 74752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 6670496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStartupSound"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoInstrumentation"=1
"NoSMBalloonTip"=0
"NoDesktopCleanupWizard"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cachemancontrol.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvstlink.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvstview.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oodcnt.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdvdlaunchpolicy.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerdvd12.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\registrywinner.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\unins000.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-12-11 06:34:21 ----D---- C:\rsit
2012-12-06 10:44:53 ----ASH---- C:\hiberfil.sys
2012-12-04 21:15:04 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-12-04 17:39:11 ----A---- C:\Windows\system32\SearchEngine.dat
2012-12-04 17:39:10 ----A---- C:\Windows\system32\SearchIndexer.dll
2012-12-04 17:39:08 ----D---- C:\Windows\SYSWOW64\update
2012-11-27 09:35:13 ----D---- C:\Users\tata\AppData\Roaming\Norton Utilities 16
2012-11-27 09:27:13 ----A---- C:\Windows\system32\CleanMFT64.exe
2012-11-27 09:27:12 ----A---- C:\Windows\SYSWOW64\msxml.dll
2012-11-27 09:27:09 ----D---- C:\Program Files (x86)\Symantec
2012-11-27 09:26:32 ----D---- C:\ProgramData\Symantec
2012-11-27 09:26:31 ----D---- C:\Users\tata\AppData\Roaming\Product_NU16
2012-11-25 18:08:34 ----A---- C:\Windows\system32\FNTCACHE.DAT
2012-11-24 12:49:00 ----D---- C:\ProgramData\Raxco
2012-11-24 12:48:59 ----D---- C:\Program Files\Raxco
2012-11-24 12:48:59 ----D---- C:\Program Files\Common Files\Raxco
2012-11-19 23:38:59 ----D---- C:\Users\tata\AppData\Roaming\ts3overlay
2012-11-19 22:26:08 ----D---- C:\Users\tata\AppData\Roaming\TS3Client
2012-11-16 07:35:01 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-11-16 07:35:01 ----A---- C:\Windows\system32\mshtmled.dll
2012-11-16 07:35:00 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2012-11-16 07:34:59 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2012-11-16 07:34:59 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-11-16 07:34:59 ----A---- C:\Windows\system32\ieUnatt.exe
2012-11-16 07:34:59 ----A---- C:\Windows\system32\ieui.dll
2012-11-16 07:34:58 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-11-16 07:34:58 ----A---- C:\Windows\SYSWOW64\url.dll
2012-11-16 07:34:58 ----A---- C:\Windows\system32\urlmon.dll
2012-11-16 07:34:58 ----A---- C:\Windows\system32\url.dll
2012-11-16 07:34:57 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2012-11-16 07:34:57 ----A---- C:\Windows\system32\msfeeds.dll
2012-11-16 07:34:57 ----A---- C:\Windows\system32\jscript9.dll
2012-11-16 07:34:56 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-11-16 07:34:56 ----A---- C:\Windows\system32\wininet.dll
2012-11-16 07:34:56 ----A---- C:\Windows\system32\jsproxy.dll
2012-11-16 07:34:55 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-11-16 07:34:55 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-11-16 07:34:55 ----A---- C:\Windows\system32\vbscript.dll
2012-11-16 07:34:55 ----A---- C:\Windows\system32\jscript.dll
2012-11-16 07:34:55 ----A---- C:\Windows\system32\iertutil.dll
2012-11-16 07:34:54 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-11-16 07:34:54 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-11-16 07:34:52 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-11-16 07:34:52 ----A---- C:\Windows\system32\mshtml.dll
2012-11-16 07:34:51 ----A---- C:\Windows\system32\ieframe.dll
2012-11-16 07:34:50 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-11-16 07:07:57 ----A---- C:\Windows\system32\win32k.sys
2012-11-16 07:07:43 ----A---- C:\Windows\SYSWOW64\synceng.dll
2012-11-16 07:07:43 ----A---- C:\Windows\system32\synceng.dll
2012-11-13 09:28:41 ----D---- C:\Users\tata\AppData\Roaming\Opera
2012-11-13 09:28:22 ----D---- C:\Program Files (x86)\Opera

======List of files/folders modified in the last 1 month======

2099-01-14 00:14:24 ----D---- C:\ProgramData\Norton
2012-12-11 06:34:33 ----D---- C:\Windows\system32\config
2012-12-11 06:34:27 ----D---- C:\Program Files\trend micro
2012-12-11 06:32:22 ----D---- C:\Windows\Temp
2012-12-11 06:32:15 ----SHD---- C:\System Volume Information
2012-12-11 06:31:11 ----AD---- C:\ProgramData\TEMP
2012-12-10 23:18:14 ----D---- C:\Windows\system32\catroot
2012-12-10 20:01:39 ----D---- C:\Users\tata\AppData\Roaming\ICQ
2012-12-10 16:13:46 ----D---- C:\Windows\System32
2012-12-10 16:13:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-12-10 16:13:45 ----D---- C:\Windows\inf
2012-12-10 13:00:19 ----RSD---- C:\Windows\assembly
2012-12-10 12:59:11 ----D---- C:\Windows\Logs
2012-12-10 12:49:41 ----D---- C:\Users\tata\AppData\Roaming\DAEMON Tools Lite
2012-12-10 09:26:24 ----D---- C:\Windows\system32\Tasks
2012-12-10 06:25:39 ----D---- C:\Windows\SysWOW64
2012-12-09 21:24:50 ----D---- C:\Users\tata\AppData\Roaming\vlc
2012-12-09 09:15:04 ----RD---- C:\Program Files (x86)
2012-12-09 09:13:53 ----SHD---- C:\Windows\Installer
2012-12-09 09:04:20 ----D---- C:\Windows\Minidump
2012-12-09 09:04:14 ----D---- C:\Windows
2012-12-06 20:26:19 ----D---- C:\Windows\system32\catroot2
2012-12-06 10:52:48 ----D---- C:\Users\tata\AppData\Roaming\Skype
2012-12-06 10:01:03 ----D---- C:\Program Files (x86)\JDownloader
2012-12-06 09:38:49 ----D---- C:\Users\tata\AppData\Roaming\Winamp
2012-12-06 08:52:12 ----SD---- C:\ProgramData\Microsoft
2012-12-06 08:36:43 ----D---- C:\Program Files (x86)\Windows Doctor
2012-12-05 11:43:21 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2012-12-04 08:46:02 ----D---- C:\ProgramData\Skype
2012-12-04 08:45:46 ----RD---- C:\Program Files (x86)\Skype
2012-12-04 08:45:46 ----D---- C:\Program Files (x86)\Common Files
2012-12-03 13:12:59 ----D---- C:\Program Files (x86)\Garmin
2012-11-29 19:01:38 ----D---- C:\Windows\Tasks
2012-11-29 09:45:37 ----SD---- C:\Users\tata\AppData\Roaming\Microsoft
2012-11-27 09:26:32 ----HD---- C:\ProgramData
2012-11-25 18:08:41 ----D---- C:\Windows\debug
2012-11-24 13:52:53 ----D---- C:\Users\tata\AppData\Roaming\Nokia
2012-11-24 13:45:59 ----D---- C:\Program Files (x86)\Nokia
2012-11-24 12:49:01 ----D---- C:\Windows\system32\drivers
2012-11-24 12:48:59 ----RD---- C:\Program Files
2012-11-24 12:48:59 ----D---- C:\Program Files\Common Files
2012-11-21 16:42:16 ----D---- C:\ProgramData\Microsoft Help
2012-11-21 15:25:59 ----D---- C:\Program Files (x86)\Registry Winner
2012-11-21 15:05:44 ----D---- C:\Users\tata\AppData\Roaming\Free Download Manager
2012-11-21 15:05:44 ----D---- C:\Users\tata\AppData\Roaming\BitTorrent
2012-11-21 15:04:27 ----D---- C:\Program Files\CCleaner
2012-11-21 12:33:05 ----D---- C:\Users\tata\AppData\Roaming\Mumble
2012-11-20 10:59:09 ----D---- C:\Windows\winsxs
2012-11-16 09:49:07 ----D---- C:\Windows\Microsoft.NET
2012-11-16 07:50:32 ----D---- C:\Windows\SYSWOW64\migration
2012-11-16 07:50:32 ----D---- C:\Program Files (x86)\Internet Explorer
2012-11-16 07:50:31 ----D---- C:\Windows\system32\migration
2012-11-16 07:50:31 ----D---- C:\Program Files\Internet Explorer
2012-11-16 07:27:32 ----A---- C:\Windows\system32\MRT.exe
2012-11-16 07:25:33 ----A---- C:\Windows\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [2012-03-31 120920]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-03-09 564792]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\N360x64\0604000.009\SYMDS64.SYS [2011-08-15 451192]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\N360x64\0604000.009\SYMEFA64.SYS [2012-05-22 1129120]
R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-10-24 1384608]
R1 ccSet_N360;Norton 360 Settings Manager; C:\Windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys [2012-06-07 167072]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2012-11-29 484512]
R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20121205.001\IDSvia64.sys [2012-09-06 513184]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\N360x64\0604000.009\SRTSPX64.SYS [2012-07-06 37536]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\N360x64\0604000.009\Ironx64.SYS [2011-11-16 190072]
R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\N360x64\0604000.009\SYMNETS.SYS [2011-11-16 405624]
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2012-02-29 231376]
R2 DefragFS;DefragFS; C:\Windows\system32\drivers\DefragFS.sys [2012-09-11 126232]
R2 DRHARD64;DRHARD64; \??\C:\Windows\system32\drivers\DRHARD64.sys [2011-11-03 21984]
R2 DRHMSR64;DRHMSR64; \??\C:\Windows\system32\drivers\DRHMSR64.sys [2011-12-06 14760]
R2 NPF;NetGroup Packet Filter Driver; \??\C:\Windows\system32\drivers\npf.sys [2012-11-02 35344]
R2 ntk_PowerDVD12;ntk_PowerDVD12; \??\C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2011-10-27 82928]
R2 PDFSFilter;PDFsFilter; C:\Windows\system32\DRIVERS\PDFsFilter.sys [2012-08-23 83224]
R3 anvsnddrv;AnvSoft Virtual Sound Device; C:\Windows\system32\drivers\anvsnddrv.sys [2011-11-28 33872]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\Windows\system32\DRIVERS\l160x64.sys [2009-10-13 61440]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-28 138912]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-09-26 4155536]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 15416]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121209.006\ENG64.SYS [2012-12-10 126112]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121209.006\EX64.SYS [2012-12-10 2084000]
R3 PAC207;Trust WB-1400T Webcam; C:\Windows\system32\DRIVERS\PFC027.SYS [2007-05-14 573952]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\Windows\system32\DRIVERS\seehcri.sys [2012-07-24 34032]
R3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\N360x64\0604000.009\SRTSP64.SYS [2012-07-06 737952]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2012-07-30 175736]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-09-18 11880]
S2 PARLDR2K;ParLdr2k; \??\C:\Windows\system32\drivers\parldr2k.sys []
S3 7ByteIo;7ByteIo; \??\C:\Program Files (x86)\Hot CPU Tester Pro 4 LE\SysInfoX64.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 DRHARD;DRHARD; \??\C:\Windows\system32\DRIVERS\DRHARD.SYS []
S3 DrvAgent64;DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [2012-04-05 21712]
S3 dump_wmimmc;dump_wmimmc; \??\C:\L2\lineage2\system\GameGuard\dump_wmimmc.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2012-06-11 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2012-06-11 27136]
S3 nmwcdnsucx64;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsucx64.sys [2012-06-11 12800]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys [2012-06-11 171008]
S3 NPPTNT2;NPPTNT2; \??\C:\Windows\syswow64\npptNT2.sys [2009-04-06 4682]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2012-06-27 26112]
S3 PRODIGY;PRODIGY; C:\Windows\System32\Drivers\PRODIGY.SYS [2006-08-29 32377]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 SWDUMon;SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [2012-10-29 13920]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2012-06-11 9216]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-21 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2012-06-11 9216]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 602XML Updater;602Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R2 Guard.Mail.ru;Guard.Mail.ru; C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [2012-04-14 1564368]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
R2 N360;Norton 360; C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe [2012-06-16 138272]
R2 NU16StartManagerSvc;Norton Utilities 16 Start Manager Service; C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [2012-09-29 792608]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-10-02 891240]
R2 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2012-10-04 1976696]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-09-19 2365792]
R3 PDEngine;PDEngine; C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe [2012-10-04 3367288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-02 1258856]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-09 250808]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 DiskDoctorService;Norton Disk Doctor Service; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [2012-09-29 1147424]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2012-09-20 50899608]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-12-04 115168]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2012-10-03 725400]
S3 SpeedDiskService;Norton SpeedDisk Service; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [2012-09-29 1160224]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-02-29 1255736]
S4 CachemanService;Cacheman Service; C:\Program Files (x86)\Cacheman\CachemanServ.exe [2012-01-05 236896]
S4 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-01-12 87336]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-01-12 75048]
S4 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-01-12 296232]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-01 116648]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-01 116648]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 OODefragAgent;O&O Defrag; C:\Program Files\OO Software\Defrag\oodag.exe [2011-11-17 3273552]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]

