Preventivní kontrola

Zpráva

krater · #1 Příspěvek od **krater** » 09 zář 2012 21:47

Dobrý den, po delší době bych zase poprosil o preventivní kontrolu logu:)
Předem děkuji

Logfile of random's system information tool 1.09 (written by random/random)
Run by User at 2012-09-09 22:44:20
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 147 GB (57%) free of 257 GB
Total RAM: 3000 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:44:24, on 9.9.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Users\alca\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\trend micro\User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;mbank.cz
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKCU\..\Run: [Zoner (neodebírat)] C:\Users\User\Dropbox\Dokumenty\Programy\zoner.bat
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = alca\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Freemake Improver - Freemake - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\SysWOW64\rpcnet.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9983 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 5518176
\??\C:\Windows\system32\conhost.exe "4892300041275493365788893171-1936973896-644154558-1263447647-14209142272069770042
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\system32\AEADISRV.EXE
"C:\Program Files\LSI SoftModem\agr64svc.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
"C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe"
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Users\alca\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup
"C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe"
"C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" /FORCE
"C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe"
WLIDSvcM.exe 2968
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\Upgrd.exe
C:\Windows\SysWOW64\rpcnet.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Skype\Phone\Skype.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{A79DB36D-6218-48E6-9EC9-DCBA9A39BF00}
C:\Windows\servicing\TrustedInstaller.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe159_ Global\UsGthrCtrlFltPipeMssGthrPipe159 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
"C:\Users\User\Dropbox\Dokumenty\Programy\Skenery\RSIT x64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\Defraggler Volume C Task.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-146033841-32980914-428312729-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-146033841-32980914-428312729-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qlixbhi7.default

prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30, firesheep@codebutler.com:0.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.26"
prefs.js - "keyword.URL" - "http://www.google.cz/#hl=cs&source=hp&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.271 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.271 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.2.1]
"Description"=
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\plugins\
nppdf32.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qlixbhi7.default\extensions\
donottrackplus@abine.com

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-04-04 79240]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-01-14 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-01-14 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"=C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe [2009-05-18 3866624]
"IAAnotif"=C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [2010-01-08 186904]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-06-04 2174760]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2012-03-26 1271168]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-06-21 162584]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-06-21 386840]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-06-21 417560]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Zoner (neodebírat)"=C:\Users\User\Dropbox\Dokumenty\Programy\zoner.bat [2011-11-13 60]
"Clownfish"= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe [2012-08-15 686792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clownfish]
C:\Program Files (x86)\Clownfish\Clownfish.exe [2012-06-11 1097464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-16 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2012-06-27 1996200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-01-13 460872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-11-11 287800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2011-03-07 89456]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [2009-05-18 1314816]
"IJNetworkScannerSelectorEX"=C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [2011-01-15 452016]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\alca\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-06-03 272896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rpcnet]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux1"=wdmaud.drv
"wave5"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-09-08 10:50:40 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-09-06 19:43:39 ----SHD---- C:\Config.Msi
2012-08-15 21:10:11 ----A---- C:\Windows\system32\drivers\bthport.sys
2012-08-15 21:08:11 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-08-15 21:08:11 ----A---- C:\Windows\system32\mshtmled.dll
2012-08-15 21:08:09 ----A---- C:\Windows\SYSWOW64\url.dll
2012-08-15 21:08:09 ----A---- C:\Windows\system32\url.dll
2012-08-15 21:08:09 ----A---- C:\Windows\system32\iertutil.dll
2012-08-15 21:08:08 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-08-15 21:08:08 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-08-15 21:08:08 ----A---- C:\Windows\system32\urlmon.dll
2012-08-15 21:08:07 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-08-15 21:08:07 ----A---- C:\Windows\system32\ieUnatt.exe
2012-08-15 21:08:07 ----A---- C:\Windows\system32\ieui.dll
2012-08-15 21:08:06 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2012-08-15 21:08:05 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-08-15 21:08:05 ----A---- C:\Windows\system32\jscript9.dll
2012-08-15 21:08:04 ----A---- C:\Windows\system32\wininet.dll
2012-08-15 21:08:04 ----A---- C:\Windows\system32\jsproxy.dll
2012-08-15 21:08:03 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-08-15 21:08:03 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-08-15 21:08:03 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-08-15 21:08:03 ----A---- C:\Windows\system32\jscript.dll
2012-08-15 21:08:01 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-08-15 21:07:58 ----A---- C:\Windows\system32\mshtml.dll
2012-08-15 21:07:57 ----A---- C:\Windows\system32\ieframe.dll
2012-08-15 21:07:56 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-08-15 20:46:07 ----D---- C:\ProgramData\Freemake
2012-08-15 20:45:50 ----D---- C:\Program Files (x86)\Freemake
2012-08-15 20:32:57 ----D---- C:\Windows\SYSWOW64\drivers\mycodec
2012-08-15 20:32:56 ----D---- C:\Program Files (x86)\MyVideoConverter
2012-08-15 10:17:17 ----A---- C:\Windows\system32\srcore.dll
2012-08-15 10:17:16 ----A---- C:\Windows\SYSWOW64\srclient.dll
2012-08-15 10:17:04 ----A---- C:\Windows\system32\win32spl.dll
2012-08-15 10:17:03 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2012-08-15 10:17:03 ----A---- C:\Windows\system32\spoolsv.exe
2012-08-15 10:17:03 ----A---- C:\Windows\splwow64.exe
2012-08-15 10:16:58 ----A---- C:\Windows\SYSWOW64\netapi32.dll
2012-08-15 10:16:58 ----A---- C:\Windows\SYSWOW64\browcli.dll
2012-08-15 10:16:58 ----A---- C:\Windows\system32\netapi32.dll
2012-08-15 10:16:58 ----A---- C:\Windows\system32\browser.dll
2012-08-15 10:16:58 ----A---- C:\Windows\system32\browcli.dll
2012-08-15 10:16:44 ----A---- C:\Windows\system32\win32k.sys
2012-08-15 10:16:28 ----A---- C:\Windows\system32\localspl.dll

======List of files/folders modified in the last 1 month======

2012-09-09 22:44:24 ----D---- C:\Windows\Prefetch
2012-09-09 22:44:22 ----D---- C:\Program Files\trend micro
2012-09-09 22:43:59 ----D---- C:\Windows\Temp
2012-09-09 22:41:34 ----D---- C:\Windows\system32\config
2012-09-09 22:02:49 ----D---- C:\Users\User\AppData\Roaming\Skype
2012-09-09 21:46:55 ----D---- C:\Users\User\AppData\Roaming\Dropbox
2012-09-09 19:47:39 ----D---- C:\Windows\inf
2012-09-09 14:26:21 ----SHD---- C:\Windows\Installer
2012-09-09 13:11:07 ----D---- C:\Windows
2012-09-09 09:25:45 ----A---- C:\Windows\system32\rpcnetp.exe
2012-09-08 23:27:38 ----D---- C:\Users\User\AppData\Roaming\vlc
2012-09-08 11:07:10 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2012-09-08 11:07:09 ----D---- C:\Program Files (x86)
2012-09-07 18:27:13 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2012-09-07 18:13:59 ----D---- C:\Users\User\AppData\Roaming\Mp3tag
2012-09-07 17:09:21 ----SHD---- C:\System Volume Information
2012-09-07 17:02:27 ----D---- C:\Windows\System32
2012-09-07 17:02:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-09-06 15:48:58 ----D---- C:\Windows\ModemLogs
2012-09-06 14:53:12 ----D---- C:\Windows\SysWOW64
2012-09-06 14:52:00 ----A---- C:\Windows\SYSWOW64\rpcnet.dll
2012-09-06 14:51:29 ----A---- C:\Windows\SYSWOW64\Upgrd.exe
2012-09-06 14:51:21 ----N---- C:\Windows\SYSWOW64\rpcnet.exe
2012-09-06 14:48:48 ----A---- C:\Windows\SYSWOW64\rpcnetp.dll
2012-09-06 14:48:01 ----A---- C:\Windows\SYSWOW64\rpcnetp.exe
2012-08-31 13:52:26 ----D---- C:\Program Files (x86)\Steam
2012-08-31 10:12:51 ----D---- C:\Windows\Minidump
2012-08-30 12:30:04 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-08-30 12:29:58 ----D---- C:\Windows\SYSWOW64\drivers
2012-08-30 12:29:05 ----D---- C:\Windows\system32\catroot2
2012-08-30 11:14:00 ----HD---- C:\ProgramData
2012-08-30 11:13:32 ----RD---- C:\Program Files
2012-08-25 15:47:36 ----D---- C:\ProgramData\Adobe
2012-08-25 15:46:51 ----D---- C:\Users\User\AppData\Roaming\Adobe
2012-08-23 18:59:42 ----D---- C:\Windows\debug
2012-08-23 18:10:41 ----D---- C:\Windows\winsxs
2012-08-16 00:21:24 ----RSD---- C:\Windows\Fonts
2012-08-16 00:21:24 ----D---- C:\Windows\SYSWOW64\migration
2012-08-16 00:21:24 ----D---- C:\Windows\system32\migration
2012-08-16 00:21:24 ----D---- C:\Program Files\Internet Explorer
2012-08-16 00:21:24 ----D---- C:\Program Files (x86)\Internet Explorer
2012-08-16 00:21:23 ----D---- C:\Windows\system32\DriverStore
2012-08-16 00:21:22 ----D---- C:\Windows\system32\drivers
2012-08-15 21:11:27 ----D---- C:\ProgramData\Microsoft Help
2012-08-15 21:10:20 ----D---- C:\Windows\system32\catroot
2012-08-15 21:04:33 ----A---- C:\Windows\system32\MRT.exe
2012-08-15 11:28:19 ----D---- C:\Program Files (x86)\Mp3tag
2012-08-15 00:25:23 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-08-14 18:10:08 ----D---- C:\Windows\system32\Tasks
2012-08-14 18:10:03 ----D---- C:\Program Files\CCleaner
2012-08-14 15:36:57 ----SD---- C:\Users\User\AppData\Roaming\Microsoft
2012-08-14 11:16:07 ----D---- C:\Program Files (x86)\JDownloader
2012-08-12 20:29:58 ----D---- C:\Program Files (x86)\Common Files
2012-08-12 20:29:58 ----D---- C:\Program Files (x86)\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2011-05-13 30008]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-01-08 409112]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2012-03-20 203888]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2010-12-17 40816]
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2012-02-10 231376]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2012-04-12 224048]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2012-04-12 130864]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2011-05-13 43320]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2009-05-18 497152]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-04-06 1208320]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl664.sys [2011-12-16 2978296]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-07-01 98344]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2009-07-01 132648]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-07-01 21160]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
R3 HBtnKey;HP Hotkey Device; C:\Windows\system32\DRIVERS\cpqbttn64.sys [2009-04-20 11264]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2009-04-29 18432]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-06-03 10628800]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-12-10 23152]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-06-04 1379376]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2012-04-12 147248]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2012-04-12 166192]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2011-01-15 36352]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 HTCAND64;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2010-06-25 35344]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 pwdrvio;pwdrvio; \??\C:\Windows\syswow64\pwdrvio.sys []
S3 pwdspio;pwdspio; \??\C:\Windows\syswow64\pwdspio.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 VBoxUSB;VirtualBox USB; C:\Windows\System32\Drivers\VBoxUSB.sys [2012-04-12 117040]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2008-07-15 111616]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agr64svc.exe [2009-03-27 16896]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-07-30 864032]
R2 Freemake Improver;Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-06-06 100864]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2011-05-13 30520]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2010-01-08 354840]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-03-26 12600]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]
R2 rpcnet;Remote Procedure Call (RPC) Net; C:\Windows\SysWOW64\rpcnet.exe [2012-09-06 58288]
R2 TeamViewer7;TeamViewer 7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-04 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 Com4QLBEx;Com4QLBEx; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-04 136176]
S3 hpqwmiex;hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2009-04-30 229944]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-08 114144]
S3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2010-06-25 117264]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-08-25 529744]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-12-17 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

krater · #2 Příspěvek od **krater** » 15 zář 2012 15:37

Zde jsou výsledky, vše je bez infiltrací kromě druhého s jednou. Zatím děkuji, je s nimi něco v nepořádku?
http://bit.ly/RZjcKY
http://bit.ly/Orie5b
http://bit.ly/RZj7XJ
http://bit.ly/RZjjGi
http://bit.ly/RZjlhh
http://bit.ly/RZjEsB

krater · #3 Příspěvek od **krater** » 15 zář 2012 15:44

Poslední dobou se mi abnormálně seká počítač, musel jsem ho několikrát restartovat. Jednou se zasekl při bootovaní na černé obrazovce, podruhé nabootoval ve špatném rozlišení a až napotřetí se to povedlo.
Aktuálně je vše v pořádku, ale občas systém odmítá spustit jakýkoli program, ikdyž není zamrzlý (myš reaguje, ikony se zvýrazňují...). Může to s tím nějak souviset, popř mám zaslat nový log? Ten první sjem dělal čistě preventivně a ještě jsem problémy neměl (nebo si je nezaznamenal). Objevovali se hlavně včera a dneska.

krater · #4 Příspěvek od **krater** » 15 zář 2012 19:36

To zní zajímavě, můj počítač je teď téměř nepoužitelný. Je to sice relativně slabý ntb, ale aby se prohlížeš zapínal i přes 20 sekund, to není normální. Děkuji, byť za negativní informace. Nyní provádím sken pomocí Eset online scanner, výsledky sem dám.

krater · #5 Příspěvek od **krater** » 15 zář 2012 19:39

Můžu se ještě zeptat, jestli máte tušení, zda mi hrozí nějaké aktivní nebezpečí? Vzdálený přístup k PC atd? Mimochodem si neuvědomuji, že bych v poslední době instaloval nějaký neověřený neznámý software.

krater · #6 Příspěvek od **krater** » 15 zář 2012 20:06

Jen hlásím, že ESET dokončil skenování. Odstranil jednu infiltraci, která je ale pravděpodobně falešná a vůbec s problémem nesouvisí.

C:\Users\User\Documents\Programy\AAHK\tools\bin\zergRush Android/Exploit.Lotoor.BL trojský kůň vyléčen smazáním - uložen do karantény

Je to program na rootování android telefonu, z důvěryhodného zdroje. Nyní pracuji na instalaci cFixu.

krater · #7 Příspěvek od **krater** » 15 zář 2012 20:30

Teď jsem si v rámci vypínání antiviru všimnul, že 9.9. uložil do karanteny Tronaj:Win32/Alureon.CT. Je to pár dní po vytvoření podezřelých souborů.

krater · #8 Příspěvek od **krater** » 15 zář 2012 21:00

Děkuji za všechno,co jste pro mě zatím udělal,zítra tu na vás bude čekat již nyní téměř vytvořeny log z combo fixu.
Budu se těšit na zítřejší shledanou:)
EDIT: log je zde, zaznamenávám lehké subjektivní zrychlení systemu. Zatím jsem ho nerestartoval, pouze uspal abych zabránil případnému znovunakažení z biosů. Čekám na další pokyny.
EDIT2: po odhlášení a přihlášení do systemu mi vyskočila chybová hláška, něco o nenalezení bodu obnovení myslím. A potom druhá http://bit.ly/PGzgAB. Možná vám to něco napoví.

krater · #9 Příspěvek od **krater** » 15 zář 2012 21:15

ComboFix 12-09-15.02 - User 15.09.2012 21:36:54.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3000.1553 [GMT 2:00]
Spuštěný z: c:\users\User\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-15 do 2012-09-15 )))))))))))))))))))))))))))))))
.
.
2012-09-15 19:50 . 2012-09-15 19:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-15 19:50 . 2012-09-15 19:50 -------- d-----w- c:\users\alca\AppData\Local\temp
2012-09-15 16:04 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB999777-0B3C-4D80-9F54-9C131976950C}\mpengine.dll
2012-09-15 15:38 . 2012-09-15 15:38 711240 ----a-w- c:\windows\is-N67G1.exe
2012-09-14 15:33 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-12 12:15 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 12:15 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 12:15 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 12:15 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 12:15 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 12:15 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 12:15 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-10 14:15 . 2012-09-10 14:15 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-08-27 10:58 . 2012-08-27 11:07 -------- d-----w- c:\users\User\.android
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-15 15:36 . 2011-12-15 15:14 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-09-15 15:36 . 2011-12-16 16:50 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2012-09-15 15:36 . 2011-12-16 16:50 13160 ----a-w- c:\windows\SysWow64\Upgrd.exe
2012-09-15 15:36 . 2011-12-16 16:50 58288 ------w- c:\windows\SysWow64\rpcnet.exe
2012-09-15 15:33 . 2011-12-15 15:14 17408 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2012-09-15 15:32 . 2011-12-15 15:14 17408 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2012-09-12 21:11 . 2011-12-17 15:06 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-10 14:19 . 2012-04-21 06:00 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-10 14:19 . 2011-12-21 14:33 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-07 15:04 . 2012-02-19 21:01 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-18 18:15 . 2012-08-15 08:16 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 20:07 . 2012-08-15 19:10 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-04 22:16 . 2012-08-15 08:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 08:16 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 08:16 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 08:16 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-06-29 04:55 . 2012-08-15 19:07 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-06-29 04:09 . 2012-08-15 19:07 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-06-29 03:56 . 2012-08-15 19:08 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 03:49 . 2012-08-15 19:08 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-29 03:49 . 2012-08-15 19:08 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 03:48 . 2012-08-15 19:08 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 03:47 . 2012-08-15 19:08 237056 ----a-w- c:\windows\system32\url.dll
2012-06-29 03:45 . 2012-08-15 19:08 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-29 03:44 . 2012-08-15 19:08 816640 ----a-w- c:\windows\system32\jscript.dll
2012-06-29 03:43 . 2012-08-15 19:08 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 03:42 . 2012-08-15 19:08 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-29 03:40 . 2012-08-15 19:08 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-29 03:39 . 2012-08-15 19:08 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-29 03:35 . 2012-08-15 19:08 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-29 00:16 . 2012-08-15 19:08 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-29 00:09 . 2012-08-15 19:08 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-29 00:08 . 2012-08-15 19:08 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04 . 2012-08-15 19:08 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00 . 2012-08-15 19:08 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-18 11:34 . 2011-12-18 19:14 19032 ------w- c:\windows\system32\pwdrvio.sys
2012-06-18 11:34 . 2011-12-18 19:14 2966720 ----a-w- c:\windows\system32\pwNative.exe
2012-06-18 11:34 . 2011-12-18 19:14 12384 ------w- c:\windows\system32\pwdspio.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zoner (neodebírat)"="c:\users\User\Dropbox\Dokumenty\Programy\zoner.bat" [2011-11-13 60]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2011-01-15 452016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-07 766536]
"InnoSetupRegFile.0000000001"="c:\windows\is-N67G1.exe" [2012-09-15 711240]
.
c:\users\alca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\alca\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-06-06 100864]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-04 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-10 250568]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-04 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-08 114144]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-06-18 19032]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-06-18 12384]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2012-04-12 117040]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-17 1255736]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-04-12 224048]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-04-12 130864]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 2369960]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-04-12 147248]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-04-12 166192]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-07-20 393216]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-09-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 14:19]
.
2012-09-15 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df64.exe [2012-06-06 13:14]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-04 16:10]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-04 16:10]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-146033841-32980914-428312729-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-16 20:04]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-146033841-32980914-428312729-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-16 20:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\alca\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\alca\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\alca\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\alca\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"="c:\program files (x86)\Analog Devices\SoundMAX\soundmax.exe" [2009-05-18 3866624]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-01-08 186904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 162584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 386840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 417560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://seznam.cz/
mLocal Page = c:\windows\SYSTEM32\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1;mbank.cz
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qlixbhi7.default\
FF - prefs.js: keyword.URL - hxxp://www.google.cz/#hl=cs&source=hp&q=
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-Clownfish - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-09-15 22:12:10
ComboFix-quarantined-files.txt 2012-09-15 20:12
.
Před spuštěním: Volných bajtů: 149 401 595 904
Po spuštění: Volných bajtů: 151 163 502 592
.
- - End Of File - - 1047C26BCE335454D8F5061C2305F2BA

krater · #10 Příspěvek od **krater** » 16 zář 2012 11:14

Eset jsem využil pouze jako free online scanner, který kromě falešné detekce androidu nic nenašel. Soubor v kranténě je v mém primárním antiviru Microsoft security essentials.
Karanténa Security Essentials: http://bit.ly/PGzgAB, http://bit.ly/Qtuqo6. Je to o tři dny starší než naše soubory, asi to s tím nesouvisí. Ukazuje to na balík multiclicker.rar, který si pamatuji, že jsem kontroloval antivirem ale nikdy ho neextrahoval. Manuální prohlídka odhalila vir a balík se sám smazal. Až teď jsem si to uvědomil.

EDIT: žádný ze souborů "OSTATNÍ VÝMAZY" z logu ComboFix se ve složkách nenachází ani po restartu windows. Mám nějak kontrolovat i soubory, které byly podezřelé v prvním RSIT logu? Jako rpcnet.dll, Upgrd.exe, rpcnet.exe...

EDIT2: Na ploše mám jeden soubor, který opakovaně (i po restartu pc) nelze spustit ani smazat. Při mazání se na několik minut objeví http://bit.ly/OtCuTU a nic se neděje. Když chci mazání zrušit, okno přestane reagovat.
Většinou musím shodil explore.exe. Jedná se o instalačku elektronické čítanky, kterou jsem si zakoupil a stáhl z oficiálního webu flexilearn.cz. Infikace je tedy vyloučena. Přesto ji nemůžu nainstalovat ani smazat. SOubor má přes 1GB, možná je to pro systém náročné.

krater · #11 Příspěvek od **krater** » 16 zář 2012 11:54

12:50:01.0840 3736 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
12:50:02.0520 3736 ============================================================
12:50:02.0520 3736 Current date / time: 2012/09/16 12:50:02.0520
12:50:02.0520 3736 SystemInfo:
12:50:02.0520 3736
12:50:02.0520 3736 OS Version: 6.1.7601 ServicePack: 1.0
12:50:02.0520 3736 Product type: Workstation
12:50:02.0520 3736 ComputerName: KRATER-PC
12:50:02.0520 3736 UserName: User
12:50:02.0520 3736 Windows directory: C:\Windows
12:50:02.0520 3736 System windows directory: C:\Windows
12:50:02.0520 3736 Running under WOW64
12:50:02.0520 3736 Processor architecture: Intel x64
12:50:02.0520 3736 Number of processors: 2
12:50:02.0520 3736 Page size: 0x1000
12:50:02.0520 3736 Boot type: Normal boot
12:50:02.0521 3736 ============================================================
12:50:04.0410 3736 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:50:04.0457 3736 ============================================================
12:50:04.0457 3736 \Device\Harddisk0\DR0:
12:50:04.0457 3736 MBR partitions:
12:50:04.0457 3736 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:50:04.0457 3736 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1F56F866
12:50:04.0521 3736 ============================================================
12:50:04.0647 3736 C: <-> \Device\Harddisk0\DR0\Partition2
12:50:04.0647 3736 ============================================================
12:50:04.0647 3736 Initialize success
12:50:04.0647 3736 ============================================================
12:50:40.0179 0700 ============================================================
12:50:40.0179 0700 Scan started
12:50:40.0179 0700 Mode: Manual; SigCheck; TDLFS;
12:50:40.0179 0700 ============================================================
12:50:42.0385 0700 ================ Scan system memory ========================
12:50:42.0385 0700 System memory - ok
12:50:42.0385 0700 ================ Scan services =============================
12:50:42.0787 0700 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:50:43.0043 0700 1394ohci - ok
12:50:43.0138 0700 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
12:50:43.0197 0700 Accelerometer - ok
12:50:43.0326 0700 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:50:43.0351 0700 ACPI - ok
12:50:43.0435 0700 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:50:43.0666 0700 AcpiPmi - ok
12:50:43.0811 0700 [ 560649E6A9C11F6124F97310EF387C45 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
12:50:43.0926 0700 ADIHdAudAddService - ok
12:50:44.0229 0700 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:50:44.0244 0700 AdobeARMservice - ok
12:50:44.0623 0700 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:50:44.0641 0700 AdobeFlashPlayerUpdateSvc - ok
12:50:44.0810 0700 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:50:44.0858 0700 adp94xx - ok
12:50:44.0899 0700 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:50:44.0933 0700 adpahci - ok
12:50:45.0009 0700 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:50:45.0036 0700 adpu320 - ok
12:50:45.0121 0700 [ 3BDB13C79CC8C06E2F8182595903ED69 ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
12:50:45.0197 0700 AEADIFilters - ok
12:50:45.0236 0700 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:50:45.0638 0700 AeLookupSvc - ok
12:50:45.0736 0700 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
12:50:45.0874 0700 AFD - ok
12:50:46.0176 0700 [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
12:50:46.0309 0700 AgereModemAudio - ok
12:50:46.0405 0700 [ AF4748EF93416159459769A24A0053AF ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
12:50:46.0496 0700 AgereSoftModem - ok
12:50:46.0540 0700 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:50:46.0569 0700 agp440 - ok
12:50:46.0632 0700 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
12:50:46.0738 0700 ALG - ok
12:50:46.0820 0700 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
12:50:46.0835 0700 aliide - ok
12:50:46.0861 0700 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
12:50:46.0905 0700 amdide - ok
12:50:46.0965 0700 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:50:47.0071 0700 AmdK8 - ok
12:50:47.0101 0700 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:50:47.0184 0700 AmdPPM - ok
12:50:47.0239 0700 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:50:47.0263 0700 amdsata - ok
12:50:47.0302 0700 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:50:47.0328 0700 amdsbs - ok
12:50:47.0363 0700 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:50:47.0381 0700 amdxata - ok
12:50:47.0548 0700 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
12:50:47.0789 0700 AppID - ok
12:50:47.0876 0700 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:50:47.0997 0700 AppIDSvc - ok
12:50:48.0085 0700 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
12:50:48.0216 0700 Appinfo - ok
12:50:48.0301 0700 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
12:50:48.0337 0700 arc - ok
12:50:48.0367 0700 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:50:48.0384 0700 arcsas - ok
12:50:48.0613 0700 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:50:48.0655 0700 aspnet_state - ok
12:50:48.0712 0700 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:50:48.0803 0700 AsyncMac - ok
12:50:48.0885 0700 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
12:50:48.0900 0700 atapi - ok
12:50:48.0990 0700 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:50:49.0112 0700 AudioEndpointBuilder - ok
12:50:49.0131 0700 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:50:49.0204 0700 AudioSrv - ok
12:50:49.0259 0700 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:50:49.0345 0700 AxInstSV - ok
12:50:49.0524 0700 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
12:50:49.0609 0700 b06bdrv - ok
12:50:49.0668 0700 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:50:49.0745 0700 b57nd60a - ok
12:50:50.0018 0700 [ 0E14A0071FE26A570BCAFF5401014717 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
12:50:50.0155 0700 BCM43XX - ok
12:50:50.0274 0700 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
12:50:50.0372 0700 BDESVC - ok
12:50:50.0450 0700 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
12:50:50.0585 0700 Beep - ok
12:50:50.0815 0700 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
12:50:50.0924 0700 BFE - ok
12:50:50.0988 0700 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
12:50:51.0149 0700 BITS - ok
12:50:51.0185 0700 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:50:51.0256 0700 blbdrive - ok
12:50:51.0354 0700 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:50:51.0431 0700 bowser - ok
12:50:51.0492 0700 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:50:51.0638 0700 BrFiltLo - ok
12:50:51.0670 0700 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:50:51.0724 0700 BrFiltUp - ok
12:50:51.0737 0700 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
12:50:51.0819 0700 BridgeMP - ok
12:50:51.0894 0700 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
12:50:51.0980 0700 Browser - ok
12:50:52.0018 0700 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:50:52.0144 0700 Brserid - ok
12:50:52.0210 0700 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:50:52.0270 0700 BrSerWdm - ok
12:50:52.0310 0700 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:50:52.0362 0700 BrUsbMdm - ok
12:50:52.0395 0700 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:50:52.0465 0700 BrUsbSer - ok
12:50:52.0516 0700 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
12:50:52.0587 0700 BthEnum - ok
12:50:52.0610 0700 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:50:52.0662 0700 BTHMODEM - ok
12:50:52.0701 0700 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
12:50:52.0748 0700 BthPan - ok
12:50:52.0828 0700 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
12:50:52.0963 0700 BTHPORT - ok
12:50:53.0016 0700 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
12:50:53.0124 0700 bthserv - ok
12:50:53.0170 0700 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
12:50:53.0209 0700 BTHUSB - ok
12:50:53.0299 0700 [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
12:50:53.0332 0700 btwaudio - ok
12:50:53.0411 0700 [ 82DC8B7C626E526681C1BEBED2BC3FF9 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
12:50:53.0444 0700 btwavdt - ok
12:50:53.0588 0700 [ 17DA11C703B8E86AC3DF8F796A118AEF ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
12:50:53.0622 0700 btwdins - ok
12:50:53.0665 0700 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
12:50:53.0700 0700 btwl2cap - ok
12:50:53.0756 0700 [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
12:50:53.0793 0700 btwrchid - ok
12:50:53.0803 0700 catchme - ok
12:50:53.0841 0700 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:50:53.0954 0700 cdfs - ok
12:50:54.0040 0700 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:50:54.0134 0700 cdrom - ok
12:50:54.0251 0700 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
12:50:54.0324 0700 CertPropSvc - ok
12:50:54.0399 0700 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:50:54.0438 0700 circlass - ok
12:50:54.0525 0700 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
12:50:54.0548 0700 CLFS - ok
12:50:54.0673 0700 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:50:54.0698 0700 clr_optimization_v2.0.50727_32 - ok
12:50:54.0751 0700 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:50:54.0774 0700 clr_optimization_v2.0.50727_64 - ok
12:50:54.0899 0700 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:50:55.0169 0700 clr_optimization_v4.0.30319_32 - ok
12:50:55.0218 0700 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:50:55.0270 0700 clr_optimization_v4.0.30319_64 - ok
12:50:55.0321 0700 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:50:55.0393 0700 CmBatt - ok
12:50:55.0421 0700 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:50:55.0448 0700 cmdide - ok
12:50:55.0528 0700 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
12:50:55.0643 0700 CNG - ok
12:50:55.0818 0700 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
12:50:55.0836 0700 Com4QLBEx - ok
12:50:55.0903 0700 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:50:55.0928 0700 Compbatt - ok
12:50:55.0989 0700 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:50:56.0047 0700 CompositeBus - ok
12:50:56.0074 0700 COMSysApp - ok
12:50:56.0130 0700 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:50:56.0146 0700 crcdisk - ok
12:50:56.0229 0700 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:50:56.0296 0700 CryptSvc - ok
12:50:56.0370 0700 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:50:56.0454 0700 DcomLaunch - ok
12:50:56.0545 0700 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
12:50:56.0614 0700 defragsvc - ok
12:50:56.0693 0700 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:50:56.0836 0700 DfsC - ok
12:50:57.0044 0700 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
12:50:57.0123 0700 Dhcp - ok
12:50:57.0180 0700 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
12:50:57.0290 0700 discache - ok
12:50:57.0331 0700 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:50:57.0348 0700 Disk - ok
12:50:57.0403 0700 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:50:57.0467 0700 Dnscache - ok
12:50:57.0554 0700 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:50:57.0646 0700 dot3svc - ok
12:50:57.0719 0700 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
12:50:57.0787 0700 DPS - ok
12:50:57.0842 0700 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:50:57.0920 0700 drmkaud - ok
12:50:58.0035 0700 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:50:58.0169 0700 DXGKrnl - ok
12:50:58.0225 0700 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
12:50:58.0285 0700 EapHost - ok
12:50:58.0501 0700 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
12:50:58.0705 0700 ebdrv - ok
12:50:58.0750 0700 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
12:50:58.0809 0700 EFS - ok
12:50:58.0973 0700 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:50:59.0057 0700 ehRecvr - ok
12:50:59.0099 0700 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
12:50:59.0228 0700 ehSched - ok
12:50:59.0286 0700 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
12:50:59.0309 0700 ElbyCDIO - ok
12:50:59.0455 0700 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:50:59.0483 0700 elxstor - ok
12:50:59.0527 0700 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:50:59.0595 0700 ErrDev - ok
12:50:59.0657 0700 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
12:50:59.0744 0700 EventSystem - ok
12:50:59.0820 0700 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
12:50:59.0901 0700 exfat - ok
12:50:59.0947 0700 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:51:00.0028 0700 fastfat - ok
12:51:00.0163 0700 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
12:51:00.0336 0700 Fax - ok
12:51:00.0412 0700 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:51:00.0471 0700 fdc - ok
12:51:00.0551 0700 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
12:51:00.0639 0700 fdPHost - ok
12:51:00.0675 0700 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
12:51:00.0729 0700 FDResPub - ok
12:51:00.0755 0700 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:51:00.0772 0700 FileInfo - ok
12:51:00.0789 0700 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:51:00.0965 0700 Filetrace - ok
12:51:01.0028 0700 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:51:01.0064 0700 flpydisk - ok
12:51:01.0149 0700 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:51:01.0174 0700 FltMgr - ok
12:51:01.0287 0700 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
12:51:01.0357 0700 FontCache - ok
12:51:01.0486 0700 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:51:01.0500 0700 FontCache3.0.0.0 - ok
12:51:01.0612 0700 [ 82F0F3554CE07CEDB749D79CBC5A599E ] Freemake Improver C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
12:51:01.0619 0700 Freemake Improver ( UnsignedFile.Multi.Generic ) - warning
12:51:01.0619 0700 Freemake Improver - detected UnsignedFile.Multi.Generic (1)
12:51:01.0663 0700 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:51:01.0679 0700 FsDepends - ok
12:51:01.0730 0700 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:51:01.0770 0700 Fs_Rec - ok
12:51:01.0845 0700 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:51:01.0876 0700 fvevol - ok
12:51:01.0920 0700 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:51:01.0950 0700 gagp30kx - ok
12:51:02.0028 0700 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
12:51:02.0109 0700 gpsvc - ok
12:51:02.0266 0700 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:51:02.0280 0700 gupdate - ok
12:51:02.0324 0700 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:51:02.0336 0700 gupdatem - ok
12:51:02.0394 0700 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
12:51:02.0410 0700 hamachi - ok
12:51:02.0632 0700 [ F10C3F2E002100BF8B797DCF283FEA7D ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
12:51:02.0736 0700 Hamachi2Svc - ok
12:51:02.0769 0700 [ 965FC9D0BD1E13B02DC71B77B68092F4 ] HBtnKey C:\Windows\system32\DRIVERS\cpqbttn64.sys
12:51:02.0820 0700 HBtnKey - ok
12:51:02.0868 0700 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:51:02.0947 0700 hcw85cir - ok
12:51:03.0022 0700 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:51:03.0073 0700 HdAudAddService - ok
12:51:03.0116 0700 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:51:03.0156 0700 HDAudBus - ok
12:51:03.0205 0700 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:51:03.0241 0700 HidBatt - ok
12:51:03.0264 0700 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:51:03.0319 0700 HidBth - ok
12:51:03.0358 0700 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:51:03.0399 0700 HidIr - ok
12:51:03.0434 0700 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
12:51:03.0494 0700 hidserv - ok
12:51:03.0557 0700 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:51:03.0585 0700 HidUsb - ok
12:51:03.0633 0700 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:51:03.0718 0700 hkmsvc - ok
12:51:03.0755 0700 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:51:03.0819 0700 HomeGroupListener - ok
12:51:03.0866 0700 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:51:03.0903 0700 HomeGroupProvider - ok
12:51:03.0946 0700 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
12:51:03.0964 0700 hpdskflt - ok
12:51:04.0023 0700 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
12:51:04.0086 0700 HpqKbFiltr - ok
12:51:04.0138 0700 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
12:51:04.0154 0700 hpqwmiex - ok
12:51:04.0219 0700 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:51:04.0237 0700 HpSAMD - ok
12:51:04.0278 0700 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
12:51:04.0294 0700 hpsrv - ok
12:51:04.0361 0700 [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys
12:51:04.0451 0700 HTCAND64 - ok
12:51:04.0555 0700 [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
12:51:04.0569 0700 htcnprot - ok
12:51:04.0654 0700 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:51:04.0743 0700 HTTP - ok
12:51:04.0778 0700 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:51:04.0794 0700 hwpolicy - ok
12:51:04.0843 0700 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:51:04.0874 0700 i8042prt - ok
12:51:04.0943 0700 [ D782F0C741EE2D50AC8D38774597FB2B ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
12:51:04.0969 0700 IAANTMON - ok
12:51:05.0035 0700 [ DC0B4553D089E2BD07AEBD9EA30BEAFB ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
12:51:05.0053 0700 iaStor - ok
12:51:05.0095 0700 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:51:05.0125 0700 iaStorV - ok
12:51:05.0218 0700 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:51:05.0272 0700 idsvc - ok
12:51:05.0716 0700 [ F59AC361DFE9BFD9BE81E20B04EADAA2 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
12:51:06.0142 0700 igfx - ok
12:51:06.0202 0700 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:51:06.0226 0700 iirsp - ok
12:51:06.0305 0700 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
12:51:06.0380 0700 IKEEXT - ok
12:51:06.0416 0700 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
12:51:06.0434 0700 intelide - ok
12:51:06.0522 0700 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:51:06.0564 0700 intelppm - ok
12:51:06.0601 0700 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:51:06.0672 0700 IPBusEnum - ok
12:51:06.0727 0700 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:51:06.0775 0700 IpFilterDriver - ok
12:51:06.0828 0700 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:51:06.0879 0700 iphlpsvc - ok
12:51:06.0942 0700 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:51:06.0978 0700 IPMIDRV - ok
12:51:07.0026 0700 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:51:07.0092 0700 IPNAT - ok
12:51:07.0141 0700 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:51:07.0252 0700 IRENUM - ok
12:51:07.0286 0700 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:51:07.0309 0700 isapnp - ok
12:51:07.0340 0700 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:51:07.0363 0700 iScsiPrt - ok
12:51:07.0402 0700 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:51:07.0420 0700 kbdclass - ok
12:51:07.0475 0700 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:51:07.0516 0700 kbdhid - ok
12:51:07.0539 0700 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
12:51:07.0559 0700 KeyIso - ok
12:51:07.0622 0700 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:51:07.0638 0700 KSecDD - ok
12:51:07.0713 0700 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:51:07.0731 0700 KSecPkg - ok
12:51:07.0783 0700 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:51:07.0849 0700 ksthunk - ok
12:51:07.0927 0700 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
12:51:07.0997 0700 KtmRm - ok
12:51:08.0079 0700 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
12:51:08.0139 0700 LanmanServer - ok
12:51:08.0198 0700 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:51:08.0263 0700 LanmanWorkstation - ok
12:51:08.0321 0700 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:51:08.0377 0700 lltdio - ok
12:51:08.0420 0700 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:51:08.0489 0700 lltdsvc - ok
12:51:08.0543 0700 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:51:08.0625 0700 lmhosts - ok
12:51:08.0722 0700 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:51:08.0753 0700 LSI_FC - ok
12:51:08.0779 0700 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:51:08.0799 0700 LSI_SAS - ok
12:51:08.0824 0700 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:51:08.0843 0700 LSI_SAS2 - ok
12:51:08.0855 0700 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:51:08.0878 0700 LSI_SCSI - ok
12:51:08.0909 0700 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
12:51:08.0983 0700 luafv - ok
12:51:09.0047 0700 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
12:51:09.0062 0700 MBAMProtector - ok
12:51:09.0170 0700 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:51:09.0197 0700 MBAMService - ok
12:51:09.0243 0700 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:51:09.0278 0700 Mcx2Svc - ok
12:51:09.0315 0700 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:51:09.0344 0700 megasas - ok
12:51:09.0374 0700 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:51:09.0404 0700 MegaSR - ok
12:51:09.0465 0700 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
12:51:09.0512 0700 MMCSS - ok
12:51:09.0557 0700 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
12:51:09.0612 0700 Modem - ok
12:51:09.0664 0700 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:51:09.0718 0700 monitor - ok
12:51:09.0752 0700 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:51:09.0772 0700 mouclass - ok
12:51:09.0797 0700 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:51:09.0830 0700 mouhid - ok
12:51:09.0886 0700 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:51:09.0903 0700 mountmgr - ok
12:51:10.0037 0700 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:51:10.0072 0700 MozillaMaintenance - ok
12:51:10.0160 0700 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
12:51:10.0183 0700 MpFilter - ok
12:51:10.0231 0700 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
12:51:10.0250 0700 mpio - ok
12:51:10.0294 0700 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:51:10.0363 0700 mpsdrv - ok
12:51:10.0418 0700 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:51:10.0490 0700 MpsSvc - ok
12:51:10.0540 0700 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:51:10.0594 0700 MRxDAV - ok
12:51:10.0631 0700 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:51:10.0714 0700 mrxsmb - ok
12:51:10.0744 0700 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:51:10.0799 0700 mrxsmb10 - ok
12:51:10.0844 0700 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:51:10.0877 0700 mrxsmb20 - ok
12:51:10.0901 0700 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
12:51:10.0919 0700 msahci - ok
12:51:10.0946 0700 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:51:10.0966 0700 msdsm - ok
12:51:11.0019 0700 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
12:51:11.0075 0700 MSDTC - ok
12:51:11.0135 0700 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:51:11.0220 0700 Msfs - ok
12:51:11.0258 0700 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:51:11.0322 0700 mshidkmdf - ok
12:51:11.0359 0700 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:51:11.0373 0700 msisadrv - ok
12:51:11.0422 0700 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:51:11.0484 0700 MSiSCSI - ok
12:51:11.0492 0700 msiserver - ok
12:51:11.0555 0700 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:51:11.0598 0700 MSKSSRV - ok
12:51:11.0669 0700 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
12:51:11.0684 0700 MsMpSvc - ok
12:51:11.0701 0700 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:51:11.0763 0700 MSPCLOCK - ok
12:51:11.0828 0700 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:51:11.0881 0700 MSPQM - ok
12:51:11.0929 0700 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:51:11.0953 0700 MsRPC - ok
12:51:11.0991 0700 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:51:12.0011 0700 mssmbios - ok
12:51:12.0096 0700 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:51:12.0163 0700 MSTEE - ok
12:51:12.0194 0700 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:51:12.0227 0700 MTConfig - ok
12:51:12.0245 0700 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
12:51:12.0264 0700 Mup - ok
12:51:12.0314 0700 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
12:51:12.0389 0700 napagent - ok
12:51:12.0492 0700 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:51:12.0550 0700 NativeWifiP - ok
12:51:12.0624 0700 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:51:12.0666 0700 NDIS - ok
12:51:12.0723 0700 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:51:12.0788 0700 NdisCap - ok
12:51:12.0843 0700 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:51:12.0899 0700 NdisTapi - ok
12:51:12.0943 0700 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:51:13.0024 0700 Ndisuio - ok
12:51:13.0068 0700 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:51:13.0142 0700 NdisWan - ok
12:51:13.0232 0700 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:51:13.0280 0700 NDProxy - ok
12:51:13.0331 0700 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:51:13.0396 0700 NetBIOS - ok
12:51:13.0432 0700 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:51:13.0516 0700 NetBT - ok
12:51:13.0539 0700 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
12:51:13.0561 0700 Netlogon - ok
12:51:13.0637 0700 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
12:51:13.0705 0700 Netman - ok
12:51:13.0777 0700 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:51:13.0845 0700 NetMsmqActivator - ok
12:51:13.0871 0700 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:51:13.0885 0700 NetPipeActivator - ok
12:51:13.0929 0700 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
12:51:13.0995 0700 netprofm - ok
12:51:14.0088 0700 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:51:14.0102 0700 NetTcpActivator - ok
12:51:14.0112 0700 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:51:14.0126 0700 NetTcpPortSharing - ok
12:51:14.0188 0700 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:51:14.0204 0700 nfrd960 - ok
12:51:14.0279 0700 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:51:14.0293 0700 NisDrv - ok
12:51:14.0377 0700 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
12:51:14.0401 0700 NisSrv - ok
12:51:14.0483 0700 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:51:14.0556 0700 NlaSvc - ok
12:51:14.0642 0700 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF C:\Windows\system32\drivers\npf.sys
12:51:14.0657 0700 NPF - ok
12:51:14.0672 0700 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:51:14.0722 0700 Npfs - ok
12:51:14.0785 0700 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
12:51:14.0860 0700 nsi - ok
12:51:14.0937 0700 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:51:15.0009 0700 nsiproxy - ok
12:51:15.0160 0700 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:51:15.0213 0700 Ntfs - ok
12:51:15.0253 0700 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
12:51:15.0322 0700 Null - ok
12:51:15.0392 0700 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:51:15.0419 0700 nvraid - ok
12:51:15.0450 0700 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:51:15.0472 0700 nvstor - ok
12:51:15.0570 0700 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:51:15.0588 0700 nv_agp - ok
12:51:15.0781 0700 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:51:15.0805 0700 odserv - ok
12:51:15.0847 0700 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:51:15.0877 0700 ohci1394 - ok
12:51:15.0949 0700 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:51:15.0965 0700 ose - ok
12:51:16.0077 0700 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:51:16.0138 0700 p2pimsvc - ok
12:51:16.0172 0700 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
12:51:16.0214 0700 p2psvc - ok
12:51:16.0253 0700 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:51:16.0290 0700 Parport - ok
12:51:16.0336 0700 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:51:16.0355 0700 partmgr - ok
12:51:16.0445 0700 [ A1E779A0CF7A21B42E8FD3E8856D8481 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
12:51:16.0498 0700 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
12:51:16.0498 0700 PassThru Service - detected UnsignedFile.Multi.Generic (1)
12:51:16.0553 0700 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:51:16.0598 0700 PcaSvc - ok
12:51:16.0665 0700 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
12:51:16.0684 0700 pci - ok
12:51:16.0742 0700 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
12:51:16.0766 0700 pciide - ok
12:51:16.0821 0700 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:51:16.0842 0700 pcmcia - ok
12:51:16.0865 0700 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
12:51:16.0883 0700 pcw - ok
12:51:16.0920 0700 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:51:17.0005 0700 PEAUTH - ok
12:51:17.0124 0700 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:51:17.0162 0700 PerfHost - ok
12:51:17.0249 0700 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
12:51:17.0344 0700 pla - ok
12:51:17.0401 0700 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:51:17.0476 0700 PlugPlay - ok
12:51:17.0492 0700 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:51:17.0522 0700 PNRPAutoReg - ok
12:51:17.0571 0700 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:51:17.0591 0700 PNRPsvc - ok
12:51:17.0647 0700 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:51:17.0705 0700 PolicyAgent - ok
12:51:17.0781 0700 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
12:51:17.0852 0700 Power - ok
12:51:17.0918 0700 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:51:17.0968 0700 PptpMiniport - ok
12:51:18.0007 0700 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:51:18.0091 0700 Processor - ok
12:51:18.0157 0700 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
12:51:18.0185 0700 ProfSvc - ok
12:51:18.0228 0700 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:51:18.0244 0700 ProtectedStorage - ok
12:51:18.0289 0700 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:51:18.0349 0700 Psched - ok
12:51:18.0426 0700 [ D8589A43B352E7F2317194C98447149F ] pwdrvio C:\Windows\system32\pwdrvio.sys
12:51:18.0462 0700 pwdrvio - ok
12:51:18.0491 0700 [ 4B8FDA635F4D2E7D638B2B3817B5AFC8 ] pwdspio C:\Windows\system32\pwdspio.sys
12:51:18.0533 0700 pwdspio - ok
12:51:18.0660 0700 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:51:18.0710 0700 ql2300 - ok
12:51:18.0770 0700 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:51:18.0792 0700 ql40xx - ok
12:51:18.0831 0700 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
12:51:18.0859 0700 QWAVE - ok
12:51:18.0887 0700 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:51:18.0928 0700 QWAVEdrv - ok
12:51:18.0955 0700 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:51:19.0016 0700 RasAcd - ok
12:51:19.0094 0700 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:51:19.0137 0700 RasAgileVpn - ok
12:51:19.0181 0700 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
12:51:19.0235 0700 RasAuto - ok
12:51:19.0272 0700 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:51:19.0335 0700 Rasl2tp - ok
12:51:19.0388 0700 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
12:51:19.0459 0700 RasMan - ok
12:51:19.0513 0700 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:51:19.0578 0700 RasPppoe - ok
12:51:19.0607 0700 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:51:19.0673 0700 RasSstp - ok
12:51:19.0721 0700 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:51:19.0796 0700 rdbss - ok
12:51:19.0850 0700 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:51:19.0888 0700 rdpbus - ok
12:51:19.0920 0700 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:51:19.0967 0700 RDPCDD - ok
12:51:20.0018 0700 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:51:20.0093 0700 RDPENCDD - ok
12:51:20.0144 0700 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:51:20.0206 0700 RDPREFMP - ok
12:51:20.0265 0700 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:51:20.0311 0700 RDPWD - ok
12:51:20.0384 0700 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:51:20.0403 0700 rdyboost - ok
12:51:20.0437 0700 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:51:20.0503 0700 RemoteAccess - ok
12:51:20.0567 0700 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:51:20.0612 0700 RemoteRegistry - ok
12:51:20.0697 0700 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
12:51:20.0729 0700 RFCOMM - ok
12:51:20.0826 0700 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
12:51:20.0841 0700 rpcapd - ok
12:51:20.0907 0700 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:51:20.0968 0700 RpcEptMapper - ok
12:51:21.0004 0700 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
12:51:21.0077 0700 RpcLocator - ok
12:51:21.0160 0700 [ 6684437F3628EF237C354F77D33426D1 ] rpcnet C:\Windows\SysWOW64\rpcnet.exe
12:51:21.0173 0700 rpcnet - ok
12:51:21.0214 0700 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
12:51:21.0263 0700 RpcSs - ok
12:51:21.0330 0700 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:51:21.0377 0700 rspndr - ok
12:51:21.0416 0700 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
12:51:21.0435 0700 SamSs - ok
12:51:21.0498 0700 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:51:21.0516 0700 sbp2port - ok
12:51:21.0580 0700 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:51:21.0625 0700 SCardSvr - ok
12:51:21.0671 0700 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:51:21.0741 0700 scfilter - ok
12:51:21.0831 0700 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
12:51:21.0903 0700 Schedule - ok
12:51:21.0950 0700 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:51:21.0992 0700 SCPolicySvc - ok
12:51:22.0043 0700 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:51:22.0133 0700 SDRSVC - ok
12:51:22.0190 0700 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:51:22.0233 0700 secdrv - ok
12:51:22.0284 0700 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
12:51:22.0366 0700 seclogon - ok
12:51:22.0425 0700 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
12:51:22.0488 0700 SENS - ok
12:51:22.0560 0700 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:51:22.0615 0700 SensrSvc - ok
12:51:22.0664 0700 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:51:22.0698 0700 Serenum - ok
12:51:22.0755 0700 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:51:22.0816 0700 Serial - ok
12:51:22.0859 0700 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:51:22.0884 0700 sermouse - ok
12:51:22.0941 0700 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
12:51:23.0004 0700 SessionEnv - ok
12:51:23.0055 0700 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:51:23.0087 0700 sffdisk - ok
12:51:23.0119 0700 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:51:23.0148 0700 sffp_mmc - ok
12:51:23.0170 0700 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:51:23.0231 0700 sffp_sd - ok
12:51:23.0262 0700 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:51:23.0291 0700 sfloppy - ok
12:51:23.0383 0700 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:51:23.0463 0700 SharedAccess - ok
12:51:23.0541 0700 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:51:23.0613 0700 ShellHWDetection - ok
12:51:23.0686 0700 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:51:23.0702 0700 SiSRaid2 - ok
12:51:23.0741 0700 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:51:23.0759 0700 SiSRaid4 - ok
12:51:23.0872 0700 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
12:51:23.0887 0700 SkypeUpdate - ok
12:51:23.0925 0700 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:51:23.0984 0700 Smb - ok
12:51:24.0057 0700 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:51:24.0097 0700 SNMPTRAP - ok
12:51:24.0123 0700 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
12:51:24.0142 0700 spldr - ok
12:51:24.0270 0700 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
12:51:24.0342 0700 Spooler - ok
12:51:24.0623 0700 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
12:51:24.0814 0700 sppsvc - ok
12:51:24.0861 0700 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:51:24.0908 0700 sppuinotify - ok
12:51:24.0974 0700 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
12:51:25.0029 0700 srv - ok
12:51:25.0054 0700 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:51:25.0103 0700 srv2 - ok
12:51:25.0131 0700 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:51:25.0166 0700 srvnet - ok
12:51:25.0253 0700 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:51:25.0317 0700 SSDPSRV - ok
12:51:25.0343 0700 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:51:25.0425 0700 SstpSvc - ok
12:51:25.0471 0700 Steam Client Service - ok
12:51:25.0505 0700 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:51:25.0558 0700 stexstor - ok
12:51:25.0618 0700 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
12:51:25.0664 0700 stisvc - ok
12:51:25.0704 0700 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
12:51:25.0719 0700 swenum - ok
12:51:25.0793 0700 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
12:51:25.0865 0700 swprv - ok
12:51:25.0987 0700 [ D268D2A0DB2A2BBE963E688D0B039267 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
12:51:26.0039 0700 SynTP - ok
12:51:26.0141 0700 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
12:51:26.0220 0700 SysMain - ok
12:51:26.0259 0700 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:51:26.0295 0700 TabletInputService - ok
12:51:26.0345 0700 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:51:26.0431 0700 TapiSrv - ok
12:51:26.0466 0700 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
12:51:26.0549 0700 TBS - ok
12:51:26.0744 0700 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:51:26.0836 0700 Tcpip - ok
12:51:26.0966 0700 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:51:27.0015 0700 TCPIP6 - ok
12:51:27.0071 0700 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:51:27.0144 0700 tcpipreg - ok
12:51:27.0201 0700 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:51:27.0264 0700 TDPIPE - ok
12:51:27.0327 0700 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:51:27.0357 0700 TDTCP - ok
12:51:27.0397 0700 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:51:27.0454 0700 tdx - ok
12:51:27.0719 0700 [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
12:51:27.0829 0700 TeamViewer7 - ok
12:51:27.0883 0700 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:51:27.0899 0700 TermDD - ok
12:51:27.0990 0700 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
12:51:28.0089 0700 TermService - ok
12:51:28.0137 0700 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
12:51:28.0161 0700 Themes - ok
12:51:28.0209 0700 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
12:51:28.0256 0700 THREADORDER - ok
12:51:28.0304 0700 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
12:51:28.0368 0700 TrkWks - ok
12:51:28.0440 0700 [ 370A6907DDF79532A39319492B1FA38A ] truecrypt C:\Windows\system32\drivers\truecrypt.sys
12:51:28.0463 0700 truecrypt - ok
12:51:28.0587 0700 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:51:28.0661 0700 TrustedInstaller - ok
12:51:28.0727 0700 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:51:28.0767 0700 tssecsrv - ok
12:51:28.0830 0700 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:51:28.0881 0700 TsUsbFlt - ok
12:51:28.0931 0700 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:51:28.0973 0700 tunnel - ok
12:51:29.0014 0700 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:51:29.0059 0700 uagp35 - ok
12:51:29.0117 0700 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:51:29.0188 0700 udfs - ok
12:51:29.0257 0700 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:51:29.0290 0700 UI0Detect - ok
12:51:29.0342 0700 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:51:29.0359 0700 uliagpkx - ok
12:51:29.0429 0700 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
12:51:29.0471 0700 umbus - ok
12:51:29.0542 0700 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:51:29.0609 0700 UmPass - ok
12:51:29.0654 0700 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
12:51:29.0727 0700 upnphost - ok
12:51:29.0810 0700 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
12:51:29.0850 0700 usbaudio - ok
12:51:29.0903 0700 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:51:29.0930 0700 usbccgp - ok
12:51:29.0974 0700 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:51:30.0015 0700 usbcir - ok
12:51:30.0042 0700 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:51:30.0061 0700 usbehci - ok
12:51:30.0091 0700 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:51:30.0124 0700 usbhub - ok
12:51:30.0154 0700 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:51:30.0188 0700 usbohci - ok
12:51:30.0246 0700 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:51:30.0295 0700 usbprint - ok
12:51:30.0363 0700 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:51:30.0414 0700 usbscan - ok
12:51:30.0434 0700 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:51:30.0492 0700 USBSTOR - ok
12:51:30.0554 0700 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
12:51:30.0608 0700 usbuhci - ok
12:51:30.0638 0700 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
12:51:30.0664 0700 usbvideo - ok
12:51:30.0747 0700 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
12:51:30.0785 0700 usb_rndisx - ok
12:51:30.0821 0700 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
12:51:30.0864 0700 UxSms - ok
12:51:30.0894 0700 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
12:51:30.0914 0700 VaultSvc - ok
12:51:30.0983 0700 [ 780B472A8392771EF31031BA6238BF9E ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys
12:51:31.0003 0700 VBoxDrv - ok
12:51:31.0087 0700 [ E705A3A384E7569FA2F1A3A29BDC5240 ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
12:51:31.0114 0700 VBoxNetAdp - ok
12:51:31.0177 0700 [ D00756D69EFCFBF90F759D338E4B16EB ] VBoxNetFlt C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
12:51:31.0195 0700 VBoxNetFlt - ok
12:51:31.0260 0700 [ 815E54E21908488BC545659A76D57D2F ] VBoxUSB C:\Windows\system32\Drivers\VBoxUSB.sys
12:51:31.0277 0700 VBoxUSB - ok
12:51:31.0332 0700 [ 508CFD271CFDD2B686A0FC5D370070E6 ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
12:51:31.0351 0700 VBoxUSBMon - ok
12:51:31.0417 0700 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
12:51:31.0458 0700 VClone - ok
12:51:31.0557 0700 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:51:31.0594 0700 vdrvroot - ok
12:51:31.0656 0700 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
12:51:31.0710 0700 vds - ok
12:51:31.0769 0700 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:51:31.0788 0700 vga - ok
12:51:31.0817 0700 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
12:51:31.0866 0700 VgaSave - ok
12:51:31.0900 0700 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:51:31.0928 0700 vhdmp - ok
12:51:31.0961 0700 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
12:51:31.0978 0700 viaide - ok
12:51:32.0005 0700 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:51:32.0064 0700 volmgr - ok
12:51:32.0122 0700 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:51:32.0145 0700 volmgrx - ok
12:51:32.0191 0700 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:51:32.0213 0700 volsnap - ok
12:51:32.0282 0700 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:51:32.0305 0700 vsmraid - ok
12:51:32.0437 0700 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
12:51:32.0536 0700 VSS - ok
12:51:32.0573 0700 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:51:32.0625 0700 vwifibus - ok
12:51:32.0696 0700 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:51:32.0743 0700 vwififlt - ok
12:51:32.0784 0700 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
12:51:32.0828 0700 vwifimp - ok
12:51:32.0897 0700 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
12:51:32.0963 0700 W32Time - ok
12:51:33.0003 0700 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:51:33.0047 0700 WacomPen - ok
12:51:33.0115 0700 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:51:33.0177 0700 WANARP - ok
12:51:33.0189 0700 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:51:33.0237 0700 Wanarpv6 - ok
12:51:33.0311 0700 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:51:33.0358 0700 WatAdminSvc - ok
12:51:33.0454 0700 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
12:51:33.0588 0700 wbengine - ok
12:51:33.0630 0700 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:51:33.0670 0700 WbioSrvc - ok
12:51:33.0737 0700 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:51:33.0769 0700 wcncsvc - ok
12:51:33.0805 0700 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:51:33.0868 0700 WcsPlugInService - ok
12:51:33.0931 0700 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:51:33.0947 0700 Wd - ok
12:51:33.0997 0700 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:51:34.0029 0700 Wdf01000 - ok
12:51:34.0069 0700 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:51:34.0191 0700 WdiServiceHost - ok
12:51:34.0215 0700 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:51:34.0239 0700 WdiSystemHost - ok
12:51:34.0294 0700 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
12:51:34.0347 0700 WebClient - ok
12:51:34.0416 0700 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:51:34.0485 0700 Wecsvc - ok
12:51:34.0511 0700 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:51:34.0594 0700 wercplsupport - ok
12:51:34.0657 0700 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
12:51:34.0718 0700 WerSvc - ok
12:51:34.0748 0700 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:51:34.0804 0700 WfpLwf - ok
12:51:34.0826 0700 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:51:34.0844 0700 WIMMount - ok
12:51:34.0865 0700 WinDefend - ok
12:51:34.0878 0700 WinHttpAutoProxySvc - ok
12:51:34.0981 0700 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:51:35.0059 0700 Winmgmt - ok
12:51:35.0176 0700 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
12:51:35.0261 0700 WinRM - ok
12:51:35.0321 0700 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:51:35.0362 0700 WinUsb - ok
12:51:35.0449 0700 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
12:51:35.0522 0700 Wlansvc - ok
12:51:35.0710 0700 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:51:35.0810 0700 wlidsvc - ok
12:51:35.0865 0700 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:51:35.0906 0700 WmiAcpi - ok
12:51:35.0958 0700 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:51:36.0008 0700 wmiApSrv - ok
12:51:36.0085 0700 WMPNetworkSvc - ok
12:51:36.0119 0700 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:51:36.0181 0700 WPCSvc - ok
12:51:36.0239 0700 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:51:36.0262 0700 WPDBusEnum - ok
12:51:36.0294 0700 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:51:36.0360 0700 ws2ifsl - ok
12:51:36.0403 0700 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
12:51:36.0429 0700 wscsvc - ok
12:51:36.0440 0700 WSearch - ok
12:51:36.0658 0700 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
12:51:36.0778 0700 wuauserv - ok
12:51:36.0808 0700 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:51:36.0864 0700 WudfPf - ok
12:51:36.0933 0700 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:51:37.0022 0700 WUDFRd - ok
12:51:37.0074 0700 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:51:37.0128 0700 wudfsvc - ok
12:51:37.0187 0700 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
12:51:37.0255 0700 WwanSvc - ok
12:51:37.0326 0700 [ 6AFFD75C6807B3DD3AB018E27B88EF95 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
12:51:37.0442 0700 yukonw7 - ok
12:51:37.0540 0700 ================ Scan global ===============================
12:51:37.0579 0700 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:51:37.0648 0700 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
12:51:37.0670 0700 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
12:51:37.0706 0700 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:51:37.0750 0700 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:51:37.0757 0700 [Global] - ok
12:51:37.0762 0700 ================ Scan MBR ==================================
12:51:37.0787 0700 [ 8E734BD7AA1D4F7E9AF58DF495F6CF9E ] \Device\Harddisk0\DR0
12:51:37.0962 0700 \Device\Harddisk0\DR0 - ok
12:51:37.0966 0700 ================ Scan VBR ==================================
12:51:37.0971 0700 [ 51609355B247B8D298F2208555AC1E25 ] \Device\Harddisk0\DR0\Partition1
12:51:37.0973 0700 \Device\Harddisk0\DR0\Partition1 - ok
12:51:38.0006 0700 [ 88C1BD17C37E37064AE9875265215CA8 ] \Device\Harddisk0\DR0\Partition2
12:51:38.0012 0700 \Device\Harddisk0\DR0\Partition2 - ok
12:51:38.0017 0700 ============================================================
12:51:38.0017 0700 Scan finished
12:51:38.0017 0700 ============================================================
12:51:38.0036 3240 Detected object count: 2
12:51:38.0036 3240 Actual detected object count: 2
12:52:33.0407 3240 Freemake Improver ( UnsignedFile.Multi.Generic ) - skipped by user
12:52:33.0407 3240 Freemake Improver ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:52:33.0408 3240 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:52:33.0408 3240 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:52:43.0158 4036 Deinitialize success

krater · #12 Příspěvek od **krater** » 16 zář 2012 14:25

Mám možnost na tomhle v Ubuntu, mám nainstalované 2 OS naráz. Musel bych ověřit funkčnost ovladaču k vypalovačce ale mělo by to být možné. Může ten nesmazatelný soubor souviset s virem? Nevíte, jaký má vir přímo vliv na pc kromě sníženého výkonu? V příspěvku, co jste mi dal k nahlédnutí je toho sice hodně, ale málo toho chápu:(
Pří nejhorším bych si to CD na jiném PC vypálit asi dokázal. Můžu se zeptat, co zamýšlíte? Nemám zkusit znovu COmboFix pro zjištění, jestli se znovu něco infikovalo?

krater · #13 Příspěvek od **krater** » 16 zář 2012 15:01

Soubory co chci smazat, můžu smazat přes Linux, který mam na PC nainstalován. Na něm ale nespustím exe soubor (respektive spustím, ale nekorektně...) Nyní nemám u sebe jiný windows počítač s vypalovačkou. Můžu ale nabootovat Hiren's Boot CD (záchranné administrátorské CD s miniWinXP). Jestli jde o kopírování souborů, zvládnu to s hirensem nebo linuxem.

Omlovám se, že se stále ptám, ale nemůžu normálně vypálit CD z nakaženého systemu? A ještě jedna otázka: soubory co jsem vám posílal dříve, budou pravděpodobně stejné. Pokud vím, combofix s nimi nic nedělal a tak nebyly smazány. Žádný ze skenerů je neoznačil za škodlivé, nebo se pletu? Nerozumím tomu.

krater · #14 Příspěvek od **krater** » 16 zář 2012 15:28

Děkuji za vysvětlení. až se dostanu k jinému PC, provedu vypálení. Pak nabootuji CD na nakaženém PC a program OTLpe se spustí sám hned? nebo bude někde na ploše nějakého systemu? Budu jednat intuitivně, ale jen abych věděl co mě čeká. Nemám tušení, co z toho CD nabootuje.

krater · #15 Příspěvek od **krater** » 16 zář 2012 15:34

děkuji, provedu

VIRY.CZ

Preventivní kontrola

Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola