VIRY.CZ

Ccleaner nám registry nevyčistil

vyosek píše: Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/

• Ulozte nejlepe na Plochu a rozbalte
• Spustte kliknutim na mbar
• Nyni postupne kliknete na Next a Update
• Po dokonceni update (aktualizace) databaze kliknete opet na Next
• Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
• Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
• Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
• Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
• PC bude restartovan
• Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte

smaž ručně v C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění
gauswqussd.vbs
knphxyhaar.vbs
nzfqtgxiuu.vbs
rswfguhvuz.vbs
tmp62.tmp.vbs
tmp67.tmp.vbs
tmp68.tmp.vbs
tmp6E.tmp.vbs
tmp6F.tmp.vbs
tmpAD.tmp.vbs
wyfhxjicra.vbs
xaioytkasp.vbs
xjvlxdcaay.vbs

pak restart a znovu RSIT

Hmm, Malwarebytes Anti-Rootkit nic nenašel, píše, že PC je čisté. Ručné mi ty soubory smazat nejdou, respective okamžitě jakmile je smažu, tak se objeví obratem znovu. Pustil jsem ještě jednou ten Malwarebytes Anti-Rootkit a uvidím, pak hodím i log RSIT. Asi tam ještě něco někde je.

Takže ani na podruhé nic - Scan Finished: No malware found!
Ty soubory smazat nejdou, pořád se znovu generují.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2014-02-13 17:29:53
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 55 GB (55%) free of 100 GB
Total RAM: 2046 MB (55% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll [2013-09-06 95648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-04-01 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-04-01 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-04-01 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"=C:\WINDOWS\JM\JMInsIDE.exe [2006-10-31 36864]
"36X Raid Configurer"=C:\WINDOWS\system32\JMRaidSetup.exe [2006-11-17 1953792]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-07-27 98304]
"tmp67"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp67.tmp.vbs []
"rswfguhvuz"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rswfguhvuz.vbs []
"knphxyhaar"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\knphxyhaar.vbs []
"xjvlxdcaay"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xjvlxdcaay.vbs []
"xaioytkasp"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xaioytkasp.vbs []
"tmp6E"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp6E.tmp.vbs []
"tmp62"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp62.tmp.vbs []
"tmp68"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp68.tmp.vbs []
"tmp6F"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp6F.tmp.vbs []
"gauswqussd"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gauswqussd.vbs []
"nzfqtgxiuu"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nzfqtgxiuu.vbs []
"tmpAD"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpAD.tmp.vbs []
"wyfhxjicra"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wyfhxjicra.vbs []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-17 490952]
"Steam"=C:\Program Files\Steam\Steam.exe [2014-01-27 1815976]
"Pando Media Booster"=C:\Program Files\Pando Networks\Media Booster\PMB.exe [2013-03-14 3093624]
"RGSC"=E:\Games\GTA_IV\Rockstar Games Social Club\RGSCLauncher.exe [2008-11-14 305064]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"tmp67"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp67.tmp.vbs []
"rswfguhvuz"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rswfguhvuz.vbs []
"knphxyhaar"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\knphxyhaar.vbs []
"xjvlxdcaay"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xjvlxdcaay.vbs []
"xaioytkasp"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\xaioytkasp.vbs []
"tmp6E"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp6E.tmp.vbs []
"tmp62"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp62.tmp.vbs []
"tmp68"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp68.tmp.vbs []
"tmp6F"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp6F.tmp.vbs []
"gauswqussd"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\gauswqussd.vbs []
"nzfqtgxiuu"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nzfqtgxiuu.vbs []
"tmpAD"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmpAD.tmp.vbs []
"wyfhxjicra"=wscript.exe //B C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wyfhxjicra.vbs []

C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění
gauswqussd.vbs
knphxyhaar.vbs
nzfqtgxiuu.vbs
rswfguhvuz.vbs
tmp62.tmp.vbs
tmp67.tmp.vbs
tmp68.tmp.vbs
tmp6E.tmp.vbs
tmp6F.tmp.vbs
tmpAD.tmp.vbs
wyfhxjicra.vbs
xaioytkasp.vbs
xjvlxdcaay.vbs

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2012-07-28 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-17 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveTrack"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"E:\Games\CoD_4\iw3mp.exe"="E:\Games\CoD_4\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"E:\Games\AoE_III\age3x.exe"="E:\Games\AoE_III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"
"E:\Games\AoE_III\age3y.exe"="E:\Games\AoE_III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties"
"E:\Games\Supreme_commander\Supreme Commander\bin\SupremeCommander.exe"="E:\Games\Supreme_commander\Supreme Commander\bin\SupremeCommander.exe:*:Enabled:Supreme Commander"
"E:\Games\Empire_Earth_III\EE3.exe"="E:\Games\Empire_Earth_III\EE3.exe:*:Enabled:Empire Earth III"
"E:\Games\Zoo_tycoon_2\zt.exe"="E:\Games\Zoo_tycoon_2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"E:\Games\Mass Effect\Binaries\MassEffect.exe"="E:\Games\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game"
"E:\Games\Mass Effect\MassEffectLauncher.exe"="E:\Games\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"E:\Games\CoD_5\CoDWaWmp.exe"="E:\Games\CoD_5\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"E:\Games\CoD_5\CoDWaW.exe"="E:\Games\CoD_5\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"E:\Games\Settlers_6\base\bin\Settlers6.exe"="E:\Games\Settlers_6\base\bin\Settlers6.exe:*:Enabled:THE SETTLERS - Rise of an Empire"
"E:\Games\Settlers_6\extra1\bin\Settlers6.exe"="E:\Games\Settlers_6\extra1\bin\Settlers6.exe:*:Enabled:THE SETTLERS - Rise of an Empire - The Eastern Realm"
"E:\Games\Dungeon_Siege_II\DungeonSiege2.exe"="E:\Games\Dungeon_Siege_II\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable"
"C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe"="C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe:*:Enabled:CyberLink PowerCinema NE for Everio"
"C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"="C:\Program Files\CyberLink\PCM4Everio\EverioService.exe:*:Enabled:CyberLink PowerCinema NE for Everio Resident Program"
"C:\Program Files\CyberLink\PowerDirector Express\PDX.exe"="C:\Program Files\CyberLink\PowerDirector Express\PDX.exe:*:Enabled:CyberLink PowerDirector Express"
"E:\Games\Settlers_7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe"="E:\Games\Settlers_7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe:*:Enabled:The Settlers 7 - Paths to a Kingdom"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"E:\Games\MoH_Airborne\UnrealEngine3\Binaries\MOHA.exe"="E:\Games\MoH_Airborne\UnrealEngine3\Binaries\MOHA.exe:*:Enabled:Medal of Honor Airborne"
"E:\Games\Zatazeno_obcas_trakare\Zataženo, občas trakaře\JadeEngine_Final.exe"="E:\Games\Zatazeno_obcas_trakare\Zataženo, občas trakaře\JadeEngine_Final.exe:*:Enabled:Zataženo, občas trakaře"
"E:\Games\Borderlands 2\Binaries\Win32\Borderlands2.exe"="E:\Games\Borderlands 2\Binaries\Win32\Borderlands2.exe:*:Enabled:Borderlands 2"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"E:\Games\World_of_Tanks\WorldOfTanks.exe"="E:\Games\World_of_Tanks\WorldOfTanks.exe:*:Enabled:World of Tanks"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"E:\Games\Crysis\Bin32\Crysis.exe"="E:\Games\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"E:\Games\Crysis\Bin32\CrysisDedicatedServer.exe"="E:\Games\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"E:\Games\Avatar\bin\Avatar.exe"="E:\Games\Avatar\bin\Avatar.exe:*:Enabled:James Cameron's AVATAR(tm): THE GAME"
"E:\Games\Avatar\bin\AvatarLauncher.exe"="E:\Games\Avatar\bin\AvatarLauncher.exe:*:Enabled:Updater"
"E:\Games\GTA_IV\Rockstar Games Social Club\RGSCLauncher.exe"="E:\Games\GTA_IV\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"D:\LOTR_II\game.dat"="D:\LOTR_II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II"
"E:\Games\Mass Effect 2\Binaries\MassEffect2.exe"="E:\Games\Mass Effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 Hra"
"E:\Games\Mass Effect 2\MassEffect2Launcher.exe"="E:\Games\Mass Effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Spustit"
"E:\Games\TmNationsForever\TmForever.exe"="E:\Games\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"D:\SteamLibrary\SteamApps\common\CookServeDelicious\CSDSteamBuild.exe"="D:\SteamLibrary\SteamApps\common\CookServeDelicious\CSDSteamBuild.exe:*:Enabled:Cook, Serve, Delicious!"
"E:\Games\World_of_Tanks\WOTLauncher.exe"="E:\Games\World_of_Tanks\WOTLauncher.exe:*:Enabled:World of Tanks Launcher"
"C:\Program Files\Techland\Call of Juarez\CoJ.exe"="C:\Program Files\Techland\Call of Juarez\CoJ.exe:*:Enabled:The Call of Juarez"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

======File associations======

.scr - open - C:\WINDOWS\NOTEPAD.EXE "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2014-02-13 17:04:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-02-13 17:04:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)
2014-02-13 15:51:43 ----SHD---- C:\RECYCLER
2014-02-11 18:24:33 ----A---- C:\ComboFix.txt
2014-01-18 19:25:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\TrackMania

======List of files/folders modified in the last 1 months======

2014-02-13 17:29:54 ----D---- C:\Program Files\trend micro
2014-02-13 17:23:22 ----D---- C:\WINDOWS
2014-02-13 17:04:00 ----D---- C:\WINDOWS\system32\drivers
2014-02-13 16:54:36 ----D---- C:\Program Files\Steam
2014-02-13 16:54:32 ----D---- C:\WINDOWS\Logs
2014-02-13 16:54:00 ----D---- C:\Program Files\CCleaner
2014-02-13 16:51:56 ----D---- C:\WINDOWS\system32
2014-02-13 16:11:43 ----D---- C:\WINDOWS\system32\CatRoot2
2014-02-13 16:09:46 ----D---- C:\WINDOWS\temp
2014-02-13 15:52:01 ----SD---- C:\WINDOWS\Tasks
2014-02-13 15:51:57 ----D---- C:\WINDOWS\system32\DirectX
2014-02-13 15:51:52 ----SHD---- C:\WINDOWS\CSC
2014-02-11 19:15:17 ----D---- C:\WINDOWS\Prefetch
2014-02-11 18:24:35 ----D---- C:\Qoobox
2014-02-11 18:22:58 ----A---- C:\WINDOWS\system.ini
2014-02-11 18:22:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-02-11 18:21:36 ----D---- C:\WINDOWS\AppPatch
2014-02-11 18:21:36 ----D---- C:\Program Files\Common Files
2014-02-11 17:23:44 ----SHD---- C:\System Volume Information
2014-02-11 17:23:19 ----HD---- C:\WINDOWS\inf
2014-02-11 15:25:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2014-02-11 15:13:35 ----D---- C:\Program Files\TornTV.com
2014-02-11 15:12:54 ----RD---- C:\Program Files
2014-02-11 15:12:27 ----D---- C:\WINDOWS\pss
2014-02-11 15:04:29 ----D---- C:\WINDOWS\Minidump
2014-02-08 14:39:27 ----SHD---- C:\WINDOWS\Installer
2014-01-18 19:24:00 ----RSD---- C:\WINDOWS\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-09-04 21035]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-04-05 281760]
R2 EAPPkt;Realtek EAPPkt Protocol; C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2006-11-15 38144]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-04-05 25888]
R3 AR9271;Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athuw.sys [2011-07-28 1763584]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2012-07-28 6646784]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-11-01 4620288]
R3 mbamchameleon;mbamchameleon; \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys []
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-09-26 47360]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-11-22 250496]
S2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
S3 a2rq16ao;a2rq16ao; C:\WINDOWS\system32\drivers\a2rq16ao.sys []
S3 adusbmdm6501;AnyDATA CDMA USB Modem Driver (PID 6501); C:\WINDOWS\system32\DRIVERS\adusbmdm65.sys [2005-05-02 64896]
S3 adusbser6501;AnyDATA CDMA USB Serial Port (PID 6501); C:\WINDOWS\system32\DRIVERS\adusbser65.sys [2005-05-02 64896]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 C-Dilla;C-Dilla; \??\C:\WINDOWS\system32\drivers\CDANT.SYS []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Everest Ultimate WAR\kerneld.wnt []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2006-10-13 163584]
S3 rtl8185;Realtek RTL8185 54M Wireless LAN Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\rtl8185.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2012-07-28 643072]
R2 C-DillaSrv;C-DillaSrv; C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE [2008-03-17 46080]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-04-01 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2013-03-19 66872]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-12-19 272024]
R2 Update SecretSauce;Update SecretSauce; C:\Program Files\SecretSauce\updateSecretSauce.exe [2014-02-13 80672]
R2 Util SecretSauce;Util SecretSauce; C:\Program Files\SecretSauce\bin\utilSecretSauce.exe [2014-02-13 80672]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-09 136176]
S2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-26 251248]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 DfSdkS;Defragmentation-Service; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe [2009-08-24 406016]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-10 654848]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-09 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-09-06 235216]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2011-03-16 407336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