-----------------EOF-----------------

[cernohous13]

OTM
File/Folder C:\Windows\system32\SearchEngine.dat not found.
File/Folder C:\Windows\system32\SearchIndexer.dll not found.

RSIT
2012-12-04 17:39:11 ----A---- C:\Windows\system32\SearchEngine.dat
2012-12-04 17:39:10 ----A---- C:\Windows\system32\SearchIndexer.dll

Zkusíme jestli v 64bit verzi funguje kladivo

Stahni Avenger zde:
http://swandog46.geekstogo.com/avenger.exe
Spusť a všude souhlas „Yes“
Hlavní okno

dole dej fajfku do obou čtverečků

Do pole „Input script here“ zkopíruj zelený text scriptu -> „Execute“ -> „Yes“
Bude restart a je potřeba vyčkat na otevření Notepadu a jeho obsah sem vložit. (C:\avenger.txt)

Script

Kód: Vybrat vše

Files to delete:
C:\Windows\system32\SearchEngine.dat
C:\Windows\system32\SearchIndexer.dll

[valda]

Files to delete:
C:\Windows\system32\SearchEngine.dat
C:\Windows\system32\SearchIndexer.dll

znovu log
Logfile of random's system information tool 1.09 (written by random/random)
Run by tata at 2012-12-11 08:56:13
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 67 GB (38%) free of 175 GB
Total RAM: 4095 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:56:19, on 11.12.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\tata.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Norton Disk Doctor Service (DiskDoctorService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Guard.Mail.ru - Unknown owner - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Utilities 16 Start Manager Service (NU16StartManagerSvc) - Unknown owner - C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Norton SpeedDisk Service (SpeedDiskService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9304 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE 0x184
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\alg.exe
"C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\diMaster.dll" /prefetch:1
"C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe"
"C:\Program Files\Raxco\PerfectDisk\PDAgent.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe"
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe"
"C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe"
"taskhost.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe" /c /a /s UserSession2
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe"
"C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe" /TUStart /pid:1556
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\explorer.exe /factory,{ceff45ee-c862-41de-aee2-a022c81eda92} -Embedding
"C:\Windows\system32\NOTEPAD.EXE" C:\eiywdlr.txt
"C:\Users\tata\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\NUAutoUpdate.job
C:\Windows\tasks\Registry Winner Schedule.job

=========Mozilla firefox=========

ProfilePath - C:\Users\tata\AppData\Roaming\Mozilla\Firefox\Profiles\3m1obsv1.default-1353393322373

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.110 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon Easy-PhotoPrint EX
"Path"=C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.7.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nokia.com/EnablerPlugin]
"Description"=Nokia Suite Enabler Plugin
"Path"=C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@software602.cz/602XML Filler]
"Description"=602XML Filler Plugin
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.110 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\extensions\
{5ddeb737-082c-48fb-8c06-aa4b38d61e5f}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\plugins\
nppdf32.dll
npwachk.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\tata\AppData\Roaming\Mozilla\Firefox\Profiles\3m1obsv1.default-1353393322373\extensions\
synchronize@nokia.suite
{ea614400-e918-4741-9a97-7a972ff7c30b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 6670496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coIEPlg.dll [2012-09-26 511968]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Norton Vulnerability Protection - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\IPS\IPSBHO.DLL [2012-06-21 210400]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-09-02 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-09-02 157672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-02-13 3481408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4Sync]
C:\Program Files (x86)\4Sync\4Sync.exe [2012-10-11 11926560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AshSnap]
C:\Program Files (x86)\Ashampoo\Ashampoo Snap 5\ashsnap.exe [2011-12-12 3249032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 112512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CachemanTray]
C:\Program Files (x86)\Cacheman\CachemanTray.exe [2012-01-07 392544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2010-07-26 2782096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\Program Files (x86)\Free Download Manager\fdm.exe [2011-12-28 6148096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\tata\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-14 116648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Guard.Mail.ru.gui]
C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [2012-04-14 1564368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files (x86)\ICQ7.7\ICQ.exe [2012-04-14 127040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
C:\Windows\RaidTool\xInsIDE.exe [2010-09-07 43608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeePass 2 PreLoad]
C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2012-01-05 1823744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
C:\Windows\PixArt\PAC207\Monitor.exe [2006-11-03 319488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSU_agent]
C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe [2012-02-28 190768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\Program Files\OO Software\Defrag\oodtray.exe [2011-11-17 3994960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerDVD12Agent]
C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe [2012-01-12 371256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerDVD12DMREngine]
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe [2012-01-02 501544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Print2PDF Print Monitor]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2012-09-26 13196432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-11-09 17877168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSDMonitor]
C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe [2012-09-29 104480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files (x86)\Winamp\winampa.exe [2012-06-20 74752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 6670496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStartupSound"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoInstrumentation"=1
"NoSMBalloonTip"=0
"NoDesktopCleanupWizard"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cachemancontrol.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvstlink.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvstview.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oodcnt.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdvdlaunchpolicy.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerdvd12.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\registrywinner.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\unins000.exe]
"Debugger=""C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-12-11 08:42:55 ----ASH---- C:\hiberfil.sys
2012-12-11 08:40:56 ----A---- C:\Windows\SYSWOW64\drivers\bodbxjs.sys
2012-12-11 08:40:56 ----A---- C:\eiywdlr.txt
2012-12-11 06:34:21 ----D---- C:\rsit
2012-12-04 21:15:04 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-12-04 17:39:11 ----A---- C:\Windows\system32\SearchEngine.dat
2012-12-04 17:39:10 ----A---- C:\Windows\system32\SearchIndexer.dll
2012-12-04 17:39:08 ----D---- C:\Windows\SYSWOW64\update
2012-11-27 09:35:13 ----D---- C:\Users\tata\AppData\Roaming\Norton Utilities 16
2012-11-27 09:27:13 ----A---- C:\Windows\system32\CleanMFT64.exe
2012-11-27 09:27:12 ----A---- C:\Windows\SYSWOW64\msxml.dll
2012-11-27 09:27:09 ----D---- C:\Program Files (x86)\Symantec
2012-11-27 09:26:32 ----D---- C:\ProgramData\Symantec
2012-11-27 09:26:31 ----D---- C:\Users\tata\AppData\Roaming\Product_NU16
2012-11-25 18:08:34 ----A---- C:\Windows\system32\FNTCACHE.DAT
2012-11-24 12:49:00 ----D---- C:\ProgramData\Raxco
2012-11-24 12:48:59 ----D---- C:\Program Files\Raxco
2012-11-24 12:48:59 ----D---- C:\Program Files\Common Files\Raxco
2012-11-19 23:38:59 ----D---- C:\Users\tata\AppData\Roaming\ts3overlay
2012-11-19 22:26:08 ----D---- C:\Users\tata\AppData\Roaming\TS3Client
2012-11-16 07:35:01 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-11-16 07:35:01 ----A---- C:\Windows\system32\mshtmled.dll
2012-11-16 07:35:00 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2012-11-16 07:34:59 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2012-11-16 07:34:59 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-11-16 07:34:59 ----A---- C:\Windows\system32\ieUnatt.exe
2012-11-16 07:34:59 ----A---- C:\Windows\system32\ieui.dll
2012-11-16 07:34:58 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-11-16 07:34:58 ----A---- C:\Windows\SYSWOW64\url.dll
2012-11-16 07:34:58 ----A---- C:\Windows\system32\urlmon.dll
2012-11-16 07:34:58 ----A---- C:\Windows\system32\url.dll
2012-11-16 07:34:57 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2012-11-16 07:34:57 ----A---- C:\Windows\system32\msfeeds.dll
2012-11-16 07:34:57 ----A---- C:\Windows\system32\jscript9.dll
2012-11-16 07:34:56 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-11-16 07:34:56 ----A---- C:\Windows\system32\wininet.dll
2012-11-16 07:34:56 ----A---- C:\Windows\system32\jsproxy.dll
2012-11-16 07:34:55 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-11-16 07:34:55 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-11-16 07:34:55 ----A---- C:\Windows\system32\vbscript.dll
2012-11-16 07:34:55 ----A---- C:\Windows\system32\jscript.dll
2012-11-16 07:34:55 ----A---- C:\Windows\system32\iertutil.dll
2012-11-16 07:34:54 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-11-16 07:34:54 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-11-16 07:34:52 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-11-16 07:34:52 ----A---- C:\Windows\system32\mshtml.dll
2012-11-16 07:34:51 ----A---- C:\Windows\system32\ieframe.dll
2012-11-16 07:34:50 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-11-16 07:07:57 ----A---- C:\Windows\system32\win32k.sys
2012-11-16 07:07:43 ----A---- C:\Windows\SYSWOW64\synceng.dll
2012-11-16 07:07:43 ----A---- C:\Windows\system32\synceng.dll
2012-11-13 09:28:41 ----D---- C:\Users\tata\AppData\Roaming\Opera
2012-11-13 09:28:22 ----D---- C:\Program Files (x86)\Opera

