VIRY.CZ

Restart PC, mackat F8 a zvolit Stav nouze s praci v siti

tak uz se povedlo jedu v sefe mode a prohledavam tim antivirakem.
ta klavesa F8 nesla nasel sem na google jinz zpusob jak to tam uvest. primo ze systemu.

tak test probehl a zadny nalezeny infekty k ulozeni do logu nejsou

omlouvam se po restartu me neslo nahodit syem jinak nez do nozoveho rezimu.tak sem pouzil obnovu systemu. na neco starsiho. musim projit proceduru znova?
jinak tem antivir nic nenasel.

Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/

Ulozte nejlepe na Plochu a rozbalte
Spustte kliknutim na mbanr
Nyni postupne kliknete na Next a Update
Po dokonceni update (aktualizace) databaze kliknete opet na Next
Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
PC bude restartovan
Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte

Dobry den.
proces probehl.
psalo to ze DDA driver neni instalovan a je potreba reboot.
update databeze I/o eror
scan probeh a nasel dva syshost.exe ve dvou TEMP directori na disku.
zadnej log sem nikde nedostal.

Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2012.12.03.14

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
david :: DAVID-MSI [administrator]

23.12.2012 9:35:13
mbar-log-2012-12-23 (09-35-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30453
Time elapsed: 6 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
c:\windows\serviceprofiles\networkservice\appdata\local\temp\syshost.exe (Spyware.Agent) -> Delete on reboot.
c:\windows\temp\syshost.exe (Spyware.Agent) -> Delete on reboot.

(end)

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 1.6.0_31
Run by david at 10:15:29 on 2012-12-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8099.5462 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\S-Bar\MSIService.exe
C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\windows\system32\Dwm.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\FSP\FspUip.exe
C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\ACD Systems\EN\DevDetect.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\S-Bar\S-Bar.exe
C:\Program Files (x86)\MSI\Cinema ProII\CinemaProII.exe
C:\Program Files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe
C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\prevhost.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\windows\system32\taskhost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
mStart Page = hxxp://msi.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Device Detector] DevDetect.exe -autorun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [S-Bar] C:\Program Files (x86)\S-Bar\S-Bar.exe
mRun: [Cinema ProII AP] C:\Program Files (x86)\MSI\Cinema ProII\CinemaProII.exe
mRun: [Cinema ProII Controler] C:\Program Files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\windows\UpdReg.EXE
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Acrobat Assistant 7.0] "C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Z1] C:\Users\david\Desktop\mbar\mbar.exe /cleanup /s
StartupFolder: C:\Users\david\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEA~1.LNK - C:\windows\Installer\{AC76BA86-1033-F400-7760-0000003D0002}\SC_Acrobat.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2C5B3574-53A5-4378-A144-8402061CBDFF} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B708F3D6-D770-4B2B-A1B1-E2A7D0CF9CC1} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{F8249B76-A7E9-4E2E-8419-AC59F0AA5788} : NameServer = 0.0.0.0
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [THXCfg64] C:\windows\System32\RunDLL32.exe C:\windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [fspuip] C:\Program Files (x86)\FSP\fspuip.exe
x64-Run: [Windows7FirewallControl] C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [Windows Mobile Device Center] C:\windows\WindowsMobile\wmdc.exe
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\9vdu7xrg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.cpska.cz/public/index3.php?lpg=sezlet
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-4-21 1136640]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-3-30 923984]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-3-30 1001808]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-4-21 134928]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-19 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-22 399432]
R2 Micro Star SCM;Micro Star SCM;C:\Program Files (x86)\S-Bar\MSIService.exe [2011-6-24 160768]
R2 MSI Foundation Service;MSI Foundation Service;C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [2010-7-17 12800]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-7-19 2656280]
R2 Windows7FirewallService;Windows7FirewallService;C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe [2011-11-15 633856]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-3-30 1321296]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240]
S0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-22 676936]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-10-22 25928]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
S3 NisSrv;Kontrola sítě Microsoft;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;C:\windows\System32\drivers\silabenm.sys [2012-11-5 27336]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;C:\windows\System32\drivers\silabser.sys [2012-12-12 73216]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-8 150016]
S3 WatAdminSvc;Služba Technologie aktivace Windows;C:\windows\System32\Wat\WatAdminSvc.exe [2011-11-2 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-12-23 08:48:33 9125352 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F5D41F6A-4E9E-4787-AF66-F357877AC664}\mpengine.dll
2012-12-22 18:59:35 9125352 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A2DFB96B-989D-4AC3-ACED-EB7A6FE60C23}\mpengine.dll
2012-12-22 18:56:27 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2761B51E-8EC4-4F7A-B975-E2C8DDE64DF3}\mpengine.dll
2012-12-22 18:56:27 9125352 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-22 18:32:18 -------- d-----w- C:\windows\pss
2012-12-22 16:11:15 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-12-22 15:22:21 -------- d-----w- C:\Program Files\CCleaner
2012-12-22 15:21:27 -------- d-----w- C:\Users\david\AppData\Local\Google
2012-12-22 14:49:53 -------- d-----w- C:\ComboFix
2012-12-22 14:25:28 -------- d-s---w- C:\windows\SysWow64\Microsoft
2012-12-21 12:01:12 -------- d-----w- C:\76d8477eba943876e5c32dfc156f4a
2012-12-20 22:13:56 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-12-20 22:13:55 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-12-20 21:40:13 -------- d--h--w- C:\windows\msdownld.tmp
2012-12-12 12:40:43 -------- d-----w- C:\SiLabs
2012-12-12 12:16:27 73216 ----a-w- C:\windows\System32\drivers\silabser.sys
2012-12-09 18:25:51 -------- d-----w- C:\Program Files\Com2TCP
2012-11-25 20:45:38 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
.
==================== Find3M ====================
.
2012-12-13 22:53:17 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-13 22:53:17 697272 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-09-29 17:54:26 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
.
============= FINISH: 10:15:41,71 ===============

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

DDS::
uWindow Title = Internet Explorer, optimized for Bing and MSN
uStart Page = hxxp://eu.ask.com/?l=dis&o=101916

Firefox::
FF - ProfilePath - C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\9vdu7xrg.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FCopy::
c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntoskrnl.exe | c:\windows\system32\ntoskrnl.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Device Detector"=-
"Skype"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"=-
"QuickTime Task"=-
"Acrobat Assistant 7.0"=-
"SunJavaUpdateSched"=-

Collect::
c:\windows\System32\Drivers\6578c011bfd996d7.sys

Rootkit::
c:\windows\System32\Drivers\6578c011bfd996d7.sys

File::
c:\users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\ParetoLogic Registration.job
c:\windows\Tasks\ParetoLogic Registration3.job
c:\windows\Tasks\ParetoLogic Update Version3.job
c:\windows\Tasks\RegCure Pro.job

Driver::
6578c011bfd996d7

RegLock::
[HKEY_USERS\S-1-5-21-222070390-1712213092-3290244428-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

dobry den. preji krasny stedry den.
aplikoval sem CG vybehl log ale nevim zda se sestartnul komp.asi ho mam restartnou ze?

ComboFix 12-12-23.01 - david 24.12.2012 10:33:45.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.8099.5553 [GMT 1:00]
Spuštěný z: c:\users\david\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\david\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk"
"c:\users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk"
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\ParetoLogic Registration.job"
"c:\windows\Tasks\ParetoLogic Registration3.job"
"c:\windows\Tasks\ParetoLogic Update Version3.job"
"c:\windows\Tasks\RegCure Pro.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
c:\users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\ParetoLogic Registration.job
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntoskrnl.exe --> c:\windows\system32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6578C011BFD996D7
-------\Service_6578c011bfd996d7
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-24 do 2012-12-24 )))))))))))))))))))))))))))))))
.
.
2012-12-23 08:48 . 2012-11-19 00:01 9125352 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F5D41F6A-4E9E-4787-AF66-F357877AC664}\mpengine.dll
2012-12-22 18:59 . 2012-11-08 17:24 9125352 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A2DFB96B-989D-4AC3-ACED-EB7A6FE60C23}\mpengine.dll
2012-12-22 18:56 . 2012-11-19 00:01 9125352 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-22 16:11 . 2012-12-22 16:11 -------- d-----w- c:\programdata\Kaspersky Lab
2012-12-22 15:22 . 2012-12-22 17:56 -------- d-----w- c:\program files\CCleaner
2012-12-22 15:21 . 2012-12-22 15:22 -------- d-----w- c:\users\david\AppData\Local\Google
2012-12-22 15:21 . 2012-12-22 15:22 -------- d-----w- c:\program files (x86)\Google
2012-12-22 14:25 . 2012-12-22 14:25 -------- d-s---w- c:\windows\SysWow64\Microsoft
2012-12-21 12:01 . 2012-12-21 12:01 -------- d-----w- C:\76d8477eba943876e5c32dfc156f4a
2012-12-20 22:13 . 2012-12-23 03:50 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-12-20 22:13 . 2012-12-23 03:50 -------- d-----w- c:\program files\Microsoft Security Client
2012-12-20 21:40 . 2012-12-20 21:40 -------- d--h--w- c:\windows\msdownld.tmp
2012-12-12 12:40 . 2012-12-12 12:40 -------- d-----w- C:\SiLabs
2012-12-12 12:16 . 2012-11-02 05:58 73216 ----a-w- c:\windows\system32\drivers\silabser.sys
2012-12-09 18:25 . 2012-12-23 03:50 -------- d-----w- c:\program files\Com2TCP
2012-11-25 20:45 . 2012-12-23 03:49 -------- d-----w- c:\program files (x86)\McAfee Security Scan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 22:53 . 2012-04-03 20:13 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-13 22:53 . 2011-11-05 13:14 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-28 22:03 . 2012-10-10 18:51 40960 ----a-r- c:\users\david\AppData\Roaming\Microsoft\Installer\{504654F0-D4AA-4A3D-9099-4330873F0417}\NewShortcut3_C7359A5B58334D6C85D6539FE6EB1F95.exe
2012-11-28 22:03 . 2012-10-10 18:51 40960 ----a-r- c:\users\david\AppData\Roaming\Microsoft\Installer\{504654F0-D4AA-4A3D-9099-4330873F0417}\NewShortcut11_44D2F7BA7ADE433DAACCCFD6D8D7F927.exe
2012-11-28 22:03 . 2012-10-10 18:51 40960 ----a-r- c:\users\david\AppData\Roaming\Microsoft\Installer\{504654F0-D4AA-4A3D-9099-4330873F0417}\NewShortcut1_0E633D83B4984CB0B504416AD30DD287.exe
2012-10-10 17:16 . 2011-11-02 21:03 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-29 17:54 . 2012-10-22 20:17 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-15 113288]
"S-Bar"="c:\program files (x86)\S-Bar\S-Bar.exe" [2011-06-24 5231104]
"Cinema ProII AP"="c:\program files (x86)\MSI\Cinema ProII\CinemaProII.exe" [2011-01-25 200192]
"Cinema ProII Controler"="c:\program files (x86)\MSI\Cinema ProII\Cinema ProII Controler.exe" [2010-06-25 1689600]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-18 1351680]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
R3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-04-21 294912]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-07-20 36328]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-03-08 46592]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-03-08 51712]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-03-08 274944]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-06-02 142632]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-03-23 59904]
R3 kvnet;Kerio Virtual Network Adapter;c:\windows\system32\DRIVERS\kvnet.sys [2010-10-25 37424]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 MGHwCtrl;MGHwCtrl;c:\program files\MSI\MSI Software Install\MGHwCtrl.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2012-06-04 27336]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2012-11-02 73216]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-07-20 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-07-20 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-07-20 177640]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-02 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-05-15 28992]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-04-21 1136640]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-04-21 134928]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\S-Bar\MSIService.exe [2011-06-24 160768]
S2 MSI Foundation Service;MSI Foundation Service;c:\program files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [2010-07-16 12800]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2010-10-15 11576]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-10-08 19192]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S2 Windows7FirewallService;Windows7FirewallService;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe [2011-08-22 633856]
S3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-04-21 294912]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]
S3 fspad_win764;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_win764;c:\windows\system32\DRIVERS\fspad_win764.sys [2011-03-11 67072]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-04-14 87552]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-04-14 207872]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys [2011-03-15 311400]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - 6578C011BFD996D7
*NewlyCreated* - WS2IFSL
*Deregistered* - 6578c011bfd996d7
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-04 11780712]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"fspuip"="c:\program files (x86)\FSP\fspuip.exe" [BU]
"Windows7FirewallControl"="c:\program files\Windows7FirewallControl\Windows7FirewallControl.exe" [2011-08-22 1178112]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2010-11-26 437248]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://msi.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.2.1 213.46.172.36 213.46.172.37
TCP: Interfaces\{F8249B76-A7E9-4E2E-8419-AC59F0AA5788}: NameServer = 0.0.0.0
FF - ProfilePath - c:\users\david\AppData\Roaming\Mozilla\Firefox\Profiles\9vdu7xrg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.cpska.cz/public/index3.php?lpg=sezlet
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\program files (x86)\Silabs\MCU\CP210x\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\6578c011bfd996d7]
"ImagePath"="\SystemRoot\System32\Drivers\6578c011bfd996d7.sys"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2012-12-24 10:42:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-24 09:42
ComboFix2.txt 2012-12-22 14:57
.
Před spuštěním: Volných bajtů: 300 723 261 440
Po spuštění: Volných bajtů: 300 125 827 072
.
- - End Of File - - 2031E6D5DB77D87520ACFF41DD150040

je to porad stejny. win update nejde. a rezidentni ochrana antiviru taky

Poprosim o novy sken pomoci Farbar Service Scanner

Farbar Service Scanner Version: 23-12-2012
Ran by david (administrator) on 24-12-2012 at 11:57:13
Running from "C:\Users\david\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

Kliknete na volbu Change parametrs
V okne Additional Option zakliknete vsechny moznosti
Kliknete na OK
Utilite prikazte, at skenuje - klik na Start Scan
Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
Pokud mate vsude Skip, kliknete na Continue
Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

20:33:49.0157 1584 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:33:49.0235 1584 ============================================================
20:33:49.0235 1584 Current date / time: 2012/12/26 20:33:49.0235
20:33:49.0235 1584 SystemInfo:
20:33:49.0235 1584
20:33:49.0235 1584 OS Version: 6.1.7601 ServicePack: 1.0
20:33:49.0235 1584 Product type: Workstation
20:33:49.0235 1584 ComputerName: DAVID-MSI
20:33:49.0235 1584 UserName: david
20:33:49.0235 1584 Windows directory: C:\windows
20:33:49.0235 1584 System windows directory: C:\windows
20:33:49.0235 1584 Running under WOW64
20:33:49.0235 1584 Processor architecture: Intel x64
20:33:49.0235 1584 Number of processors: 8
20:33:49.0235 1584 Page size: 0x1000
20:33:49.0235 1584 Boot type: Normal boot
20:33:49.0235 1584 ============================================================
20:33:57.0712 1584 !crdlk
20:33:57.0712 1584 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
20:33:57.0743 1584 ============================================================
20:33:57.0743 1584 \Device\Harddisk0\DR0:
20:33:57.0743 1584 MBR partitions:
20:33:57.0743 1584 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x199A800, BlocksNum 0x33700800
20:33:57.0743 1584 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3509B000, BlocksNum 0x224AB000
20:33:57.0743 1584 ============================================================
20:33:57.0759 1584 C: <-> \Device\Harddisk0\DR0\Partition1
20:33:57.0806 1584 D: <-> \Device\Harddisk0\DR0\Partition2
20:33:57.0806 1584 ============================================================
20:33:57.0806 1584 Initialize success
20:33:57.0806 1584 ============================================================
20:34:03.0188 4832 ============================================================
20:34:03.0188 4832 Scan started
20:34:03.0188 4832 Mode: Manual;
20:34:03.0188 4832 ============================================================
20:34:03.0453 4832 ================ Scan system memory ========================
20:34:03.0453 4832 System memory - ok
20:34:03.0453 4832 ================ Scan services =============================
20:34:03.0609 4832 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
20:34:03.0609 4832 1394ohci - ok
20:34:03.0625 4832 Suspicious service (NoAccess): 6578c011bfd996d7
20:34:03.0656 4832 [ D64A43A85F3EE9CBE91E9944CD3AB96A ] 6578c011bfd996d7 C:\windows\System32\Drivers\6578c011bfd996d7.sys
20:34:03.0656 4832 Suspicious file (NoAccess): C:\windows\System32\Drivers\6578c011bfd996d7.sys. md5: D64A43A85F3EE9CBE91E9944CD3AB96A
20:34:03.0703 4832 6578c011bfd996d7 ( Rootkit.Win32.Necurs.gen ) - infected
20:34:03.0703 4832 6578c011bfd996d7 - detected Rootkit.Win32.Necurs.gen (0)
20:34:03.0718 4832 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
20:34:03.0734 4832 ACPI - ok
20:34:03.0749 4832 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
20:34:03.0749 4832 AcpiPmi - ok
20:34:03.0827 4832 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
20:34:03.0827 4832 Adobe LM Service - ok
20:34:03.0952 4832 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:34:03.0952 4832 AdobeFlashPlayerUpdateSvc - ok
20:34:03.0983 4832 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
20:34:03.0983 4832 adp94xx - ok
20:34:04.0015 4832 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
20:34:04.0015 4832 adpahci - ok
20:34:04.0030 4832 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
20:34:04.0030 4832 adpu320 - ok
20:34:04.0077 4832 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
20:34:04.0077 4832 AeLookupSvc - ok
20:34:04.0155 4832 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
20:34:04.0155 4832 AFD - ok
20:34:04.0171 4832 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
20:34:04.0171 4832 agp440 - ok
20:34:04.0202 4832 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
20:34:04.0202 4832 ALG - ok
20:34:04.0249 4832 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
20:34:04.0249 4832 aliide - ok
20:34:04.0264 4832 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
20:34:04.0280 4832 amdide - ok
20:34:04.0295 4832 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
20:34:04.0311 4832 AmdK8 - ok
20:34:04.0327 4832 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
20:34:04.0327 4832 AmdPPM - ok
20:34:04.0358 4832 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
20:34:04.0373 4832 amdsata - ok
20:34:04.0389 4832 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
20:34:04.0389 4832 amdsbs - ok
20:34:04.0420 4832 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
20:34:04.0420 4832 amdxata - ok
20:34:04.0467 4832 [ 9921E78BC29634235F4BF5809E7E8CDE ] AMPPAL C:\windows\system32\DRIVERS\AMPPAL.sys
20:34:04.0467 4832 AMPPAL - ok
20:34:04.0498 4832 [ 9921E78BC29634235F4BF5809E7E8CDE ] AMPPALP C:\windows\system32\DRIVERS\amppal.sys
20:34:04.0498 4832 AMPPALP - ok
20:34:04.0545 4832 [ 83A0E7BA4AE616D3654E700D9C5FF9DB ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
20:34:04.0561 4832 AMPPALR3 - ok
20:34:04.0607 4832 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\windows\system32\Drivers\ssadadb.sys
20:34:04.0607 4832 androidusb - ok
20:34:04.0639 4832 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
20:34:04.0639 4832 AppID - ok
20:34:04.0670 4832 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
20:34:04.0670 4832 AppIDSvc - ok
20:34:04.0701 4832 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
20:34:04.0701 4832 Appinfo - ok
20:34:04.0748 4832 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
20:34:04.0748 4832 arc - ok
20:34:04.0763 4832 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
20:34:04.0763 4832 arcsas - ok
20:34:04.0795 4832 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
20:34:04.0795 4832 AsyncMac - ok
20:34:04.0857 4832 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
20:34:04.0857 4832 atapi - ok
20:34:04.0904 4832 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\windows\system32\DRIVERS\athrx.sys
20:34:04.0935 4832 athr - ok
20:34:04.0951 4832 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
20:34:04.0966 4832 AudioEndpointBuilder - ok
20:34:04.0982 4832 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
20:34:04.0997 4832 AudioSrv - ok
20:34:05.0013 4832 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
20:34:05.0013 4832 AxInstSV - ok
20:34:05.0060 4832 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
20:34:05.0060 4832 b06bdrv - ok
20:34:05.0107 4832 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
20:34:05.0107 4832 b57nd60a - ok
20:34:05.0169 4832 [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
20:34:05.0169 4832 BBSvc - ok
20:34:05.0200 4832 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
20:34:05.0200 4832 BDESVC - ok
20:34:05.0231 4832 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
20:34:05.0231 4832 Beep - ok
20:34:05.0278 4832 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
20:34:05.0294 4832 BFE - ok
20:34:05.0325 4832 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
20:34:05.0325 4832 BITS - ok
20:34:05.0356 4832 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\drivers\blbdrive.sys
20:34:05.0356 4832 blbdrive - ok
20:34:05.0434 4832 [ 55B0C8441DE7D91A819A39D0351154A2 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
20:34:05.0434 4832 Bluetooth Device Monitor - ok
20:34:05.0481 4832 [ 7E262330DF0C4BE4ECE853B59B9CBE4C ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
20:34:05.0497 4832 Bluetooth Media Service - ok
20:34:05.0528 4832 [ 8BF4B9956E13871A88A3810074E2E110 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
20:34:05.0543 4832 Bluetooth OBEX Service - ok
20:34:05.0575 4832 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
20:34:05.0575 4832 bowser - ok
20:34:05.0590 4832 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
20:34:05.0590 4832 BrFiltLo - ok
20:34:05.0606 4832 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
20:34:05.0606 4832 BrFiltUp - ok
20:34:05.0668 4832 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
20:34:05.0684 4832 BridgeMP - ok
20:34:05.0715 4832 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
20:34:05.0731 4832 Browser - ok
20:34:05.0762 4832 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
20:34:05.0762 4832 Brserid - ok
20:34:05.0777 4832 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
20:34:05.0777 4832 BrSerWdm - ok
20:34:05.0793 4832 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
20:34:05.0809 4832 BrUsbMdm - ok
20:34:05.0824 4832 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
20:34:05.0824 4832 BrUsbSer - ok
20:34:05.0871 4832 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
20:34:05.0871 4832 BthEnum - ok
20:34:05.0887 4832 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
20:34:05.0887 4832 BTHMODEM - ok
20:34:05.0918 4832 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
20:34:05.0918 4832 BthPan - ok
20:34:05.0996 4832 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
20:34:06.0011 4832 BTHPORT - ok
20:34:06.0043 4832 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
20:34:06.0043 4832 bthserv - ok
20:34:06.0074 4832 [ A5B3E8B2B78C7B3DA56A0DE490E6718C ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
20:34:06.0074 4832 BTHSSecurityMgr - ok
20:34:06.0105 4832 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
20:34:06.0105 4832 BTHUSB - ok
20:34:06.0199 4832 [ 0A6CD4C79C92EEC0FA60B1EEA2677B37 ] btmaudio C:\windows\system32\drivers\btmaud.sys
20:34:06.0199 4832 btmaudio - ok
20:34:06.0245 4832 [ 270FBA230E78E25726D065A924589A72 ] btmaux C:\windows\system32\DRIVERS\btmaux.sys
20:34:06.0245 4832 btmaux - ok
20:34:06.0277 4832 [ 0010A54571F525A97EED8C091E96EAA9 ] btmhsf C:\windows\system32\DRIVERS\btmhsf.sys
20:34:06.0277 4832 btmhsf - ok
20:34:06.0308 4832 catchme - ok
20:34:06.0386 4832 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
20:34:06.0386 4832 cdfs - ok
20:34:06.0417 4832 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
20:34:06.0417 4832 cdrom - ok
20:34:06.0464 4832 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
20:34:06.0479 4832 CertPropSvc - ok
20:34:06.0511 4832 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
20:34:06.0511 4832 circlass - ok
20:34:06.0542 4832 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
20:34:06.0542 4832 CLFS - ok
20:34:06.0604 4832 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:34:06.0604 4832 clr_optimization_v2.0.50727_32 - ok
20:34:06.0667 4832 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:34:06.0667 4832 clr_optimization_v2.0.50727_64 - ok
20:34:06.0729 4832 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:34:06.0729 4832 clr_optimization_v4.0.30319_32 - ok
20:34:06.0776 4832 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:34:06.0776 4832 clr_optimization_v4.0.30319_64 - ok
20:34:06.0807 4832 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\drivers\CmBatt.sys
20:34:06.0807 4832 CmBatt - ok
20:34:06.0823 4832 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
20:34:06.0823 4832 cmdide - ok
20:34:06.0869 4832 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
20:34:06.0885 4832 CNG - ok
20:34:06.0963 4832 [ 9F50DBE58A98F6B96331F4606CA3188E ] com0com C:\windows\system32\DRIVERS\com0com.sys
20:34:06.0963 4832 com0com - ok
20:34:06.0994 4832 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
20:34:06.0994 4832 Compbatt - ok
20:34:07.0025 4832 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
20:34:07.0025 4832 CompositeBus - ok
20:34:07.0041 4832 COMSysApp - ok
20:34:07.0072 4832 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
20:34:07.0072 4832 crcdisk - ok
20:34:07.0135 4832 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
20:34:07.0135 4832 CryptSvc - ok
20:34:07.0181 4832 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
20:34:07.0181 4832 DcomLaunch - ok
20:34:07.0228 4832 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
20:34:07.0228 4832 defragsvc - ok
20:34:07.0259 4832 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
20:34:07.0259 4832 DfsC - ok
20:34:07.0291 4832 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
20:34:07.0291 4832 Dhcp - ok
20:34:07.0322 4832 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
20:34:07.0322 4832 discache - ok
20:34:07.0353 4832 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
20:34:07.0353 4832 Disk - ok
20:34:07.0400 4832 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
20:34:07.0400 4832 Dnscache - ok
20:34:07.0415 4832 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
20:34:07.0415 4832 dot3svc - ok
20:34:07.0462 4832 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
20:34:07.0462 4832 DPS - ok
20:34:07.0509 4832 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
20:34:07.0509 4832 drmkaud - ok
20:34:07.0556 4832 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
20:34:07.0556 4832 DXGKrnl - ok
20:34:07.0587 4832 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
20:34:07.0587 4832 EapHost - ok
20:34:07.0681 4832 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
20:34:07.0727 4832 ebdrv - ok
20:34:07.0790 4832 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
20:34:07.0790 4832 EFS - ok
20:34:07.0852 4832 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
20:34:07.0852 4832 ehRecvr - ok
20:34:07.0883 4832 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
20:34:07.0899 4832 ehSched - ok
20:34:07.0961 4832 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
20:34:07.0961 4832 elxstor - ok
20:34:07.0977 4832 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
20:34:07.0977 4832 ErrDev - ok
20:34:08.0039 4832 [ D3680817EA6E0C8A117A2FBEB222BA75 ] ETD C:\windows\system32\DRIVERS\ETD.sys
20:34:08.0039 4832 ETD - ok
20:34:08.0117 4832 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
20:34:08.0117 4832 EventSystem - ok
20:34:08.0195 4832 [ 54FC81B0162478A72A93DBBEAFB35671 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
20:34:08.0227 4832 EvtEng - ok
20:34:08.0258 4832 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
20:34:08.0258 4832 exfat - ok
20:34:08.0289 4832 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
20:34:08.0289 4832 fastfat - ok
20:34:08.0320 4832 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
20:34:08.0320 4832 Fax - ok
20:34:08.0351 4832 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
20:34:08.0351 4832 fdc - ok
20:34:08.0367 4832 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
20:34:08.0383 4832 fdPHost - ok
20:34:08.0398 4832 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
20:34:08.0398 4832 FDResPub - ok
20:34:08.0429 4832 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
20:34:08.0429 4832 FileInfo - ok
20:34:08.0461 4832 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
20:34:08.0461 4832 Filetrace - ok
20:34:08.0476 4832 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
20:34:08.0476 4832 flpydisk - ok
20:34:08.0507 4832 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
20:34:08.0507 4832 FltMgr - ok
20:34:08.0539 4832 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
20:34:08.0554 4832 FontCache - ok
20:34:08.0601 4832 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:34:08.0601 4832 FontCache3.0.0.0 - ok
20:34:08.0632 4832 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
20:34:08.0632 4832 FsDepends - ok
20:34:08.0679 4832 [ 6D40AA5A82B87D1A0DE96C3A297BC183 ] fspad_win764 C:\windows\system32\DRIVERS\fspad_win764.sys
20:34:08.0679 4832 fspad_win764 - ok
20:34:08.0710 4832 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
20:34:08.0710 4832 Fs_Rec - ok
20:34:08.0757 4832 [ FA169871D8FADCC6539C4E8726610286 ] FTDIBUS C:\windows\system32\drivers\ftdibus.sys
20:34:08.0757 4832 FTDIBUS - ok
20:34:08.0788 4832 [ 24237091348D1EFB5635A1CF9649E311 ] FTSER2K C:\windows\system32\drivers\ftser2k.sys
20:34:08.0788 4832 FTSER2K - ok
20:34:08.0819 4832 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
20:34:08.0819 4832 fvevol - ok
20:34:08.0835 4832 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
20:34:08.0835 4832 gagp30kx - ok
20:34:08.0897 4832 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
20:34:08.0913 4832 gpsvc - ok
20:34:08.0929 4832 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
20:34:08.0929 4832 hcw85cir - ok
20:34:08.0975 4832 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
20:34:08.0975 4832 HdAudAddService - ok
20:34:09.0007 4832 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
20:34:09.0007 4832 HDAudBus - ok
20:34:09.0038 4832 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
20:34:09.0038 4832 HidBatt - ok
20:34:09.0053 4832 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
20:34:09.0053 4832 HidBth - ok
20:34:09.0085 4832 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
20:34:09.0085 4832 HidIr - ok
20:34:09.0116 4832 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
20:34:09.0116 4832 hidserv - ok
20:34:09.0131 4832 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
20:34:09.0131 4832 HidUsb - ok
20:34:09.0178 4832 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
20:34:09.0178 4832 hkmsvc - ok
20:34:09.0209 4832 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
20:34:09.0209 4832 HomeGroupListener - ok
20:34:09.0241 4832 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
20:34:09.0241 4832 HomeGroupProvider - ok
20:34:09.0272 4832 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
20:34:09.0272 4832 HpSAMD - ok
20:34:09.0303 4832 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
20:34:09.0319 4832 HTTP - ok
20:34:09.0334 4832 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
20:34:09.0334 4832 hwpolicy - ok
20:34:09.0365 4832 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
20:34:09.0365 4832 i8042prt - ok
20:34:09.0412 4832 [ D469B77687E12FE43E344806740B624D ] iaStor C:\windows\system32\drivers\iaStor.sys
20:34:09.0412 4832 iaStor - ok
20:34:09.0459 4832 [ 983FC69644DDF0486C8DFEA262948D1A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
20:34:09.0459 4832 IAStorDataMgrSvc - ok
20:34:09.0490 4832 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
20:34:09.0490 4832 iaStorV - ok
20:34:09.0521 4832 [ DE9E40BAEE2E48FD1E3EB423074C014C ] iBtFltCoex C:\windows\system32\DRIVERS\iBtFltCoex.sys
20:34:09.0521 4832 iBtFltCoex - ok
20:34:09.0584 4832 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:34:09.0599 4832 idsvc - ok
20:34:09.0802 4832 [ 0D1B8C64BDF0E5CDC523A1409FFB5EF0 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
20:34:09.0958 4832 igfx - ok
20:34:09.0989 4832 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
20:34:09.0989 4832 iirsp - ok
20:34:10.0052 4832 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
20:34:10.0067 4832 IKEEXT - ok
20:34:10.0145 4832 [ C15A21B1E2291952424F361093734F95 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
20:34:10.0192 4832 IntcAzAudAddService - ok
20:34:10.0223 4832 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
20:34:10.0223 4832 IntcDAud - ok
20:34:10.0239 4832 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
20:34:10.0239 4832 intelide - ok
20:34:10.0270 4832 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
20:34:10.0270 4832 intelppm - ok
20:34:10.0301 4832 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
20:34:10.0301 4832 IPBusEnum - ok
20:34:10.0333 4832 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
20:34:10.0333 4832 IpFilterDriver - ok
20:34:10.0364 4832 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
20:34:10.0379 4832 iphlpsvc - ok
20:34:10.0395 4832 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
20:34:10.0411 4832 IPMIDRV - ok
20:34:10.0426 4832 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
20:34:10.0426 4832 IPNAT - ok
20:34:10.0457 4832 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
20:34:10.0457 4832 IRENUM - ok
20:34:10.0473 4832 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
20:34:10.0473 4832 isapnp - ok
20:34:10.0520 4832 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
20:34:10.0520 4832 iScsiPrt - ok
20:34:10.0551 4832 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
20:34:10.0551 4832 kbdclass - ok
20:34:10.0582 4832 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
20:34:10.0582 4832 kbdhid - ok
20:34:10.0613 4832 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
20:34:10.0613 4832 KeyIso - ok
20:34:10.0645 4832 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
20:34:10.0660 4832 KSecDD - ok
20:34:10.0691 4832 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
20:34:10.0691 4832 KSecPkg - ok
20:34:10.0723 4832 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
20:34:10.0723 4832 ksthunk - ok
20:34:10.0769 4832 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
20:34:10.0769 4832 KtmRm - ok
20:34:10.0816 4832 [ D50260FAD3BE96EA03E3F497E3B7813B ] kvnet C:\windows\system32\DRIVERS\kvnet.sys
20:34:10.0816 4832 kvnet - ok
20:34:10.0847 4832 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
20:34:10.0847 4832 LanmanServer - ok
20:34:10.0894 4832 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
20:34:10.0910 4832 LanmanWorkstation - ok
20:34:10.0941 4832 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
20:34:10.0941 4832 lltdio - ok
20:34:10.0988 4832 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
20:34:10.0988 4832 lltdsvc - ok
20:34:11.0019 4832 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
20:34:11.0019 4832 lmhosts - ok
20:34:11.0050 4832 [ 1584DEEAE5AA0E3FB045F3D0EAC585EA ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:34:11.0066 4832 LMS - ok
20:34:11.0097 4832 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
20:34:11.0097 4832 LSI_FC - ok
20:34:11.0128 4832 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
20:34:11.0128 4832 LSI_SAS - ok
20:34:11.0144 4832 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
20:34:11.0159 4832 LSI_SAS2 - ok
20:34:11.0175 4832 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
20:34:11.0175 4832 LSI_SCSI - ok
20:34:11.0206 4832 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
20:34:11.0206 4832 luafv - ok
20:34:11.0253 4832 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
20:34:11.0253 4832 MBAMProtector - ok
20:34:11.0300 4832 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:34:11.0300 4832 MBAMScheduler - ok
20:34:11.0331 4832 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:34:11.0331 4832 MBAMService - ok
20:34:11.0378 4832 [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt C:\windows\system32\drivers\MBfilt64.sys
20:34:11.0378 4832 MBfilt - ok
20:34:11.0409 4832 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
20:34:11.0409 4832 Mcx2Svc - ok
20:34:11.0440 4832 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
20:34:11.0440 4832 megasas - ok
20:34:11.0487 4832 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
20:34:11.0487 4832 MegaSR - ok
20:34:11.0534 4832 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\drivers\HECIx64.sys
20:34:11.0534 4832 MEIx64 - ok
20:34:11.0565 4832 MGHwCtrl - ok
20:34:11.0627 4832 [ 71C6748EE8DE938532057EF10B4B7E44 ] Micro Star SCM C:\Program Files (x86)\S-Bar\MSIService.exe
20:34:11.0627 4832 Micro Star SCM - ok
20:34:11.0643 4832 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
20:34:11.0643 4832 MMCSS - ok
20:34:11.0690 4832 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
20:34:11.0690 4832 Modem - ok
20:34:11.0721 4832 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
20:34:11.0721 4832 monitor - ok
20:34:11.0752 4832 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
20:34:11.0752 4832 mouclass - ok
20:34:11.0768 4832 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\drivers\mouhid.sys
20:34:11.0768 4832 mouhid - ok
20:34:11.0799 4832 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
20:34:11.0799 4832 mountmgr - ok
20:34:11.0893 4832 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:34:11.0893 4832 MozillaMaintenance - ok
20:34:11.0939 4832 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
20:34:11.0939 4832 MpFilter - ok
20:34:11.0971 4832 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
20:34:11.0971 4832 mpio - ok
20:34:12.0017 4832 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
20:34:12.0017 4832 mpsdrv - ok
20:34:12.0064 4832 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
20:34:12.0064 4832 MpsSvc - ok
20:34:12.0095 4832 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
20:34:12.0095 4832 MRxDAV - ok
20:34:12.0127 4832 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
20:34:12.0127 4832 mrxsmb - ok
20:34:12.0158 4832 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
20:34:12.0158 4832 mrxsmb10 - ok
20:34:12.0189 4832 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
20:34:12.0189 4832 mrxsmb20 - ok
20:34:12.0220 4832 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
20:34:12.0220 4832 msahci - ok
20:34:12.0236 4832 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
20:34:12.0251 4832 msdsm - ok
20:34:12.0267 4832 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
20:34:12.0267 4832 MSDTC - ok
20:34:12.0314 4832 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
20:34:12.0314 4832 Msfs - ok
20:34:12.0329 4832 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
20:34:12.0329 4832 mshidkmdf - ok
20:34:12.0392 4832 [ 87B9DAF6D123EC06C19B41D5295441AD ] MSI Foundation Service C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe
20:34:12.0392 4832 MSI Foundation Service - ok
20:34:12.0423 4832 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
20:34:12.0423 4832 msisadrv - ok
20:34:12.0454 4832 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
20:34:12.0454 4832 MSiSCSI - ok
20:34:12.0470 4832 msiserver - ok
20:34:12.0501 4832 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
20:34:12.0501 4832 MSKSSRV - ok
20:34:12.0626 4832 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:34:12.0626 4832 MsMpSvc - ok
20:34:12.0657 4832 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
20:34:12.0657 4832 MSPCLOCK - ok
20:34:12.0688 4832 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
20:34:12.0688 4832 MSPQM - ok
20:34:12.0719 4832 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
20:34:12.0719 4832 MsRPC - ok
20:34:12.0735 4832 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
20:34:12.0735 4832 mssmbios - ok
20:34:12.0751 4832 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
20:34:12.0751 4832 MSTEE - ok
20:34:12.0766 4832 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
20:34:12.0766 4832 MTConfig - ok
20:34:12.0797 4832 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
20:34:12.0797 4832 Mup - ok
20:34:12.0829 4832 [ 4BBB9D9C4DF259FAE2D172C5BB25DDD0 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
20:34:12.0829 4832 MyWiFiDHCPDNS - ok
20:34:12.0875 4832 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
20:34:12.0875 4832 napagent - ok
20:34:12.0907 4832 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
20:34:12.0907 4832 NativeWifiP - ok
20:34:12.0938 4832 [ C38B8AE57F78915905064A9A24DC1586 ] NDIS C:\windows\system32\drivers\ndis.sys
20:34:12.0938 4832 NDIS - ok
20:34:12.0969 4832 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
20:34:12.0969 4832 NdisCap - ok
20:34:12.0985 4832 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
20:34:12.0985 4832 NdisTapi - ok
20:34:13.0000 4832 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
20:34:13.0000 4832 Ndisuio - ok
20:34:13.0031 4832 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
20:34:13.0031 4832 NdisWan - ok
20:34:13.0047 4832 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
20:34:13.0047 4832 NDProxy - ok
20:34:13.0063 4832 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
20:34:13.0078 4832 NetBIOS - ok
20:34:13.0094 4832 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
20:34:13.0094 4832 NetBT - ok
20:34:13.0109 4832 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
20:34:13.0109 4832 Netlogon - ok
20:34:13.0156 4832 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
20:34:13.0156 4832 Netman - ok
20:34:13.0187 4832 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
20:34:13.0203 4832 netprofm - ok
20:34:13.0219 4832 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:34:13.0219 4832 NetTcpPortSharing - ok
20:34:13.0359 4832 [ AC69618DE5BCCE8747C9AB0AAE1003C1 ] NETwNs64 C:\windows\system32\DRIVERS\NETwNs64.sys
20:34:13.0406 4832 NETwNs64 - ok
20:34:13.0421 4832 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
20:34:13.0421 4832 nfrd960 - ok
20:34:13.0453 4832 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
20:34:13.0453 4832 NisDrv - ok
20:34:13.0515 4832 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
20:34:13.0515 4832 NisSrv - ok
20:34:13.0562 4832 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
20:34:13.0562 4832 NlaSvc - ok
20:34:13.0609 4832 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
20:34:13.0609 4832 Npfs - ok
20:34:13.0624 4832 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
20:34:13.0624 4832 nsi - ok
20:34:13.0655 4832 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
20:34:13.0655 4832 nsiproxy - ok
20:34:13.0687 4832 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
20:34:13.0718 4832 Ntfs - ok
20:34:13.0733 4832 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
20:34:13.0749 4832 Null - ok
20:34:13.0780 4832 [ 01266516E6E88D183A2B58722EEB4443 ] nusb3hub C:\windows\system32\drivers\nusb3hub.sys
20:34:13.0780 4832 nusb3hub - ok
20:34:13.0811 4832 [ 5EC04F55CC5F165F21752712437DF638 ] nusb3xhc C:\windows\system32\drivers\nusb3xhc.sys
20:34:13.0811 4832 nusb3xhc - ok
20:34:14.0030 4832 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
20:34:14.0233 4832 nvlddmkm - ok
20:34:14.0248 4832 [ 715D45ED30003FC70CFA0D9C6DD0B538 ] nvpciflt C:\windows\system32\DRIVERS\nvpciflt.sys
20:34:14.0248 4832 nvpciflt - ok
20:34:14.0264 4832 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
20:34:14.0279 4832 nvraid - ok
20:34:14.0326 4832 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
20:34:14.0326 4832 nvstor - ok
20:34:14.0389 4832 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc C:\windows\system32\nvvsvc.exe
20:34:14.0404 4832 nvsvc - ok