Stáhni TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe . Pak použij tento návod od kolegy:

Utilitu spustte a prikazte ji, at skenuje - klik na Start Scan
Pokud utilita najde infikekci, bude ji chtit uložit do karantény (Quarantine), povolte leceni kliknutim na Continue
Pokud utilita najde podezrely soubor (suspicious), bude jej chtit preskocit (Skip), povolte preskoceni kliknutim na Continue
Po dokonceni skenu bude mozna nutny restart PC, povolte jej kliknutim na Reboot now
Po restartu na Vas vyskoci log, pokud se tak nestane, najdete jej primo na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt - jeho obsah sem vlozte
Pokud restart nebude vyzadovan, kliknete na Close a nasledne na Report - vytvori se log - jeho obsah sem vlozte

17:49:09.0234 0x1758 TDSS rootkit removing tool 3.0.0.23 Feb 10 2014 23:32:41
17:49:13.0062 0x1758 ============================================================
17:49:13.0062 0x1758 Current date / time: 2014/02/13 17:49:13.0062
17:49:13.0062 0x1758 SystemInfo:
17:49:13.0062 0x1758
17:49:13.0062 0x1758 OS Version: 5.1.2600 ServicePack: 2.0
17:49:13.0062 0x1758 Product type: Workstation
17:49:13.0062 0x1758 ComputerName: KEIJEI
17:49:13.0062 0x1758 UserName: Administrator
17:49:13.0062 0x1758 Windows directory: C:\WINDOWS
17:49:13.0062 0x1758 System windows directory: C:\WINDOWS
17:49:13.0062 0x1758 Processor architecture: Intel x86
17:49:13.0062 0x1758 Number of processors: 2
17:49:13.0062 0x1758 Page size: 0x1000
17:49:13.0062 0x1758 Boot type: Normal boot
17:49:13.0062 0x1758 ============================================================
17:49:14.0734 0x1758 KLMD registered as C:\WINDOWS\system32\drivers\36759957.sys
17:49:14.0781 0x1758 System UUID: {7B1FDFF4-FF2D-B457-625C-5ED13AA2CD8F}
17:49:15.0125 0x1758 Drive \Device\Harddisk0\DR0 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:49:15.0140 0x1758 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:49:15.0140 0x1758 ============================================================
17:49:15.0140 0x1758 \Device\Harddisk0\DR0:
17:49:15.0140 0x1758 MBR partitions:
17:49:15.0140 0x1758 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
17:49:15.0140 0x1758 \Device\Harddisk1\DR1:
17:49:15.0140 0x1758 MBR partitions:
17:49:15.0140 0x1758 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D
17:49:15.0156 0x1758 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xC34F30B, BlocksNum 0x190DA4F5
17:49:15.0156 0x1758 ============================================================
17:49:15.0187 0x1758 C: <-> \Device\Harddisk1\DR1\Partition1
17:49:15.0203 0x1758 D: <-> \Device\Harddisk1\DR1\Partition2
17:49:15.0218 0x1758 E: <-> \Device\Harddisk0\DR0\Partition1
17:49:15.0218 0x1758 ============================================================
17:49:15.0218 0x1758 Initialize success
17:49:15.0218 0x1758 ============================================================
17:49:23.0515 0x13e4 ============================================================
17:49:23.0515 0x13e4 Scan started
17:49:23.0515 0x13e4 Mode: Manual;
17:49:23.0515 0x13e4 ============================================================
17:49:23.0515 0x13e4 KSN ping started
17:49:36.0906 0x13e4 KSN ping finished: true
17:49:37.0156 0x13e4 ================ Scan system memory ========================
17:49:37.0156 0x13e4 System memory - ok
17:49:37.0156 0x13e4 ================ Scan services =============================
17:49:37.0203 0x13e4 Abiosdsk - ok
17:49:37.0203 0x13e4 abp480n5 - ok
17:49:37.0234 0x13e4 [ FA2FBCDA96D2385F773B059FE5A125A6, 247ADDAF3E318342F4DEA0234560AE4252738194563584D66C1E5AD44DFF182F ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:49:37.0234 0x13e4 ACPI - ok
17:49:37.0312 0x13e4 [ AFDFF022A01F0B11C776F0860C3B282F, 135E5257B62D921B76271014301E9EA1E2383D5DBB04E475DC3A7EFFD2561F56 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:49:37.0312 0x13e4 ACPIEC - ok
17:49:37.0359 0x13e4 [ 9942DC4CC265CDA00486504444EF521D, 9EE0D305060C670F0CB93678E4529DC6C43DED2C55B4DB5F2863A02EBCA184CB ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:49:37.0375 0x13e4 AdobeFlashPlayerUpdateSvc - ok
17:49:37.0375 0x13e4 adpu160m - ok
17:49:37.0406 0x13e4 [ 2F6EBF8EA760FDEE8326DFAB18AE45C4, ACDA9FE3AAC0C31803C88C7F3F06FDC23D2CC755AE94BB6F04599CC22B39C8C9 ] adusbmdm6501 C:\WINDOWS\system32\DRIVERS\adusbmdm65.sys
17:49:37.0406 0x13e4 adusbmdm6501 - ok
17:49:37.0421 0x13e4 [ 2F6EBF8EA760FDEE8326DFAB18AE45C4, ACDA9FE3AAC0C31803C88C7F3F06FDC23D2CC755AE94BB6F04599CC22B39C8C9 ] adusbser6501 C:\WINDOWS\system32\DRIVERS\adusbser65.sys
17:49:37.0421 0x13e4 adusbser6501 - ok
17:49:37.0453 0x13e4 [ 1EE7B434BA961EF845DE136224C30FEC, 0216D2277B6B4AB9B0E47E093CEEAC2030EFB4B87BA048EA730E40119AA06444 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:49:37.0468 0x13e4 aec - ok
17:49:37.0500 0x13e4 [ 30BB1BDE595CA65FD5549462080D94E5, 04BAFCC9445F82A2CAA9852F1B35ECBD18CDD6333E73F6861704E96D740A7C79 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
17:49:37.0500 0x13e4 AegisP - ok
17:49:37.0515 0x13e4 [ 5AC495F4CB807B2B98AD2AD591E6D92E, F645FAD628EC81C3D2555862BEE8DF3975FD9EAE326885528E773B2F148D70FB ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:49:37.0515 0x13e4 AFD - ok
17:49:37.0515 0x13e4 Aha154x - ok
17:49:37.0531 0x13e4 aic78u2 - ok
17:49:37.0531 0x13e4 aic78xx - ok
17:49:37.0546 0x13e4 [ 026DDAA7E6F8D49DF82C7A98BAE5D0D1, 2982A70AF1C9DD7A86B104D1A86ECA08753ED06D68FAE74FAE232828A80BF88C ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:49:37.0546 0x13e4 Alerter - ok
17:49:37.0578 0x13e4 [ B3F690BF43F93A012A52F28F234FAA1B, 72B520D2F1F0A510AC49170CECC909F01FB550683C6740726F11B5BE96E610CF ] ALG C:\WINDOWS\System32\alg.exe
17:49:37.0578 0x13e4 ALG - ok
17:49:37.0578 0x13e4 AliIde - ok
17:49:37.0578 0x13e4 amsint - ok
17:49:37.0609 0x13e4 [ 421184F91EAE5C6E78E653C6B32AAE84, 63D2B2953EFDC612B8D029175C1B6B68DB41C66B177322D5B08F90E584E1B220 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
17:49:37.0609 0x13e4 AppMgmt - ok
17:49:37.0687 0x13e4 [ 7141E281D840699D9D79B18F4062DD58, E4A452F70F90C25D8F4B3F53BBD67729CF9157FF784B7B37D909590F5D68DFA8 ] AR9271 C:\WINDOWS\system32\DRIVERS\athuw.sys
17:49:37.0734 0x13e4 AR9271 - ok
17:49:37.0765 0x13e4 [ F0D692B0BFFB46E30EB3CEA168BBC49F, 745BE951F18C90FCD30C9A59BB861375C29FA49AF38D27EBFE4158FB7CAC86ED ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:49:37.0765 0x13e4 Arp1394 - ok
17:49:37.0765 0x13e4 asc - ok
17:49:37.0781 0x13e4 asc3350p - ok
17:49:37.0781 0x13e4 asc3550 - ok
17:49:37.0843 0x13e4 [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:49:37.0859 0x13e4 aspnet_state - ok
17:49:37.0859 0x13e4 [ 02000ABF34AF4C218C35D257024807D6, FDE21F7FCB198A44A6F2BCAF5EB11C9D90A094B4A2F8C307244A7655848954DA ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:49:37.0875 0x13e4 AsyncMac - ok
17:49:37.0906 0x13e4 [ CDFE4411A69C224BD1D11B2DA92DAC51, 0E6B23A80F171550575BEBC56F7500CD87A5CF03B2B9FDC49BC3DE96282CD69D ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:49:37.0906 0x13e4 atapi - ok
17:49:37.0906 0x13e4 Atdisk - ok
17:49:37.0984 0x13e4 [ 6A5614F785DEEA2C17DA494B5198355C, 9A8583CDDCA187315C386A578BF2E97313C9CCD155A45D6E60105604455D014D ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
17:49:38.0000 0x13e4 Ati HotKey Poller - ok
17:49:38.0375 0x13e4 [ 5CB8B6775285F2F908C3F810EAB78500, 3BFF5AEA4967B4D171D136E2FC030AC8F879BF0B4A32D83404B5EF91768F555A ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:49:38.0531 0x13e4 ati2mtag - ok
17:49:38.0593 0x13e4 [ F0D933B42CD0594048E4D5200AE9E417, FF53E843A99948568515964C3C97107FA875BBC3F2906BADEE0B29ACE5532F0D ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys
17:49:38.0609 0x13e4 atksgt - ok
17:49:38.0625 0x13e4 [ EC88DA854AB7D7752EC8BE11A741BB7F, 91FAF224CB4B44608C85CC25C3A82A3EC83F379D14A119A60A75505A30043255 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:49:38.0640 0x13e4 Atmarpc - ok
17:49:38.0656 0x13e4 [ 40D78F514C8588EF12EC718D2AF0FC4E, E8ABE9E67D6E35D53387B8F6EF11284EC330B8E94784A506F3756D4A39E4F184 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:49:38.0656 0x13e4 AudioSrv - ok
17:49:38.0687 0x13e4 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:49:38.0687 0x13e4 audstub - ok
17:49:38.0703 0x13e4 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:49:38.0718 0x13e4 Beep - ok
17:49:38.0734 0x13e4 [ E774A26610EC92674273486612C11CFC, 10BF77510872A4E1262FCE42F1254313E193D0804C90DC334C4249D477CB9A08 ] BITS C:\WINDOWS\system32\qmgr.dll
17:49:38.0750 0x13e4 BITS - ok
17:49:38.0781 0x13e4 [ F219E27E88107A50544153898DD8178E, 4E48E64AAF302F1FAF66F8F14BC22D2DA2E0C62E4C7E6CEE6F9705A04D75E0F6 ] Browser C:\WINDOWS\System32\browser.dll
17:49:38.0781 0x13e4 Browser - ok
17:49:38.0812 0x13e4 [ 8970813A3D73E390047D0B17E4AF852C, 5480433595AC174628F75F54A249A3955E5AFE475BB330F843A2172C891144C3 ] C-Dilla C:\WINDOWS\system32\drivers\CDANT.SYS
17:49:38.0812 0x13e4 C-Dilla - ok
17:49:38.0828 0x13e4 [ D87F9ED09460A796DF724024482890AA, 77AF0FD9120AAF834837009BDE9167B0E0B768CB07F57D0871921ACBEF1A80C9 ] C-DillaSrv C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
17:49:38.0828 0x13e4 C-DillaSrv - ok
17:49:38.0921 0x13e4 catchme - ok
17:49:38.0953 0x13e4 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:49:38.0953 0x13e4 cbidf2k - ok
17:49:38.0953 0x13e4 cd20xrnt - ok
17:49:38.0968 0x13e4 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:49:38.0968 0x13e4 Cdaudio - ok
17:49:39.0015 0x13e4 [ CD7D5152DF32B47F4E36F710B35AAE02, 7382890CC1B27FC66C3E94E064562BBD87B3C75577CB0FD10860B8E2CE07D12E ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:49:39.0015 0x13e4 Cdfs - ok
17:49:39.0031 0x13e4 [ AF9C19B3100FE010496B1A27181FBF72, 64E9E4461F631EED2B2A1FC80DCC9C31DCECB5738289D322E6A6428C840DC621 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:49:39.0031 0x13e4 Cdrom - ok
17:49:39.0031 0x13e4 Changer - ok
17:49:39.0062 0x13e4 [ 9E21229E04E1D301BB40222FE4641CB2, 4D2CFD04DB9A71A3DE9159A4514BDD59884556EFF137D43C98FD322A63BF86DA ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:49:39.0062 0x13e4 CiSvc - ok
17:49:39.0062 0x13e4 [ D3DC45553C8025338E08A60E95B1B91D, 03F90660E6AF758A32A15172E00D25CB3804EBC4264628DC2FDCF5ACB4E2C6A7 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:49:39.0062 0x13e4 ClipSrv - ok
17:49:39.0093 0x13e4 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:49:39.0093 0x13e4 clr_optimization_v2.0.50727_32 - ok
17:49:39.0156 0x13e4 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:49:39.0156 0x13e4 clr_optimization_v4.0.30319_32 - ok
17:49:39.0171 0x13e4 CmdIde - ok
17:49:39.0171 0x13e4 COMSysApp - ok
17:49:39.0171 0x13e4 Cpqarray - ok
17:49:39.0187 0x13e4 [ 70D2A1756F4B2067658A186C963FCABD, 3B80C01D40C32F6ACD6394A7B4D47341251D5ECDA4E71707B98154A71BFA4563 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:49:39.0187 0x13e4 CryptSvc - ok
17:49:39.0203 0x13e4 dac2w2k - ok
17:49:39.0203 0x13e4 dac960nt - ok
17:49:39.0234 0x13e4 [ DBDE980506B54AE928D151D12419B425, E26B0C4B8BA13327DF52F0664A802ADBB5FB3A5FF92EE0AE197B9896D76C8A8C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:49:39.0234 0x13e4 DcomLaunch - ok
17:49:39.0343 0x13e4 [ 92AE26F2CAF4A67E24A0BA6DDF32CC3C, 7133A9931A3BCC02D65CB77271F9505256D4DD74A7E77F73747C5D3F0D29B85E ] DfSdkS C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe
17:49:39.0359 0x13e4 DfSdkS - ok
17:49:39.0390 0x13e4 [ 06A30F453CA4CB1431037E4813F697CB, B3090052C9075DA516974EDBDDB59D51DD15E61B840B3E3C1B56E73F37194E8E ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:49:39.0390 0x13e4 Dhcp - ok
17:49:39.0390 0x13e4 [ 00CA44E4534865F8A3B64F7C0984BFF0, 3FD73CCD9892F6CFEE776CB384C2E35FA15F4101D308A67E1358F85299501E3D ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:49:39.0390 0x13e4 Disk - ok
17:49:39.0390 0x13e4 dmadmin - ok
17:49:39.0437 0x13e4 [ E1968EDEC81C430108FEB23AB07BDB14, 2FF6FF66826ECF3F921C45339DB9FE5C31855BB65A68F3392A96D054127584AA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:49:39.0453 0x13e4 dmboot - ok
17:49:39.0468 0x13e4 [ 1B1520A82E396E46B9AE9FA6B03FF6C6, 13E7D812B775F2CE29CC55090E47D43546B027610042839E5E7F5F1643B683F7 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:49:39.0468 0x13e4 dmio - ok
17:49:39.0484 0x13e4 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:49:39.0484 0x13e4 dmload - ok
17:49:39.0500 0x13e4 [ 7B3CA72885923EB947221F17F3E3AC59, 4C01BF4C9CF1A976C0A37AD97ED2D6C782AE6231B3B63B3749ABA76228DE2182 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:49:39.0500 0x13e4 dmserver - ok
17:49:39.0515 0x13e4 [ A6F881284AC1150E37D9AE47FF601267, 6C07654CF21637E527FC727EB50F4138BF0EFF0680000AC94001063B436389DB ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:49:39.0515 0x13e4 DMusic - ok
17:49:39.0531 0x13e4 [ F605B3F5674D67587C4B6C9E92A3E025, B48339F570467AA5E7FB4256A14280963A37EDC38D5C9D7097C9172420E48572 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:49:39.0531 0x13e4 Dnscache - ok
17:49:39.0531 0x13e4 dpti2o - ok
17:49:39.0562 0x13e4 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E, B941AB5D9D504486083E0D1539B1A96E27721C9EFD7A67CA1DB7258B0D33AB78 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:49:39.0562 0x13e4 drmkaud - ok
17:49:39.0593 0x13e4 [ D82414EC520453EFE2EBA936F6A9115A, A83978F420874D62AD52233CA1DDE75371F55E427ACDCBF3C2B3CD229216AE5A ] EAPPkt C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
17:49:39.0593 0x13e4 EAPPkt - ok
17:49:39.0609 0x13e4 [ FD9FC82F134B1C91004FFC76A5AE494B, 76CF65ED91D4719CD5620479E492259224715FC67E3CD9AA11E5DD0D7FB65A45 ] ENTECH C:\WINDOWS\system32\DRIVERS\ENTECH.sys
17:49:39.0609 0x13e4 ENTECH - ok
17:49:39.0625 0x13e4 [ D6F7428B201E33BC80066B47144CB568, 8E9E90D4D6DCE7F006A6904E86A2559B263D19A4F921F44E97079EF9C9C220F9 ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:49:39.0640 0x13e4 ERSvc - ok
17:49:39.0656 0x13e4 [ 6E401E61F952FBBF708AFBECEFAFAE81, 31D7A402BE7997F0BF902CB8A150DB54C7309C882DE3D8A8E74338CF1BD268D7 ] Eventlog C:\WINDOWS\system32\services.exe
17:49:39.0671 0x13e4 Eventlog - ok
17:49:39.0703 0x13e4 [ 8B1B932554B6317E97AE3B9D05344470, FFBCCB7E1C309BF486DC934E310A94C7E12EDE66CBE501C6395D43508F12A189 ] EventSystem C:\WINDOWS\System32\es.dll
17:49:39.0703 0x13e4 EventSystem - ok
17:49:39.0765 0x13e4 [ 01BAE99F2EF5FAFF7927959DB577D58A, 36A31105D0BF9970EB97B460BB1AEA936704257B98251EF44DA373F27BF476FB ] EverestDriver C:\Program Files\Everest Ultimate WAR\kerneld.wnt
17:49:39.0765 0x13e4 EverestDriver - ok
17:49:39.0765 0x13e4 [ 3117F595E9615E04F05A54FC15A03B20, 4708E8F1CDE6E9663B5DBEBAB8C684B16E45D41AEF20E4071D0A2931B305BD76 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:49:39.0781 0x13e4 Fastfat - ok
17:49:39.0796 0x13e4 [ E26EDC7AFA8DA3C528055EABC82C8C79, F645A29536ACE95F35E2E216341D7BADD0847ACDA60C67F313FD23F77BE2669D ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:49:39.0812 0x13e4 FastUserSwitchingCompatibility - ok
17:49:39.0828 0x13e4 [ CED2E8396A8838E59D8FD529C680E02C, 8542AE6A2D65D3F843EA70F5FFBC150B773C5CFA3FE6388FA68A95416FAD0F6E ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
17:49:39.0828 0x13e4 Fdc - ok
17:49:39.0843 0x13e4 [ 266DAB58619B17BDF37FABBD48D875CA, 33B6E2AF9B78B6B47768102321868B8A75C49B66849DAEEA2F8E6753BBE28F2D ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:49:39.0843 0x13e4 Fips - ok
17:49:39.0906 0x13e4 [ 227846995AFEEFA70D328BF5334A86A5, B8EF22DE552B44E7DC352742C775BB6B4992B653AF4B66B231A60182CE7A7201 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:49:39.0921 0x13e4 FLEXnet Licensing Service - ok
17:49:39.0937 0x13e4 [ 0DD1DE43115B93F4D85E889D7A86F548, D50F7AAE5416C6D41845960BDDA24E97226F609AA726E4F88601ADC9ED50E872 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:49:39.0937 0x13e4 Flpydisk - ok
17:49:39.0968 0x13e4 [ 3D234FB6D6EE875EB009864A299BEA29, 9FEB003BDE7900AECDE9F9FFE0ECD7079B460714B582B7EB8EDB89E7F4D1FE59 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:49:39.0968 0x13e4 FltMgr - ok
17:49:40.0031 0x13e4 [ 993883524AA9CF1C90E1545411A9AC9C, 95B854BFBB3761225F3AB4FA61E299991EE2BB5F78D22C2F7FB3C4BD0EEBD654 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:49:40.0031 0x13e4 FontCache3.0.0.0 - ok
17:49:40.0031 0x13e4 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:49:40.0031 0x13e4 Fs_Rec - ok
17:49:40.0031 0x13e4 [ 4E664D8541DB4A66B73A24257E322E1F, 17A2140AFE2B41E579FCCAFB82532853AD90A6EDBCB13DE80741DAE0AD5B4CC9 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:49:40.0046 0x13e4 Ftdisk - ok
17:49:40.0062 0x13e4 [ AD6BD6BDC97BEDE8A5507EE01220C00F, A240A40B8E080F5D4B1EFD9134B544E619F2B1944926275734F6BC0D9660E5A9 ] gdrv C:\WINDOWS\gdrv.sys
17:49:40.0062 0x13e4 gdrv - ok
17:49:40.0093 0x13e4 [ C0F1D4A21DE5A415DF8170616703DEBF, 3E21AAD06CF6EB95662B568671B1DBD129CED481761BCDB67088E965E5C0BC5B ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:49:40.0093 0x13e4 Gpc - ok
17:49:40.0140 0x13e4 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
17:49:40.0156 0x13e4 gupdate - ok
17:49:40.0156 0x13e4 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
17:49:40.0156 0x13e4 gupdatem - ok
17:49:40.0171 0x13e4 [ 3FCC124B6E08EE0E9351F717DD136939, EBFE0FB51E14570A1A1D64C8E5383F3FF28509361D13945B79A9C551EB522012 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:49:40.0171 0x13e4 HDAudBus - ok
17:49:40.0218 0x13e4 [ F59152272782FED8A8197FA788287F68, BB4E79979FD8F68C9F7061C06E9300120DCDC3B74BAD20300ECF8A7D4F48CE3C ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:49:40.0218 0x13e4 helpsvc - ok
17:49:40.0234 0x13e4 [ D2DCF769E5A70027058AD5BE1F9B55BF, 3C4CE4A4BA6F7E5BFB910BFEE28B64E4437B1E08A3D5A1FEB0FB13104407E5E9 ] HidServ C:\WINDOWS\System32\hidserv.dll
17:49:40.0250 0x13e4 HidServ - ok
17:49:40.0265 0x13e4 [ 1DE6783B918F540149AA69943BDFEBA8, 6ED28109CA0A7738857D840E369EAB91C1605F2643950762D327CCE241C135A1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:49:40.0265 0x13e4 HidUsb - ok
17:49:40.0265 0x13e4 hpn - ok
17:49:40.0296 0x13e4 [ CB77BB47E67E84DEB17BA29632501730, C31841DF59E56C7B5DE7C98C7E98836CB81089165F55D3E44D5CE8072CA09CB1 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:49:40.0312 0x13e4 HTTP - ok
17:49:40.0328 0x13e4 [ DA826826C5C9116F47E0CD0CA8CC7C11, 4360B34629C7267D9298F42F29940CE78A33674CD7F2F74B400A40D4683BD274 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:49:40.0328 0x13e4 HTTPFilter - ok
17:49:40.0328 0x13e4 i2omgmt - ok
17:49:40.0343 0x13e4 i2omp - ok
17:49:40.0359 0x13e4 [ 0F42DE9909B5DBF2C48DD1A79D491AF5, 0846D23DC158F5AE4585596A3BF4F5CC8C2BB4DA30CC7C627A0C47C73BAD7726 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:49:40.0359 0x13e4 i8042prt - ok
17:49:40.0421 0x13e4 [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:49:40.0421 0x13e4 IDriverT - ok
17:49:40.0562 0x13e4 [ E7CC3AEAED9893A88876744CD439F76C, C5421E8866A8468FE8E1DCE11245E8EEE6F9750C4F7365497D4C2DE007864FB5 ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:49:40.0578 0x13e4 idsvc - ok
17:49:40.0593 0x13e4 [ F8AA320C6A0409C0380E5D8A99D76EC6, A848B9C489DDFBD48BDA140CB9DD43097686115042745F6444F803739168D391 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:49:40.0593 0x13e4 Imapi - ok
17:49:40.0609 0x13e4 [ CF9D286B34CB4912F3B28B4972D5CB33, EB8B65842D6767511956BFF4FD32F4B1098D23EBC34B11ABB9CAEE0A2846F012 ] ImapiService C:\WINDOWS\system32\imapi.exe
17:49:40.0625 0x13e4 ImapiService - ok
17:49:40.0625 0x13e4 ini910u - ok
17:49:40.0796 0x13e4 [ EB5608FD4F2961517AC9F5CAC88B023B, 31F3EFF97D332B03314CD57519ECFBDEF7FE8C3992E3C81602ABE3D60ABD7608 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:49:40.0906 0x13e4 IntcAzAudAddService - ok
17:49:40.0921 0x13e4 IntelIde - ok
17:49:40.0953 0x13e4 [ 10A3AC0F0DF720AD3C3FD13861D50EB9, FB1D0E92238F5CB99E5B04B060E60B4821D41F4D6BBEA2D491B03A7B2CDBD116 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:49:40.0953 0x13e4 intelppm - ok
17:49:40.0968 0x13e4 [ 4448006B6BC60E6C027932CFC38D6855, C377235EBE475C281ACB6A3267F12D8FE623433F05134A6CE50562414F94D7B1 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:49:40.0968 0x13e4 ip6fw - ok
17:49:41.0000 0x13e4 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:49:41.0000 0x13e4 IpFilterDriver - ok
17:49:41.0000 0x13e4 [ E1EC7F5DA720B640CD8FB8424F1B14BB, E5CF9F43D8C8028E8F29CAF8AD1E2179E5B02DCAA430900672FCB4C4EE288EF0 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:49:41.0000 0x13e4 IpInIp - ok
17:49:41.0015 0x13e4 [ E2168CBC7098FFE963C6F23F472A3593, 93B60D02ACBDDCE78BD4020B9CE0C132A8DD28FC2266B2748A22717B93AFF7C9 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:49:41.0031 0x13e4 IpNat - ok
17:49:41.0031 0x13e4 [ 64537AA5C003A6AFEEE1DF819062D0D1, 5A6C11317DEF14B8C34A8C669EB75F7A8D46F05090C43D3DFF602CFA13CC504E ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:49:41.0046 0x13e4 IPSec - ok
17:49:41.0046 0x13e4 [ 50708DAA1B1CBB7D6AC1CF8F56A24410, A5657038A66B83472B456246E58884D5DF2E5B63BD176AE3DFFB6D5B6998E8B7 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:49:41.0046 0x13e4 IRENUM - ok
17:49:41.0062 0x13e4 [ 1091528512E4DD7ED5FDDCC4DF1C53D7, 81F1AFFD064E783BE5F2377C580612C9D8FEA05D792078452BD6BCC0FE04B1A4 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:49:41.0078 0x13e4 isapnp - ok
17:49:41.0187 0x13e4 [ 0A5709543986843D37A92290B7838340, 8945A09816A1A1450202BA621C9DA1F9F922594CCE9DE0995FE863F78C584686 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
17:49:41.0187 0x13e4 JavaQuickStarterService - ok
17:49:41.0203 0x13e4 [ C995C0E8B4503FAC38793BB0236AD246, 5147C90053C8DBAFA9A7E4457A03AA2BCF5EC1A7367526FD102D4B542CC357B0 ] JGOGO C:\WINDOWS\system32\DRIVERS\JGOGO.sys
17:49:41.0203 0x13e4 JGOGO - ok
17:49:41.0203 0x13e4 [ FC7CC3CFEF56FDBB55D754B207326A15, E4B3FF3EC465FC8CE0F3ACE8EE367D731790590C8711A598F1F26FD78BDE6AC6 ] JRAID C:\WINDOWS\system32\DRIVERS\jraid.sys
17:49:41.0203 0x13e4 JRAID - ok
17:49:41.0203 0x13e4 [ 6F877BF8DC01A550CD666F3BEDB2213C, F48BDC5E300D5598F585D9698F1884D86006938240521512B21C59213ADCDE2A ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:49:41.0203 0x13e4 Kbdclass - ok
17:49:41.0218 0x13e4 [ 065B5A83AA78C0C7047BF22E0AB5C821, 219C328A8DE8929E34364EE0599153E62F3BC91138647C58F5171BB69DDF72C9 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:49:41.0218 0x13e4 kbdhid - ok
17:49:41.0265 0x13e4 [ BA5DEDA4D934E6288C2F66CAF58D2562, 2250B75EEAD92CA56A1F8BB3F6523F9A5625676E38845A4DE0BFECE5EA17DBFA ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:49:41.0265 0x13e4 kmixer - ok
17:49:41.0281 0x13e4 [ EB7FFE87FD367EA8FCA0506F74A87FBB, 5D318CD7DB88473A6FFB74939FF62EB8DD0E6C79847844212D7168095F635531 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:49:41.0281 0x13e4 KSecDD - ok
17:49:41.0296 0x13e4 [ 9757F6E16FD1EAB54D6EB9D5EB3CBCB5, 82518AC22D43C49C974D318366568EC141B74E97B5F851EBF1104F88C2988825 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:49:41.0312 0x13e4 lanmanserver - ok
17:49:41.0343 0x13e4 [ 57F5534F07DF14C6A74EC6A40B6D04D5, FD1A5E6DACC5FCE05838F0C1BE43D2389868B4C54A2E8B1E09AB3E7064ABB1EF ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:49:41.0343 0x13e4 lanmanworkstation - ok
17:49:41.0343 0x13e4 lbrtfdc - ok
17:49:41.0359 0x13e4 [ F8A7212D0864EF5E9185FB95E6623F4D, 277EAA06BD3D1CB31E6CD7B9ECD3A4B7D4AB7A369DB5FFF04EC7D749DF26E3D2 ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys
17:49:41.0359 0x13e4 lirsgt - ok
17:49:41.0375 0x13e4 [ F9EE6D2AAB0690B34AE35BA9921A1414, 7FD7397E9B8F23D00E060462AA8DE4E4E7D786602D7BD95EE0685142F46DA6F2 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:49:41.0375 0x13e4 LmHosts - ok
17:49:41.0406 0x13e4 [ 6F0D0617310A677360B7EB6D2D59086E, 399358CFCE99EBCAE9874FDD44F634ED434CCE3C8821357EDC324046F7FEC68F ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys
17:49:41.0406 0x13e4 mbamchameleon - ok
17:49:41.0500 0x13e4 [ E4DFBE4C4A9C2BD87C1430F445F3E3CB, 34A0295D0AC37537B010FEC4534535D92AA4C30900DC37444C992C15F86D3AA4 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
17:49:41.0500 0x13e4 McComponentHostService - ok
17:49:41.0578 0x13e4 [ 11F714F85530A2BD134074DC30E99FCA, BDB5FD3B2DF4ADD19B31965B3E789768B59E872B3EA85912B1FFB32B2AF9D5D8 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
17:49:41.0593 0x13e4 MDM - ok
17:49:41.0609 0x13e4 [ 8B2FCBD881879B55BE40B41F12FFC431, D79E98D5209CB94F6AFC7CFCB1ABAF7525E124B05F339B6B4AC49B57812745C9 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:49:41.0609 0x13e4 Messenger - ok
17:49:41.0671 0x13e4 [ FAFE367D032ED82E9332B4C741A20216, 7B123766E360570E0FCB211835B7910D6A1806C25A06BCA9227AB9E993376CA8 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
17:49:41.0671 0x13e4 Microsoft Office Groove Audit Service - ok
17:49:41.0687 0x13e4 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:49:41.0687 0x13e4 mnmdd - ok
17:49:41.0718 0x13e4 [ 7D137132D6A9B41EF800E59A771ED48C, 822337861F3002175AA183260C14C176206CE08C4341D4D801474054D19CB7E7 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
17:49:41.0718 0x13e4 mnmsrvc - ok
17:49:41.0734 0x13e4 [ 60210DEB037846AFE521EBF349964F6B, B52B64508B318FEDC18BAE31D9C17BCB981F247767EC49C886E9A79F1254D64A ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:49:41.0734 0x13e4 Modem - ok
17:49:41.0750 0x13e4 [ B160EC94114715675509115986400FD9, C2623AE479C01849AEE3CCBF9896C2DD619BF1C95CEAAC639B65AF9C740C11D4 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:49:41.0750 0x13e4 Mouclass - ok
17:49:41.0765 0x13e4 [ BB269EBA740737AB749B214D568B6812, ABF41D9B521EBBE674E76981CAD31F8FD05976DE7070266C3956FDB67C83C4C2 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:49:41.0765 0x13e4 mouhid - ok
17:49:41.0796 0x13e4 [ 65653F3B4477F3C63E68A9659F85EE2E, 32A34B22A4C1F50A966F321FD228C6B85F0F0315ABF3D40FC416618E786A4024 ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:49:41.0796 0x13e4 MountMgr - ok
17:49:41.0796 0x13e4 mraid35x - ok
17:49:41.0812 0x13e4 [ 46EDCC8F2DB2F322C24F48785CB46366, 0300EC19CAAEEC52001EBB7F3BE6DE314B42FE7F8BA072905070FEA75CC06E3B ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:49:41.0812 0x13e4 MRxDAV - ok
17:49:41.0859 0x13e4 [ 025AF03CE51645C62F3B6907A7E2BE5E, ADF050F9CBF26449BC8F214B8956AA3B42119BCC0D4182A743F82220C47628BF ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:49:41.0875 0x13e4 MRxSmb - ok
17:49:41.0890 0x13e4 [ 944A24032AED84C59455B981F6CA1C1A, 4FC03E27AF2F19BDB9810B364D3CDF8E1D91AFC950B3458E18A3B25602C72191 ] MSDTC C:\WINDOWS\System32\msdtc.exe
17:49:41.0890 0x13e4 MSDTC - ok
17:49:41.0890 0x13e4 [ 561B3A4333CA2DBDBA28B5B956822519, 5B53906A29B9AA55A399F880CA989F9878BD943D3E97FB10A25BFD723654AF49 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:49:41.0890 0x13e4 Msfs - ok
17:49:41.0890 0x13e4 MSIServer - ok
17:49:41.0906 0x13e4 [ AE431A8DD3C1D0D0610CDBAC16057AD0, 8B3BCAC3DA71778DC8B863E6DEF10F02F65D1BDD3381802DDC0B2980F4F1FBB9 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:49:41.0906 0x13e4 MSKSSRV - ok
17:49:41.0906 0x13e4 [ 13E75FEF9DFEB08EEDED9D0246E1F448, 69D4CF483753FF253431656E1CB680F6702375696F94E259729BD11C25004031 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:49:41.0906 0x13e4 MSPCLOCK - ok
17:49:41.0921 0x13e4 [ 1988A33FF19242576C3D0EF9CE785DA7, 9E1C07F364DA7EF0D859BB7A3A06F849A153722E27E872640120CC6855D9FC51 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:49:41.0921 0x13e4 MSPQM - ok
17:49:41.0937 0x13e4 [ 469541F8BFD2B32659D5D463A6714BCE, 46AA7D2442DCC4C51C08BA0C00136F058F9160E6D6EDE78B2FD82545AE4FD10B ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:49:41.0937 0x13e4 mssmbios - ok
17:49:41.0953 0x13e4 [ 82035E0F41C2DD05AE41D27FE6CF7DE1, 6111D330E7ACB77E23EA6A9E001FC651DE1DC49D772DC6FDD3C4B8EDA57E1C7A ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:49:41.0953 0x13e4 Mup - ok
17:49:41.0953 0x13e4 [ 558635D3AF1C7546D26067D5D9B6959E, 8C1802908DF35E442575969D29F4B22019A2B3E4C309B8E193F98F75AE81F013 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:49:41.0968 0x13e4 NDIS - ok
17:49:42.0000 0x13e4 [ 08D43BBDACDF23F34D79E44ED35C1B4C, F72CB8FA67C361C40B4C83F08302D7B2FD9178C1C60A7C236AF08B9CB5162591 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:49:42.0000 0x13e4 NdisTapi - ok