======List of files/folders modified in the last 1 month======

2099-01-14 00:14:24 ----D---- C:\ProgramData\Norton
2012-12-11 08:56:16 ----D---- C:\Program Files\trend micro
2012-12-11 08:45:29 ----D---- C:\Windows\Temp
2012-12-11 08:44:23 ----SHD---- C:\System Volume Information
2012-12-11 08:43:44 ----AD---- C:\ProgramData\TEMP
2012-12-11 08:41:23 ----D---- C:\Windows\system32\config
2012-12-11 08:40:56 ----D---- C:\Windows\SYSWOW64\drivers
2012-12-11 08:24:46 ----D---- C:\Users\tata\AppData\Roaming\Winamp
2012-12-10 23:18:14 ----D---- C:\Windows\system32\catroot
2012-12-10 20:01:39 ----D---- C:\Users\tata\AppData\Roaming\ICQ
2012-12-10 16:13:46 ----D---- C:\Windows\System32
2012-12-10 16:13:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-12-10 16:13:45 ----D---- C:\Windows\inf
2012-12-10 13:00:19 ----RSD---- C:\Windows\assembly
2012-12-10 12:59:11 ----D---- C:\Windows\Logs
2012-12-10 12:49:41 ----D---- C:\Users\tata\AppData\Roaming\DAEMON Tools Lite
2012-12-10 09:26:24 ----D---- C:\Windows\system32\Tasks
2012-12-10 06:25:39 ----D---- C:\Windows\SysWOW64
2012-12-09 21:24:50 ----D---- C:\Users\tata\AppData\Roaming\vlc
2012-12-09 09:15:04 ----RD---- C:\Program Files (x86)
2012-12-09 09:13:53 ----SHD---- C:\Windows\Installer
2012-12-09 09:04:20 ----D---- C:\Windows\Minidump
2012-12-09 09:04:14 ----D---- C:\Windows
2012-12-06 20:26:19 ----D---- C:\Windows\system32\catroot2
2012-12-06 10:52:48 ----D---- C:\Users\tata\AppData\Roaming\Skype
2012-12-06 10:01:03 ----D---- C:\Program Files (x86)\JDownloader
2012-12-06 08:52:12 ----SD---- C:\ProgramData\Microsoft
2012-12-06 08:36:43 ----D---- C:\Program Files (x86)\Windows Doctor
2012-12-05 11:43:21 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2012-12-04 08:46:02 ----D---- C:\ProgramData\Skype
2012-12-04 08:45:46 ----RD---- C:\Program Files (x86)\Skype
2012-12-04 08:45:46 ----D---- C:\Program Files (x86)\Common Files
2012-12-03 13:12:59 ----D---- C:\Program Files (x86)\Garmin
2012-11-29 19:01:38 ----D---- C:\Windows\Tasks
2012-11-29 09:45:37 ----SD---- C:\Users\tata\AppData\Roaming\Microsoft
2012-11-27 09:26:32 ----HD---- C:\ProgramData
2012-11-25 18:08:41 ----D---- C:\Windows\debug
2012-11-24 13:52:53 ----D---- C:\Users\tata\AppData\Roaming\Nokia
2012-11-24 13:45:59 ----D---- C:\Program Files (x86)\Nokia
2012-11-24 12:49:01 ----D---- C:\Windows\system32\drivers
2012-11-24 12:48:59 ----RD---- C:\Program Files
2012-11-24 12:48:59 ----D---- C:\Program Files\Common Files
2012-11-21 16:42:16 ----D---- C:\ProgramData\Microsoft Help
2012-11-21 15:25:59 ----D---- C:\Program Files (x86)\Registry Winner
2012-11-21 15:05:44 ----D---- C:\Users\tata\AppData\Roaming\Free Download Manager
2012-11-21 15:05:44 ----D---- C:\Users\tata\AppData\Roaming\BitTorrent
2012-11-21 15:04:27 ----D---- C:\Program Files\CCleaner
2012-11-21 12:33:05 ----D---- C:\Users\tata\AppData\Roaming\Mumble
2012-11-20 10:59:09 ----D---- C:\Windows\winsxs
2012-11-16 09:49:07 ----D---- C:\Windows\Microsoft.NET
2012-11-16 07:50:32 ----D---- C:\Windows\SYSWOW64\migration
2012-11-16 07:50:32 ----D---- C:\Program Files (x86)\Internet Explorer
2012-11-16 07:50:31 ----D---- C:\Windows\system32\migration
2012-11-16 07:50:31 ----D---- C:\Program Files\Internet Explorer
2012-11-16 07:27:32 ----A---- C:\Windows\system32\MRT.exe
2012-11-16 07:25:33 ----A---- C:\Windows\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 JRAID;JRAID; C:\Windows\system32\DRIVERS\jraid.sys [2012-03-31 120920]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-03-09 564792]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\N360x64\0604000.009\SYMDS64.SYS [2011-08-15 451192]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\N360x64\0604000.009\SYMEFA64.SYS [2012-05-22 1129120]
R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-10-24 1384608]
R1 ccSet_N360;Norton 360 Settings Manager; C:\Windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys [2012-06-07 167072]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2012-11-29 484512]
R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20121208.001\IDSvia64.sys [2012-09-06 513184]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\N360x64\0604000.009\SRTSPX64.SYS [2012-07-06 37536]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\N360x64\0604000.009\Ironx64.SYS [2011-11-16 190072]
R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\N360x64\0604000.009\SYMNETS.SYS [2011-11-16 405624]
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2012-02-29 231376]
R2 DefragFS;DefragFS; C:\Windows\system32\drivers\DefragFS.sys [2012-09-11 126232]
R2 DRHARD64;DRHARD64; \??\C:\Windows\system32\drivers\DRHARD64.sys [2011-11-03 21984]
R2 DRHMSR64;DRHMSR64; \??\C:\Windows\system32\drivers\DRHMSR64.sys [2011-12-06 14760]
R2 NPF;NetGroup Packet Filter Driver; \??\C:\Windows\system32\drivers\npf.sys [2012-11-02 35344]
R2 ntk_PowerDVD12;ntk_PowerDVD12; \??\C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2011-10-27 82928]
R2 PDFSFilter;PDFsFilter; C:\Windows\system32\DRIVERS\PDFsFilter.sys [2012-08-23 83224]
R3 anvsnddrv;AnvSoft Virtual Sound Device; C:\Windows\system32\drivers\anvsnddrv.sys [2011-11-28 33872]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\Windows\system32\DRIVERS\l160x64.sys [2009-10-13 61440]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-28 138912]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-09-26 4155536]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 15416]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121210.018\ENG64.SYS [2012-12-11 126112]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121210.018\EX64.SYS [2012-12-11 2084000]
R3 PAC207;Trust WB-1400T Webcam; C:\Windows\system32\DRIVERS\PFC027.SYS [2007-05-14 573952]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\Windows\system32\DRIVERS\seehcri.sys [2012-07-24 34032]
R3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\N360x64\0604000.009\SRTSP64.SYS [2012-07-06 737952]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2012-07-30 175736]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-09-18 11880]
S0 jdfer;jdfer; C:\Windows\system32\drivers\bodbxjs.sys []
S2 PARLDR2K;ParLdr2k; \??\C:\Windows\system32\drivers\parldr2k.sys []
S3 7ByteIo;7ByteIo; \??\C:\Program Files (x86)\Hot CPU Tester Pro 4 LE\SysInfoX64.sys []
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 DRHARD;DRHARD; \??\C:\Windows\system32\DRIVERS\DRHARD.SYS []
S3 DrvAgent64;DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [2012-04-05 21712]
S3 dump_wmimmc;dump_wmimmc; \??\C:\L2\lineage2\system\GameGuard\dump_wmimmc.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2012-06-11 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2012-06-11 27136]
S3 nmwcdnsucx64;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsucx64.sys [2012-06-11 12800]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys [2012-06-11 171008]
S3 NPPTNT2;NPPTNT2; \??\C:\Windows\syswow64\npptNT2.sys [2009-04-06 4682]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2012-06-27 26112]
S3 PRODIGY;PRODIGY; C:\Windows\System32\Drivers\PRODIGY.SYS [2006-08-29 32377]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 SWDUMon;SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [2012-10-29 13920]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2012-06-11 9216]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-21 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2012-06-11 9216]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 602XML Updater;602Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R2 Guard.Mail.ru;Guard.Mail.ru; C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [2012-04-14 1564368]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
R2 N360;Norton 360; C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe [2012-06-16 138272]
R2 NU16StartManagerSvc;Norton Utilities 16 Start Manager Service; C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [2012-09-29 792608]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-10-02 891240]
R2 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2012-10-04 1976696]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-09-19 2365792]
R3 PDEngine;PDEngine; C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe [2012-10-04 3367288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-02 1258856]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-09 250808]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 DiskDoctorService;Norton Disk Doctor Service; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [2012-09-29 1147424]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2012-09-20 50899608]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-12-04 115168]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2012-10-03 725400]
S3 SpeedDiskService;Norton SpeedDisk Service; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [2012-09-29 1160224]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-02-29 1255736]
S4 CachemanService;Cacheman Service; C:\Program Files (x86)\Cacheman\CachemanServ.exe [2012-01-05 236896]
S4 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-01-12 87336]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-01-12 75048]
S4 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-01-12 296232]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-01 116648]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-01 116648]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 OODefragAgent;O&O Defrag; C:\Program Files\OO Software\Defrag\oodag.exe [2011-11-17 3273552]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]

-----------------EOF-----------------

[cernohous13]

Proboha kde jsi zase chytil toto:
2012-12-11 08:40:56 ----A---- C:\Windows\SYSWOW64\drivers\bodbxjs.sys
2012-12-11 08:40:56 ----A---- C:\iywdlr.txt

zkus to smazat, když se budou bránit, tak do scriptu Avengera (už jsme to dělali)

Stáhni TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe . Pak použij tento návod od kolegy:

Po stažení http://support.kaspersky.com/downloads/ ... killer.exe na plochu.

- spusť pravým myšítkem jako Administrator
- klik na volbu change parameters
- označ ve spodním okně obě možnosti (klik do čtverečku) -> OK
- klik na Start scan
- po ukončení kontroly objeví se okno, kde zkontroluj, zda se nachází všude volby Skip
- pokud ano klik na Continue
- pokud ne, v řádcích kde není uprav na Skip, nyní klik na Continue
- na disku C se objeví textový soubor majicí přibližně tvar TDSSKiller.2.6.2.0_27.09.2011_10.16.46_log
- obsah logu vlož do příspěvku.

[valda]

ale je zajímavé že ty dva soubory co jsem měl odmazat se vytvořili po tom avengeru a nakonec ten log od avengeru nebyl pod C:\avenger.txt ale pod C:\iywdlr.txt.

09:36:56.0525 3696 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
09:36:58.0225 3696 ============================================================
09:36:58.0225 3696 Current date / time: 2012/12/11 09:36:58.0225
09:36:58.0225 3696 SystemInfo:
09:36:58.0225 3696
09:36:58.0225 3696 OS Version: 6.1.7601 ServicePack: 1.0
09:36:58.0225 3696 Product type: Workstation
09:36:58.0225 3696 ComputerName: TATA-PC
09:36:58.0225 3696 UserName: tata
09:36:58.0225 3696 Windows directory: C:\Windows
09:36:58.0225 3696 System windows directory: C:\Windows
09:36:58.0225 3696 Running under WOW64
09:36:58.0225 3696 Processor architecture: Intel x64
09:36:58.0225 3696 Number of processors: 2
09:36:58.0225 3696 Page size: 0x1000
09:36:58.0225 3696 Boot type: Normal boot
09:36:58.0225 3696 ============================================================
09:36:59.0655 3696 Drive \Device\Harddisk1\DR1 - Size: 0x5D2710DE00 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:36:59.0675 3696 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:36:59.0685 3696 ============================================================
09:36:59.0685 3696 \Device\Harddisk1\DR1:
09:36:59.0685 3696 MBR partitions:
09:36:59.0685 3696 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x15624BFD
09:36:59.0705 3696 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x15624C7B, BlocksNum 0x1930F185
09:36:59.0705 3696 \Device\Harddisk0\DR0:
09:36:59.0705 3696 MBR partitions:
09:36:59.0705 3696 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x249F0000
09:36:59.0705 3696 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x249F0800, BlocksNum 0x249F0000
09:36:59.0705 3696 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x493E0800, BlocksNum 0x2B325000
09:36:59.0725 3696 ============================================================
09:36:59.0745 3696 C: <-> \Device\Harddisk1\DR1\Partition1
09:36:59.0755 3696 D: <-> \Device\Harddisk1\DR1\Partition2
09:36:59.0775 3696 F: <-> \Device\Harddisk0\DR0\Partition1
09:36:59.0805 3696 G: <-> \Device\Harddisk0\DR0\Partition2
09:36:59.0825 3696 H: <-> \Device\Harddisk0\DR0\Partition3
09:36:59.0835 3696 ============================================================
09:36:59.0835 3696 Initialize success
09:36:59.0835 3696 ============================================================
09:38:02.0605 3984 ============================================================
09:38:02.0605 3984 Scan started
09:38:02.0605 3984 Mode: Manual; SigCheck; TDLFS;
09:38:02.0605 3984 ============================================================
09:38:03.0595 3984 ================ Scan system memory ========================
09:38:03.0595 3984 System memory - ok
09:38:03.0595 3984 ================ Scan services =============================
09:38:03.0745 3984 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
09:38:04.0205 3984 1394ohci - ok
09:38:04.0315 3984 [ F11D68E40ED62FDB7C460C445F1EC4E5 ] 602XML Updater C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
09:38:04.0365 3984 602XML Updater - ok
09:38:04.0405 3984 7ByteIo - ok
09:38:04.0435 3984 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:38:04.0485 3984 ACPI - ok
09:38:04.0505 3984 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:38:04.0645 3984 AcpiPmi - ok
09:38:04.0715 3984 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:38:04.0765 3984 AdobeARMservice - ok
09:38:05.0005 3984 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:38:05.0055 3984 AdobeFlashPlayerUpdateSvc - ok
09:38:05.0095 3984 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
09:38:05.0155 3984 adp94xx - ok
09:38:05.0185 3984 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
09:38:05.0245 3984 adpahci - ok
09:38:05.0275 3984 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
09:38:05.0325 3984 adpu320 - ok
09:38:05.0345 3984 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:38:05.0545 3984 AeLookupSvc - ok
09:38:05.0585 3984 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
09:38:05.0715 3984 AFD - ok
09:38:05.0735 3984 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:38:05.0805 3984 agp440 - ok
09:38:05.0825 3984 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
09:38:05.0965 3984 ALG - ok
09:38:05.0985 3984 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
09:38:06.0035 3984 aliide - ok
09:38:06.0045 3984 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
09:38:06.0095 3984 amdide - ok
09:38:06.0115 3984 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
09:38:06.0195 3984 AmdK8 - ok
09:38:06.0215 3984 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
09:38:06.0295 3984 AmdPPM - ok
09:38:06.0325 3984 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:38:06.0395 3984 amdsata - ok
09:38:06.0425 3984 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
09:38:06.0485 3984 amdsbs - ok
09:38:06.0495 3984 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:38:06.0545 3984 amdxata - ok
09:38:06.0595 3984 [ E71711D37C48AC40FD3E2866A5ABBA51 ] anvsnddrv C:\Windows\system32\drivers\anvsnddrv.sys
09:38:06.0735 3984 anvsnddrv - ok
09:38:06.0775 3984 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
09:38:06.0975 3984 AppID - ok
09:38:06.0995 3984 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:38:07.0095 3984 AppIDSvc - ok
09:38:07.0105 3984 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
09:38:07.0175 3984 Appinfo - ok
09:38:07.0225 3984 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
09:38:07.0315 3984 AppMgmt - ok
09:38:07.0345 3984 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
09:38:07.0395 3984 arc - ok
09:38:07.0415 3984 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
09:38:07.0465 3984 arcsas - ok
09:38:07.0565 3984 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:38:07.0635 3984 aspnet_state - ok
09:38:07.0655 3984 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:38:07.0755 3984 AsyncMac - ok
09:38:07.0765 3984 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
09:38:07.0815 3984 atapi - ok
09:38:07.0835 3984 [ 940E5B876251E04FFFE058AD71FE0F1C ] AtcL001 C:\Windows\system32\DRIVERS\l160x64.sys
09:38:07.0945 3984 AtcL001 - ok
09:38:07.0985 3984 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:38:08.0065 3984 AudioEndpointBuilder - ok
09:38:08.0075 3984 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:38:08.0145 3984 AudioSrv - ok
09:38:08.0185 3984 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:38:08.0325 3984 AxInstSV - ok
09:38:08.0355 3984 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
09:38:08.0455 3984 b06bdrv - ok
09:38:08.0485 3984 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:38:08.0555 3984 b57nd60a - ok
09:38:08.0575 3984 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
09:38:08.0665 3984 BDESVC - ok
09:38:08.0685 3984 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
09:38:08.0775 3984 Beep - ok
09:38:08.0805 3984 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
09:38:08.0895 3984 BFE - ok
09:38:09.0065 3984 [ ED97ADAF00A61F57A2CCBBB1CE58C600 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20121130.005\BHDrvx64.sys
09:38:09.0135 3984 BHDrvx64 - ok
09:38:09.0175 3984 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
09:38:09.0265 3984 BITS - ok
09:38:09.0285 3984 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:38:09.0345 3984 blbdrive - ok
09:38:09.0385 3984 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:38:09.0485 3984 bowser - ok
09:38:09.0505 3984 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
09:38:09.0585 3984 BrFiltLo - ok
09:38:09.0615 3984 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
09:38:09.0675 3984 BrFiltUp - ok
09:38:09.0705 3984 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
09:38:09.0765 3984 Browser - ok
09:38:09.0785 3984 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:38:09.0865 3984 Brserid - ok
09:38:09.0885 3984 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:38:09.0945 3984 BrSerWdm - ok
09:38:09.0965 3984 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:38:10.0035 3984 BrUsbMdm - ok
09:38:10.0065 3984 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:38:10.0125 3984 BrUsbSer - ok
09:38:10.0145 3984 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
09:38:10.0215 3984 BTHMODEM - ok
09:38:10.0235 3984 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
09:38:10.0325 3984 bthserv - ok
09:38:10.0395 3984 [ D86CCDB5759BDC61A49E96DF425573ED ] CachemanService C:\Program Files (x86)\Cacheman\CachemanServ.exe
09:38:10.0445 3984 CachemanService - ok
09:38:10.0485 3984 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_N360 C:\Windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys
09:38:10.0545 3984 ccSet_N360 - ok
09:38:10.0595 3984 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:38:10.0665 3984 cdfs - ok
09:38:10.0685 3984 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:38:10.0745 3984 cdrom - ok
09:38:10.0765 3984 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
09:38:10.0855 3984 CertPropSvc - ok
09:38:10.0875 3984 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
09:38:10.0955 3984 circlass - ok
09:38:10.0975 3984 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
09:38:11.0065 3984 CLFS - ok
09:38:11.0145 3984 [ 4C6406CF07D4EBB70C5774D55C6688FB ] CLHNServiceForPowerDVD12 C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
09:38:11.0195 3984 CLHNServiceForPowerDVD12 - ok
09:38:11.0255 3984 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:38:11.0305 3984 clr_optimization_v2.0.50727_32 - ok
09:38:11.0345 3984 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:38:11.0395 3984 clr_optimization_v2.0.50727_64 - ok
09:38:11.0445 3984 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:38:11.0485 3984 clr_optimization_v4.0.30319_32 - ok
09:38:11.0505 3984 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:38:11.0585 3984 clr_optimization_v4.0.30319_64 - ok
09:38:11.0665 3984 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
09:38:11.0745 3984 CmBatt - ok
09:38:11.0755 3984 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:38:11.0805 3984 cmdide - ok
09:38:11.0835 3984 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
09:38:11.0935 3984 CNG - ok
09:38:11.0945 3984 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
09:38:11.0995 3984 Compbatt - ok
09:38:12.0015 3984 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
09:38:12.0075 3984 CompositeBus - ok
09:38:12.0085 3984 COMSysApp - ok
09:38:12.0105 3984 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
09:38:12.0155 3984 crcdisk - ok
09:38:12.0185 3984 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:38:12.0285 3984 CryptSvc - ok
09:38:12.0345 3984 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
09:38:12.0475 3984 CSC - ok
09:38:12.0495 3984 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
09:38:12.0565 3984 CscService - ok
09:38:12.0625 3984 [ EA22BCA708B37B82ADEBC822A171B92E ] CyberLink PowerDVD 12 Media Server Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
09:38:12.0675 3984 CyberLink PowerDVD 12 Media Server Monitor Service - ok
09:38:12.0705 3984 [ 3168D2F171A64590E7A11355CAE60A1E ] CyberLink PowerDVD 12 Media Server Service C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
09:38:12.0755 3984 CyberLink PowerDVD 12 Media Server Service - ok
09:38:12.0785 3984 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:38:12.0875 3984 DcomLaunch - ok
09:38:12.0915 3984 [ 7194353A9303E80BA0B22187E559EB13 ] DefragFS C:\Windows\system32\drivers\DefragFS.sys
09:38:12.0965 3984 DefragFS - ok
09:38:12.0995 3984 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
09:38:13.0085 3984 defragsvc - ok
09:38:13.0095 3984 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:38:13.0205 3984 DfsC - ok
09:38:13.0235 3984 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
09:38:13.0315 3984 Dhcp - ok
09:38:13.0335 3984 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
09:38:13.0415 3984 discache - ok
09:38:13.0465 3984 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
09:38:13.0515 3984 Disk - ok
09:38:13.0625 3984 [ AE39BAFDDDB0B27F1CFE3639423594B5 ] DiskDoctorService C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe
09:38:13.0695 3984 DiskDoctorService - ok
09:38:13.0745 3984 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
09:38:13.0845 3984 dmvsc - ok
09:38:13.0875 3984 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:38:13.0955 3984 Dnscache - ok
09:38:13.0975 3984 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:38:14.0055 3984 dot3svc - ok
09:38:14.0065 3984 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
09:38:14.0155 3984 DPS - ok
09:38:14.0175 3984 DRHARD - ok
09:38:14.0205 3984 [ 8D204535D6E0727DF89AF6D962A36359 ] DRHARD64 C:\Windows\system32\drivers\DRHARD64.sys
09:38:14.0255 3984 DRHARD64 - ok
09:38:14.0255 3984 [ 127332B4B278F0ABDDB9B74BA8F82D5E ] DRHMSR64 C:\Windows\system32\drivers\DRHMSR64.sys
09:38:14.0305 3984 DRHMSR64 - ok
09:38:14.0335 3984 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:38:14.0405 3984 drmkaud - ok
09:38:14.0525 3984 [ 1ED08A6264C5C92099D6D1DAE5E8F530 ] DrvAgent64 C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
09:38:14.0575 3984 DrvAgent64 - ok
09:38:14.0665 3984 dump_wmimmc - ok
09:38:14.0705 3984 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:38:14.0765 3984 DXGKrnl - ok
09:38:14.0795 3984 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
09:38:14.0875 3984 EapHost - ok
09:38:14.0965 3984 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
09:38:15.0105 3984 ebdrv - ok
09:38:15.0165 3984 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
09:38:15.0225 3984 eeCtrl - ok
09:38:15.0255 3984 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
09:38:15.0335 3984 EFS - ok
09:38:15.0385 3984 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:38:15.0475 3984 ehRecvr - ok
09:38:15.0475 3984 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
09:38:15.0535 3984 ehSched - ok
09:38:15.0575 3984 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
09:38:15.0625 3984 elxstor - ok
09:38:15.0695 3984 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
09:38:15.0745 3984 EraserUtilRebootDrv - ok
09:38:15.0765 3984 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:38:15.0835 3984 ErrDev - ok
09:38:15.0875 3984 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
09:38:15.0955 3984 EventSystem - ok
09:38:15.0975 3984 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
09:38:16.0045 3984 exfat - ok
09:38:16.0065 3984 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:38:16.0145 3984 fastfat - ok
09:38:16.0195 3984 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
09:38:16.0315 3984 Fax - ok
09:38:16.0325 3984 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:38:16.0385 3984 fdc - ok
09:38:16.0415 3984 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
09:38:16.0495 3984 fdPHost - ok
09:38:16.0515 3984 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
09:38:16.0595 3984 FDResPub - ok
09:38:16.0605 3984 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:38:16.0655 3984 FileInfo - ok
09:38:16.0665 3984 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:38:16.0775 3984 Filetrace - ok
09:38:16.0795 3984 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:38:16.0875 3984 flpydisk - ok
09:38:16.0885 3984 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:38:16.0935 3984 FltMgr - ok
09:38:17.0005 3984 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
09:38:17.0085 3984 FontCache - ok
09:38:17.0125 3984 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:38:17.0175 3984 FontCache3.0.0.0 - ok
09:38:17.0185 3984 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:38:17.0235 3984 FsDepends - ok
09:38:17.0265 3984 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:38:17.0325 3984 Fs_Rec - ok
09:38:17.0355 3984 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:38:17.0415 3984 fvevol - ok
09:38:17.0435 3984 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
09:38:17.0485 3984 gagp30kx - ok
09:38:17.0515 3984 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
09:38:17.0635 3984 gpsvc - ok
09:38:17.0715 3984 [ E859CA020ED61899F3C74A8D0032D05C ] Guard.Mail.ru C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
09:38:17.0785 3984 Guard.Mail.ru - ok
09:38:17.0865 3984 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:38:17.0915 3984 gupdate - ok
09:38:17.0915 3984 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:38:17.0965 3984 gupdatem - ok
09:38:17.0975 3984 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:38:18.0085 3984 hcw85cir - ok
09:38:18.0115 3984 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:38:18.0185 3984 HdAudAddService - ok
09:38:18.0215 3984 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
09:38:18.0285 3984 HDAudBus - ok
09:38:18.0295 3984 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
09:38:18.0365 3984 HidBatt - ok
09:38:18.0375 3984 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
09:38:18.0455 3984 HidBth - ok
09:38:18.0455 3984 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
09:38:18.0535 3984 HidIr - ok
09:38:18.0565 3984 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
09:38:18.0695 3984 hidserv - ok
09:38:18.0725 3984 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:38:18.0785 3984 HidUsb - ok
09:38:18.0815 3984 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:38:18.0905 3984 hkmsvc - ok
09:38:18.0935 3984 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:38:19.0025 3984 HomeGroupListener - ok
09:38:19.0045 3984 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:38:19.0105 3984 HomeGroupProvider - ok
09:38:19.0135 3984 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:38:19.0185 3984 HpSAMD - ok
09:38:19.0215 3984 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:38:19.0305 3984 HTTP - ok
09:38:19.0325 3984 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:38:19.0375 3984 hwpolicy - ok
09:38:19.0385 3984 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
09:38:19.0435 3984 i8042prt - ok
09:38:19.0465 3984 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:38:19.0525 3984 iaStorV - ok
09:38:19.0655 3984 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
09:38:19.0695 3984 IDriverT ( UnsignedFile.Multi.Generic ) - warning
09:38:19.0695 3984 IDriverT - detected UnsignedFile.Multi.Generic (1)
09:38:19.0735 3984 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:38:19.0795 3984 idsvc - ok
09:38:19.0925 3984 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20121208.001\IDSvia64.sys
09:38:19.0985 3984 IDSVia64 - ok
09:38:20.0005 3984 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
09:38:20.0055 3984 iirsp - ok
09:38:20.0095 3984 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
09:38:20.0195 3984 IKEEXT - ok
09:38:20.0325 3984 [ E0B2C982CA743CE8B3CBD7DD50AB82B0 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
09:38:20.0445 3984 IntcAzAudAddService - ok
09:38:20.0455 3984 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
09:38:20.0515 3984 intelide - ok
09:38:20.0555 3984 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:38:20.0615 3984 intelppm - ok
09:38:20.0655 3984 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:38:20.0765 3984 IPBusEnum - ok
09:38:20.0785 3984 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:38:20.0855 3984 IpFilterDriver - ok
09:38:20.0905 3984 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:38:21.0005 3984 iphlpsvc - ok
09:38:21.0015 3984 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:38:21.0085 3984 IPMIDRV - ok
09:38:21.0105 3984 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:38:21.0185 3984 IPNAT - ok
09:38:21.0205 3984 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:38:21.0265 3984 IRENUM - ok
09:38:21.0275 3984 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:38:21.0325 3984 isapnp - ok
09:38:21.0355 3984 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:38:21.0425 3984 iScsiPrt - ok
09:38:21.0455 3984 jdfer - ok
09:38:21.0515 3984 [ A5F289421EE0610E8DC464B3F8F5B36C ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
09:38:21.0585 3984 JRAID - ok
09:38:21.0655 3984 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:38:21.0705 3984 kbdclass - ok
09:38:21.0725 3984 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
09:38:21.0805 3984 kbdhid - ok
09:38:21.0815 3984 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
09:38:21.0865 3984 KeyIso - ok
09:38:21.0895 3984 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:38:21.0945 3984 KSecDD - ok
09:38:21.0955 3984 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:38:22.0005 3984 KSecPkg - ok
09:38:22.0015 3984 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:38:22.0125 3984 ksthunk - ok
09:38:22.0155 3984 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
09:38:22.0275 3984 KtmRm - ok
09:38:22.0315 3984 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
09:38:22.0395 3984 LanmanServer - ok
09:38:22.0435 3984 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:38:22.0515 3984 LanmanWorkstation - ok
09:38:22.0595 3984 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:38:22.0685 3984 lltdio - ok
09:38:22.0715 3984 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:38:22.0805 3984 lltdsvc - ok
09:38:22.0815 3984 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:38:22.0915 3984 lmhosts - ok
09:38:22.0945 3984 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
09:38:22.0995 3984 LSI_FC - ok
09:38:23.0015 3984 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
09:38:23.0075 3984 LSI_SAS - ok
09:38:23.0095 3984 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
09:38:23.0145 3984 LSI_SAS2 - ok
09:38:23.0155 3984 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
09:38:23.0205 3984 LSI_SCSI - ok
09:38:23.0235 3984 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
09:38:23.0305 3984 luafv - ok
09:38:23.0355 3984 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
09:38:23.0435 3984 MBAMProtector - ok
09:38:23.0495 3984 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:38:23.0545 3984 MBAMScheduler - ok
09:38:23.0585 3984 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
09:38:23.0635 3984 MBAMService - ok
09:38:23.0685 3984 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:38:23.0745 3984 Mcx2Svc - ok
09:38:23.0765 3984 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
09:38:23.0825 3984 megasas - ok
09:38:23.0835 3984 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
09:38:23.0895 3984 MegaSR - ok
09:38:23.0975 3984 Microsoft SharePoint Workspace Audit Service - ok
09:38:24.0015 3984 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
09:38:24.0105 3984 MMCSS - ok
09:38:24.0115 3984 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
09:38:24.0195 3984 Modem - ok
09:38:24.0205 3984 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:38:24.0275 3984 monitor - ok
09:38:24.0295 3984 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:38:24.0345 3984 mouclass - ok
09:38:24.0365 3984 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:38:24.0425 3984 mouhid - ok
09:38:24.0435 3984 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:38:24.0485 3984 mountmgr - ok
09:38:24.0565 3984 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:38:24.0625 3984 MozillaMaintenance - ok
09:38:24.0645 3984 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
09:38:24.0705 3984 mpio - ok
09:38:24.0725 3984 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:38:24.0795 3984 mpsdrv - ok
09:38:24.0825 3984 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:38:24.0915 3984 MpsSvc - ok
09:38:24.0935 3984 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:38:25.0005 3984 MRxDAV - ok
09:38:25.0025 3984 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:38:25.0125 3984 mrxsmb - ok
09:38:25.0145 3984 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:38:25.0205 3984 mrxsmb10 - ok
09:38:25.0215 3984 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:38:25.0265 3984 mrxsmb20 - ok
09:38:25.0285 3984 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
09:38:25.0335 3984 msahci - ok
09:38:25.0355 3984 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:38:25.0405 3984 msdsm - ok
09:38:25.0425 3984 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
09:38:25.0495 3984 MSDTC - ok
09:38:25.0515 3984 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:38:25.0585 3984 Msfs - ok
09:38:25.0605 3984 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:38:25.0685 3984 mshidkmdf - ok
09:38:25.0695 3984 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:38:25.0745 3984 msisadrv - ok
09:38:25.0775 3984 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:38:25.0875 3984 MSiSCSI - ok
09:38:25.0875 3984 msiserver - ok
09:38:25.0905 3984 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:38:25.0985 3984 MSKSSRV - ok
09:38:26.0015 3984 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:38:26.0095 3984 MSPCLOCK - ok
09:38:26.0105 3984 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:38:26.0185 3984 MSPQM - ok
09:38:26.0205 3984 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:38:26.0265 3984 MsRPC - ok
09:38:26.0275 3984 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
09:38:26.0325 3984 mssmbios - ok
09:38:26.0335 3984 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:38:26.0425 3984 MSTEE - ok
09:38:26.0435 3984 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
09:38:26.0495 3984 MTConfig - ok
09:38:26.0525 3984 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
09:38:26.0635 3984 MTsensor - ok
09:38:26.0655 3984 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
09:38:26.0705 3984 Mup - ok
09:38:26.0775 3984 [ F2840DBFE9322F35557219AE82CC4597 ] N360 C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe
09:38:26.0825 3984 N360 - ok
09:38:26.0855 3984 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
09:38:26.0935 3984 napagent - ok
09:38:26.0965 3984 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:38:27.0055 3984 NativeWifiP - ok
09:38:27.0125 3984 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121210.018\ENG64.SYS
09:38:27.0175 3984 NAVENG - ok
09:38:27.0455 3984 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20121210.018\EX64.SYS
09:38:27.0535 3984 NAVEX15 - ok
09:38:27.0605 3984 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:38:27.0675 3984 NDIS - ok
09:38:27.0685 3984 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:38:27.0765 3984 NdisCap - ok
09:38:27.0785 3984 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:38:27.0865 3984 NdisTapi - ok
09:38:27.0885 3984 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:38:27.0985 3984 Ndisuio - ok
09:38:27.0995 3984 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:38:28.0065 3984 NdisWan - ok
09:38:28.0075 3984 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:38:28.0145 3984 NDProxy - ok
09:38:28.0165 3984 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:38:28.0245 3984 NetBIOS - ok
09:38:28.0255 3984 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:38:28.0335 3984 NetBT - ok
09:38:28.0345 3984 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
09:38:28.0395 3984 Netlogon - ok
09:38:28.0435 3984 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
09:38:28.0505 3984 Netman - ok
09:38:28.0575 3984 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:38:28.0655 3984 NetMsmqActivator - ok
09:38:28.0655 3984 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:38:28.0705 3984 NetPipeActivator - ok
09:38:28.0735 3984 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
09:38:28.0815 3984 netprofm - ok
09:38:28.0825 3984 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:38:28.0865 3984 NetTcpActivator - ok
09:38:28.0875 3984 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:38:28.0915 3984 NetTcpPortSharing - ok
09:38:28.0945 3984 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
09:38:28.0985 3984 nfrd960 - ok
09:38:29.0015 3984 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:38:29.0095 3984 NlaSvc - ok
09:38:29.0145 3984 [ 4903177FC90E77ABEB19021451E9475E ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys
09:38:29.0265 3984 nmwcd - ok
09:38:29.0295 3984 [ E6844A4C97E5409BBE24BB4ED000320D ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys
09:38:29.0395 3984 nmwcdc - ok
09:38:29.0425 3984 [ F59F8CF59F7905622686637177E2A828 ] nmwcdnsucx64 C:\Windows\system32\drivers\nmwcdnsucx64.sys
09:38:29.0525 3984 nmwcdnsucx64 - ok
09:38:29.0555 3984 [ A0E7F80157AF77B1CEAA8ADD3A3E7D85 ] nmwcdnsux64 C:\Windows\system32\drivers\nmwcdnsux64.sys
09:38:29.0655 3984 nmwcdnsux64 - ok
09:38:29.0735 3984 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF C:\Windows\system32\drivers\npf.sys
09:38:29.0785 3984 NPF - ok
09:38:29.0815 3984 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:38:29.0885 3984 Npfs - ok
09:38:29.0895 3984 NPPTNT2 - ok
09:38:29.0915 3984 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
09:38:29.0985 3984 nsi - ok
09:38:30.0005 3984 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:38:30.0095 3984 nsiproxy - ok
09:38:30.0145 3984 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:38:30.0235 3984 Ntfs - ok
09:38:30.0325 3984 [ EAAC965642EF5F818AED508CADF83E4B ] ntk_PowerDVD12 C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys
09:38:30.0385 3984 ntk_PowerDVD12 - ok
09:38:30.0475 3984 [ 68E6732D74A74B1FFD386761BC1EB764 ] NU16StartManagerSvc C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe
09:38:30.0535 3984 NU16StartManagerSvc - ok
09:38:30.0575 3984 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
09:38:30.0665 3984 Null - ok
09:38:30.0985 3984 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:38:31.0395 3984 nvlddmkm - ok
09:38:31.0425 3984 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:38:31.0475 3984 nvraid - ok
09:38:31.0505 3984 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:38:31.0575 3984 nvstor - ok
09:38:31.0645 3984 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
09:38:31.0715 3984 nvsvc - ok
09:38:31.0835 3984 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
09:38:31.0895 3984 nvUpdatusService - ok
09:38:31.0935 3984 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:38:31.0985 3984 nv_agp - ok
09:38:32.0015 3984 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:38:32.0085 3984 ohci1394 - ok
09:38:32.0185 3984 [ 2E71117CE9F783A7F3EB763E23DADE61 ] OODefragAgent C:\Program Files\OO Software\Defrag\oodag.exe
09:38:32.0265 3984 OODefragAgent - ok
09:38:32.0335 3984 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:38:32.0385 3984 ose64 - ok
09:38:32.0525 3984 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:38:32.0625 3984 osppsvc - ok
09:38:32.0655 3984 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:38:32.0755 3984 p2pimsvc - ok
09:38:32.0775 3984 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
09:38:32.0845 3984 p2psvc - ok
09:38:32.0885 3984 [ 9E2E0723A36E4FDAA6B5E49FBFC0F859 ] PAC207 C:\Windows\system32\DRIVERS\PFC027.SYS
09:38:32.0985 3984 PAC207 - ok
09:38:33.0035 3984 PARLDR2K - ok
09:38:33.0065 3984 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
09:38:33.0125 3984 Parport - ok
09:38:33.0155 3984 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:38:33.0215 3984 partmgr - ok
09:38:33.0235 3984 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:38:33.0305 3984 PcaSvc - ok
09:38:33.0345 3984 [ 3FDE033DFB0D07F8B7D5C9A3044AA121 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
09:38:33.0445 3984 pccsmcfd - ok
09:38:33.0445 3984 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
09:38:33.0515 3984 pci - ok
09:38:33.0525 3984 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
09:38:33.0575 3984 pciide - ok
09:38:33.0605 3984 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
09:38:33.0655 3984 pcmcia - ok
09:38:33.0675 3984 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
09:38:33.0745 3984 pcw - ok
09:38:33.0845 3984 [ C77DD8658E5DFA4CAD3E8BC624D57DD6 ] PDAgent C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
09:38:33.0905 3984 PDAgent - ok
09:38:34.0005 3984 [ A5807A41FC0B0BBC4F67F0E5389B21A8 ] PDEngine C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
09:38:34.0105 3984 PDEngine - ok
09:38:34.0135 3984 [ 9F5E27C8B88A8DA1DC93E93A5C27BB9B ] PDFSFilter C:\Windows\system32\DRIVERS\PDFsFilter.sys
09:38:34.0195 3984 PDFSFilter - ok
09:38:34.0225 3984 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:38:34.0315 3984 PEAUTH - ok
09:38:34.0365 3984 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
09:38:34.0455 3984 PeerDistSvc - ok
09:38:34.0545 3984 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:38:34.0615 3984 PerfHost - ok
09:38:34.0675 3984 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
09:38:34.0805 3984 pla - ok
09:38:34.0845 3984 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:38:34.0935 3984 PlugPlay - ok
09:38:34.0955 3984 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:38:35.0025 3984 PNRPAutoReg - ok
09:38:35.0045 3984 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:38:35.0095 3984 PNRPsvc - ok
09:38:35.0135 3984 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:38:35.0245 3984 PolicyAgent - ok
09:38:35.0285 3984 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
09:38:35.0365 3984 Power - ok
09:38:35.0405 3984 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:38:35.0485 3984 PptpMiniport - ok
09:38:35.0495 3984 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
09:38:35.0615 3984 Processor - ok
09:38:35.0635 3984 [ 65937A34C9A5741E3030A86905400D91 ] PRODIGY C:\Windows\system32\Drivers\PRODIGY.SYS
09:38:35.0675 3984 PRODIGY ( UnsignedFile.Multi.Generic ) - warning
09:38:35.0675 3984 PRODIGY - detected UnsignedFile.Multi.Generic (1)
09:38:35.0715 3984 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
09:38:35.0815 3984 ProfSvc - ok
09:38:35.0825 3984 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:38:35.0885 3984 ProtectedStorage - ok
09:38:35.0905 3984 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:38:35.0985 3984 Psched - ok
09:38:36.0025 3984 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
09:38:36.0095 3984 ql2300 - ok
09:38:36.0115 3984 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
09:38:36.0165 3984 ql40xx - ok
09:38:36.0195 3984 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
09:38:36.0265 3984 QWAVE - ok
09:38:36.0275 3984 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:38:36.0335 3984 QWAVEdrv - ok
09:38:36.0345 3984 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:38:36.0425 3984 RasAcd - ok
09:38:36.0455 3984 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:38:36.0535 3984 RasAgileVpn - ok
09:38:36.0585 3984 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
09:38:36.0675 3984 RasAuto - ok
09:38:36.0695 3984 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:38:36.0775 3984 Rasl2tp - ok
09:38:36.0795 3984 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
09:38:36.0875 3984 RasMan - ok
09:38:36.0885 3984 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:38:36.0975 3984 RasPppoe - ok
09:38:36.0975 3984 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:38:37.0045 3984 RasSstp - ok
09:38:37.0065 3984 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:38:37.0165 3984 rdbss - ok
09:38:37.0185 3984 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:38:37.0235 3984 rdpbus - ok
09:38:37.0245 3984 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:38:37.0315 3984 RDPCDD - ok
09:38:37.0345 3984 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
09:38:37.0445 3984 RDPDR - ok
09:38:37.0455 3984 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:38:37.0545 3984 RDPENCDD - ok
09:38:37.0575 3984 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:38:37.0645 3984 RDPREFMP - ok
09:38:37.0735 3984 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:38:37.0815 3984 RdpVideoMiniport - ok
09:38:37.0855 3984 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:38:37.0985 3984 RDPWD - ok
09:38:38.0005 3984 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:38:38.0065 3984 rdyboost - ok
09:38:38.0085 3984 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:38:38.0165 3984 RemoteAccess - ok
09:38:38.0205 3984 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:38:38.0305 3984 RemoteRegistry - ok
09:38:38.0315 3984 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:38:38.0405 3984 RpcEptMapper - ok
09:38:38.0415 3984 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
09:38:38.0495 3984 RpcLocator - ok
09:38:38.0515 3984 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
09:38:38.0595 3984 RpcSs - ok
09:38:38.0595 3984 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:38:38.0675 3984 rspndr - ok
09:38:38.0705 3984 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
09:38:38.0775 3984 s3cap - ok
09:38:38.0785 3984 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
09:38:38.0835 3984 SamSs - ok
09:38:38.0855 3984 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:38:38.0905 3984 sbp2port - ok
09:38:38.0925 3984 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:38:39.0005 3984 SCardSvr - ok
09:38:39.0015 3984 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:38:39.0125 3984 scfilter - ok
09:38:39.0165 3984 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
09:38:39.0295 3984 Schedule - ok
09:38:39.0325 3984 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:38:39.0385 3984 SCPolicySvc - ok
09:38:39.0405 3984 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:38:39.0505 3984 SDRSVC - ok
09:38:39.0525 3984 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:38:39.0615 3984 secdrv - ok
09:38:39.0635 3984 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
09:38:39.0745 3984 seclogon - ok
09:38:39.0785 3984 [ EDE7A1D2715AAC2190D51DC07AFD44E3 ] seehcri C:\Windows\system32\DRIVERS\seehcri.sys
09:38:39.0935 3984 seehcri - ok
09:38:39.0945 3984 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
09:38:40.0045 3984 SENS - ok
09:38:40.0065 3984 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:38:40.0165 3984 SensrSvc - ok
09:38:40.0185 3984 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:38:40.0255 3984 Serenum - ok
09:38:40.0275 3984 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:38:40.0335 3984 Serial - ok
09:38:40.0345 3984 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
09:38:40.0415 3984 sermouse - ok
09:38:40.0485 3984 [ 9BDE8F1F5D060E912FCF9FB58B71CBC1 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
09:38:40.0545 3984 ServiceLayer - ok
09:38:40.0575 3984 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
09:38:40.0675 3984 SessionEnv - ok
09:38:40.0695 3984 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:38:40.0755 3984 sffdisk - ok
09:38:40.0775 3984 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:38:40.0835 3984 sffp_mmc - ok
09:38:40.0855 3984 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:38:40.0915 3984 sffp_sd - ok
09:38:40.0925 3984 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
09:38:40.0985 3984 sfloppy - ok
09:38:41.0015 3984 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:38:41.0105 3984 SharedAccess - ok
09:38:41.0125 3984 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:38:41.0215 3984 ShellHWDetection - ok
09:38:41.0245 3984 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
09:38:41.0285 3984 SiSRaid2 - ok
09:38:41.0305 3984 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
09:38:41.0365 3984 SiSRaid4 - ok
09:38:41.0405 3984 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
09:38:41.0455 3984 SkypeUpdate - ok
09:38:41.0485 3984 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:38:41.0575 3984 Smb - ok
09:38:41.0605 3984 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:38:41.0715 3984 SNMPTRAP - ok
09:38:41.0845 3984 [ 2BADEF77B26033065B1049EB51F6AE54 ] SpeedDiskService C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe
09:38:41.0905 3984 SpeedDiskService - ok
09:38:41.0925 3984 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
09:38:41.0975 3984 spldr - ok
09:38:42.0015 3984 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
09:38:42.0095 3984 Spooler - ok
09:38:42.0195 3984 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
09:38:42.0315 3984 sppsvc - ok
09:38:42.0325 3984 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:38:42.0405 3984 sppuinotify - ok
09:38:42.0455 3984 [ DFC4E2081324E505CA479E473A78D893 ] sptd C:\Windows\System32\Drivers\sptd.sys
09:38:42.0535 3984 sptd - ok
09:38:42.0595 3984 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\N360x64\0604000.009\SRTSP64.SYS
09:38:42.0665 3984 SRTSP - ok
09:38:42.0695 3984 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\N360x64\0604000.009\SRTSPX64.SYS
09:38:42.0755 3984 SRTSPX - ok
09:38:42.0775 3984 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
09:38:42.0915 3984 srv - ok
09:38:42.0955 3984 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:38:43.0025 3984 srv2 - ok
09:38:43.0035 3984 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:38:43.0095 3984 srvnet - ok
09:38:43.0125 3984 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:38:43.0205 3984 SSDPSRV - ok
09:38:43.0215 3984 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:38:43.0295 3984 SstpSvc - ok
09:38:43.0355 3984 [ B1691AF4A072CB674D600DB16DD7308E ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
09:38:43.0395 3984 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
09:38:43.0395 3984 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
09:38:43.0455 3984 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
09:38:43.0515 3984 Stereo Service - ok
09:38:43.0535 3984 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
09:38:43.0585 3984 stexstor - ok
09:38:43.0655 3984 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
09:38:43.0745 3984 stisvc - ok
09:38:43.0765 3984 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
09:38:43.0825 3984 storflt - ok
09:38:43.0865 3984 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
09:38:43.0915 3984 storvsc - ok
09:38:43.0935 3984 [ 04CF20310145DEC63D5387BEAFF77D9A ] SWDUMon C:\Windows\system32\DRIVERS\SWDUMon.sys
09:38:43.0985 3984 SWDUMon - ok
09:38:44.0015 3984 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
09:38:44.0075 3984 swenum - ok
09:38:44.0105 3984 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
09:38:44.0185 3984 swprv - ok
09:38:44.0225 3984 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\N360x64\0604000.009\SYMDS64.SYS
09:38:44.0285 3984 SymDS - ok
09:38:44.0315 3984 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\N360x64\0604000.009\SYMEFA64.SYS
09:38:44.0385 3984 SymEFA - ok
09:38:44.0425 3984 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
09:38:44.0475 3984 SymEvent - ok
09:38:44.0485 3984 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\N360x64\0604000.009\Ironx64.SYS
09:38:44.0545 3984 SymIRON - ok
09:38:44.0575 3984 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS C:\Windows\System32\Drivers\N360x64\0604000.009\SYMNETS.SYS
09:38:44.0635 3984 SymNetS - ok
09:38:44.0645 3984 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
09:38:44.0705 3984 Synth3dVsc - ok
09:38:44.0765 3984 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
09:38:44.0855 3984 SysMain - ok
09:38:44.0905 3984 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:38:44.0975 3984 TabletInputService - ok
09:38:44.0995 3984 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:38:45.0115 3984 TapiSrv - ok
09:38:45.0135 3984 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
09:38:45.0215 3984 TBS - ok
09:38:45.0275 3984 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:38:45.0355 3984 Tcpip - ok
09:38:45.0385 3984 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:38:45.0455 3984 TCPIP6 - ok
09:38:45.0505 3984 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:38:45.0585 3984 tcpipreg - ok
09:38:45.0625 3984 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:38:45.0685 3984 TDPIPE - ok
09:38:45.0715 3984 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:38:45.0795 3984 TDTCP - ok
09:38:45.0815 3984 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:38:45.0895 3984 tdx - ok
09:38:45.0905 3984 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
09:38:45.0975 3984 TermDD - ok
09:38:46.0005 3984 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys
09:38:46.0105 3984 terminpt - ok
09:38:46.0145 3984 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
09:38:46.0225 3984 TermService - ok
09:38:46.0235 3984 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
09:38:46.0295 3984 Themes - ok
09:38:46.0325 3984 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
09:38:46.0395 3984 THREADORDER - ok
09:38:46.0415 3984 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
09:38:46.0495 3984 TrkWks - ok
09:38:46.0525 3984 [ 370A6907DDF79532A39319492B1FA38A ] truecrypt C:\Windows\system32\drivers\truecrypt.sys
09:38:46.0585 3984 truecrypt - ok
09:38:46.0655 3984 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:38:46.0735 3984 TrustedInstaller - ok
09:38:46.0755 3984 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:38:46.0845 3984 tssecsrv - ok
09:38:46.0865 3984 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:38:46.0925 3984 TsUsbFlt - ok
09:38:46.0945 3984 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
09:38:47.0005 3984 TsUsbGD - ok
09:38:47.0015 3984 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
09:38:47.0085 3984 tsusbhub - ok
09:38:47.0205 3984 [ BA1EE944D5A06CC4A8DD51546BBA6547 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
09:38:47.0275 3984 TuneUp.UtilitiesSvc - ok
09:38:47.0325 3984 [ 7BC3381C0713F613B31ACDE38B71CB53 ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys
09:38:47.0365 3984 TuneUpUtilitiesDrv - ok
09:38:47.0395 3984 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:38:47.0475 3984 tunnel - ok
09:38:47.0495 3984 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
09:38:47.0545 3984 uagp35 - ok
09:38:47.0585 3984 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:38:47.0675 3984 udfs - ok
09:38:47.0705 3984 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:38:47.0775 3984 UI0Detect - ok
09:38:47.0795 3984 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:38:47.0845 3984 uliagpkx - ok
09:38:47.0855 3984 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:38:47.0925 3984 umbus - ok
09:38:47.0945 3984 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
09:38:48.0005 3984 UmPass - ok
09:38:48.0035 3984 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
09:38:48.0105 3984 UmRdpService - ok
09:38:48.0135 3984 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
09:38:48.0225 3984 upnphost - ok
09:38:48.0265 3984 [ 907F50B8695DAA65A9445D27AD306E65 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
09:38:48.0335 3984 upperdev - ok
09:38:48.0365 3984 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:38:48.0445 3984 usbccgp - ok
09:38:48.0485 3984 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:38:48.0565 3984 usbcir - ok
09:38:48.0595 3984 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:38:48.0685 3984 usbehci - ok
09:38:48.0715 3984 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:38:48.0795 3984 usbhub - ok
09:38:48.0825 3984 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:38:48.0885 3984 usbohci - ok
09:38:48.0905 3984 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:38:48.0975 3984 usbprint - ok
09:38:49.0015 3984 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:38:49.0115 3984 usbscan - ok
09:38:49.0125 3984 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys
09:38:49.0215 3984 usbser - ok
09:38:49.0245 3984 [ 3F7498527B48657091C355F683BEB0DD ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
09:38:49.0325 3984 UsbserFilt - ok
09:38:49.0345 3984 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:38:49.0465 3984 USBSTOR - ok
09:38:49.0485 3984 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
09:38:49.0635 3984 usbuhci - ok
09:38:49.0665 3984 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
09:38:49.0745 3984 UxSms - ok
09:38:49.0775 3984 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
09:38:49.0845 3984 VaultSvc - ok
09:38:49.0885 3984 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:38:49.0935 3984 vdrvroot - ok
09:38:49.0955 3984 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
09:38:50.0045 3984 vds - ok
09:38:50.0075 3984 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:38:50.0145 3984 vga - ok
09:38:50.0165 3984 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
09:38:50.0255 3984 VgaSave - ok
09:38:50.0255 3984 VGPU - ok
09:38:50.0285 3984 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:38:50.0335 3984 vhdmp - ok
09:38:50.0345 3984 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
09:38:50.0395 3984 viaide - ok
09:38:50.0425 3984 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
09:38:50.0485 3984 vmbus - ok
09:38:50.0495 3984 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
09:38:50.0585 3984 VMBusHID - ok
09:38:50.0595 3984 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:38:50.0645 3984 volmgr - ok
09:38:50.0665 3984 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:38:50.0715 3984 volmgrx - ok
09:38:50.0735 3984 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:38:50.0805 3984 volsnap - ok
09:38:50.0835 3984 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
09:38:50.0885 3984 vsmraid - ok
09:38:50.0935 3984 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
09:38:51.0035 3984 VSS - ok
09:38:51.0055 3984 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
09:38:51.0125 3984 vwifibus - ok
09:38:51.0155 3984 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
09:38:51.0225 3984 W32Time - ok
09:38:51.0245 3984 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
09:38:51.0315 3984 WacomPen - ok
09:38:51.0345 3984 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:38:51.0415 3984 WANARP - ok
09:38:51.0425 3984 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:38:51.0495 3984 Wanarpv6 - ok
09:38:51.0565 3984 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:38:51.0635 3984 WatAdminSvc - ok
09:38:51.0695 3984 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
09:38:51.0795 3984 wbengine - ok
09:38:51.0815 3984 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:38:51.0885 3984 WbioSrvc - ok
09:38:51.0915 3984 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:38:51.0985 3984 wcncsvc - ok
09:38:52.0005 3984 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:38:52.0105 3984 WcsPlugInService - ok
09:38:52.0135 3984 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
09:38:52.0185 3984 Wd - ok
09:38:52.0215 3984 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:38:52.0275 3984 Wdf01000 - ok
09:38:52.0285 3984 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:38:52.0435 3984 WdiServiceHost - ok
09:38:52.0435 3984 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:38:52.0505 3984 WdiSystemHost - ok
09:38:52.0525 3984 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
09:38:52.0605 3984 WebClient - ok
09:38:52.0645 3984 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:38:52.0735 3984 Wecsvc - ok
09:38:52.0745 3984 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:38:52.0815 3984 wercplsupport - ok
09:38:52.0835 3984 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
09:38:52.0925 3984 WerSvc - ok
09:38:52.0945 3984 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:38:53.0015 3984 WfpLwf - ok
09:38:53.0035 3984 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:38:53.0085 3984 WIMMount - ok
09:38:53.0105 3984 WinDefend - ok
09:38:53.0115 3984 WinHttpAutoProxySvc - ok
09:38:53.0165 3984 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:38:53.0265 3984 Winmgmt - ok
09:38:53.0335 3984 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
09:38:53.0445 3984 WinRM - ok
09:38:53.0495 3984 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:38:53.0585 3984 WinUsb - ok
09:38:53.0705 3984 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
09:38:53.0795 3984 Wlansvc - ok
09:38:53.0805 3984 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:38:53.0855 3984 WmiAcpi - ok
09:38:53.0875 3984 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:38:53.0945 3984 wmiApSrv - ok
09:38:53.0975 3984 WMPNetworkSvc - ok
09:38:53.0995 3984 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:38:54.0065 3984 WPCSvc - ok
09:38:54.0085 3984 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:38:54.0145 3984 WPDBusEnum - ok
09:38:54.0165 3984 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:38:54.0235 3984 ws2ifsl - ok
09:38:54.0255 3984 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
09:38:54.0325 3984 wscsvc - ok
09:38:54.0335 3984 WSearch - ok
09:38:54.0415 3984 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
09:38:54.0515 3984 wuauserv - ok
09:38:54.0575 3984 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:38:54.0655 3984 WudfPf - ok
09:38:54.0685 3984 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:38:54.0755 3984 WUDFRd - ok
09:38:54.0775 3984 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:38:54.0895 3984 wudfsvc - ok
09:38:54.0925 3984 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
09:38:55.0025 3984 WwanSvc - ok
09:38:55.0095 3984 [ 74983ADDCA2D9618512C088D856D6615 ] {329F96B6-DF1E-4328-BFDA-39EA953C1312} C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl
09:38:55.0175 3984 {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
09:38:55.0175 3984 ================ Scan global ===============================
09:38:55.0205 3984 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
09:38:55.0235 3984 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
09:38:55.0255 3984 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
09:38:55.0275 3984 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
09:38:55.0295 3984 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
09:38:55.0305 3984 [Global] - ok
09:38:55.0305 3984 ================ Scan MBR ==================================
09:38:55.0315 3984 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
09:38:55.0895 3984 \Device\Harddisk1\DR1 - ok
09:38:55.0895 3984 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:38:56.0165 3984 \Device\Harddisk0\DR0 - ok
09:38:56.0165 3984 ================ Scan VBR ==================================
09:38:56.0195 3984 [ DE897E96B786BC854DA9F1F04A6FB3E8 ] \Device\Harddisk1\DR1\Partition1
09:38:56.0195 3984 \Device\Harddisk1\DR1\Partition1 - ok
09:38:56.0215 3984 [ EA2251B3FDCEBEF9077EE004A2F30C3D ] \Device\Harddisk1\DR1\Partition2
09:38:56.0215 3984 \Device\Harddisk1\DR1\Partition2 - ok
09:38:56.0215 3984 [ ABFF7F9263B8FE70DD42F730B5D7F420 ] \Device\Harddisk0\DR0\Partition1
09:38:56.0225 3984 \Device\Harddisk0\DR0\Partition1 - ok
09:38:56.0225 3984 [ 5640F571A20AC2CB7C857F4E9041D49D ] \Device\Harddisk0\DR0\Partition2
09:38:56.0225 3984 \Device\Harddisk0\DR0\Partition2 - ok
09:38:56.0225 3984 [ 9BD5526CC341CFB9EFE29863AA97F42E ] \Device\Harddisk0\DR0\Partition3
09:38:56.0225 3984 \Device\Harddisk0\DR0\Partition3 - ok
09:38:56.0225 3984 ============================================================
09:38:56.0225 3984 Scan finished
09:38:56.0225 3984 ============================================================
09:38:56.0235 3648 Detected object count: 3
09:38:56.0235 3648 Actual detected object count: 3
09:39:27.0095 3648 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
09:39:27.0095 3648 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:39:27.0105 3648 PRODIGY ( UnsignedFile.Multi.Generic ) - skipped by user
09:39:27.0105 3648 PRODIGY ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:39:27.0105 3648 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
09:39:27.0105 3648 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip

[cernohous13]

zdá se, že autor Avengera kvůli utajení generuje náhodné názvy jak programu, tak výsledného logu.
Můžeš mi sem ten log hodit?
TDSS je OK

[valda]

hodil bych ale napsal si mi ať ho smažu

[cernohous13]

jj, ale nevadí - a jestli tě to se mnou ještě baví, tak můžeme kouknout po další škodné
jestli ne, tak napiš jestli je ještě nějaký problém nebo už po sobě můžu zamést.

Stáhni AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Ulož nejlépe na plochu -> ukonči všechny programy -> spusť AdwCleaner -> klikni na Search
Proběhne skenování a pak se objeví log, případně bude uložen na systémovém disku jako AdwCleaner[R?].txt, ten mi sem dej

Stáhni a nainstaluj MBAM zde http://www.download.com/Malwarebytes-An ... tag=button (nelekej se přesměrování vyčkej)
Spustit > na 3.záložce "Aktualizace" > Kontrola aktualizací
následně na 1.záložce "Kontrolor" -> Rychlá kontrola -> Prohledat
po dokončení scanu vyskočí okno Notepad s výsledkem - obsah zkopíruj do své odpovědi
zatím nic nemazat - počkej na posouzení