20:34:14.0482 4832 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:34:14.0498 4832 nvUpdatusService - ok
20:34:14.0529 4832 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
20:34:14.0529 4832 nv_agp - ok
20:34:14.0560 4832 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
20:34:14.0560 4832 ohci1394 - ok
20:34:14.0607 4832 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
20:34:14.0607 4832 p2pimsvc - ok
20:34:14.0654 4832 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
20:34:14.0654 4832 p2psvc - ok
20:34:14.0685 4832 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
20:34:14.0685 4832 Parport - ok
20:34:14.0747 4832 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
20:34:14.0763 4832 partmgr - ok
20:34:14.0779 4832 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
20:34:14.0794 4832 PcaSvc - ok
20:34:14.0825 4832 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
20:34:14.0825 4832 pci - ok
20:34:14.0841 4832 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
20:34:14.0841 4832 pciide - ok
20:34:14.0872 4832 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
20:34:14.0872 4832 pcmcia - ok
20:34:14.0903 4832 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
20:34:14.0903 4832 pcw - ok
20:34:14.0935 4832 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
20:34:14.0935 4832 PEAUTH - ok
20:34:15.0044 4832 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
20:34:15.0044 4832 PerfHost - ok
20:34:15.0091 4832 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
20:34:15.0122 4832 pla - ok
20:34:15.0169 4832 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
20:34:15.0169 4832 PlugPlay - ok
20:34:15.0200 4832 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
20:34:15.0215 4832 PNRPAutoReg - ok
20:34:15.0247 4832 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
20:34:15.0247 4832 PNRPsvc - ok
20:34:15.0293 4832 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
20:34:15.0293 4832 PolicyAgent - ok
20:34:15.0340 4832 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
20:34:15.0340 4832 Power - ok
20:34:15.0371 4832 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
20:34:15.0371 4832 PptpMiniport - ok
20:34:15.0403 4832 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
20:34:15.0403 4832 Processor - ok
20:34:15.0449 4832 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\windows\system32\profsvc.dll
20:34:15.0449 4832 ProfSvc - ok
20:34:15.0481 4832 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
20:34:15.0481 4832 ProtectedStorage - ok
20:34:15.0512 4832 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
20:34:15.0512 4832 Psched - ok
20:34:15.0559 4832 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
20:34:15.0590 4832 ql2300 - ok
20:34:15.0621 4832 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
20:34:15.0621 4832 ql40xx - ok
20:34:15.0652 4832 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
20:34:15.0652 4832 QWAVE - ok
20:34:15.0683 4832 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
20:34:15.0683 4832 QWAVEdrv - ok
20:34:15.0746 4832 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\windows\WindowsMobile\rapimgr.dll
20:34:15.0746 4832 RapiMgr - ok
20:34:15.0793 4832 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
20:34:15.0793 4832 RasAcd - ok
20:34:15.0824 4832 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
20:34:15.0824 4832 RasAgileVpn - ok
20:34:15.0871 4832 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
20:34:15.0871 4832 RasAuto - ok
20:34:15.0902 4832 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
20:34:15.0902 4832 Rasl2tp - ok
20:34:15.0949 4832 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
20:34:15.0949 4832 RasMan - ok
20:34:15.0980 4832 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
20:34:15.0980 4832 RasPppoe - ok
20:34:16.0011 4832 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
20:34:16.0011 4832 RasSstp - ok
20:34:16.0042 4832 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
20:34:16.0042 4832 rdbss - ok
20:34:16.0058 4832 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
20:34:16.0058 4832 rdpbus - ok
20:34:16.0089 4832 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
20:34:16.0089 4832 RDPCDD - ok
20:34:16.0136 4832 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
20:34:16.0136 4832 RDPENCDD - ok
20:34:16.0151 4832 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
20:34:16.0151 4832 RDPREFMP - ok
20:34:16.0198 4832 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
20:34:16.0214 4832 RDPWD - ok
20:34:16.0245 4832 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
20:34:16.0245 4832 rdyboost - ok
20:34:16.0323 4832 [ A436F5E7D80BBDBB0826D0F176D5BEA8 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
20:34:16.0339 4832 RegSrvc - ok
20:34:16.0385 4832 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
20:34:16.0385 4832 RemoteAccess - ok
20:34:16.0417 4832 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
20:34:16.0417 4832 RemoteRegistry - ok
20:34:16.0448 4832 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
20:34:16.0448 4832 RFCOMM - ok
20:34:16.0495 4832 [ CAF88D6573D21CD2AA27001DDBFDC74D ] RMCAST C:\windows\system32\DRIVERS\RMCAST.sys
20:34:16.0495 4832 RMCAST - ok
20:34:16.0510 4832 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
20:34:16.0510 4832 RpcEptMapper - ok
20:34:16.0541 4832 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
20:34:16.0541 4832 RpcLocator - ok
20:34:16.0588 4832 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
20:34:16.0588 4832 RpcSs - ok
20:34:16.0619 4832 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
20:34:16.0635 4832 rspndr - ok
20:34:16.0682 4832 [ CE0A1D8A59410E698140821E4E69DA0D ] RSUSBVSTOR C:\windows\System32\Drivers\RtsUVStor.sys
20:34:16.0682 4832 RSUSBVSTOR - ok
20:34:16.0713 4832 [ 16D4E350420BAA7E63E16E3FC033E1F5 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
20:34:16.0713 4832 RTL8167 - ok
20:34:16.0744 4832 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
20:34:16.0744 4832 SamSs - ok
20:34:16.0760 4832 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
20:34:16.0775 4832 sbp2port - ok
20:34:16.0822 4832 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
20:34:16.0822 4832 SCardSvr - ok
20:34:16.0853 4832 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
20:34:16.0853 4832 scfilter - ok
20:34:16.0900 4832 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
20:34:16.0931 4832 Schedule - ok
20:34:16.0963 4832 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
20:34:16.0963 4832 SCPolicySvc - ok
20:34:16.0994 4832 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
20:34:16.0994 4832 SDRSVC - ok
20:34:17.0041 4832 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
20:34:17.0041 4832 SeaPort - ok
20:34:17.0072 4832 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
20:34:17.0072 4832 secdrv - ok
20:34:17.0103 4832 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
20:34:17.0103 4832 seclogon - ok
20:34:17.0134 4832 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
20:34:17.0134 4832 SENS - ok
20:34:17.0165 4832 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
20:34:17.0165 4832 SensrSvc - ok
20:34:17.0212 4832 [ 749502A6C51116A6229CF7536181907F ] Ser2pl C:\windows\system32\DRIVERS\ser2pl64.sys
20:34:17.0212 4832 Ser2pl - ok
20:34:17.0243 4832 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
20:34:17.0243 4832 Serenum - ok
20:34:17.0275 4832 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
20:34:17.0275 4832 Serial - ok
20:34:17.0306 4832 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
20:34:17.0306 4832 sermouse - ok
20:34:17.0368 4832 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
20:34:17.0368 4832 SessionEnv - ok
20:34:17.0399 4832 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
20:34:17.0399 4832 sffdisk - ok
20:34:17.0415 4832 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
20:34:17.0415 4832 sffp_mmc - ok
20:34:17.0431 4832 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
20:34:17.0431 4832 sffp_sd - ok
20:34:17.0462 4832 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
20:34:17.0462 4832 sfloppy - ok
20:34:17.0587 4832 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
20:34:17.0587 4832 SharedAccess - ok
20:34:17.0633 4832 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
20:34:17.0633 4832 ShellHWDetection - ok
20:34:17.0665 4832 [ 7799106FEE728B907A86D9C9751E02D5 ] silabenm C:\windows\system32\DRIVERS\silabenm.sys
20:34:17.0665 4832 silabenm - ok
20:34:17.0711 4832 [ DB394FDAA383D05538C02A7299EB0FF9 ] silabser C:\windows\system32\DRIVERS\silabser.sys
20:34:17.0711 4832 silabser - ok
20:34:17.0789 4832 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
20:34:17.0789 4832 SiSRaid2 - ok
20:34:17.0821 4832 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
20:34:17.0821 4832 SiSRaid4 - ok
20:34:17.0852 4832 [ 8B603F150942992F2E6792E507B4C67F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:34:17.0852 4832 SkypeUpdate - ok
20:34:17.0883 4832 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
20:34:17.0899 4832 Smb - ok
20:34:17.0961 4832 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
20:34:17.0961 4832 SNMPTRAP - ok
20:34:17.0992 4832 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
20:34:18.0008 4832 spldr - ok
20:34:18.0039 4832 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\windows\System32\spoolsv.exe
20:34:18.0039 4832 Spooler - ok
20:34:18.0117 4832 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
20:34:18.0164 4832 sppsvc - ok
20:34:18.0195 4832 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
20:34:18.0195 4832 sppuinotify - ok
20:34:18.0226 4832 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
20:34:18.0226 4832 srv - ok
20:34:18.0257 4832 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
20:34:18.0273 4832 srv2 - ok
20:34:18.0289 4832 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
20:34:18.0289 4832 srvnet - ok
20:34:18.0335 4832 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\windows\system32\DRIVERS\ssadbus.sys
20:34:18.0335 4832 ssadbus - ok
20:34:18.0382 4832 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\windows\system32\DRIVERS\ssadmdfl.sys
20:34:18.0382 4832 ssadmdfl - ok
20:34:18.0413 4832 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\windows\system32\DRIVERS\ssadmdm.sys
20:34:18.0413 4832 ssadmdm - ok
20:34:18.0476 4832 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
20:34:18.0476 4832 SSDPSRV - ok
20:34:18.0523 4832 [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT C:\windows\system32\Drivers\SSPORT.sys
20:34:18.0523 4832 SSPORT - ok
20:34:18.0554 4832 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
20:34:18.0569 4832 SstpSvc - ok
20:34:18.0601 4832 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
20:34:18.0601 4832 stexstor - ok
20:34:18.0647 4832 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
20:34:18.0663 4832 stisvc - ok
20:34:18.0679 4832 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
20:34:18.0679 4832 swenum - ok
20:34:18.0725 4832 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
20:34:18.0725 4832 swprv - ok
20:34:18.0772 4832 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
20:34:18.0819 4832 SysMain - ok
20:34:18.0850 4832 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
20:34:18.0850 4832 TabletInputService - ok
20:34:18.0881 4832 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
20:34:18.0881 4832 TapiSrv - ok
20:34:18.0913 4832 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
20:34:18.0928 4832 TBS - ok
20:34:18.0991 4832 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys
20:34:19.0022 4832 Tcpip - ok
20:34:19.0053 4832 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
20:34:19.0069 4832 TCPIP6 - ok
20:34:19.0131 4832 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
20:34:19.0131 4832 tcpipreg - ok
20:34:19.0162 4832 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
20:34:19.0162 4832 TDPIPE - ok
20:34:19.0209 4832 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
20:34:19.0209 4832 TDTCP - ok
20:34:19.0250 4832 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
20:34:19.0260 4832 tdx - ok
20:34:19.0280 4832 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
20:34:19.0280 4832 TermDD - ok
20:34:19.0320 4832 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
20:34:19.0320 4832 TermService - ok
20:34:19.0350 4832 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
20:34:19.0350 4832 Themes - ok
20:34:19.0380 4832 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
20:34:19.0390 4832 THREADORDER - ok
20:34:19.0420 4832 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
20:34:19.0420 4832 TrkWks - ok
20:34:19.0490 4832 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
20:34:19.0490 4832 TrustedInstaller - ok
20:34:19.0520 4832 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
20:34:19.0520 4832 tssecsrv - ok
20:34:19.0550 4832 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
20:34:19.0550 4832 TsUsbFlt - ok
20:34:19.0570 4832 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
20:34:19.0570 4832 TsUsbGD - ok
20:34:19.0590 4832 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
20:34:19.0600 4832 tunnel - ok
20:34:19.0640 4832 [ 48743B69EA47C020A792D8649F753F44 ] TurboB C:\windows\system32\DRIVERS\TurboB.sys
20:34:19.0640 4832 TurboB - ok
20:34:19.0690 4832 [ 759F59E3EA3802FF23F93DCDB6FE9171 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
20:34:19.0690 4832 TurboBoost - ok
20:34:19.0720 4832 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
20:34:19.0720 4832 uagp35 - ok
20:34:19.0760 4832 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
20:34:19.0770 4832 udfs - ok
20:34:19.0820 4832 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
20:34:19.0820 4832 UI0Detect - ok
20:34:19.0850 4832 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
20:34:19.0850 4832 uliagpkx - ok
20:34:19.0870 4832 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
20:34:19.0870 4832 umbus - ok
20:34:19.0890 4832 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
20:34:19.0890 4832 UmPass - ok
20:34:19.0990 4832 [ FC43877B4625F6EB773C98233EB625C5 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:34:20.0040 4832 UNS - ok
20:34:20.0090 4832 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
20:34:20.0090 4832 upnphost - ok
20:34:20.0130 4832 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
20:34:20.0130 4832 usbccgp - ok
20:34:20.0150 4832 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
20:34:20.0150 4832 usbcir - ok
20:34:20.0200 4832 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
20:34:20.0200 4832 usbehci - ok
20:34:20.0220 4832 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\drivers\usbhub.sys
20:34:20.0220 4832 usbhub - ok
20:34:20.0250 4832 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
20:34:20.0250 4832 usbohci - ok
20:34:20.0280 4832 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
20:34:20.0280 4832 usbprint - ok
20:34:20.0350 4832 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\windows\system32\DRIVERS\usbser.sys
20:34:20.0360 4832 usbser - ok
20:34:20.0380 4832 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
20:34:20.0390 4832 USBSTOR - ok
20:34:20.0410 4832 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
20:34:20.0410 4832 usbuhci - ok
20:34:20.0450 4832 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
20:34:20.0450 4832 usbvideo - ok
20:34:20.0490 4832 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\windows\system32\DRIVERS\usb8023x.sys
20:34:20.0490 4832 usb_rndisx - ok
20:34:20.0540 4832 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
20:34:20.0550 4832 UxSms - ok
20:34:20.0580 4832 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
20:34:20.0580 4832 VaultSvc - ok
20:34:20.0610 4832 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
20:34:20.0610 4832 vdrvroot - ok
20:34:20.0640 4832 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
20:34:20.0640 4832 vds - ok
20:34:20.0660 4832 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
20:34:20.0660 4832 vga - ok
20:34:20.0700 4832 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
20:34:20.0700 4832 Suspicious file (NoAccess): C:\windows\System32\drivers\vga.sys. md5: 53E92A310193CB3C03BEA963DE7D9CFC
20:34:20.0710 4832 VgaSave ( LockedFile.Multi.Generic ) - warning
20:34:20.0710 4832 VgaSave - detected LockedFile.Multi.Generic (1)
20:34:20.0730 4832 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
20:34:20.0730 4832 Suspicious file (NoAccess): C:\windows\system32\drivers\vhdmp.sys. md5: 2CE2DF28C83AEAF30084E1B1EB253CBB
20:34:20.0740 4832 vhdmp ( LockedFile.Multi.Generic ) - warning
20:34:20.0740 4832 vhdmp - detected LockedFile.Multi.Generic (1)
20:34:20.0760 4832 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
20:34:20.0760 4832 Suspicious file (NoAccess): C:\windows\system32\drivers\viaide.sys. md5: E5689D93FFE4E5D66C0178761240DD54
20:34:20.0770 4832 viaide ( LockedFile.Multi.Generic ) - warning
20:34:20.0770 4832 viaide - detected LockedFile.Multi.Generic (1)
20:34:20.0790 4832 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
20:34:20.0790 4832 Suspicious file (NoAccess): C:\windows\system32\drivers\volmgr.sys. md5: D2AAFD421940F640B407AEFAAEBD91B0
20:34:20.0800 4832 volmgr ( LockedFile.Multi.Generic ) - warning
20:34:20.0800 4832 volmgr - detected LockedFile.Multi.Generic (1)
20:34:20.0830 4832 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
20:34:20.0830 4832 Suspicious file (NoAccess): C:\windows\system32\drivers\volmgrx.sys. md5: A255814907C89BE58B79EF2F189B843B
20:34:20.0840 4832 volmgrx ( LockedFile.Multi.Generic ) - warning
20:34:20.0840 4832 volmgrx - detected LockedFile.Multi.Generic (1)
20:34:20.0860 4832 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
20:34:20.0860 4832 Suspicious file (NoAccess): C:\windows\system32\drivers\volsnap.sys. md5: 0D08D2F3B3FF84E433346669B5E0F639
20:34:20.0870 4832 volsnap ( LockedFile.Multi.Generic ) - warning
20:34:20.0870 4832 volsnap - detected LockedFile.Multi.Generic (1)
20:34:20.0890 4832 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
20:34:20.0890 4832 Suspicious file (NoAccess): C:\windows\system32\drivers\vsmraid.sys. md5: 5E2016EA6EBACA03C04FEAC5F330D997
20:34:20.0900 4832 vsmraid ( LockedFile.Multi.Generic ) - warning
20:34:20.0900 4832 vsmraid - detected LockedFile.Multi.Generic (1)
20:34:20.0940 4832 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
20:34:20.0950 4832 VSS - ok
20:34:20.0970 4832 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
20:34:20.0970 4832 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\vwifibus.sys. md5: 36D4720B72B5C5D9CB2B9C29E9DF67A1
20:34:20.0980 4832 vwifibus ( LockedFile.Multi.Generic ) - warning
20:34:20.0980 4832 vwifibus - detected LockedFile.Multi.Generic (1)
20:34:21.0000 4832 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
20:34:21.0000 4832 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\vwififlt.sys. md5: 6A3D66263414FF0D6FA754C646612F3F
20:34:21.0010 4832 vwififlt ( LockedFile.Multi.Generic ) - warning
20:34:21.0010 4832 vwififlt - detected LockedFile.Multi.Generic (1)
20:34:21.0050 4832 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
20:34:21.0050 4832 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\vwifimp.sys. md5: 6A638FC4BFDDC4D9B186C28C91BD1A01
20:34:21.0050 4832 vwifimp ( LockedFile.Multi.Generic ) - warning
20:34:21.0050 4832 vwifimp - detected LockedFile.Multi.Generic (1)
20:34:21.0090 4832 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
20:34:21.0100 4832 W32Time - ok
20:34:21.0130 4832 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
20:34:21.0130 4832 Suspicious file (NoAccess): C:\windows\system32\drivers\wacompen.sys. md5: 4E9440F4F152A7B944CB1663D3935A3E
20:34:21.0140 4832 WacomPen ( LockedFile.Multi.Generic ) - warning
20:34:21.0140 4832 WacomPen - detected LockedFile.Multi.Generic (1)
20:34:21.0160 4832 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
20:34:21.0160 4832 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C
20:34:21.0180 4832 WANARP ( LockedFile.Multi.Generic ) - warning
20:34:21.0180 4832 WANARP - detected LockedFile.Multi.Generic (1)
20:34:21.0190 4832 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
20:34:21.0190 4832 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C
20:34:21.0200 4832 Wanarpv6 ( LockedFile.Multi.Generic ) - warning
20:34:21.0200 4832 Wanarpv6 - detected LockedFile.Multi.Generic (1)
20:34:21.0250 4832 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
20:34:21.0270 4832 WatAdminSvc - ok
20:34:21.0317 4832 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
20:34:21.0333 4832 wbengine - ok
20:34:21.0380 4832 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
20:34:21.0380 4832 WbioSrvc - ok
20:34:21.0426 4832 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\windows\WindowsMobile\wcescomm.dll
20:34:21.0426 4832 WcesComm - ok
20:34:21.0458 4832 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
20:34:21.0473 4832 wcncsvc - ok
20:34:21.0489 4832 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
20:34:21.0504 4832 WcsPlugInService - ok
20:34:21.0520 4832 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
20:34:21.0520 4832 Suspicious file (NoAccess): C:\windows\system32\drivers\wd.sys. md5: 72889E16FF12BA0F235467D6091B17DC
20:34:21.0520 4832 Wd ( LockedFile.Multi.Generic ) - warning
20:34:21.0520 4832 Wd - detected LockedFile.Multi.Generic (1)
20:34:21.0567 4832 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
20:34:21.0567 4832 Suspicious file (NoAccess): C:\windows\system32\drivers\Wdf01000.sys. md5: 441BD2D7B4F98134C3A4F9FA570FD250
20:34:21.0582 4832 Wdf01000 ( LockedFile.Multi.Generic ) - warning
20:34:21.0582 4832 Wdf01000 - detected LockedFile.Multi.Generic (1)
20:34:21.0629 4832 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
20:34:21.0629 4832 WdiServiceHost - ok
20:34:21.0660 4832 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
20:34:21.0660 4832 WdiSystemHost - ok
20:34:21.0692 4832 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
20:34:21.0692 4832 WebClient - ok
20:34:21.0723 4832 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
20:34:21.0723 4832 Wecsvc - ok
20:34:21.0754 4832 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
20:34:21.0754 4832 wercplsupport - ok
20:34:21.0785 4832 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
20:34:21.0785 4832 WerSvc - ok
20:34:21.0816 4832 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
20:34:21.0816 4832 Suspicious file (NoAccess): C:\windows\system32\DRIVERS\wfplwf.sys. md5: 611B23304BF067451A9FDEE01FBDD725
20:34:21.0832 4832 WfpLwf ( LockedFile.Multi.Generic ) - warning
20:34:21.0832 4832 WfpLwf - detected LockedFile.Multi.Generic (1)
20:34:21.0848 4832 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
20:34:21.0848 4832 Suspicious file (NoAccess): C:\windows\system32\drivers\wimmount.sys. md5: 05ECAEC3E4529A7153B3136CEB49F0EC
20:34:21.0863 4832 WIMMount ( LockedFile.Multi.Generic ) - warning
20:34:21.0863 4832 WIMMount - detected LockedFile.Multi.Generic (1)
20:34:21.0894 4832 WinDefend - ok
20:34:21.0972 4832 [ 160BF82F830C05D29EE830D1E526F551 ] Windows7FirewallService C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
20:34:21.0972 4832 Windows7FirewallService - ok
20:34:22.0004 4832 WinHttpAutoProxySvc - ok
20:34:22.0050 4832 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
20:34:22.0050 4832 Winmgmt - ok
20:34:22.0113 4832 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
20:34:22.0160 4832 WinRM - ok
20:34:22.0222 4832 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
20:34:22.0222 4832 WinUsb - ok
20:34:22.0284 4832 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
20:34:22.0284 4832 Wlansvc - ok
20:34:22.0331 4832 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:34:22.0331 4832 wlcrasvc - ok
20:34:22.0440 4832 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:34:22.0472 4832 wlidsvc - ok
20:34:22.0487 4832 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
20:34:22.0503 4832 WmiAcpi - ok
20:34:22.0550 4832 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
20:34:22.0550 4832 wmiApSrv - ok
20:34:22.0581 4832 WMPNetworkSvc - ok
20:34:22.0628 4832 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
20:34:22.0628 4832 WPCSvc - ok
20:34:22.0659 4832 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
20:34:22.0659 4832 WPDBusEnum - ok
20:34:22.0690 4832 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
20:34:22.0690 4832 ws2ifsl - ok
20:34:22.0768 4832 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
20:34:22.0768 4832 wscsvc - ok
20:34:22.0784 4832 WSearch - ok
20:34:22.0877 4832 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
20:34:22.0893 4832 wuauserv - ok
20:34:22.0924 4832 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
20:34:22.0924 4832 WudfPf - ok
20:34:22.0955 4832 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
20:34:22.0955 4832 WUDFRd - ok
20:34:22.0986 4832 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
20:34:22.0986 4832 wudfsvc - ok
20:34:23.0018 4832 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
20:34:23.0033 4832 WwanSvc - ok
20:34:23.0127 4832 ================ Scan global ===============================
20:34:23.0158 4832 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
20:34:23.0174 4832 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
20:34:23.0189 4832 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
20:34:23.0189 4832 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
20:34:23.0220 4832 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
20:34:23.0220 4832 [Global] - ok
20:34:23.0220 4832 ================ Scan MBR ==================================
20:34:23.0236 4832 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:34:23.0439 4832 \Device\Harddisk0\DR0 - ok
20:34:23.0439 4832 ================ Scan VBR ==================================
20:34:23.0454 4832 [ C01338039CC2B2F892C436E5F561F235 ] \Device\Harddisk0\DR0\Partition1
20:34:23.0470 4832 \Device\Harddisk0\DR0\Partition1 - ok
20:34:23.0486 4832 [ 9A0193BA4F9B4CE2104716CB9B0D57D1 ] \Device\Harddisk0\DR0\Partition2
20:34:23.0486 4832 \Device\Harddisk0\DR0\Partition2 - ok
20:34:23.0486 4832 ============================================================
20:34:23.0486 4832 Scan finished
20:34:23.0486 4832 ============================================================
20:34:23.0501 1688 Detected object count: 18
20:34:23.0501 1688 Actual detected object count: 18
20:36:41.0122 1688 C:\windows\System32\Drivers\6578c011bfd996d7.sys - copied to quarantine
20:36:41.0153 1688 HKLM\SYSTEM\ControlSet001\services\6578c011bfd996d7 - will be deleted on reboot
20:36:41.0200 1688 HKLM\SYSTEM\ControlSet002\services\6578c011bfd996d7 - will be deleted on reboot
20:36:41.0621 1688 C:\windows\System32\Drivers\6578c011bfd996d7.sys - will be deleted on reboot
20:36:41.0621 1688 6578c011bfd996d7 ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
20:36:41.0621 1688 VgaSave ( LockedFile.Multi.Generic ) - skipped by user
20:36:41.0621 1688 VgaSave ( LockedFile.Multi.Generic ) - User select action: Skip
20:36:41.0621 1688 vhdmp ( LockedFile.Multi.Generic ) - skipped by user
20:36:41.0621 1688 vhdmp ( LockedFile.Multi.Generic ) - User select action: Skip
20:36:41.0621 1688 viaide ( LockedFile.Multi.Generic ) - skipped by user
20:36:41.0621 1688 viaide ( LockedFile.Multi.Generic ) - User select action: Skip
20:36:41.0621 1688 volmgr ( LockedFile.Multi.Generic ) - skipped by user
20:36:41.0621 1688 volmgr ( LockedFile.Multi.Generic ) - User select action: Skip
20:36:41.0621 1688 volmgrx ( LockedFile.Multi.Generic ) - skipped by user
20:36:41.0621 1688 volmgrx ( LockedFile.Multi.Generic ) - User select action: Skip
20:36:41.0621 1688 volsnap ( LockedFile.Multi.Generic ) - skipped by user
20:36:41.0621 1688 volsnap ( LockedFile.Multi.Generic ) - User select action: Skip
20:36:41.0621 1688 vsmraid ( LockedFile.Multi.Generic ) - skipped by user
20:36:41.0621 1688 vsmraid ( LockedFile.Multi.Generic ) - User select action: Skip
20:36:41.0621 1688 vwifibus ( LockedFile.Multi.Generic ) - skipped by user
20:36:41.0621 1688 vwifibus ( LockedFile.Multi.Generic ) - User select action: Skip
20:36:41.0621 1688 vwififlt ( LockedFile.Multi.Generic ) - skipped by user
20:36:41.0621 1688 vwififlt ( LockedFile.Multi.Generic ) - User select action: Skip
20:36:41.0621 1688 vwifimp ( LockedFile.Multi.Generic ) - skipped by user
20:36:41.0621 1688 vwifimp ( LockedFile.Multi.Generic ) - User select action: Skip
20:36:41.0621 1688 WacomPen ( LockedFile.Multi.Generic ) - skipped by user
20:36:41.0621 1688 WacomPen ( LockedFile.Multi.Generic ) - User select action: Skip
20:36:41.0621 1688 WANARP ( LockedFile.Multi.Generic ) - skipped by user
20:36:41.0621 1688 WANARP ( LockedFile.Multi.Generic ) - User select action: Skip
20:36:41.0621 1688 Wanarpv6 ( LockedFile.Multi.Generic ) - skipped by user
20:36:41.0621 1688 Wanarpv6 ( LockedFile.Multi.Generic ) - User select action: Skip
20:36:41.0621 1688 Wd ( LockedFile.Multi.Generic ) - skipped by user
20:36:41.0621 1688 Wd ( LockedFile.Multi.Generic ) - User select action: Skip
20:36:41.0621 1688 Wdf01000 ( LockedFile.Multi.Generic ) - skipped by user
20:36:41.0636 1688 Wdf01000 ( LockedFile.Multi.Generic ) - User select action: Skip
20:36:41.0636 1688 WfpLwf ( LockedFile.Multi.Generic ) - skipped by user
20:36:41.0636 1688 WfpLwf ( LockedFile.Multi.Generic ) - User select action: Skip
20:36:41.0636 1688 WIMMount ( LockedFile.Multi.Generic ) - skipped by user
20:36:41.0636 1688 WIMMount ( LockedFile.Multi.Generic ) - User select action: Skip
20:37:00.0467 5456 Deinitialize success

VIRY.CZ

Skype virus - sakalino

Re: Skype virus - sakalino

Re: Skype virus - sakalino

Re: Skype virus - sakalino

Re: Skype virus - sakalino

Re: Skype virus - sakalino

Re: Skype virus - sakalino

Re: Skype virus - sakalino

Re: Skype virus - sakalino

Re: Skype virus - sakalino

Re: Skype virus - sakalino

Re: Skype virus - sakalino

Re: Skype virus - sakalino

Re: Skype virus - sakalino

Re: Skype virus - sakalino

Re: Skype virus - sakalino