17:49:42.0000 0x13e4 [ 34D6CD56409DA9A7ED573E1C90A308BF, DE2060F57C913272524AFB0D472714ABF6F7E49A01534F23D95EE67F207CC6CF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:49:42.0000 0x13e4 Ndisuio - ok
17:49:42.0015 0x13e4 [ 0B90E255A9490166AB368CD55A529893, 90EB17422BF52FE6D0CC6ADA4262D605806C5B583DE04EDEC95FD47EE9697865 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:49:42.0015 0x13e4 NdisWan - ok
17:49:42.0031 0x13e4 [ 59FC3FB44D2669BC144FD87826BB571F, B3C8CEFB09D5C85CBF12AED8CDB1FE455679D3436337263EFDABDC5116D92453 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:49:42.0031 0x13e4 NDProxy - ok
17:49:42.0031 0x13e4 [ 3A2ACA8FC1D7786902CA434998D7CEB4, ECE218DCDCB4D0A5CA8CBD14E931BAA3B5F381B70BBACB65B0EBBB46D2D31683 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:49:42.0031 0x13e4 NetBIOS - ok
17:49:42.0046 0x13e4 [ 0C80E410CD2F47134407EE7DD19CC86B, 2A1D0CE9797F4AB7A24873947A26DD6413B8DBB5A82C24CF28D1FC243AEFC5C8 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:49:42.0062 0x13e4 NetBT - ok
17:49:42.0078 0x13e4 [ 818053225BF4AAC5F0F718001E492F70, D1A884DBCABF20D5FD1EA98E51B0F17353EA4419CAE9D8F91FABED69D45B7BAF ] NetDDE C:\WINDOWS\system32\netdde.exe
17:49:42.0078 0x13e4 NetDDE - ok
17:49:42.0078 0x13e4 [ 818053225BF4AAC5F0F718001E492F70, D1A884DBCABF20D5FD1EA98E51B0F17353EA4419CAE9D8F91FABED69D45B7BAF ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:49:42.0093 0x13e4 NetDDEdsdm - ok
17:49:42.0093 0x13e4 [ 82A362FE1D4980B71B588D9C10748511, 8DD84B9D55734B5C25DDB97693071BF782B6774E962477C22E4D7DBCDC053F35 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:49:42.0109 0x13e4 Netlogon - ok
17:49:42.0140 0x13e4 [ 86AD5B0E02F2C968FBB096AB4C555C9C, DE073AB195EF85363F90D711CE940C615CC9075B7E7A6D3966B717FD4A5C5EB5 ] Netman C:\WINDOWS\System32\netman.dll
17:49:42.0140 0x13e4 Netman - ok
17:49:42.0187 0x13e4 [ F9102685F97F9BA85F4A70AFCF722CFE, B7C067F8BBBD06D7AF3C72CE964CB071AB74E93924563A3E277DE04AD1A9AC1E ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:49:42.0187 0x13e4 NetTcpPortSharing - ok
17:49:42.0203 0x13e4 [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC, AD1FD07DD9E745C29986C2A25E9EF80B93CBF0F47FCF76741DD6E9CC81C7D241 ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:49:42.0218 0x13e4 NIC1394 - ok
17:49:42.0234 0x13e4 [ 64C078BD4EFD441C3F159EDC5EA4420A, 0535A4FFC77AB4F02136B40FA6488E6C4FBE92C8EC8AE40ED6B383DF84E87C5F ] Nla C:\WINDOWS\System32\mswsock.dll
17:49:42.0234 0x13e4 Nla - ok
17:49:42.0250 0x13e4 [ 4F601BCB8F64EA3AC0994F98FED03F8E, D9D6783B970CB871DE0C6EDD8BE42F30CD1DCD55D4DF006922D9CFC0CF020D27 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:49:42.0250 0x13e4 Npfs - ok
17:49:42.0281 0x13e4 [ 19A811EF5F1ED5C926A028CE107FF1AF, 97606850041DE4E568188FB28AA3D5B10A4E96DB9551A77BC3A17ED67D5D4474 ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:49:42.0296 0x13e4 Ntfs - ok
17:49:42.0312 0x13e4 [ 82A362FE1D4980B71B588D9C10748511, 8DD84B9D55734B5C25DDB97693071BF782B6774E962477C22E4D7DBCDC053F35 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
17:49:42.0312 0x13e4 NtLmSsp - ok
17:49:42.0343 0x13e4 [ D8D2B13BA93AE830B1A637DF571D1195, F07D8C6369F2CE0C7D71627FA39B51C3317538079301571412020B40BEFC90AE ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:49:42.0343 0x13e4 NtmsSvc - ok
17:49:42.0375 0x13e4 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
17:49:42.0375 0x13e4 Null - ok
17:49:42.0390 0x13e4 [ B3753ECC3CECC722B6C74D70AD5FCF7A, 5441998F87E8EB11FE8F6AE7036ECD48D2558A8EE288F559452C41925276FBA7 ] NWCWorkstation C:\WINDOWS\System32\nwwks.dll
17:49:42.0390 0x13e4 NWCWorkstation - ok
17:49:42.0421 0x13e4 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:49:42.0421 0x13e4 NwlnkFlt - ok
17:49:42.0421 0x13e4 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:49:42.0421 0x13e4 NwlnkFwd - ok
17:49:42.0453 0x13e4 [ 79EA3FCDA7067977625B3363A2657C80, 8D3525701644F6207321AEE6AD783249CAF2990CE15664BB04A3F6DFAD16194B ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
17:49:42.0453 0x13e4 NwlnkIpx - ok
17:49:42.0468 0x13e4 [ 3F18D9365BE71C7B2E43B7CF4A0C1A10, B6A48FB27FEF57DE9567426431E027138A6FBF9B4259EDCE32DFF5516824DB94 ] NWRDR C:\WINDOWS\system32\DRIVERS\nwrdr.sys
17:49:42.0468 0x13e4 NWRDR - ok
17:49:42.0531 0x13e4 [ 84DE1DD996B48B05ACE31AD015FA108A, 4B9D1E4EF83ECED6C77F23D9879C124534F7053D7423E3A2D0F67A4A720CEA94 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:49:42.0531 0x13e4 odserv - ok
17:49:42.0546 0x13e4 [ 0951DB8E5823EA366B0E408D71E1BA2A, EAF0E680BC476D8CEBAD0C21F2EDB958F333B731E8B131DA450D716FEC2C87B0 ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:49:42.0546 0x13e4 ohci1394 - ok
17:49:42.0562 0x13e4 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:49:42.0578 0x13e4 ose - ok
17:49:42.0593 0x13e4 [ 76A18CAA2FEFB28A4CED38D76837E86E, D2A1AF6D871AD3E40EEA36E4AD9DADE8EC5F5EEADBAB22DA973619C6240178D8 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
17:49:42.0593 0x13e4 Parport - ok
17:49:42.0609 0x13e4 [ 3334430C29DC338092F79C38EF7B4CD0, B54989B46D77F124D66741A939FF2033F73854FC39AF13C8165D01203A94A94E ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:49:42.0609 0x13e4 PartMgr - ok
17:49:42.0625 0x13e4 [ 1FAE19D0457176318BBA4A8795656EBC, 5F3D6CABA203A0485D67F63A6A81151724EE200BE49ED095CFCB1EF29C19D19F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:49:42.0625 0x13e4 ParVdm - ok
17:49:42.0640 0x13e4 [ B7979F37BB7B9DF2230046134955E6E7, 93AA1A5616823B9B6E67363052CB8EE1DE93DB0083B182572AF3DEC1E945E810 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:49:42.0640 0x13e4 PCI - ok
17:49:42.0640 0x13e4 PCIDump - ok
17:49:42.0656 0x13e4 [ 2DA4EC85E0EA7A45C6B2A05820492D5A, A8C6BD93D3BC33A5B36EB523997EF9E0783B6E6EAFB6E7F58BCC2629009BDCF9 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:49:42.0656 0x13e4 PCIIde - ok
17:49:42.0671 0x13e4 [ 90505755634407D4EF4C6DEA60FC1DF9, 2A47FB25BB958E43D3D4E5EA8C29859B04BD8D537E2AD80A619791C892AEDDB5 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:49:42.0671 0x13e4 Pcmcia - ok
17:49:42.0687 0x13e4 [ 5B6C11DE7E839C05248CED8825470FEF, DB57DFD02C18461B1B383DF759730FFEE9C7FA8577E1679FD4740A590303EE79 ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
17:49:42.0687 0x13e4 pcouffin - ok
17:49:42.0687 0x13e4 PDCOMP - ok
17:49:42.0703 0x13e4 PDFRAME - ok
17:49:42.0703 0x13e4 PDRELI - ok
17:49:42.0703 0x13e4 PDRFRAME - ok
17:49:42.0703 0x13e4 perc2 - ok
17:49:42.0718 0x13e4 perc2hib - ok
17:49:42.0734 0x13e4 [ 6E401E61F952FBBF708AFBECEFAFAE81, 31D7A402BE7997F0BF902CB8A150DB54C7309C882DE3D8A8E74338CF1BD268D7 ] PlugPlay C:\WINDOWS\system32\services.exe
17:49:42.0734 0x13e4 PlugPlay - ok
17:49:42.0765 0x13e4 [ 831883B107684301F48ACE752C963984, EAF383C4ACC17DBB060BB8398225222175E028E1E332E2CE0548C97DAED3620E ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
17:49:42.0765 0x13e4 PnkBstrA - ok
17:49:42.0796 0x13e4 [ 82A362FE1D4980B71B588D9C10748511, 8DD84B9D55734B5C25DDB97693071BF782B6774E962477C22E4D7DBCDC053F35 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:49:42.0796 0x13e4 PolicyAgent - ok
17:49:42.0796 0x13e4 [ 1C5CC65AAC0783C344F16353E60B72AC, 7786CFE970A79B327DB57AEBADA8B0B94B4DE07CE8AF285E9835B2AADD597296 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:49:42.0812 0x13e4 PptpMiniport - ok
17:49:42.0812 0x13e4 [ 9A10E4FD13824823DA50D4758BD0A645, C249D15404800673D292C3D1418AC7B5EED0222AEDECB30A895B44EECF1060DC ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
17:49:42.0812 0x13e4 Processor - ok
17:49:42.0812 0x13e4 [ 82A362FE1D4980B71B588D9C10748511, 8DD84B9D55734B5C25DDB97693071BF782B6774E962477C22E4D7DBCDC053F35 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:49:42.0828 0x13e4 ProtectedStorage - ok
17:49:42.0828 0x13e4 [ 48671F327553DCF1D27F6197F622A668, CB34A17BC36E8F8BB5F87F9EE21311C50DE9AE156513D682581DE47C93EC155D ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:49:42.0828 0x13e4 PSched - ok
17:49:42.0843 0x13e4 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:49:42.0843 0x13e4 Ptilink - ok
17:49:42.0843 0x13e4 ql1080 - ok
17:49:42.0843 0x13e4 Ql10wnt - ok
17:49:42.0859 0x13e4 ql12160 - ok
17:49:42.0859 0x13e4 ql1240 - ok
17:49:42.0859 0x13e4 ql1280 - ok
17:49:42.0875 0x13e4 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:49:42.0875 0x13e4 RasAcd - ok
17:49:42.0890 0x13e4 [ E68B6F9A726A444059705AB43B5656D1, D5232F7209F4AA459DBE4BF7FC216D6E221623FE78ECD18251C6BB63E91CE545 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:49:42.0890 0x13e4 RasAuto - ok
17:49:42.0890 0x13e4 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C, F59974A2A3C21071BC72CA4DAF5D2DDF93471EC16FD1A34DE9DC1A50027F6835 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:49:42.0906 0x13e4 Rasl2tp - ok
17:49:42.0937 0x13e4 [ 43A5C7969718EE00940A6D096960DBC8, 75EE9F60A3741D394894ED0B3060C89CB3DDB7814CEC65E201C3358380A73026 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:49:42.0937 0x13e4 RasMan - ok
17:49:42.0937 0x13e4 [ 7306EEED8895454CBED4669BE9F79FAA, DC6874ECAD9105BC9EAB007291958911D7D4D3649124472070B3496B36C45200 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:49:42.0937 0x13e4 RasPppoe - ok
17:49:42.0953 0x13e4 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:49:42.0953 0x13e4 Raspti - ok
17:49:42.0968 0x13e4 [ 03B965B1CA47F6EF60EB5E51CB50E0AF, 56B0F5FC470385F2FF4E4573099C96772EDB985398859B9F7ACE0AA704BB47B7 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:49:42.0968 0x13e4 Rdbss - ok
17:49:42.0968 0x13e4 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:49:42.0984 0x13e4 RDPCDD - ok
17:49:42.0984 0x13e4 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD, 586900D30F44E132AC75520EFF4FF615AA46283F1F050AC93FF9C235AC0F1D75 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:49:42.0984 0x13e4 rdpdr - ok
17:49:43.0031 0x13e4 [ B54CD38A9EBFBF2B3561426E3FE26F62, 2BE75A68C598A2E162F09BCBA140909B9480A7E06A733B5D58673A172CAD8084 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:49:43.0031 0x13e4 RDPWD - ok
17:49:43.0046 0x13e4 [ 125ACF258DA9633F748131A0E0185AF3, 536868246D0563E8137BEBCDD4ECDCB9872A12B50B1ADE5D6447CC4AD66E0F40 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:49:43.0046 0x13e4 RDSessMgr - ok
17:49:43.0062 0x13e4 [ ABA13D33E1F888C9A68599A48A8840D6, 4CCD4431537CDD38C586E0C85412D380A75903115068B603B14FE3905772B421 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:49:43.0062 0x13e4 redbook - ok
17:49:43.0093 0x13e4 [ EB5E1A601E5A1908A87E4D5A41803D98, 5BC0FEC8E607C3EAD92D9A082C7371C26C20FEAD24811ADE736314C2040643EB ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:49:43.0093 0x13e4 RemoteAccess - ok
17:49:43.0109 0x13e4 [ 5B21208FCF8970BB61FE98E19D828714, 8CFAA5E47D9CF4B1D99D1147D4F5751EBFB7E2074FA66F3F7EE88D57864F7A4E ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
17:49:43.0109 0x13e4 RemoteRegistry - ok
17:49:43.0203 0x13e4 [ 4D05898896EC49CF663DDA61041AB096, 1218A0AD84946F2555773D529F3D55D7B675780EC1E79A634ED0FECF8D5C9C6D ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
17:49:43.0203 0x13e4 RichVideo - ok
17:49:43.0234 0x13e4 [ C8A3B668985D61249F2DC71716C58DE8, A1C10E28BC82514ACA24BBD81E61F68A3BD9E3ADCB0F086752DE85E45895A1E5 ] RpcLocator C:\WINDOWS\System32\locator.exe
17:49:43.0234 0x13e4 RpcLocator - ok
17:49:43.0265 0x13e4 [ DBDE980506B54AE928D151D12419B425, E26B0C4B8BA13327DF52F0664A802ADBB5FB3A5FF92EE0AE197B9896D76C8A8C ] RpcSs C:\WINDOWS\System32\rpcss.dll
17:49:43.0265 0x13e4 RpcSs - ok
17:49:43.0296 0x13e4 [ 09AB2E71E58B078038E3BFDBA7FFC984, 8CA277DEEF6376B0F48C6BA5DBBC3E8AF2245983BA9AF6AB83D1A920D35FAF93 ] RSVP C:\WINDOWS\System32\rsvp.exe
17:49:43.0296 0x13e4 RSVP - ok
17:49:43.0312 0x13e4 rtl8185 - ok
17:49:43.0328 0x13e4 [ 82A362FE1D4980B71B588D9C10748511, 8DD84B9D55734B5C25DDB97693071BF782B6774E962477C22E4D7DBCDC053F35 ] SamSs C:\WINDOWS\system32\lsass.exe
17:49:43.0328 0x13e4 SamSs - ok
17:49:43.0343 0x13e4 [ C177354E995CC1AA1F767BCD9980434A, C84FEA9E2F4244C293F6C2C44F0CAF8C988FC5ACD521A5C7C14F1B213E2AD4FA ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:49:43.0343 0x13e4 SCardSvr - ok
17:49:43.0375 0x13e4 [ 29AC93307C6182DBE336BCA314947F28, DAAAC0FE86EA59C43B91F5FD8462B9BB3DAC50008BCEBF0240A7A36F134C6D60 ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:49:43.0375 0x13e4 Schedule - ok
17:49:43.0406 0x13e4 [ 07F7F501AD50DE2BA2D5842D9B6D6155, 60A8B320AB7D3A329E60911986905C2CA193E83E637976F29C78670DC287A6A8 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:49:43.0406 0x13e4 Secdrv - ok
17:49:43.0421 0x13e4 [ C76CB8A133374FAC6805F83FF7B7DA03, 858E9CCB7D045D63A3AF01529C8B7D821ADEF8D59D0131997D2D5A6115C25E55 ] seclogon C:\WINDOWS\System32\seclogon.dll
17:49:43.0421 0x13e4 seclogon - ok
17:49:43.0437 0x13e4 [ 220AD85BA9C5B3011296354011B901CC, 410871EFE3549DD776FC492F8FB46AB870AD0CC30B196774632533C23683A0A8 ] SENS C:\WINDOWS\system32\sens.dll
17:49:43.0437 0x13e4 SENS - ok
17:49:43.0468 0x13e4 [ A2D868AEEFF612E70E213C451A70CAFB, 25CBB9E26CDCBD8E221ACF4364E82E8F811C3144E0EEF9DF9DAEC8534243BD3B ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:49:43.0468 0x13e4 serenum - ok
17:49:43.0468 0x13e4 [ C1DDBC85251551A840212999DA3D95F3, 27A8B1E3C4553DB5F355EF2B07054A336AE6189733991F05A2FB985927861A9A ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
17:49:43.0468 0x13e4 Serial - ok
17:49:43.0484 0x13e4 [ 0D13B6DF6E9E101013A7AFB0CE629FE0, 2214EA0F16BB33970E299CE457EB50AEE0BEF7959BC1EBD3C06C78A46B42B808 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:49:43.0484 0x13e4 Sfloppy - ok
17:49:43.0500 0x13e4 [ 6A93501BCDEBF159109429B022C0FF83, C909277147FEC307FAFFB4D1938CDAD706A3EEDEF1267A35A95774DC280197EC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:49:43.0515 0x13e4 SharedAccess - ok
17:49:43.0546 0x13e4 [ E26EDC7AFA8DA3C528055EABC82C8C79, F645A29536ACE95F35E2E216341D7BADD0847ACDA60C67F313FD23F77BE2669D ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:49:43.0546 0x13e4 ShellHWDetection - ok
17:49:43.0546 0x13e4 Simbad - ok
17:49:43.0562 0x13e4 Sparrow - ok
17:49:43.0593 0x13e4 [ 0CE218578FFF5F4F7E4201539C45C78F, 2C87C8993C3B9CE3589262E178B2B12FF9F2D83E5E8C2B97648D7FA24E3BD985 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:49:43.0593 0x13e4 splitter - ok
17:49:43.0609 0x13e4 [ DA81EC57ACD4CDC3D4C51CF3D409AF9F, 521257429493F31516EDE549869EFA4B7A262F6A69EA1E82A9C875456C10E702 ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:49:43.0609 0x13e4 Spooler - ok
17:49:43.0671 0x13e4 [ 71E276F6D189413266EA22171806597B, AF3DF0DEF023ADBC81D742424B57581D7680FA4FA64B761BEAEEE60C9FCD34BF ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
17:49:43.0671 0x13e4 Suspicious file ( NoAccess ): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71E276F6D189413266EA22171806597B, sha256: AF3DF0DEF023ADBC81D742424B57581D7680FA4FA64B761BEAEEE60C9FCD34BF
17:49:43.0671 0x13e4 sptd - detected LockedFile.Multi.Generic ( 1 )
17:49:46.0187 0x13e4 Detect skipped due to KSN trusted
17:49:46.0187 0x13e4 sptd - ok
17:49:46.0187 0x13e4 [ A74035EA526DB97D9D50D2143A55F5CF, 041AA0E0BDFE8CDDC29F620747B57E5FBF1B2A0A903A42F0A5D3BB4B602D913B ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:49:46.0187 0x13e4 sr - ok
17:49:46.0218 0x13e4 [ 3CD57F31A64D32FDB28918B16D1E6AAC, F9502B99D6BBCCBB2C67C2B4C1D94877F125A27B90122D378B73793D42A7673D ] srservice C:\WINDOWS\system32\srsvc.dll
17:49:46.0218 0x13e4 srservice - ok
17:49:46.0234 0x13e4 [ EA554A3FFC3F536FE8320EB38F5E4843, 5D77D05910FD498A3D75FC0247C1F3FB15AFE1470FC59371180B3D55838D49EC ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:49:46.0250 0x13e4 Srv - ok
17:49:46.0250 0x13e4 [ 88C28F53F53438DAFCD95E99C837C61E, E7C0B02F00742631D74358B12CF99793F33DB10887406249AB52DEFB56B73785 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:49:46.0250 0x13e4 SSDPSRV - ok
17:49:46.0265 0x13e4 Steam Client Service - ok
17:49:46.0296 0x13e4 [ B824215A934A24928CDDD1EF7E113035, 38DB8155333D66D3ABDFA3ED4629DA731160DE9F611D6A3129DE7DE7AD05B469 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:49:46.0296 0x13e4 stisvc - ok
17:49:46.0312 0x13e4 [ 03C1BAE4766E2450219D20B993D6E046, 0D8E5B141EAA9E2C8D1F8BFD522F57EE8074216A336CBE37FE77B8ADDB791DBE ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:49:46.0312 0x13e4 swenum - ok
17:49:46.0328 0x13e4 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D, EEF6DB9EDD8C273A6595675A7A12B9D440FA4E178BA7C69FB1942D97E291F989 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:49:46.0328 0x13e4 swmidi - ok
17:49:46.0328 0x13e4 SwPrv - ok
17:49:46.0343 0x13e4 symc810 - ok
17:49:46.0343 0x13e4 symc8xx - ok
17:49:46.0343 0x13e4 sym_hi - ok
17:49:46.0343 0x13e4 sym_u3 - ok
17:49:46.0359 0x13e4 [ 650AD082D46BAC0E64C9C0E0928492FD, 6A587A55418A3A7867602D92B99FE393152DED191F27992C4BA909BD268AC43C ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:49:46.0359 0x13e4 sysaudio - ok
17:49:46.0375 0x13e4 [ D9C9ECFF4904E6151525C533AEEDF8F4, 76CA6D597FF62335D710CB8FAC7052CDAE2F15B644ADE4211FDAD3D7FA909086 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:49:46.0390 0x13e4 SysmonLog - ok
17:49:46.0406 0x13e4 [ 250241D65CCF692AEACC318A266413C2, AFC17EF052995F77E4488D794E25405EF0FACFCD61677197D2BC38B0F118AC79 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:49:46.0421 0x13e4 TapiSrv - ok
17:49:46.0453 0x13e4 [ 1DBF125862891817F374F407626967F4, 1E202B81D5650E0247BE4DF005E45DCB2147794111C0E634D2FED8CBCD9D7525 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:49:46.0453 0x13e4 Tcpip - ok
17:49:46.0484 0x13e4 [ 38D437CF2D98965F239B0ABCD66DCB0F, CC497A25C7AC1FF1E07CEE25FB0C5A5E6C4005C1CB244601FE620884A5C26506 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:49:46.0484 0x13e4 TDPIPE - ok
17:49:46.0484 0x13e4 [ ED0580AF02502D00AD8C4C066B156BE9, 41AA6C88CF48CAF0DA8E374F37E74206E4F558332075304A28983D04E08B3154 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:49:46.0484 0x13e4 TDTCP - ok
17:49:46.0500 0x13e4 [ A540A99C281D933F3D69D55E48727F47, CC430FA0E0F1745E167877003FDCC35FE940AF8CAD05387ECBA880CC3A3F6709 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:49:46.0500 0x13e4 TermDD - ok
17:49:46.0531 0x13e4 [ 2F5919F2F6EE7A845893D9C3AA2BC56A, 7A33E761C76004573324AF8D8D8F3067535A9F100D832AF60D96508600BAE35C ] TermService C:\WINDOWS\System32\termsrv.dll
17:49:46.0531 0x13e4 TermService - ok
17:49:46.0546 0x13e4 [ E26EDC7AFA8DA3C528055EABC82C8C79, F645A29536ACE95F35E2E216341D7BADD0847ACDA60C67F313FD23F77BE2669D ] Themes C:\WINDOWS\System32\shsvcs.dll
17:49:46.0546 0x13e4 Themes - ok
17:49:46.0578 0x13e4 [ 535C2FB97336BAFA509F4783DD1E5746, C89211700C33243482E611B01E23F7044197EEE214658C4E8412E0832426438C ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
17:49:46.0578 0x13e4 TlntSvr - ok
17:49:46.0578 0x13e4 TosIde - ok
