PC-HELP.CZ

Zdravím, mám problém s trojanem a to přesně start.qone8 jakkoliv jsem se ho snažil odstranit z prohlížeče tak to nešlo, pokaždé když spustím prohlížeč se mi zobrazí vyhledávač start.qone8.com (v nastavení chromu jsem to změnil a stejně to nejde)

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.06.05

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Owner :: OWNER-PC [administrator]

Protection: Enabled

7.10.2013 0:20:20
MBAM-log-2013-10-07 (00-25-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226111
Time elapsed: 4 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKCR\AppID\{A2773ED4-83BD-488A-A186-73590706C916} (PUP.Optional.MixiDJToolbar.A) -> No action taken.
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> No action taken.
HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> No action taken.
HKCU\SOFTWARE\BI (PUP.Optional.FilesFrog.A) -> No action taken.
HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo (PUP.Optional.Elex.A) -> No action taken.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WSYSSVC (PUP.Optional.Esafe.A) -> No action taken.

Registry Values Detected: 2
HKCU\Software\BI|ui_path_filesfrog (PUP.Optional.FilesFrog.A) -> Data: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WsysSvc|ImagePath (PUP.Optional.Esafe.A) -> Data: C:\ProgramData\eSafe\eGdpSvc.exe -> No action taken.

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bad: (http://www.delta-search.com/?babsrc=HP_ ... 1&tsp=5024) Good: (http://www.google.com) -> No action taken.

Folders Detected: 8
C:\Users\Owner\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> No action taken.
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Cache (PUP.Optional.Tarma.A) -> No action taken.
C:\Users\Owner\AppData\Roaming\BabSolution (PUP.Optional.BabSolution.A) -> No action taken.
C:\Users\Owner\AppData\Roaming\BabSolution\CR (PUP.Optional.BabSolution.A) -> No action taken.

Files Detected: 16
C:\ProgramData\DSearchLink\DSearchLink.exe (PUP.Optional.Delta.A) -> No action taken.
C:\Users\Owner\AppData\Local\Temp\appshat-distribution.exe (PUP.Optional.Somoto.A) -> No action taken.
C:\Users\Owner\AppData\Local\Temp\OptimizerPro.exe (PUP.Optional.OptimizerPro.A) -> No action taken.
C:\Users\Owner\AppData\Local\Temp\9018C9BD-BAB0-7891-994C-519F14071D8B\Latest\DSearchLink.exe (PUP.Optional.Delta.A) -> No action taken.
C:\Users\Owner\AppData\Local\Temp\eIntaller\6A069B2615BC4d0f9186E9449093B11B\eXQ.exe (PUP.Optional.Elex) -> No action taken.
C:\Users\Owner\AppData\Local\Temp\~nsu.tmp\Au_.exe (PUP.Optional.SevereWeatherAlerts) -> No action taken.
C:\Users\Owner\Documents\REMOVEWAT.EXE (HackTool.Wpakill) -> No action taken.
C:\Users\Owner\Local Settings\Temporary Internet Files\Content.IE5\39P6L111\minibar-core[1].exe (PUP.Optional.MiniBar.A) -> No action taken.
C:\Users\Owner\Local Settings\Temporary Internet Files\Content.IE5\NOON8RXD\pcspeedup[1].exe (PUP.Optional.PCChecker.A) -> No action taken.
C:\Users\Owner\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> No action taken.
C:\Windows\inf\ntvdm.inf (Malware.Trace) -> No action taken.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\bprotector web data (PUP.Optional.BProtector.A) -> No action taken.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences (PUP.Optional.BProtector.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat (PUP.Optional.Tarma.A) -> No action taken.
C:\Users\Owner\AppData\Roaming\BabSolution\CR\Delta.crx (PUP.Optional.BabSolution.A) -> No action taken.

(end)

Vlož log z HJT:
viewtopic.php?f=70&t=5119

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit nový log z MbAM.

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.


Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.06.05

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Owner :: OWNER-PC [administrator]

Protection: Enabled

7.10.2013 10:17:47
mbam-log-2013-10-07 (10-17-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225487
Time elapsed: 4 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKCR\AppID\{A2773ED4-83BD-488A-A186-73590706C916} (PUP.Optional.MixiDJToolbar.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\BI (PUP.Optional.FilesFrog.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo (PUP.Optional.Elex.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WSYSSVC (PUP.Optional.Esafe.A) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\Software\BI|ui_path_filesfrog (PUP.Optional.FilesFrog.A) -> Data: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\WsysSvc|ImagePath (PUP.Optional.Esafe.A) -> Data: C:\ProgramData\eSafe\eGdpSvc.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bad: (http://www.delta-search.com/?babsrc=HP_ ... 1&tsp=5024) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 8
C:\Users\Owner\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Cache (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\BabSolution (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\BabSolution\CR (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.

Files Detected: 15
C:\ProgramData\DSearchLink\DSearchLink.exe (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\appshat-distribution.exe (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\OptimizerPro.exe (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\9018C9BD-BAB0-7891-994C-519F14071D8B\Latest\DSearchLink.exe (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Temp\eIntaller\6A069B2615BC4d0f9186E9449093B11B\eXQ.exe (PUP.Optional.Elex) -> Quarantined and deleted successfully.
C:\Users\Owner\Documents\REMOVEWAT.EXE (HackTool.Wpakill) -> Quarantined and deleted successfully.
C:\Users\Owner\Local Settings\Temporary Internet Files\Content.IE5\39P6L111\minibar-core[1].exe (PUP.Optional.MiniBar.A) -> Quarantined and deleted successfully.
C:\Users\Owner\Local Settings\Temporary Internet Files\Content.IE5\NOON8RXD\pcspeedup[1].exe (PUP.Optional.PCChecker.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Windows\inf\ntvdm.inf (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\bprotector web data (PUP.Optional.BProtector.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences (PUP.Optional.BProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Roaming\BabSolution\CR\Delta.crx (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.

(end)



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:23:41, on 7.10.2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\QIP Infium\infium.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\PokerStars\PokerStars.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1380 ... J90Z404312
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1380 ... J90Z404312
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1380 ... J90Z404312
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [CPN Notifier] C:\Program Files (x86)\CardCasino\PokerNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{0704128B-CBAD-4F65-A4CD-2F432D0DD878}: NameServer = 62.240.163.170,62.204.224.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{0704128B-CBAD-4F65-A4CD-2F432D0DD878}: NameServer = 62.240.163.170,62.204.224.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MIF5BA~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: ESL Wire Helper Service (EslWireHelper) - Unknown owner - C:\Program Files\EslWire\service\WireHelperSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Peerinator - Unknown owner - C:\Program Files (x86)\Peerinator\Peerinator.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10343 bytes

A AdwCleaner je kde?

Omlouvám se.

# AdwCleaner v3.006 - Report created 07/10/2013 at 23:26:48
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Ultimate (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : BCUService

***** [ Files / Folders ] *****

File Found : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\user.js
Folder Found C:\Program Files (x86)\DeviceVM
Folder Found C:\Program Files (x86)\Yontoo
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\boost_interprocess
Folder Found C:\ProgramData\BrowserProtect
Folder Found C:\ProgramData\DSearchLink
Folder Found C:\ProgramData\eSafe
Folder Found C:\Users\Owner\AppData\Local\Bundled software uninstaller
Folder Found C:\Users\Owner\AppData\Local\Temp\eIntaller
Folder Found C:\Users\Owner\AppData\Roaming\Yontoo

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1380 ... J90Z404312
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\DeviceVM
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\DeviceVM
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Key Found : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Key Found : HKLM\Software\DeviceVM
Key Found : HKLM\Software\eSafeSecControl
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\qone8Software
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BCU]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://start.qone8.com/?type=hp&ts=1380 ... J90Z404312
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://start.qone8.com/?type=hp&ts=1380 ... J90Z404312
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.qone8.com/?type=hp&ts=1380 ... J90Z404312
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://www.delta-search.com/?babsrc=NT_ ... 1&tsp=5024
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://start.qone8.com/?type=hp&ts=1380 ... J90Z404312
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.qone8.com/?type=hp&ts=1380 ... J90Z404312

-\\ Mozilla Firefox v

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\prefs.js ]


-\\ Google Chrome v30.0.1599.69

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4933 octets] - [07/10/2013 23:23:37]
AdwCleaner[R1].txt - [4821 octets] - [07/10/2013 23:26:48]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [4881 octets] ##########

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
Klikni na „ Vymazat-Clean“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

# AdwCleaner v3.007 - Report created 10/10/2013 at 22:17:50
# Updated 09/10/2013 by Xplode
# Operating System : Windows 7 Ultimate (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : BCUService

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\Babylon
[!] Folder Deleted : C:\ProgramData\boost_interprocess
[!] Folder Deleted : C:\ProgramData\BrowserProtect
[!] Folder Deleted : C:\ProgramData\DSearchLink
[!] Folder Deleted : C:\ProgramData\eSafe
[!] Folder Deleted : C:\Program Files (x86)\DeviceVM
[!] Folder Deleted : C:\Program Files (x86)\myfree codec
[!] Folder Deleted : C:\Program Files (x86)\Yontoo
[!] Folder Deleted : C:\Program Files\myfree codec
[!] Folder Deleted : C:\Users\Owner\AppData\Local\Bundled software uninstaller
[!] Folder Deleted : C:\Users\Owner\AppData\Local\Temp\eIntaller
[!] Folder Deleted : C:\Users\Owner\AppData\Roaming\Yontoo
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BCU]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\DeviceVM
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\Software\eSafeSecControl
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\qone8Software
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\prefs.js ]


-\\ Google Chrome v30.0.1599.69

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4933 octets] - [07/10/2013 23:23:37]
AdwCleaner[R1].txt - [4993 octets] - [07/10/2013 23:26:48]
AdwCleaner[R2].txt - [5311 octets] - [10/10/2013 22:16:28]
AdwCleaner[S0].txt - [4376 octets] - [10/10/2013 22:17:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4436 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Ultimate x64
Ran by Owner on źt 10.10.2013 at 22:22:55,24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źt 10.10.2013 at 22:29:24,60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


RogueKiller V8.7.2 _x64_ [Oct 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 10/10/2013 22:34:50
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[DNS][PUM] HKLM\[...]\CCSet\[...]\{0704128B-CBAD-4F65-A4CD-2F432D0DD878} : NameServer (62.240.163.170,62.204.224.3) -> FOUND
[DNS][PUM] HKLM\[...]\CS001\[...]\{0704128B-CBAD-4F65-A4CD-2F432D0DD878} : NameServer (62.240.163.170,62.204.224.3) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - SAMSUNG HD322HJ ATA Device +++++
--- User ---
[MBR] 61b9bc9cc768b866b15e9e1a5c76a40e
[BSP] 67cdf03b842a492ad329e2510043b53c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_10102013_223450.txt >>

Stáhni si shortcut-cleaner
na svojí plochu. Poklepej na ploše na sc-cleaner.exe
Program se spustí a poté vyhotoví log , ten sem vlož.

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.

Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "

- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller. 2.8.16.0_(datum)_log.txt , vlož sem prosím celý obsah logu.

Shortcut Cleaner 1.2.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
http://www.bleepingcomputer.com/downloa ... t-cleaner/

Windows Version: Windows 7 Ultimate
Program started at: 10/11/2013 11:01:14 AM.

Scanning for registry hijacks:

* No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\Owner\Desktop


0 bad shortcuts found.

Program finished at: 10/11/2013 11:01:17 AM
Execution time: 0 hours(s), 0 minute(s), and 2 seconds(s)

RogueKiller V8.7.2 _x64_ [Oct 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Remove -- Date : 10/11/2013 11:05:39
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - SAMSUNG HD322HJ ATA Device +++++
--- User ---
[MBR] 61b9bc9cc768b866b15e9e1a5c76a40e
[BSP] 67cdf03b842a492ad329e2510043b53c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_10112013_110539.txt >>
RKreport[0]_S_10102013_223450.txt;RKreport[0]_S_10112013_110453.txt

11:07:05.0028 0948 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:07:34.0138 0948 ============================================================
11:07:34.0138 0948 Current date / time: 2013/10/11 11:07:34.0138
11:07:34.0138 0948 SystemInfo:
11:07:34.0138 0948
11:07:34.0138 0948 OS Version: 6.1.7600 ServicePack: 0.0
11:07:34.0138 0948 Product type: Workstation
11:07:34.0138 0948 ComputerName: OWNER-PC
11:07:34.0138 0948 UserName: Owner
11:07:34.0138 0948 Windows directory: C:\Windows
11:07:34.0138 0948 System windows directory: C:\Windows
11:07:34.0138 0948 Running under WOW64
11:07:34.0138 0948 Processor architecture: Intel x64
11:07:34.0138 0948 Number of processors: 4
11:07:34.0138 0948 Page size: 0x1000
11:07:34.0138 0948 Boot type: Normal boot
11:07:34.0138 0948 ============================================================
11:07:35.0105 0948 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:07:35.0105 0948 ============================================================
11:07:35.0105 0948 \Device\Harddisk0\DR0:
11:07:35.0105 0948 MBR partitions:
11:07:35.0105 0948 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
11:07:35.0105 0948 ============================================================
11:07:35.0105 0948 C: <-> \Device\Harddisk0\DR0\Partition1
11:07:35.0105 0948 ============================================================
11:07:35.0105 0948 Initialize success
11:07:35.0105 0948 ============================================================
11:07:44.0980 4052 ============================================================
11:07:44.0980 4052 Scan started
11:07:44.0980 4052 Mode: Manual;
11:07:44.0980 4052 ============================================================
11:07:45.0526 4052 ================ Scan system memory ========================
11:07:45.0526 4052 System memory - ok
11:07:45.0541 4052 ================ Scan services =============================
11:07:45.0697 4052 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
11:07:45.0713 4052 1394ohci - ok
11:07:45.0729 4052 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
11:07:45.0744 4052 ACPI - ok
11:07:45.0760 4052 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
11:07:45.0760 4052 AcpiPmi - ok
11:07:45.0822 4052 [ 5AE65DCD983077278A6173C2872BCA99 ] acsock C:\Windows\system32\DRIVERS\acsock64.sys
11:07:45.0822 4052 acsock - ok
11:07:45.0916 4052 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:07:45.0916 4052 AdobeARMservice - ok
11:07:45.0947 4052 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
11:07:45.0963 4052 adp94xx - ok
11:07:45.0994 4052 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
11:07:45.0994 4052 adpahci - ok
11:07:46.0009 4052 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
11:07:46.0025 4052 adpu320 - ok
11:07:46.0056 4052 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:07:46.0056 4052 AeLookupSvc - ok
11:07:46.0103 4052 [ B9384E03479D2506BC924C16A3DB87BC ] AFD C:\Windows\system32\drivers\afd.sys
11:07:46.0103 4052 AFD - ok
11:07:46.0134 4052 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
11:07:46.0134 4052 agp440 - ok
11:07:46.0165 4052 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:07:46.0165 4052 ALG - ok
11:07:46.0181 4052 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
11:07:46.0181 4052 aliide - ok
11:07:46.0197 4052 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
11:07:46.0197 4052 amdide - ok
11:07:46.0228 4052 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
11:07:46.0228 4052 AmdK8 - ok
11:07:46.0259 4052 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:07:46.0259 4052 AmdPPM - ok
11:07:46.0275 4052 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
11:07:46.0275 4052 amdsata - ok
11:07:46.0275 4052 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
11:07:46.0290 4052 amdsbs - ok
11:07:46.0306 4052 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
11:07:46.0306 4052 amdxata - ok
11:07:46.0321 4052 [ 3CF7A4350C9646D92F147D620EC0D363 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
11:07:46.0321 4052 androidusb - ok
11:07:46.0353 4052 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
11:07:46.0353 4052 AppID - ok
11:07:46.0384 4052 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:07:46.0384 4052 AppIDSvc - ok
11:07:46.0415 4052 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
11:07:46.0415 4052 Appinfo - ok
11:07:46.0446 4052 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
11:07:46.0446 4052 AppMgmt - ok
11:07:46.0462 4052 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
11:07:46.0462 4052 arc - ok
11:07:46.0477 4052 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
11:07:46.0477 4052 arcsas - ok
11:07:46.0587 4052 [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:07:46.0602 4052 aspnet_state - ok
11:07:46.0633 4052 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:07:46.0633 4052 AsyncMac - ok
11:07:46.0649 4052 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
11:07:46.0665 4052 atapi - ok
11:07:46.0696 4052 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:07:46.0711 4052 AudioEndpointBuilder - ok
11:07:46.0711 4052 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:07:46.0727 4052 AudioSrv - ok
11:07:46.0758 4052 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:07:46.0758 4052 AxInstSV - ok
11:07:46.0774 4052 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
11:07:46.0789 4052 b06bdrv - ok
11:07:46.0805 4052 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:07:46.0805 4052 b57nd60a - ok
11:07:46.0836 4052 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:07:46.0836 4052 BDESVC - ok
11:07:46.0852 4052 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:07:46.0852 4052 Beep - ok
11:07:46.0883 4052 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
11:07:46.0883 4052 BFE - ok
11:07:46.0914 4052 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
11:07:46.0930 4052 BITS - ok
11:07:46.0945 4052 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:07:46.0945 4052 blbdrive - ok
11:07:46.0961 4052 [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:07:46.0961 4052 bowser - ok
11:07:46.0977 4052 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:07:46.0977 4052 BrFiltLo - ok
11:07:46.0992 4052 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:07:46.0992 4052 BrFiltUp - ok
11:07:47.0008 4052 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
11:07:47.0023 4052 Browser - ok
11:07:47.0055 4052 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:07:47.0055 4052 Brserid - ok
11:07:47.0070 4052 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:07:47.0070 4052 BrSerWdm - ok
11:07:47.0086 4052 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:07:47.0086 4052 BrUsbMdm - ok
11:07:47.0101 4052 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:07:47.0101 4052 BrUsbSer - ok
11:07:47.0117 4052 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
11:07:47.0117 4052 BTHMODEM - ok
11:07:47.0133 4052 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:07:47.0133 4052 bthserv - ok
11:07:47.0148 4052 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:07:47.0148 4052 cdfs - ok
11:07:47.0179 4052 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:07:47.0179 4052 cdrom - ok
11:07:47.0211 4052 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
11:07:47.0211 4052 CertPropSvc - ok
11:07:47.0226 4052 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
11:07:47.0226 4052 circlass - ok
11:07:47.0242 4052 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:07:47.0257 4052 CLFS - ok
11:07:47.0304 4052 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:07:47.0304 4052 clr_optimization_v2.0.50727_32 - ok
11:07:47.0351 4052 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:07:47.0351 4052 clr_optimization_v2.0.50727_64 - ok
11:07:47.0413 4052 [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:07:47.0460 4052 clr_optimization_v4.0.30319_32 - ok
11:07:47.0476 4052 [ 86329C35FF23CFEF0FB6C0023BA06BCE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:07:47.0538 4052 clr_optimization_v4.0.30319_64 - ok
11:07:47.0632 4052 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:07:47.0632 4052 CmBatt - ok
11:07:47.0647 4052 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
11:07:47.0647 4052 cmdide - ok
11:07:47.0679 4052 [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG C:\Windows\system32\Drivers\cng.sys
11:07:47.0694 4052 CNG - ok
11:07:47.0710 4052 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:07:47.0710 4052 Compbatt - ok
11:07:47.0741 4052 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
11:07:47.0741 4052 CompositeBus - ok
11:07:47.0741 4052 COMSysApp - ok
11:07:47.0772 4052 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
11:07:47.0772 4052 crcdisk - ok
11:07:47.0819 4052 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:07:47.0819 4052 CryptSvc - ok
11:07:47.0835 4052 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
11:07:47.0850 4052 CSC - ok
11:07:47.0866 4052 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
11:07:47.0881 4052 CscService - ok
11:07:47.0913 4052 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:07:47.0928 4052 DcomLaunch - ok
11:07:47.0959 4052 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:07:47.0959 4052 defragsvc - ok
11:07:47.0991 4052 [ 3F1DC527070ACB87E40AFE46EF6DA749 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:07:47.0991 4052 DfsC - ok
11:07:48.0006 4052 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
11:07:48.0006 4052 Dhcp - ok
11:07:48.0022 4052 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:07:48.0022 4052 discache - ok
11:07:48.0069 4052 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
11:07:48.0069 4052 Disk - ok
11:07:48.0084 4052 [ 676108C4E3AA6F6B34633748BD0BEBD9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:07:48.0084 4052 Dnscache - ok
11:07:48.0115 4052 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
11:07:48.0115 4052 dot3svc - ok
11:07:48.0147 4052 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
11:07:48.0147 4052 DPS - ok
11:07:48.0193 4052 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:07:48.0193 4052 drmkaud - ok
11:07:48.0225 4052 [ 6A0E850DDCB136AA3D2FB7234382DF12 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
11:07:48.0225 4052 dtsoftbus01 - ok
11:07:48.0271 4052 [ 7CB7D2B73813CE05C7BC0F5F95D27CEC ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:07:48.0271 4052 DXGKrnl - ok
11:07:48.0334 4052 [ 082DAB566F704D258D35BA89F21239CA ] eamon C:\Windows\system32\DRIVERS\eamon.sys
11:07:48.0334 4052 eamon - ok
11:07:48.0365 4052 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:07:48.0381 4052 EapHost - ok
11:07:48.0459 4052 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
11:07:48.0474 4052 ebdrv - ok
11:07:48.0505 4052 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
11:07:48.0505 4052 EFS - ok
11:07:48.0537 4052 [ 4FF6F92F170550E226B4595766C4D6A6 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
11:07:48.0537 4052 ehdrv - ok
11:07:48.0599 4052 [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:07:48.0615 4052 ehRecvr - ok
11:07:48.0646 4052 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
11:07:48.0646 4052 ehSched - ok
11:07:48.0771 4052 [ 98B82B6AFA03F8F0DD058C3DFCEA472A ] EhttpSrv C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
11:07:48.0771 4052 EhttpSrv - ok
11:07:48.0817 4052 [ 9737FC97B5C941F083C4E46CBCCE2D4A ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
11:07:48.0833 4052 ekrn - ok
11:07:48.0895 4052 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
11:07:48.0895 4052 elxstor - ok
11:07:48.0927 4052 [ 71C8CBDE6B18F90F19E9C7CB884F87C8 ] epfwwfpr C:\Windows\system32\DRIVERS\epfwwfpr.sys
11:07:48.0927 4052 epfwwfpr - ok
11:07:48.0942 4052 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
11:07:48.0942 4052 ErrDev - ok
11:07:48.0989 4052 [ B8FA96995726D1FA58476E352C02AD82 ] ES lite Service C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
11:07:48.0989 4052 ES lite Service - ok
11:07:49.0036 4052 [ 8A866AB4FA345DB3A475D91C0CFC9CC4 ] ESLWireAC C:\Windows\system32\drivers\ESLWireACD.sys
11:07:49.0036 4052 ESLWireAC - ok
11:07:49.0114 4052 [ A2941FF542EFF81B32575EB964A89E48 ] EslWireHelper C:\Program Files\EslWire\service\WireHelperSvc.exe
11:07:49.0129 4052 EslWireHelper - ok
11:07:49.0176 4052 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:07:49.0176 4052 EventSystem - ok
11:07:49.0207 4052 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:07:49.0207 4052 exfat - ok
11:07:49.0239 4052 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:07:49.0239 4052 fastfat - ok
11:07:49.0285 4052 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
11:07:49.0301 4052 Fax - ok
11:07:49.0301 4052 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:07:49.0301 4052 fdc - ok
11:07:49.0332 4052 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:07:49.0332 4052 fdPHost - ok
11:07:49.0348 4052 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:07:49.0348 4052 FDResPub - ok
11:07:49.0363 4052 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:07:49.0363 4052 FileInfo - ok
11:07:49.0379 4052 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:07:49.0379 4052 Filetrace - ok
11:07:49.0395 4052 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:07:49.0395 4052 flpydisk - ok
11:07:49.0426 4052 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:07:49.0426 4052 FltMgr - ok
11:07:49.0457 4052 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache C:\Windows\system32\FntCache.dll
11:07:49.0473 4052 FontCache - ok
11:07:49.0504 4052 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:07:49.0504 4052 FontCache3.0.0.0 - ok
11:07:49.0519 4052 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:07:49.0519 4052 FsDepends - ok
11:07:49.0551 4052 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:07:49.0551 4052 Fs_Rec - ok
11:07:49.0629 4052 [ 895BA1CFF25E867CE5A52073E905C93B ] fussvc C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe
11:07:49.0629 4052 fussvc - ok
11:07:49.0675 4052 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:07:49.0675 4052 fvevol - ok
11:07:49.0691 4052 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
11:07:49.0691 4052 gagp30kx - ok
11:07:49.0753 4052 [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv C:\Windows\gdrv.sys
11:07:49.0753 4052 gdrv - ok
11:07:49.0800 4052 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
11:07:49.0816 4052 gpsvc - ok
11:07:49.0878 4052 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:07:49.0878 4052 gupdate - ok
11:07:49.0878 4052 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:07:49.0894 4052 gupdatem - ok
11:07:49.0909 4052 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:07:49.0909 4052 hcw85cir - ok
11:07:49.0956 4052 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:07:49.0956 4052 HdAudAddService - ok
11:07:49.0972 4052 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
11:07:49.0972 4052 HDAudBus - ok
11:07:50.0003 4052 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
11:07:50.0003 4052 HidBatt - ok
11:07:50.0019 4052 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
11:07:50.0019 4052 HidBth - ok
11:07:50.0034 4052 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
11:07:50.0034 4052 HidIr - ok
11:07:50.0050 4052 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
11:07:50.0065 4052 hidserv - ok
11:07:50.0097 4052 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:07:50.0097 4052 HidUsb - ok
11:07:50.0128 4052 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:07:50.0128 4052 hkmsvc - ok
11:07:50.0159 4052 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:07:50.0175 4052 HomeGroupListener - ok
11:07:50.0206 4052 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:07:50.0206 4052 HomeGroupProvider - ok
11:07:50.0237 4052 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
11:07:50.0237 4052 HpSAMD - ok
11:07:50.0284 4052 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:07:50.0284 4052 HTTP - ok
11:07:50.0299 4052 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:07:50.0299 4052 hwpolicy - ok
11:07:50.0331 4052 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
11:07:50.0331 4052 i8042prt - ok
11:07:50.0346 4052 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
11:07:50.0346 4052 iaStorV - ok
11:07:50.0393 4052 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:07:50.0409 4052 idsvc - ok
11:07:50.0424 4052 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
11:07:50.0424 4052 iirsp - ok
11:07:50.0471 4052 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
11:07:50.0502 4052 IKEEXT - ok
11:07:50.0565 4052 [ F04D22D7A49A1B2210DBADF0B803E870 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
11:07:50.0580 4052 IntcAzAudAddService - ok
11:07:50.0596 4052 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
11:07:50.0596 4052 intelide - ok
11:07:50.0611 4052 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:07:50.0611 4052 intelppm - ok
11:07:50.0627 4052 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:07:50.0627 4052 IPBusEnum - ok
11:07:50.0643 4052 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:07:50.0643 4052 IpFilterDriver - ok
11:07:50.0689 4052 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:07:50.0705 4052 iphlpsvc - ok
11:07:50.0721 4052 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
11:07:50.0721 4052 IPMIDRV - ok
11:07:50.0752 4052 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:07:50.0752 4052 IPNAT - ok
11:07:50.0783 4052 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:07:50.0783 4052 IRENUM - ok
11:07:50.0799 4052 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
11:07:50.0799 4052 isapnp - ok
11:07:50.0814 4052 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
11:07:50.0830 4052 iScsiPrt - ok
11:07:50.0845 4052 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:07:50.0845 4052 kbdclass - ok
11:07:50.0877 4052 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:07:50.0877 4052 kbdhid - ok
11:07:50.0892 4052 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
11:07:50.0892 4052 KeyIso - ok
11:07:50.0908 4052 [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:07:50.0908 4052 KSecDD - ok
11:07:50.0923 4052 [ BBE1BF6D9B661C354D4857D5FADB943B ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:07:50.0923 4052 KSecPkg - ok
11:07:50.0939 4052 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:07:50.0939 4052 ksthunk - ok
11:07:50.0970 4052 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
11:07:50.0986 4052 KtmRm - ok
11:07:51.0017 4052 [ C926920B8978DE6ACFE9E15C709E9B57 ] LanmanServer C:\Windows\system32\srvsvc.dll
11:07:51.0017 4052 LanmanServer - ok
11:07:51.0048 4052 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:07:51.0048 4052 LanmanWorkstation - ok
11:07:51.0079 4052 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:07:51.0079 4052 lltdio - ok
11:07:51.0111 4052 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:07:51.0111 4052 lltdsvc - ok
11:07:51.0126 4052 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:07:51.0126 4052 lmhosts - ok
11:07:51.0157 4052 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
11:07:51.0157 4052 LSI_FC - ok
11:07:51.0173 4052 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
11:07:51.0173 4052 LSI_SAS - ok
11:07:51.0189 4052 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:07:51.0189 4052 LSI_SAS2 - ok
11:07:51.0204 4052 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:07:51.0204 4052 LSI_SCSI - ok
11:07:51.0235 4052 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
11:07:51.0235 4052 luafv - ok
11:07:51.0282 4052 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
11:07:51.0282 4052 MBAMProtector - ok
11:07:51.0345 4052 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:07:51.0360 4052 MBAMScheduler - ok
11:07:51.0423 4052 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:07:51.0423 4052 MBAMService - ok
11:07:51.0469 4052 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:07:51.0469 4052 Mcx2Svc - ok
11:07:51.0501 4052 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
11:07:51.0501 4052 megasas - ok
11:07:51.0516 4052 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
11:07:51.0532 4052 MegaSR - ok
11:07:51.0579 4052 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
11:07:51.0579 4052 Microsoft Office Groove Audit Service - ok
11:07:51.0594 4052 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
11:07:51.0594 4052 MMCSS - ok
11:07:51.0625 4052 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
11:07:51.0625 4052 Modem - ok
11:07:51.0657 4052 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:07:51.0657 4052 monitor - ok
11:07:51.0672 4052 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:07:51.0672 4052 mouclass - ok
11:07:51.0688 4052 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:07:51.0688 4052 mouhid - ok
11:07:51.0719 4052 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:07:51.0719 4052 mountmgr - ok
11:07:51.0735 4052 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
11:07:51.0735 4052 mpio - ok
11:07:51.0750 4052 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:07:51.0750 4052 mpsdrv - ok
11:07:51.0766 4052 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:07:51.0781 4052 MpsSvc - ok
11:07:51.0813 4052 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:07:51.0813 4052 MRxDAV - ok
11:07:51.0828 4052 [ CFDCD8CA87C2A657DEBC150AC35B5E08 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:07:51.0844 4052 mrxsmb - ok
11:07:51.0859 4052 [ 1BEE517B220B7F024F411AEC1571DD5A ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:07:51.0859 4052 mrxsmb10 - ok
11:07:51.0891 4052 [ 6B2D5FEF385828B6E485C1C90AFB8195 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:07:51.0891 4052 mrxsmb20 - ok
11:07:51.0906 4052 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
11:07:51.0906 4052 msahci - ok
11:07:51.0922 4052 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
11:07:51.0937 4052 msdsm - ok
11:07:51.0953 4052 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
11:07:51.0953 4052 MSDTC - ok
11:07:51.0984 4052 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:07:52.0000 4052 Msfs - ok
11:07:52.0000 4052 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:07:52.0000 4052 mshidkmdf - ok
11:07:52.0031 4052 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
11:07:52.0031 4052 msisadrv - ok
11:07:52.0062 4052 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:07:52.0062 4052 MSiSCSI - ok
11:07:52.0062 4052 msiserver - ok
11:07:52.0093 4052 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:07:52.0093 4052 MSKSSRV - ok
11:07:52.0109 4052 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:07:52.0109 4052 MSPCLOCK - ok
11:07:52.0125 4052 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:07:52.0125 4052 MSPQM - ok
11:07:52.0156 4052 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:07:52.0156 4052 MsRPC - ok
11:07:52.0171 4052 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
11:07:52.0171 4052 mssmbios - ok
11:07:52.0187 4052 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:07:52.0187 4052 MSTEE - ok
11:07:52.0203 4052 msvsmon100 - ok
11:07:52.0203 4052 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
11:07:52.0203 4052 MTConfig - ok
11:07:52.0234 4052 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
11:07:52.0234 4052 Mup - ok
11:07:52.0265 4052 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
11:07:52.0281 4052 napagent - ok
11:07:52.0327 4052 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:07:52.0327 4052 NativeWifiP - ok
11:07:52.0343 4052 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
11:07:52.0359 4052 NDIS - ok
11:07:52.0374 4052 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:07:52.0374 4052 NdisCap - ok
11:07:52.0390 4052 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:07:52.0390 4052 NdisTapi - ok
11:07:52.0405 4052 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:07:52.0405 4052 Ndisuio - ok
11:07:52.0437 4052 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:07:52.0437 4052 NdisWan - ok
11:07:52.0452 4052 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:07:52.0452 4052 NDProxy - ok
11:07:52.0483 4052 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:07:52.0483 4052 NetBIOS - ok
11:07:52.0499 4052 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:07:52.0515 4052 NetBT - ok
11:07:52.0530 4052 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
11:07:52.0530 4052 Netlogon - ok
11:07:52.0593 4052 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
11:07:52.0608 4052 Netman - ok
11:07:52.0655 4052 [ E8B9164DA7701C1E595647C3A3AFA766 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:07:52.0671 4052 NetMsmqActivator - ok
11:07:52.0671 4052 [ E8B9164DA7701C1E595647C3A3AFA766 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:07:52.0671 4052 NetPipeActivator - ok
11:07:52.0702 4052 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
11:07:52.0717 4052 netprofm - ok
11:07:52.0733 4052 [ E8B9164DA7701C1E595647C3A3AFA766 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:07:52.0733 4052 NetTcpActivator - ok
11:07:52.0733 4052 [ E8B9164DA7701C1E595647C3A3AFA766 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:07:52.0733 4052 NetTcpPortSharing - ok
11:07:52.0764 4052 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
11:07:52.0764 4052 nfrd960 - ok
11:07:52.0795 4052 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:07:52.0795 4052 NlaSvc - ok
11:07:52.0811 4052 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:07:52.0811 4052 Npfs - ok
11:07:52.0827 4052 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
11:07:52.0827 4052 nsi - ok
11:07:52.0827 4052 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:07:52.0827 4052 nsiproxy - ok
11:07:52.0873 4052 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:07:52.0889 4052 Ntfs - ok
11:07:52.0905 4052 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
11:07:52.0905 4052 Null - ok
11:07:52.0936 4052 [ B4F53BCA4C688FF47F04FA90098F896E ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
11:07:52.0936 4052 NVHDA - ok
11:07:53.0170 4052 [ 4EE399576F76D38C04745DB739BBC8C7 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:07:53.0232 4052 nvlddmkm - ok
11:07:53.0248 4052 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
11:07:53.0248 4052 nvraid - ok
11:07:53.0263 4052 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
11:07:53.0263 4052 nvstor - ok
11:07:53.0326 4052 [ 7335C3D78A7746D76D37F6722CC4A466 ] nvsvc C:\Windows\system32\nvvsvc.exe
11:07:53.0341 4052 nvsvc - ok
11:07:53.0419 4052 [ B7C53DA1C73FF39F4A6248643EFD979A ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
11:07:53.0435 4052 nvUpdatusService - ok
11:07:53.0451 4052 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
11:07:53.0451 4052 nv_agp - ok
11:07:53.0544 4052 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:07:53.0544 4052 odserv - ok
11:07:53.0575 4052 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
11:07:53.0575 4052 ohci1394 - ok
11:07:53.0622 4052 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:07:53.0638 4052 ose - ok
11:07:53.0685 4052 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:07:53.0685 4052 p2pimsvc - ok
11:07:53.0716 4052 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
11:07:53.0731 4052 p2psvc - ok
11:07:53.0747 4052 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
11:07:53.0763 4052 Parport - ok
11:07:53.0778 4052 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:07:53.0778 4052 partmgr - ok
11:07:53.0794 4052 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:07:53.0794 4052 PcaSvc - ok
11:07:53.0809 4052 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
11:07:53.0809 4052 pci - ok
11:07:53.0825 4052 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
11:07:53.0825 4052 pciide - ok
11:07:53.0856 4052 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
11:07:53.0856 4052 pcmcia - ok
11:07:53.0872 4052 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
11:07:53.0872 4052 pcw - ok
11:07:53.0887 4052 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:07:53.0887 4052 PEAUTH - ok
11:07:53.0919 4052 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
11:07:53.0950 4052 PeerDistSvc - ok
11:07:53.0950 4052 Peerinator - ok
11:07:54.0012 4052 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:07:54.0028 4052 PerfHost - ok
11:07:54.0090 4052 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
11:07:54.0106 4052 pla - ok
11:07:54.0137 4052 [ 23157D583244400E1D7FBAEE2E4B31B7 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:07:54.0153 4052 PlugPlay - ok
11:07:54.0168 4052 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:07:54.0168 4052 PNRPAutoReg - ok
11:07:54.0184 4052 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:07:54.0199 4052 PNRPsvc - ok
11:07:54.0231 4052 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:07:54.0231 4052 PolicyAgent - ok
11:07:54.0246 4052 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
11:07:54.0262 4052 Power - ok
11:07:54.0293 4052 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:07:54.0293 4052 PptpMiniport - ok
11:07:54.0309 4052 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
11:07:54.0309 4052 Processor - ok
11:07:54.0324 4052 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
11:07:54.0340 4052 ProfSvc - ok
11:07:54.0340 4052 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
11:07:54.0340 4052 ProtectedStorage - ok
11:07:54.0371 4052 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:07:54.0371 4052 Psched - ok
11:07:54.0402 4052 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
11:07:54.0418 4052 ql2300 - ok
11:07:54.0433 4052 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
11:07:54.0433 4052 ql40xx - ok
11:07:54.0449 4052 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
11:07:54.0449 4052 QWAVE - ok
11:07:54.0465 4052 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:07:54.0465 4052 QWAVEdrv - ok
11:07:54.0480 4052 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:07:54.0480 4052 RasAcd - ok
11:07:54.0496 4052 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:07:54.0496 4052 RasAgileVpn - ok
11:07:54.0527 4052 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
11:07:54.0527 4052 RasAuto - ok
11:07:54.0543 4052 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:07:54.0543 4052 Rasl2tp - ok
11:07:54.0574 4052 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
11:07:54.0589 4052 RasMan - ok
11:07:54.0605 4052 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:07:54.0605 4052 RasPppoe - ok
11:07:54.0621 4052 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:07:54.0621 4052 RasSstp - ok
11:07:54.0636 4052 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:07:54.0652 4052 rdbss - ok
11:07:54.0652 4052 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:07:54.0652 4052 rdpbus - ok
11:07:54.0667 4052 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:07:54.0667 4052 RDPCDD - ok
11:07:54.0699 4052 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
11:07:54.0699 4052 RDPDR - ok
11:07:54.0714 4052 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:07:54.0714 4052 RDPENCDD - ok
11:07:54.0730 4052 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:07:54.0730 4052 RDPREFMP - ok
11:07:54.0745 4052 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:07:54.0745 4052 RDPWD - ok
11:07:54.0777 4052 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:07:54.0777 4052 rdyboost - ok
11:07:54.0808 4052 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:07:54.0808 4052 RemoteAccess - ok
11:07:54.0839 4052 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:07:54.0839 4052 RemoteRegistry - ok
11:07:54.0839 4052 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:07:54.0855 4052 RpcEptMapper - ok
11:07:54.0870 4052 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
11:07:54.0870 4052 RpcLocator - ok
11:07:54.0886 4052 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
11:07:54.0901 4052 RpcSs - ok
11:07:54.0917 4052 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:07:54.0917 4052 rspndr - ok
11:07:54.0948 4052 [ F65F171165FBB613F7AA3CC78E8CAB42 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
11:07:54.0948 4052 RTL8167 - ok
11:07:54.0964 4052 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
11:07:54.0964 4052 s3cap - ok
11:07:54.0979 4052 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
11:07:54.0979 4052 SamSs - ok
11:07:54.0995 4052 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
11:07:54.0995 4052 sbp2port - ok
11:07:55.0042 4052 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:07:55.0042 4052 SCardSvr - ok
11:07:55.0057 4052 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:07:55.0057 4052 scfilter - ok
11:07:55.0089 4052 [ EC56B171F85C7E855E7B0588AC503EEA ] Schedule C:\Windows\system32\schedsvc.dll
11:07:55.0104 4052 Schedule - ok
11:07:55.0135 4052 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:07:55.0135 4052 SCPolicySvc - ok
11:07:55.0151 4052 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:07:55.0167 4052 SDRSVC - ok
11:07:55.0198 4052 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:07:55.0198 4052 secdrv - ok
11:07:55.0213 4052 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
11:07:55.0213 4052 seclogon - ok
11:07:55.0229 4052 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
11:07:55.0229 4052 SENS - ok
11:07:55.0245 4052 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:07:55.0245 4052 SensrSvc - ok
11:07:55.0260 4052 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:07:55.0260 4052 Serenum - ok
11:07:55.0276 4052 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:07:55.0276 4052 Serial - ok
11:07:55.0291 4052 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
11:07:55.0291 4052 sermouse - ok
11:07:55.0323 4052 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
11:07:55.0323 4052 SessionEnv - ok
11:07:55.0338 4052 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
11:07:55.0338 4052 sffdisk - ok
11:07:55.0354 4052 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
11:07:55.0354 4052 sffp_mmc - ok
11:07:55.0369 4052 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
11:07:55.0369 4052 sffp_sd - ok
11:07:55.0385 4052 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
11:07:55.0385 4052 sfloppy - ok
11:07:55.0416 4052 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:07:55.0432 4052 SharedAccess - ok
11:07:55.0463 4052 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:07:55.0463 4052 ShellHWDetection - ok
11:07:55.0494 4052 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:07:55.0494 4052 SiSRaid2 - ok
11:07:55.0510 4052 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
11:07:55.0510 4052 SiSRaid4 - ok
11:07:55.0572 4052 [ CA355B308AA537C6B9D67CD3A5485AF9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
11:07:55.0572 4052 SkypeUpdate - ok
11:07:55.0588 4052 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:07:55.0603 4052 Smb - ok
11:07:55.0635 4052 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:07:55.0635 4052 SNMPTRAP - ok
11:07:55.0666 4052 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
11:07:55.0666 4052 spldr - ok
11:07:55.0681 4052 [ 89E8550C5862999FCF482EA562B0E98E ] Spooler C:\Windows\System32\spoolsv.exe
11:07:55.0697 4052 Spooler - ok
11:07:55.0775 4052 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
11:07:55.0822 4052 sppsvc - ok
11:07:55.0822 4052 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:07:55.0822 4052 sppuinotify - ok
11:07:55.0869 4052 [ EAD5300C93946B0250A309E2BF2BE4CF ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
11:07:55.0869 4052 SQLWriter - ok
11:07:55.0900 4052 [ EC8F67289105BF270498095F14963464 ] srv C:\Windows\system32\DRIVERS\srv.sys
11:07:55.0900 4052 srv - ok
11:07:55.0915 4052 [ F773D2ED090B7BAA1C1A034F3CA476C8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:07:55.0931 4052 srv2 - ok
11:07:55.0947 4052 [ 26E84D3649019C3244622E654DFCD75B ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:07:55.0962 4052 srvnet - ok
11:07:55.0993 4052 [ 52D6F40B50ECFC051979FEC68E74F0F8 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
11:07:55.0993 4052 ssadbus - ok
11:07:56.0025 4052 [ D6CFD3B2EABCF9327DE39C62BABFA1E3 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
11:07:56.0025 4052 ssadmdfl - ok
11:07:56.0040 4052 [ 5EB01E6148742C3EC2185AC92F6D16FD ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
11:07:56.0056 4052 ssadmdm - ok
11:07:56.0087 4052 [ FF20F67DD5644BD1D2E7FCD95AF7F03B ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
11:07:56.0087 4052 ssadserd - ok
11:07:56.0134 4052 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:07:56.0134 4052 SSDPSRV - ok
11:07:56.0165 4052 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:07:56.0165 4052 SstpSvc - ok
11:07:56.0196 4052 [ BC76D75A372BC02831A6A6AEA66510F8 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
11:07:56.0212 4052 Steam Client Service - ok
11:07:56.0259 4052 [ 81F177C1954453AF407604160BD149CB ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
11:07:56.0274 4052 Stereo Service - ok
11:07:56.0290 4052 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
11:07:56.0290 4052 stexstor - ok
11:07:56.0352 4052 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
11:07:56.0368 4052 stisvc - ok
11:07:56.0383 4052 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
11:07:56.0383 4052 storflt - ok
11:07:56.0399 4052 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
11:07:56.0399 4052 storvsc - ok
11:07:56.0415 4052 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
11:07:56.0415 4052 swenum - ok
11:07:56.0446 4052 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
11:07:56.0446 4052 swprv - ok
11:07:56.0493 4052 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
11:07:56.0508 4052 SysMain - ok
11:07:56.0524 4052 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:07:56.0524 4052 TabletInputService - ok
11:07:56.0539 4052 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
11:07:56.0539 4052 TapiSrv - ok
11:07:56.0571 4052 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
11:07:56.0586 4052 TBS - ok
11:07:56.0649 4052 [ 912107716BAB424C7870E8E6AF5E07E1 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:07:56.0649 4052 Tcpip - ok
11:07:56.0680 4052 [ 912107716BAB424C7870E8E6AF5E07E1 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:07:56.0695 4052 TCPIP6 - ok
11:07:56.0711 4052 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:07:56.0711 4052 tcpipreg - ok
11:07:56.0727 4052 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:07:56.0727 4052 TDPIPE - ok
11:07:56.0742 4052 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:07:56.0742 4052 TDTCP - ok
11:07:56.0773 4052 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:07:56.0773 4052 tdx - ok
11:07:56.0820 4052 [ BB676D2C7AD5E7131D12417E4691F9B9 ] Te.Service C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe
11:07:56.0836 4052 Te.Service - ok
11:07:56.0851 4052 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
11:07:56.0851 4052 TermDD - ok
11:07:56.0883 4052 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
11:07:56.0914 4052 TermService - ok
11:07:56.0929 4052 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
11:07:56.0929 4052 Themes - ok
11:07:56.0961 4052 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
11:07:56.0961 4052 THREADORDER - ok
11:07:56.0976 4052 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
11:07:56.0976 4052 TrkWks - ok
11:07:57.0007 4052 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:07:57.0007 4052 TrustedInstaller - ok
11:07:57.0023 4052 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:07:57.0023 4052 tssecsrv - ok
11:07:57.0054 4052 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:07:57.0054 4052 tunnel - ok
11:07:57.0085 4052 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
11:07:57.0085 4052 uagp35 - ok
11:07:57.0101 4052 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:07:57.0101 4052 udfs - ok
11:07:57.0117 4052 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

11:07:57.0132 4052 UI0Detect - ok
11:07:57.0148 4052 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
11:07:57.0148 4052 uliagpkx - ok
11:07:57.0163 4052 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:07:57.0163 4052 umbus - ok
11:07:57.0179 4052 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
11:07:57.0179 4052 UmPass - ok
11:07:57.0195 4052 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
11:07:57.0195 4052 UmRdpService - ok
11:07:57.0226 4052 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
11:07:57.0226 4052 upnphost - ok
11:07:57.0257 4052 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
11:07:57.0257 4052 usbaudio - ok
11:07:57.0273 4052 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:07:57.0273 4052 usbccgp - ok
11:07:57.0288 4052 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
11:07:57.0288 4052 usbcir - ok
11:07:57.0304 4052 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:07:57.0304 4052 usbehci - ok
11:07:57.0319 4052 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:07:57.0335 4052 usbhub - ok
11:07:57.0351 4052 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
11:07:57.0351 4052 usbohci - ok
11:07:57.0366 4052 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:07:57.0366 4052 usbprint - ok
11:07:57.0382 4052 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:07:57.0382 4052 USBSTOR - ok
11:07:57.0397 4052 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
11:07:57.0397 4052 usbuhci - ok
11:07:57.0413 4052 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
11:07:57.0413 4052 UxSms - ok
11:07:57.0429 4052 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe
11:07:57.0429 4052 VaultSvc - ok
11:07:57.0444 4052 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
11:07:57.0444 4052 vdrvroot - ok
11:07:57.0460 4052 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
11:07:57.0460 4052 vds - ok
11:07:57.0475 4052 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:07:57.0475 4052 vga - ok
11:07:57.0491 4052 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
11:07:57.0491 4052 VgaSave - ok
11:07:57.0522 4052 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
11:07:57.0522 4052 vhdmp - ok
11:07:57.0538 4052 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
11:07:57.0538 4052 viaide - ok
11:07:57.0569 4052 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
11:07:57.0569 4052 vmbus - ok
11:07:57.0585 4052 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
11:07:57.0585 4052 VMBusHID - ok
11:07:57.0600 4052 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
11:07:57.0600 4052 volmgr - ok
11:07:57.0616 4052 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:07:57.0616 4052 volmgrx - ok
11:07:57.0631 4052 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
11:07:57.0631 4052 volsnap - ok
11:07:57.0709 4052 [ 4D8FC912E146DE0115392381C7114588 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
11:07:57.0709 4052 vpnagent - ok
11:07:57.0772 4052 [ A8D4FED106B4BD337DF3DA20BA44E18E ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys
11:07:57.0772 4052 vpnva - ok
11:07:57.0865 4052 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
11:07:57.0865 4052 vsmraid - ok
11:07:57.0943 4052 [ F972436B5ED08069A1E7D623B77C226A ] VSPerfDrv110 C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys
11:07:57.0959 4052 VSPerfDrv110 - ok
11:07:58.0021 4052 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
11:07:58.0037 4052 VSS - ok
11:07:58.0053 4052 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
11:07:58.0053 4052 vwifibus - ok
11:07:58.0068 4052 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
11:07:58.0084 4052 W32Time - ok
11:07:58.0099 4052 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
11:07:58.0099 4052 WacomPen - ok
11:07:58.0115 4052 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:07:58.0115 4052 WANARP - ok
11:07:58.0115 4052 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:07:58.0115 4052 Wanarpv6 - ok
11:07:58.0177 4052 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:07:58.0177 4052 WatAdminSvc - ok
11:07:58.0240 4052 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
11:07:58.0255 4052 wbengine - ok
11:07:58.0271 4052 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:07:58.0271 4052 WbioSrvc - ok
11:07:58.0287 4052 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:07:58.0302 4052 wcncsvc - ok
11:07:58.0302 4052 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:07:58.0302 4052 WcsPlugInService - ok
11:07:58.0318 4052 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
11:07:58.0318 4052 Wd - ok
11:07:58.0349 4052 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:07:58.0349 4052 Wdf01000 - ok
11:07:58.0365 4052 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:07:58.0365 4052 WdiServiceHost - ok
11:07:58.0365 4052 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:07:58.0365 4052 WdiSystemHost - ok
11:07:58.0380 4052 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll
11:07:58.0396 4052 WebClient - ok
11:07:58.0411 4052 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:07:58.0411 4052 Wecsvc - ok
11:07:58.0427 4052 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:07:58.0427 4052 wercplsupport - ok
11:07:58.0458 4052 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
11:07:58.0458 4052 WerSvc - ok
11:07:58.0489 4052 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:07:58.0489 4052 WfpLwf - ok
11:07:58.0521 4052 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:07:58.0521 4052 WIMMount - ok
11:07:58.0536 4052 WinDefend - ok
11:07:58.0536 4052 WinHttpAutoProxySvc - ok
11:07:58.0614 4052 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:07:58.0614 4052 Winmgmt - ok
11:07:58.0677 4052 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
11:07:58.0708 4052 WinRM - ok
11:07:58.0739 4052 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
11:07:58.0755 4052 Wlansvc - ok
11:07:58.0770 4052 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
11:07:58.0770 4052 WmiAcpi - ok
11:07:58.0801 4052 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:07:58.0801 4052 wmiApSrv - ok
11:07:58.0833 4052 WMPNetworkSvc - ok
11:07:58.0848 4052 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:07:58.0848 4052 WPCSvc - ok
11:07:58.0879 4052 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:07:58.0879 4052 WPDBusEnum - ok
11:07:58.0895 4052 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:07:58.0895 4052 ws2ifsl - ok
11:07:58.0926 4052 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
11:07:58.0926 4052 wscsvc - ok
11:07:58.0926 4052 WSearch - ok
11:07:59.0004 4052 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
11:07:59.0035 4052 wuauserv - ok
11:07:59.0067 4052 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:07:59.0067 4052 WudfPf - ok
11:07:59.0098 4052 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:07:59.0098 4052 WUDFRd - ok
11:07:59.0113 4052 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:07:59.0129 4052 wudfsvc - ok
11:07:59.0145 4052 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
11:07:59.0145 4052 WwanSvc - ok
11:07:59.0160 4052 ================ Scan global ===============================
11:07:59.0176 4052 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:07:59.0207 4052 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
11:07:59.0223 4052 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
11:07:59.0238 4052 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:07:59.0254 4052 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:07:59.0254 4052 [Global] - ok
11:07:59.0254 4052 ================ Scan MBR ==================================
11:07:59.0269 4052 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:07:59.0425 4052 \Device\Harddisk0\DR0 - ok
11:07:59.0425 4052 ================ Scan VBR ==================================
11:07:59.0441 4052 [ 7468A9D06A5C22F42A64B7A01B075D31 ] \Device\Harddisk0\DR0\Partition1
11:07:59.0441 4052 \Device\Harddisk0\DR0\Partition1 - ok
11:07:59.0441 4052 ============================================================
11:07:59.0441 4052 Scan finished
11:07:59.0441 4052 ============================================================
11:07:59.0457 2260 Detected object count: 0
11:07:59.0457 2260 Actual detected object count: 0
11:08:11.0531 3984 Deinitialize success