17:49:46.0593 0x13e4 [ 4DCE17221B1A87FB47E36842F3E38753, 67309D290E36DE38727E5AA21E7736C65EBBAD5A5C092E243D0F8EE9AFD67EF4 ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:49:46.0609 0x13e4 TrkWks - ok
17:49:46.0609 0x13e4 [ 12F70256F140CD7D52C58C7048FDE657, F2E3E645AA713A520452F5E17513D258D3900E93F65013551FC2B542BFA15BB3 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:49:46.0609 0x13e4 Udfs - ok
17:49:46.0609 0x13e4 ultra - ok
17:49:46.0625 0x13e4 [ AFF2E5045961BBC0A602BB6F95EB1345, FEEF47B9683B0F26355AC0947019DE9AE27002A7019C1C4A2D22FA0046E9F07B ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:49:46.0625 0x13e4 Update - ok
17:49:46.0687 0x13e4 [ 6EF29AC53D530CEF4DD4151981FAB0F8, 606D5391C3DF7DC4D435B44BAF9B0B3D79298CE3B7D6D1428021403DD8020042 ] Update SecretSauce C:\Program Files\SecretSauce\updateSecretSauce.exe
17:49:46.0687 0x13e4 Update SecretSauce - ok
17:49:46.0718 0x13e4 [ 0C0C2C77C6B52181369594F2AA36AF40, 8C324378614DA4B845736D5ADD0E4B9AAABCD1007FD13F22A272062ACF269B59 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:49:46.0718 0x13e4 upnphost - ok
17:49:46.0734 0x13e4 [ 6148A3BA4D9CC628357FC92014FEA30E, BA317DA185BAEE6A01B7C004E3DE89BD2459428FF9AEE07E70BD90B2B0110212 ] UPS C:\WINDOWS\System32\ups.exe
17:49:46.0734 0x13e4 UPS - ok
17:49:46.0750 0x13e4 [ BFFD9F120CC63BCBAA3D840F3EEF9F79, 0183D82E341473200FB1A05F6ABBBA3F2BD635654F49599E4CEB3E6394A33D36 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:49:46.0765 0x13e4 usbccgp - ok
17:49:46.0796 0x13e4 [ 15E993BA2F6946B2BFBBFCD30398621E, 10AD5B133C9C68B8E11DF702C50BDE5162693C5A9F132DFE1823D03D70D4EB89 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:49:46.0796 0x13e4 usbehci - ok
17:49:46.0796 0x13e4 [ C72F40947F92CEA56A8FB532EDF025F1, EBB9E235C973574B835B1FD22D813E9215029B3FC5030591D6F7971C9A23AEF7 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:49:46.0812 0x13e4 usbhub - ok
17:49:46.0859 0x13e4 [ A42369B7CD8886CD7C70F33DA6FCBCF5, EEDAA16F906A2F8FF40009ED10243F66A5CCE878111F1001DA6060A42DD79047 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:49:46.0875 0x13e4 usbprint - ok
17:49:46.0968 0x13e4 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85, E40B73D4E2417F4874D155885C86E4FB44557324616AABD84EFE6C4751DCC46B ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:49:46.0968 0x13e4 usbscan - ok
17:49:47.0015 0x13e4 [ 6CD7B22193718F1D17A47A1CD6D37E75, CFD74FE06819DA488654F88BFCCBF29994FE7F04EC6CD5CD41552B0C95A8130F ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:49:47.0046 0x13e4 USBSTOR - ok
17:49:47.0078 0x13e4 [ F8FD1400092E23C8F2F31406EF06167B, AE93C83BA1966535AFA3E72D6F69156B7E56F021A6808EC8DA44C7E7D506D7E5 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:49:47.0093 0x13e4 usbuhci - ok
17:49:47.0156 0x13e4 [ 6EF29AC53D530CEF4DD4151981FAB0F8, 606D5391C3DF7DC4D435B44BAF9B0B3D79298CE3B7D6D1428021403DD8020042 ] Util SecretSauce C:\Program Files\SecretSauce\bin\utilSecretSauce.exe
17:49:47.0171 0x13e4 Util SecretSauce - ok
17:49:47.0203 0x13e4 [ 8A60EDD72B4EA5AEA8202DAF0E427925, ED0624B285E4F64E07E30C12490873A2090F9DFD6A91A2EDA7A1082B88A8199E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:49:47.0250 0x13e4 VgaSave - ok
17:49:47.0250 0x13e4 ViaIde - ok
17:49:47.0359 0x13e4 [ CD8CCE067F7E9CBD762C00BDDDECAA34, 6BE26533354A876DC5E5BE1B8DB28A995A6255CD9E50ED48EE14BF17243CBC0F ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:49:47.0375 0x13e4 VolSnap - ok
17:49:47.0453 0x13e4 [ 043539881667BB37B07524032D6FFC3E, 79D6DE32F3B91F57461407913E52184FEC83CA0D7A509275B0656770128FF574 ] VSS C:\WINDOWS\System32\vssvc.exe
17:49:47.0484 0x13e4 VSS - ok
17:49:47.0500 0x13e4 [ 2CEEBB402187AE56B585701F3D191FB3, F08AF3FEA80EB7E1DECD0592ED4A50E0AE78F01A586BA3A6B4D98374726899AF ] W32Time C:\WINDOWS\system32\w32time.dll
17:49:47.0515 0x13e4 W32Time - ok
17:49:47.0562 0x13e4 [ 984EF0B9788ABF89974CFED4BFBAACBC, 8178888E3A1AA3BD3BE34456118BB76AF2DD04EC575E4880F97A8EFB182C9E92 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:49:47.0562 0x13e4 Wanarp - ok
17:49:47.0562 0x13e4 WDICA - ok
17:49:47.0578 0x13e4 [ EFD235CA22B57C81118C1AEB4798F1C1, 16EE95A1D51F318224152492FB1663D96E61EC1706E85AE820CD023CBA1CF1F3 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:49:47.0609 0x13e4 wdmaud - ok
17:49:47.0656 0x13e4 [ 4BD50644CF52F00091F894AB7541E538, 20599F6ADA447DC821F4DC81D2FF94DAED3A76853FC2492641DE47520C39683C ] WebClient C:\WINDOWS\System32\webclnt.dll
17:49:47.0687 0x13e4 WebClient - ok
17:49:48.0000 0x13e4 [ E12084EA622BDF2262C637BEF15DD85C, C6A5A1D60D3ED3C429B2B57B8F731E9CCC7517F71B91CDC5673AAA862CB32B63 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:49:48.0015 0x13e4 winmgmt - ok
17:49:48.0046 0x13e4 [ C51B4A5C05A5475708E3C81C7765B71D, F776D2680BD3407307B7072626F78460361FC5BC38623C9E16F394D300AB25DE ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
17:49:48.0046 0x13e4 WmdmPmSN - ok
17:49:48.0328 0x13e4 [ 0CDC4A0C6B820FAD99FB4CA74CD0C476, 9996D4A85B4D1D02689EA5E23502287D5F46A517026990E8BCCF365885F54493 ] Wmi C:\WINDOWS\System32\advapi32.dll
17:49:48.0562 0x13e4 Wmi - ok
17:49:48.0593 0x13e4 [ BCD21B989F0FD4ACE78287FC01B4693D, 108D864F82B43403E97EF58766F9829DD5E9B129B1E924495A45945C0AF638F3 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
17:49:48.0750 0x13e4 WmiApSrv - ok
17:49:48.0828 0x13e4 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
17:49:48.0890 0x13e4 WMPNetworkSvc - ok
17:49:48.0906 0x13e4 [ CF4DEF1BF66F06964DC0D91844239104, CC1D9CECE2056D29A9651D51BB57C3F4F9BF9E90A4808CF7496C683C874FBD51 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:49:49.0046 0x13e4 WpdUsb - ok
17:49:49.0156 0x13e4 [ DCF3E3EDF5109EE8BC02FE6E1F045795, 4B8E14B1CFB095982D34DAEC336114F5039D7793080FB787DC95A63B6B945DD0 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:49:49.0187 0x13e4 WPFFontCache_v0400 - ok
17:49:49.0203 0x13e4 [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:49:49.0203 0x13e4 WS2IFSL - ok
17:49:49.0218 0x13e4 [ 4ADED1ADEF25041D9827F9A79C0FDA13, DF708C74E330438719911B7E9F06E4152A3138FD401C0C9CC6C9B3608FA9EB40 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:49:49.0234 0x13e4 wscsvc - ok
17:49:49.0265 0x13e4 [ 21F5169CA14E0B25C757644456F637DF, 762BD8AF92E5D41E1B685A8F1B2A7CB9223120CB6D6AAC31B02D3277FC4C700B ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:49:49.0265 0x13e4 wuauserv - ok
17:49:49.0296 0x13e4 [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:49:49.0296 0x13e4 WudfPf - ok
17:49:49.0312 0x13e4 [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:49:49.0312 0x13e4 WudfRd - ok
17:49:49.0328 0x13e4 [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
17:49:49.0328 0x13e4 WudfSvc - ok
17:49:49.0359 0x13e4 [ 325CEDEF696EF4B649DDCD3968D085C9, 0414BB4845D839D65F99022585ABEFDE4DD22E412C12D3DE2CE83F5B7431041F ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:49:49.0375 0x13e4 WZCSVC - ok
17:49:49.0406 0x13e4 [ 9B835D4C64860B155A1701D5092EC9E4, 28E97DB3CF98C4748AAEE696F88FBA8C8229692F0618B63AA782ABB859B09B8F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:49:49.0406 0x13e4 xmlprov - ok
17:49:49.0437 0x13e4 [ A5D4EAE27E68625296D685A786897491, 6344B8F4C8C1AE1543D7F342A87C97BB8FEDFA0B60744907C036BF14E7635198 ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys
17:49:49.0453 0x13e4 yukonwxp - ok
17:49:49.0453 0x13e4 ================ Scan global ===============================
17:49:49.0500 0x13e4 [ F642F3368D2839798DA79E7BA9218481, 33E91CD6594F4651255D2AB18F6EB7D1BCBA71511B2ED7B753E0FFA50FA137EE ] C:\WINDOWS\system32\basesrv.dll
17:49:49.0515 0x13e4 [ 5869828D4A83BA8F9519630C40044C87, A2A626AC262FE02B3B73BF5245BD65CF532DE3C031891AA502B27CC3807607DA ] C:\WINDOWS\system32\winsrv.dll
17:49:49.0531 0x13e4 [ 5869828D4A83BA8F9519630C40044C87, A2A626AC262FE02B3B73BF5245BD65CF532DE3C031891AA502B27CC3807607DA ] C:\WINDOWS\system32\winsrv.dll
17:49:49.0546 0x13e4 [ 6E401E61F952FBBF708AFBECEFAFAE81, 31D7A402BE7997F0BF902CB8A150DB54C7309C882DE3D8A8E74338CF1BD268D7 ] C:\WINDOWS\system32\services.exe
17:49:49.0546 0x13e4 [ Global ] - ok
17:49:49.0546 0x13e4 ================ Scan MBR ==================================
17:49:49.0546 0x13e4 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
17:49:49.0640 0x13e4 \Device\Harddisk0\DR0 - ok
17:49:49.0656 0x13e4 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk1\DR1
17:49:49.0671 0x13e4 \Device\Harddisk1\DR1 - ok
17:49:49.0671 0x13e4 ================ Scan VBR ==================================
17:49:49.0671 0x13e4 [ D1FE53978D5C8F2E020CBD035BE886C8 ] \Device\Harddisk0\DR0\Partition1
17:49:49.0687 0x13e4 \Device\Harddisk0\DR0\Partition1 - ok
17:49:49.0687 0x13e4 [ 6E2846D2DB530911ECDE971DC5428518 ] \Device\Harddisk1\DR1\Partition1
17:49:49.0687 0x13e4 \Device\Harddisk1\DR1\Partition1 - ok
17:49:49.0687 0x13e4 [ D2EDE033D173EA2706CE716E91228A32 ] \Device\Harddisk1\DR1\Partition2
17:49:49.0703 0x13e4 \Device\Harddisk1\DR1\Partition2 - ok
17:49:49.0703 0x13e4 Waiting for KSN requests completion. In queue: 131
17:49:50.0703 0x13e4 Waiting for KSN requests completion. In queue: 131
17:49:51.0703 0x13e4 Waiting for KSN requests completion. In queue: 131
17:49:52.0781 0x13e4 Win FW state via NFM: enabled
17:49:55.0156 0x13e4 ============================================================
17:49:55.0156 0x13e4 Scan finished
17:49:55.0156 0x13e4 ============================================================
17:49:55.0156 0x0798 Detected object count: 0
17:49:55.0156 0x0798 Actual detected object count: 0

Tak to nebude oříšek ale pořádný kokos

Stáhni Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
Ulož jej na plochu a spusť - zobrazí se licenční podminky -> start libovolnou klávesou.
Bude vytvořena záloha a proběhne skenování.
Vyskočí log (nebo je uložen zde c:\JRT jako JRT.txt) - zkopíruj jej sem

Stáhni AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Ulož nejlépe na plochu -> ukonči všechny programy -> spusť AdwCleaner -> klikni na Scan po dokončení na Clean
bude provedena oprava, restartuje se - (případně restartuj) a vypadne log C:\AdwCleaner\AdwCleaner[S?].txt , jeho obsah vložíš sem

pak tam zkusíme Kasperskyho - bude to běh na delší trať

Stáhni http://www.viry.cz/forum/viewtopic.php?f=29&t=58179/

Návod http://img32.imageshack.us/img32/7604/93809819.gif

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Microsoft Windows XP x86
Ran by Administrator on źt 13.02.2014 at 18:18:51,32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Failed to stop: [Service] update secretsauce
Failed to stop: [Service] util secretsauce



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0049040.BHO
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0049040.BHO.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0049040.Sandbox
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0049040.Sandbox.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550455905540}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660466906640}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440444904440}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0049040.BHO
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0049040.BHO.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0049040.Sandbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0049040.Sandbox.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2645238
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550455905540}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660466906640}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440444904440}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\driver-soft"
Failed to delete: [Folder] "C:\Program Files\secretsauce"
Successfully deleted: [Folder] "C:\Program Files\torntv.com"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 13.02.2014 at 18:22:54,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v3.018 - Report created 13/02/2014 at 18:29:48
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 2 (32 bits)
# Username : Administrator - KEIJEI
# Running from : C:\Documents and Settings\Administrator\Plocha\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Torntv V7.0
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Conduit
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Torntv V7.0
Folder Deleted : C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\1mtrmgsn.default\Extensions\00cf4073-9c0d-4c73-823c-9627a9ebda10@5ce0c315-7a90-4c46-8428-5c0df674cab0.com
Folder Deleted : C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\1mtrmgsn.default\Extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
File Deleted : C:\Program Files\Mozilla Firefox\.autoreg

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKCU\Software\Torntv V7.0
Key Deleted : HKLM\Software\Torntv V7.0

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.2180


-\\ Mozilla Firefox v2.0.0.20 (cs)

[ File : C:\Documents and Settings\Jan Kubesa\Data aplikací\Mozilla\Firefox\Profiles\827yn4b5.default\prefs.js ]


[ File : C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\1mtrmgsn.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3149 octets] - [13/02/2014 18:28:53]
AdwCleaner[S0].txt - [3126 octets] - [13/02/2014 18:29:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3186 octets] ##########

jde ti to skvěle - počkáme na nález AVPTool

Hmm, ten Kaspersky už je nějaká novější verze, tak snad jsem to nastavil OK. Vypadá to, že to pojede hodně dlouho, takže já teď mizím.

OK - počítám s tvou odpovědí zítra

Spustil jsem to v nouzovém režimu, kde se mi podařilo ručně smazat i ty soubory co jsi uvedl. Sken jsem nechal jen přes noc a dneska ráno je na 26%. Počítám, že k večeru se ozvu.

jj Kaspersky je pečlivý a dá si záležet

budu tady i večer

Tak jsem zase tady. Jelo to v nouzovém režimu přes 40 hodin!!! Asi jsem něco blbě nastavil. V logu bylo jen toto:

Status: Quarantined (events: 1)
13.2.2014 21:37:26 Quarantined Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\Administrator\Local Settings\temp\Server.exe High
Status: Deleted (events: 1)
13.2.2014 22:04:52 Deleted Trojan program Trojan-Dropper.Win32.VB.ascm C:\Program Files\AML Products\Power RM AVI MPG VCD WMV Converter\video.exe High

Mám ale špatnou zprávu . ty soubory s koncovkou vbs co jsem v nouzáku smazal se při nastartování PC do normálního režimu objevily zase.

podle kolegova návodu

vyosek píše: Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
• Do okna vlozte skript nize

• Kód: Vybrat vše

  srinfo;
  autoclean;
  emptyclsid;
  iedefaults;
  process;
  hijackthis;
  emptyalltemp;
  resethosts;
  

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem