Problém s Tages Protection Vyřešeno

[Hastalda]

Ahoj,
mám problém s Teges Protection a potřebovala bych pomoct zbavit se té potvory (viewtopic.php?f=46&t=92585). Konečně se mi podařilo provést přes HJT ten scan a přikládám log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:59:00, on 12.9.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\windows\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [DTRun] c:\Program Files\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\windows\system32\atiesrxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\Windows\system32\flcdlock.exe
O23 - Service: HP Health Check Service - Unknown owner - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (file missing)
O23 - Service: HP Power Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP DayStarter Service (HPDayStarterService) - Hewlett-Packard Company - c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - c:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: HP Hotkey Monitor (hpHotkeyMonitor) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard - C:\windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: @%SystemRoot%\system32\stlang.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\windows\system32\uArcCapture.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe

--
End of file - 11810 bytes

Moc díky za info jak dál. Haštalda

[Reklama]

[Žbeky]

Fixni:

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE)
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.

[Hastalda]

Když jsem vybrala položky a potvrdila "fix checked", vyskočila mi hláška - bohužel mi jsem nešel vložit otisk obrazovky, ale hláška zněla v tom duchu, že můj ntb není kompatibilní s programem HJT a je nutné "něco" přenastavit..., když jsem ale potvrdila, vypadalo, že proběhlo v pořádku...

Po vyčištění ATF Cleanerem, jsem stáhla Malwarebytes a podle instrukcí spustila rychlou kontrolu, zde je logfile:

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.65.0.1400
www.malwarebytes.org

Verze databáze: v2012.09.12.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Zeryk :: ZERYK-HP [administrátor]

Ochrana: Zakázána

12.9.2012 19:09:18
mbam-log-2012-09-12 (19-09-18).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 190334
Uplynulý čas: 4 minut, 14 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

[jaro3]

Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[Hastalda]

Vkládám log po spuštění TDSSKiller:

14:58:56.0185 4200 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
14:58:56.0310 4200 ============================================================
14:58:56.0310 4200 Current date / time: 2012/09/13 14:58:56.0310
14:58:56.0310 4200 SystemInfo:
14:58:56.0310 4200
14:58:56.0310 4200 OS Version: 6.1.7601 ServicePack: 1.0
14:58:56.0310 4200 Product type: Workstation
14:58:56.0310 4200 ComputerName: ZERYK-HP
14:58:56.0310 4200 UserName: Zeryk
14:58:56.0310 4200 Windows directory: C:\windows
14:58:56.0310 4200 System windows directory: C:\windows
14:58:56.0310 4200 Processor architecture: Intel x86
14:58:56.0310 4200 Number of processors: 4
14:58:56.0310 4200 Page size: 0x1000
14:58:56.0310 4200 Boot type: Normal boot
14:58:56.0310 4200 ============================================================
14:58:56.0793 4200 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:58:56.0793 4200 ============================================================
14:58:56.0793 4200 \Device\Harddisk0\DR0:
14:58:56.0793 4200 MBR partitions:
14:58:56.0793 4200 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
14:58:56.0793 4200 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x380EF800
14:58:56.0793 4200 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38186000, BlocksNum 0x1E00000
14:58:56.0793 4200 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x39F86000, BlocksNum 0x3FD800
14:58:56.0793 4200 ============================================================
14:58:56.0824 4200 C: <-> \Device\Harddisk0\DR0\Partition2
14:58:56.0856 4200 F: <-> \Device\Harddisk0\DR0\Partition4
14:58:56.0856 4200 ============================================================
14:58:56.0856 4200 Initialize success
14:58:56.0856 4200 ============================================================
14:59:05.0935 6020 ============================================================
14:59:05.0935 6020 Scan started
14:59:05.0935 6020 Mode: Manual;
14:59:05.0935 6020 ============================================================
14:59:06.0730 6020 ================ Scan system memory ========================
14:59:06.0730 6020 System memory - ok
14:59:06.0730 6020 ================ Scan services =============================
14:59:06.0933 6020 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
14:59:06.0933 6020 1394ohci - ok
14:59:06.0980 6020 [ 4DF5E6215A102A192B2B6DBB61F2FBA5 ] Accelerometer C:\windows\system32\DRIVERS\Accelerometer.sys
14:59:06.0980 6020 Accelerometer - ok
14:59:07.0058 6020 [ 35F57598F0589FEB3C3ABC1621BF329F ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
14:59:07.0074 6020 ACDaemon - ok
14:59:07.0105 6020 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\windows\system32\drivers\ACPI.sys
14:59:07.0105 6020 ACPI - ok
14:59:07.0136 6020 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
14:59:07.0136 6020 AcpiPmi - ok
14:59:07.0167 6020 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
14:59:07.0167 6020 adp94xx - ok
14:59:07.0198 6020 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
14:59:07.0198 6020 adpahci - ok
14:59:07.0214 6020 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
14:59:07.0214 6020 adpu320 - ok
14:59:07.0245 6020 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
14:59:07.0245 6020 AeLookupSvc - ok
14:59:07.0323 6020 [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters C:\Program Files\IDT\WDM\aestsrv.exe
14:59:07.0323 6020 AESTFilters - ok
14:59:07.0354 6020 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\windows\system32\drivers\Afc.sys
14:59:07.0354 6020 Afc - ok
14:59:07.0386 6020 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\windows\system32\drivers\afd.sys
14:59:07.0401 6020 AFD - ok
14:59:07.0464 6020 [ 7E10E3BB9B258AD8A9300F91214D67B9 ] AgereSoftModem C:\windows\system32\DRIVERS\AGRSM.sys
14:59:07.0479 6020 AgereSoftModem - ok
14:59:07.0526 6020 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\windows\system32\drivers\agp440.sys
14:59:07.0526 6020 agp440 - ok
14:59:07.0557 6020 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\windows\system32\DRIVERS\djsvs.sys
14:59:07.0557 6020 aic78xx - ok
14:59:07.0604 6020 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\windows\System32\alg.exe
14:59:07.0604 6020 ALG - ok
14:59:07.0620 6020 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\windows\system32\drivers\aliide.sys
14:59:07.0620 6020 aliide - ok
14:59:07.0666 6020 [ 56459648C8769B221B4862CE78B684CC ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
14:59:07.0666 6020 AMD External Events Utility - ok
14:59:07.0666 6020 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\windows\system32\drivers\amdagp.sys
14:59:07.0666 6020 amdagp - ok
14:59:07.0682 6020 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\windows\system32\drivers\amdide.sys
14:59:07.0682 6020 amdide - ok
14:59:07.0713 6020 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
14:59:07.0729 6020 AmdK8 - ok
14:59:07.0744 6020 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
14:59:07.0744 6020 AmdPPM - ok
14:59:07.0776 6020 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\windows\system32\drivers\amdsata.sys
14:59:07.0776 6020 amdsata - ok
14:59:07.0822 6020 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
14:59:07.0822 6020 amdsbs - ok
14:59:07.0838 6020 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\windows\system32\drivers\amdxata.sys
14:59:07.0854 6020 amdxata - ok
14:59:07.0916 6020 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\windows\system32\drivers\appid.sys
14:59:07.0916 6020 AppID - ok
14:59:07.0932 6020 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\windows\System32\appidsvc.dll
14:59:07.0932 6020 AppIDSvc - ok
14:59:07.0963 6020 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\windows\System32\appinfo.dll
14:59:07.0963 6020 Appinfo - ok
14:59:07.0994 6020 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\windows\system32\DRIVERS\arc.sys
14:59:07.0994 6020 arc - ok
14:59:08.0010 6020 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
14:59:08.0010 6020 arcsas - ok
14:59:08.0056 6020 [ 74FC764F43E68548B9024773CB94979C ] ARCVCAM C:\windows\system32\DRIVERS\ArcSoftVCapture.sys
14:59:08.0056 6020 ARCVCAM - ok
14:59:08.0103 6020 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
14:59:08.0103 6020 AsyncMac - ok
14:59:08.0134 6020 [ 338C86357871C167A96AB976519BF59E ] atapi C:\windows\system32\drivers\atapi.sys
14:59:08.0134 6020 atapi - ok
14:59:08.0197 6020 [ B01751CC563AECAC09BBE36AAA21FBEF ] athr C:\windows\system32\DRIVERS\athr.sys
14:59:08.0212 6020 athr - ok
14:59:08.0244 6020 [ 430449D04B05348879244C9090D405B4 ] AtiHdmiService C:\windows\system32\drivers\AtiHdmi.sys
14:59:08.0244 6020 AtiHdmiService - ok
14:59:08.0384 6020 [ 5057E144D777E0D0EB73E12ADA1D78C9 ] atikmdag C:\windows\system32\DRIVERS\atikmdag.sys
14:59:08.0431 6020 atikmdag - ok
14:59:08.0493 6020 [ 547F07839F71A4357A5E503646CAC2B0 ] atksgt C:\windows\system32\DRIVERS\atksgt.sys
14:59:08.0493 6020 atksgt - ok
14:59:08.0540 6020 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
14:59:08.0556 6020 AudioEndpointBuilder - ok
14:59:08.0556 6020 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\windows\System32\Audiosrv.dll
14:59:08.0571 6020 Audiosrv - ok
14:59:08.0618 6020 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\windows\System32\AxInstSV.dll
14:59:08.0618 6020 AxInstSV - ok
14:59:08.0680 6020 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\windows\system32\DRIVERS\bxvbdx.sys
14:59:08.0696 6020 b06bdrv - ok
14:59:08.0727 6020 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys
14:59:08.0743 6020 b57nd60x - ok
14:59:08.0774 6020 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\windows\System32\bdesvc.dll
14:59:08.0774 6020 BDESVC - ok
14:59:08.0790 6020 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\windows\system32\drivers\Beep.sys
14:59:08.0790 6020 Beep - ok
14:59:08.0821 6020 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\windows\System32\bfe.dll
14:59:08.0821 6020 BFE - ok
14:59:08.0852 6020 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\windows\System32\qmgr.dll
14:59:08.0868 6020 BITS - ok
14:59:08.0868 6020 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
14:59:08.0883 6020 blbdrive - ok
14:59:08.0899 6020 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\windows\system32\DRIVERS\bowser.sys
14:59:08.0899 6020 bowser - ok
14:59:08.0914 6020 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
14:59:08.0914 6020 BrFiltLo - ok
14:59:08.0930 6020 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
14:59:08.0930 6020 BrFiltUp - ok
14:59:08.0961 6020 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\windows\System32\browser.dll
14:59:08.0961 6020 Browser - ok
14:59:08.0977 6020 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\windows\System32\Drivers\Brserid.sys
14:59:08.0977 6020 Brserid - ok
14:59:09.0008 6020 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
14:59:09.0008 6020 BrSerWdm - ok
14:59:09.0039 6020 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
14:59:09.0039 6020 BrUsbMdm - ok
14:59:09.0039 6020 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
14:59:09.0039 6020 BrUsbSer - ok
14:59:09.0070 6020 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
14:59:09.0070 6020 BthEnum - ok
14:59:09.0086 6020 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
14:59:09.0086 6020 BTHMODEM - ok
14:59:09.0117 6020 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
14:59:09.0117 6020 BthPan - ok
14:59:09.0148 6020 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
14:59:09.0148 6020 BTHPORT - ok
14:59:09.0180 6020 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\windows\system32\bthserv.dll
14:59:09.0180 6020 bthserv - ok
14:59:09.0195 6020 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
14:59:09.0195 6020 BTHUSB - ok
14:59:09.0226 6020 [ CE5833C144CA6623BCBDE93B188AA850 ] btwaudio C:\windows\system32\drivers\btwaudio.sys
14:59:09.0226 6020 btwaudio - ok
14:59:09.0242 6020 [ AF9148C3E844131AC954CB53FF43D971 ] btwavdt C:\windows\system32\DRIVERS\btwavdt.sys
14:59:09.0258 6020 btwavdt - ok
14:59:09.0304 6020 [ F55C99818FD1EACFC7784958A8592536 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
14:59:09.0304 6020 btwdins - ok
14:59:09.0320 6020 [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
14:59:09.0336 6020 btwl2cap - ok
14:59:09.0336 6020 [ 480B3D195854B2E55299CDDDDC50BCF9 ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
14:59:09.0336 6020 btwrchid - ok
14:59:09.0367 6020 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
14:59:09.0367 6020 cdfs - ok
14:59:09.0398 6020 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\windows\system32\drivers\cdrom.sys
14:59:09.0398 6020 cdrom - ok
14:59:09.0445 6020 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\windows\System32\certprop.dll
14:59:09.0445 6020 CertPropSvc - ok
14:59:09.0460 6020 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\windows\system32\DRIVERS\circlass.sys
14:59:09.0460 6020 circlass - ok
14:59:09.0492 6020 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\windows\system32\CLFS.sys
14:59:09.0492 6020 CLFS - ok
14:59:09.0554 6020 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:59:09.0554 6020 clr_optimization_v2.0.50727_32 - ok
14:59:09.0616 6020 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:59:09.0616 6020 clr_optimization_v4.0.30319_32 - ok
14:59:09.0632 6020 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
14:59:09.0632 6020 CmBatt - ok
14:59:09.0663 6020 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\windows\system32\drivers\cmdide.sys
14:59:09.0663 6020 cmdide - ok
14:59:09.0710 6020 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\windows\system32\Drivers\cng.sys
14:59:09.0710 6020 CNG - ok
14:59:09.0741 6020 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
14:59:09.0741 6020 Compbatt - ok
14:59:09.0772 6020 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
14:59:09.0772 6020 CompositeBus - ok
14:59:09.0788 6020 COMSysApp - ok
14:59:09.0804 6020 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
14:59:09.0804 6020 crcdisk - ok
14:59:09.0835 6020 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\windows\system32\cryptsvc.dll
14:59:09.0850 6020 CryptSvc - ok
14:59:09.0882 6020 [ A05433F6218DCB8F0DEC232DE65F8B26 ] DAMDrv C:\windows\system32\DRIVERS\DAMDrv.sys
14:59:09.0882 6020 DAMDrv - ok
14:59:09.0928 6020 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\windows\system32\rpcss.dll
14:59:09.0928 6020 DcomLaunch - ok
14:59:09.0960 6020 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\windows\System32\defragsvc.dll
14:59:09.0960 6020 defragsvc - ok
14:59:10.0006 6020 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\windows\system32\Drivers\dfsc.sys
14:59:10.0006 6020 DfsC - ok
14:59:10.0038 6020 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\windows\system32\dhcpcore.dll
14:59:10.0053 6020 Dhcp - ok
14:59:10.0069 6020 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\windows\system32\drivers\discache.sys
14:59:10.0069 6020 discache - ok
14:59:10.0100 6020 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\windows\system32\DRIVERS\disk.sys
14:59:10.0100 6020 Disk - ok
14:59:10.0147 6020 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\windows\System32\dnsrslvr.dll
14:59:10.0147 6020 Dnscache - ok
14:59:10.0178 6020 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\windows\System32\dot3svc.dll
14:59:10.0178 6020 dot3svc - ok
14:59:10.0303 6020 [ 4441BF92614AD5BACA9CA570ACCC69F2 ] DpHost c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
14:59:10.0318 6020 DpHost - ok
14:59:10.0350 6020 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\windows\system32\dps.dll
14:59:10.0350 6020 DPS - ok
14:59:10.0381 6020 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
14:59:10.0381 6020 drmkaud - ok
14:59:10.0412 6020 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
14:59:10.0428 6020 DXGKrnl - ok
14:59:10.0459 6020 [ 8A45015E85A4DCE0086B9973F0FD9A20 ] eamonm C:\windows\system32\DRIVERS\eamonm.sys
14:59:10.0459 6020 eamonm - ok
14:59:10.0474 6020 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\windows\System32\eapsvc.dll
14:59:10.0474 6020 EapHost - ok
14:59:10.0568 6020 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\windows\system32\DRIVERS\evbdx.sys
14:59:10.0599 6020 ebdrv - ok
14:59:10.0615 6020 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\windows\System32\lsass.exe
14:59:10.0615 6020 EFS - ok
14:59:10.0662 6020 [ 5412ED24FFFCA64E2F0168399B86C952 ] ehdrv C:\windows\system32\DRIVERS\ehdrv.sys
14:59:10.0662 6020 ehdrv - ok
14:59:10.0724 6020 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\windows\ehome\ehRecvr.exe
14:59:10.0724 6020 ehRecvr - ok
14:59:10.0755 6020 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\windows\ehome\ehsched.exe
14:59:10.0755 6020 ehSched - ok
14:59:10.0864 6020 [ AD4FAADE819E0DA9933BEA7C01D2C763 ] ekrn C:\Program Files\ESET\ESET Smart Security\ekrn.exe
14:59:10.0880 6020 ekrn - ok
14:59:10.0911 6020 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
14:59:10.0911 6020 elxstor - ok
14:59:10.0958 6020 [ 774BABCB1144513DC86992003740B774 ] epfw C:\windows\system32\DRIVERS\epfw.sys
14:59:10.0958 6020 epfw - ok
14:59:10.0974 6020 [ 2C22CC39309EE06AE870C183BF2A769D ] EpfwLWF C:\windows\system32\DRIVERS\EpfwLWF.sys
14:59:10.0974 6020 EpfwLWF - ok
14:59:11.0005 6020 [ 2B4E5F01A4E786B422F4D617B51FA7D9 ] epfwwfp C:\windows\system32\DRIVERS\epfwwfp.sys
14:59:11.0005 6020 epfwwfp - ok
14:59:11.0036 6020 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\windows\system32\drivers\errdev.sys
14:59:11.0036 6020 ErrDev - ok
14:59:11.0067 6020 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\windows\system32\es.dll
14:59:11.0083 6020 EventSystem - ok
14:59:11.0114 6020 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\windows\system32\drivers\exfat.sys
14:59:11.0114 6020 exfat - ok
14:59:11.0130 6020 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\windows\system32\drivers\fastfat.sys
14:59:11.0130 6020 fastfat - ok
14:59:11.0161 6020 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\windows\system32\fxssvc.exe
14:59:11.0176 6020 Fax - ok
14:59:11.0192 6020 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\windows\system32\DRIVERS\fdc.sys
14:59:11.0192 6020 fdc - ok
14:59:11.0208 6020 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\windows\system32\fdPHost.dll
14:59:11.0208 6020 fdPHost - ok
14:59:11.0223 6020 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\windows\system32\fdrespub.dll
14:59:11.0223 6020 FDResPub - ok
14:59:11.0239 6020 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
14:59:11.0239 6020 FileInfo - ok
14:59:11.0270 6020 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\windows\system32\drivers\filetrace.sys
14:59:11.0270 6020 Filetrace - ok
14:59:11.0301 6020 [ 7E728680AA428506A82351D859C32C95 ] FLCDLOCK c:\Windows\system32\flcdlock.exe
14:59:11.0301 6020 FLCDLOCK - ok
14:59:11.0317 6020 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
14:59:11.0317 6020 flpydisk - ok
14:59:11.0332 6020 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
14:59:11.0348 6020 FltMgr - ok
14:59:11.0379 6020 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\windows\system32\FntCache.dll
14:59:11.0395 6020 FontCache - ok
14:59:11.0442 6020 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:59:11.0442 6020 FontCache3.0.0.0 - ok
14:59:11.0473 6020 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\windows\system32\drivers\FsDepends.sys
14:59:11.0473 6020 FsDepends - ok
14:59:11.0488 6020 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
14:59:11.0488 6020 Fs_Rec - ok
14:59:11.0535 6020 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
14:59:11.0535 6020 fvevol - ok
14:59:11.0566 6020 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
14:59:11.0582 6020 gagp30kx - ok
14:59:11.0613 6020 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\windows\System32\gpsvc.dll
14:59:11.0629 6020 gpsvc - ok
14:59:11.0644 6020 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
14:59:11.0644 6020 hcw85cir - ok
14:59:11.0676 6020 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
14:59:11.0676 6020 HdAudAddService - ok
14:59:11.0707 6020 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
14:59:11.0707 6020 HDAudBus - ok
14:59:11.0738 6020 [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI C:\windows\system32\DRIVERS\HECI.sys
14:59:11.0738 6020 HECI - ok
14:59:11.0754 6020 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
14:59:11.0754 6020 HidBatt - ok
14:59:11.0769 6020 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
14:59:11.0769 6020 HidBth - ok
14:59:11.0800 6020 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\windows\system32\DRIVERS\hidir.sys
14:59:11.0800 6020 HidIr - ok
14:59:11.0816 6020 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\windows\system32\hidserv.dll
14:59:11.0816 6020 hidserv - ok
14:59:11.0847 6020 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\windows\system32\drivers\hidusb.sys
14:59:11.0847 6020 HidUsb - ok
14:59:11.0878 6020 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\windows\system32\kmsvc.dll
14:59:11.0878 6020 hkmsvc - ok
14:59:11.0925 6020 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
14:59:11.0925 6020 HomeGroupListener - ok
14:59:11.0956 6020 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
14:59:11.0956 6020 HomeGroupProvider - ok
14:59:11.0988 6020 HP Health Check Service - ok
14:59:12.0019 6020 [ CF3AE4AEAB7E3AB87122DC4DDD3A6947 ] HP Power Assistant Service C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
14:59:12.0019 6020 HP Power Assistant Service - ok
14:59:12.0050 6020 [ AE2A8C80205F06BE5EDC63BE0AE9A756 ] HP ProtectTools Service c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
14:59:12.0050 6020 HP ProtectTools Service - ok
14:59:12.0097 6020 [ A2DE0A67C77EBC6DFAD3D55232790ADD ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
14:59:12.0097 6020 HP Wireless Assistant Service - ok
14:59:12.0159 6020 [ 54A4324365C835B59B76C7F1F42B2070 ] HPDayStarterService c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe
14:59:12.0159 6020 HPDayStarterService - ok
14:59:12.0206 6020 [ 50AFB68513014A6894D78014483F0432 ] HPDrvMntSvc.exe c:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
14:59:12.0206 6020 HPDrvMntSvc.exe - ok
14:59:12.0222 6020 [ E1D82F0C8456ABB03B7DF5D623CA47D1 ] hpdskflt C:\windows\system32\DRIVERS\hpdskflt.sys
14:59:12.0222 6020 hpdskflt - ok
14:59:12.0268 6020 [ 393383FE7F577B4A111B44445716FCB3 ] HpFkCryptService c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
14:59:12.0268 6020 HpFkCryptService - ok
14:59:12.0300 6020 [ C9D858E20AE696E7A0D9A05B595F850A ] HPFSService C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
14:59:12.0315 6020 HPFSService - ok
14:59:12.0346 6020 [ DF9F96E3B3AA6C6DDB33FA8C5646A632 ] hpHotkeyMonitor C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
14:59:12.0362 6020 hpHotkeyMonitor - ok
14:59:12.0393 6020 [ 1210960FF8928950D2A786895B0C424A ] HpqKbFiltr C:\windows\system32\DRIVERS\HpqKbFiltr.sys
14:59:12.0393 6020 HpqKbFiltr - ok
14:59:12.0409 6020 [ EF3EA06057132138B4E5895A61601DBE ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
14:59:12.0409 6020 hpqwmiex - ok
14:59:12.0440 6020 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
14:59:12.0456 6020 HpSAMD - ok
14:59:12.0471 6020 [ D1F817E61D52816996B8F1EBA9A38276 ] hpsrv C:\windows\system32\Hpservice.exe
14:59:12.0487 6020 hpsrv - ok
14:59:12.0580 6020 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\windows\system32\drivers\HTTP.sys
14:59:12.0580 6020 HTTP - ok
14:59:12.0612 6020 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
14:59:12.0612 6020 hwpolicy - ok
14:59:12.0643 6020 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
14:59:12.0643 6020 i8042prt - ok
14:59:12.0690 6020 [ F54B3DB096ABD6E9BBBD052FD3878A48 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
14:59:12.0690 6020 IAANTMON - ok
14:59:12.0721 6020 [ 01446278D4563B3013C92830AE6CBB26 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
14:59:12.0721 6020 iaStor - ok
14:59:12.0752 6020 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\windows\system32\drivers\iaStorV.sys
14:59:12.0752 6020 iaStorV - ok
14:59:12.0814 6020 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:59:12.0814 6020 idsvc - ok
14:59:12.0939 6020 [ AD626F6964F4D364D226C39E06872DD3 ] igfx C:\windows\system32\DRIVERS\igdkmd32.sys
14:59:12.0970 6020 igfx - ok
14:59:13.0002 6020 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
14:59:13.0002 6020 iirsp - ok
14:59:13.0048 6020 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\windows\System32\ikeext.dll
14:59:13.0064 6020 IKEEXT - ok
14:59:13.0095 6020 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\windows\system32\drivers\intelide.sys
14:59:13.0095 6020 intelide - ok
14:59:13.0126 6020 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
14:59:13.0126 6020 intelppm - ok
14:59:13.0142 6020 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\windows\system32\ipbusenum.dll
14:59:13.0142 6020 IPBusEnum - ok
14:59:13.0173 6020 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
14:59:13.0173 6020 IpFilterDriver - ok
14:59:13.0204 6020 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
14:59:13.0220 6020 iphlpsvc - ok
14:59:13.0236 6020 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
14:59:13.0236 6020 IPMIDRV - ok
14:59:13.0251 6020 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\windows\system32\drivers\ipnat.sys
14:59:13.0251 6020 IPNAT - ok
14:59:13.0267 6020 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\windows\system32\drivers\irenum.sys
14:59:13.0267 6020 IRENUM - ok
14:59:13.0298 6020 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\windows\system32\drivers\isapnp.sys
14:59:13.0298 6020 isapnp - ok
14:59:13.0329 6020 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
14:59:13.0329 6020 iScsiPrt - ok
14:59:13.0360 6020 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\windows\system32\drivers\kbdclass.sys
14:59:13.0360 6020 kbdclass - ok
14:59:13.0392 6020 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
14:59:13.0392 6020 kbdhid - ok
14:59:13.0407 6020 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\windows\system32\lsass.exe
14:59:13.0407 6020 KeyIso - ok
14:59:13.0438 6020 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
14:59:13.0438 6020 KSecDD - ok
14:59:13.0438 6020 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
14:59:13.0438 6020 KSecPkg - ok
14:59:13.0470 6020 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\windows\system32\msdtckrm.dll
14:59:13.0485 6020 KtmRm - ok
14:59:13.0516 6020 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\windows\system32\srvsvc.dll
14:59:13.0516 6020 LanmanServer - ok
14:59:13.0532 6020 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
14:59:13.0548 6020 LanmanWorkstation - ok
14:59:13.0579 6020 [ 83D8BE94E1CBCBE2EA8372DB1A95A159 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
14:59:13.0579 6020 LightScribeService - ok
14:59:13.0641 6020 [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt C:\windows\system32\DRIVERS\lirsgt.sys
14:59:13.0641 6020 lirsgt - ok
14:59:13.0672 6020 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
14:59:13.0672 6020 lltdio - ok
14:59:13.0719 6020 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\windows\System32\lltdsvc.dll
14:59:13.0719 6020 lltdsvc - ok
14:59:13.0735 6020 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\windows\System32\lmhsvc.dll
14:59:13.0735 6020 lmhosts - ok
14:59:13.0782 6020 [ BB4E55778D8DE3885E1CDAC795DE7BCE ] LMS C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
14:59:13.0782 6020 LMS - ok
14:59:13.0813 6020 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
14:59:13.0813 6020 LSI_FC - ok
14:59:13.0828 6020 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
14:59:13.0828 6020 LSI_SAS - ok
14:59:13.0860 6020 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
14:59:13.0860 6020 LSI_SAS2 - ok
14:59:13.0875 6020 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
14:59:13.0875 6020 LSI_SCSI - ok
14:59:13.0891 6020 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\windows\system32\drivers\luafv.sys
14:59:13.0891 6020 luafv - ok
14:59:13.0938 6020 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
14:59:13.0938 6020 MBAMProtector - ok
14:59:13.0984 6020 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:59:13.0984 6020 MBAMScheduler - ok
14:59:14.0031 6020 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:59:14.0031 6020 MBAMService - ok
14:59:14.0062 6020 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
14:59:14.0062 6020 Mcx2Svc - ok
14:59:14.0125 6020 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
14:59:14.0125 6020 MDM - ok
14:59:14.0140 6020 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\windows\system32\DRIVERS\megasas.sys
14:59:14.0156 6020 megasas - ok
14:59:14.0172 6020 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
14:59:14.0172 6020 MegaSR - ok
14:59:14.0203 6020 [ 64B96DE8C492BD435372D9130A535F1D ] MfeAVFK C:\windows\system32\drivers\MfeAVFK.sys
14:59:14.0203 6020 MfeAVFK - ok
14:59:14.0218 6020 [ 078E87A89D36CC3516F19D5FB518BDDC ] MfeBOPK C:\windows\system32\drivers\MfeBOPK.sys
14:59:14.0218 6020 MfeBOPK - ok
14:59:14.0250 6020 [ 168C565101FD5B9DB694EFDEC91FAFA9 ] mfehidk C:\windows\system32\drivers\mfehidk.sys
14:59:14.0250 6020 mfehidk - ok
14:59:14.0265 6020 [ E0842F67DC9BC4D21D1E319610EBE9E5 ] MfeRKDK C:\windows\system32\drivers\MfeRKDK.sys
14:59:14.0265 6020 MfeRKDK - ok
14:59:14.0281 6020 [ 43A7ACBBD70ECD62F0B63486C72089A3 ] mfetdik C:\windows\system32\drivers\mfetdik.sys
14:59:14.0296 6020 mfetdik - ok
14:59:14.0312 6020 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\windows\system32\mmcss.dll
14:59:14.0312 6020 MMCSS - ok
14:59:14.0343 6020 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\windows\system32\drivers\modem.sys
14:59:14.0343 6020 Modem - ok
14:59:14.0359 6020 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\windows\system32\DRIVERS\monitor.sys
14:59:14.0359 6020 monitor - ok
14:59:14.0390 6020 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\windows\system32\drivers\mouclass.sys
14:59:14.0390 6020 mouclass - ok
14:59:14.0406 6020 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
14:59:14.0406 6020 mouhid - ok
14:59:14.0421 6020 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\windows\system32\drivers\mountmgr.sys
14:59:14.0437 6020 mountmgr - ok
14:59:14.0452 6020 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\windows\system32\drivers\mpio.sys
14:59:14.0452 6020 mpio - ok
14:59:14.0468 6020 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
14:59:14.0468 6020 mpsdrv - ok
14:59:14.0515 6020 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\windows\system32\mpssvc.dll
14:59:14.0515 6020 MpsSvc - ok
14:59:14.0562 6020 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
14:59:14.0562 6020 MRxDAV - ok
14:59:14.0593 6020 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
14:59:14.0593 6020 mrxsmb - ok
14:59:14.0624 6020 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
14:59:14.0624 6020 mrxsmb10 - ok
14:59:14.0640 6020 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
14:59:14.0640 6020 mrxsmb20 - ok
14:59:14.0671 6020 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\windows\system32\drivers\msahci.sys
14:59:14.0671 6020 msahci - ok
14:59:14.0671 6020 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\windows\system32\drivers\msdsm.sys
14:59:14.0686 6020 msdsm - ok
14:59:14.0718 6020 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\windows\System32\msdtc.exe
14:59:14.0718 6020 MSDTC - ok
14:59:14.0749 6020 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\windows\system32\drivers\Msfs.sys
14:59:14.0749 6020 Msfs - ok
14:59:14.0764 6020 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
14:59:14.0764 6020 mshidkmdf - ok
14:59:14.0780 6020 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
14:59:14.0780 6020 msisadrv - ok
14:59:14.0811 6020 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\windows\system32\iscsiexe.dll
14:59:14.0811 6020 MSiSCSI - ok
14:59:14.0827 6020 msiserver - ok
14:59:14.0842 6020 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
14:59:14.0842 6020 MSKSSRV - ok
14:59:14.0858 6020 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
14:59:14.0858 6020 MSPCLOCK - ok
14:59:14.0874 6020 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
14:59:14.0874 6020 MSPQM - ok
14:59:14.0889 6020 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
14:59:14.0889 6020 MsRPC - ok
14:59:14.0905 6020 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
14:59:14.0905 6020 mssmbios - ok
14:59:14.0905 6020 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
14:59:14.0920 6020 MSTEE - ok
14:59:14.0936 6020 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
14:59:14.0936 6020 MTConfig - ok
14:59:14.0952 6020 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\windows\system32\Drivers\mup.sys
14:59:14.0952 6020 Mup - ok
14:59:14.0983 6020 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\windows\system32\qagentRT.dll
14:59:14.0983 6020 napagent - ok
14:59:15.0014 6020 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
14:59:15.0030 6020 NativeWifiP - ok
14:59:15.0061 6020 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\windows\system32\drivers\ndis.sys
14:59:15.0061 6020 NDIS - ok
14:59:15.0076 6020 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
14:59:15.0076 6020 NdisCap - ok
14:59:15.0092 6020 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
14:59:15.0108 6020 NdisTapi - ok
14:59:15.0139 6020 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
14:59:15.0139 6020 Ndisuio - ok
14:59:15.0170 6020 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
14:59:15.0186 6020 NdisWan - ok
14:59:15.0217 6020 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
14:59:15.0217 6020 NDProxy - ok
14:59:15.0310 6020 [ 6D4028D458EAAA1782099750790DC8C9 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
14:59:15.0310 6020 Nero BackItUp Scheduler 3 - ok
14:59:15.0342 6020 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
14:59:15.0342 6020 NetBIOS - ok
14:59:15.0388 6020 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
14:59:15.0388 6020 NetBT - ok
14:59:15.0404 6020 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\windows\system32\lsass.exe
14:59:15.0404 6020 Netlogon - ok
14:59:15.0435 6020 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\windows\System32\netman.dll
14:59:15.0435 6020 Netman - ok
14:59:15.0451 6020 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\windows\System32\netprofm.dll
14:59:15.0451 6020 netprofm - ok
14:59:15.0482 6020 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:59:15.0482 6020 NetTcpPortSharing - ok
14:59:15.0513 6020 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
14:59:15.0513 6020 nfrd960 - ok
14:59:15.0544 6020 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\windows\System32\nlasvc.dll
14:59:15.0544 6020 NlaSvc - ok
14:59:15.0622 6020 [ 1BEF5464C06F4AF0C704378824C52ADB ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
14:59:15.0622 6020 NMIndexingService - ok
14:59:15.0638 6020 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\windows\system32\drivers\Npfs.sys
14:59:15.0654 6020 Npfs - ok
14:59:15.0654 6020 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\windows\system32\nsisvc.dll
14:59:15.0669 6020 nsi - ok
14:59:15.0685 6020 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
14:59:15.0685 6020 nsiproxy - ok
14:59:15.0716 6020 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\windows\system32\drivers\Ntfs.sys
14:59:15.0732 6020 Ntfs - ok
14:59:15.0747 6020 [ F9756A98D69098DCA8945D62858A812C ] Null C:\windows\system32\drivers\Null.sys
14:59:15.0747 6020 Null - ok
14:59:15.0778 6020 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\windows\system32\drivers\nvraid.sys
14:59:15.0778 6020 nvraid - ok
14:59:15.0825 6020 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\windows\system32\drivers\nvstor.sys
14:59:15.0825 6020 nvstor - ok
14:59:15.0872 6020 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\windows\system32\drivers\nv_agp.sys
14:59:15.0872 6020 nv_agp - ok
14:59:15.0903 6020 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
14:59:15.0903 6020 ohci1394 - ok
14:59:15.0934 6020 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:59:15.0950 6020 ose - ok
14:59:15.0966 6020 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\windows\system32\pnrpsvc.dll
14:59:15.0966 6020 p2pimsvc - ok
14:59:15.0997 6020 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\windows\system32\p2psvc.dll
14:59:16.0012 6020 p2psvc - ok
14:59:16.0028 6020 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\windows\system32\DRIVERS\parport.sys
14:59:16.0028 6020 Parport - ok
14:59:16.0059 6020 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\windows\system32\drivers\partmgr.sys
14:59:16.0059 6020 partmgr - ok
14:59:16.0075 6020 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys
14:59:16.0075 6020 Parvdm - ok
14:59:16.0090 6020 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\windows\System32\pcasvc.dll
14:59:16.0090 6020 PcaSvc - ok
14:59:16.0122 6020 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\windows\system32\drivers\pci.sys
14:59:16.0122 6020 pci - ok
14:59:16.0168 6020 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\windows\system32\drivers\pciide.sys
14:59:16.0168 6020 pciide - ok
14:59:16.0200 6020 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
14:59:16.0200 6020 pcmcia - ok
14:59:16.0231 6020 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\windows\system32\drivers\pcw.sys
14:59:16.0231 6020 pcw - ok
14:59:16.0262 6020 pdfcDispatcher - ok
14:59:16.0293 6020 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\windows\system32\drivers\peauth.sys
14:59:16.0309 6020 PEAUTH - ok
14:59:16.0371 6020 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\windows\system32\pla.dll
14:59:16.0387 6020 pla - ok
14:59:16.0418 6020 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\windows\system32\umpnpmgr.dll
14:59:16.0434 6020 PlugPlay - ok
14:59:16.0449 6020 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
14:59:16.0465 6020 PNRPAutoReg - ok
14:59:16.0496 6020 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\windows\system32\pnrpsvc.dll
14:59:16.0512 6020 PNRPsvc - ok
14:59:16.0527 6020 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\windows\System32\ipsecsvc.dll
14:59:16.0527 6020 PolicyAgent - ok
14:59:16.0574 6020 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\windows\system32\umpo.dll
14:59:16.0574 6020 Power - ok
14:59:16.0605 6020 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
14:59:16.0605 6020 PptpMiniport - ok
14:59:16.0636 6020 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\windows\system32\DRIVERS\processr.sys
14:59:16.0636 6020 Processor - ok
14:59:16.0652 6020 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\windows\system32\profsvc.dll
14:59:16.0668 6020 ProfSvc - ok
14:59:16.0668 6020 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
14:59:16.0668 6020 ProtectedStorage - ok
14:59:16.0699 6020 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\windows\system32\DRIVERS\pacer.sys
14:59:16.0699 6020 Psched - ok
14:59:16.0746 6020 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
14:59:16.0746 6020 ql2300 - ok
14:59:16.0777 6020 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
14:59:16.0777 6020 ql40xx - ok
14:59:16.0792 6020 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\windows\system32\qwave.dll
14:59:16.0808 6020 QWAVE - ok
14:59:16.0824 6020 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
14:59:16.0824 6020 QWAVEdrv - ok
14:59:16.0824 6020 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
14:59:16.0824 6020 RasAcd - ok
14:59:16.0870 6020 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
14:59:16.0870 6020 RasAgileVpn - ok
14:59:16.0886 6020 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\windows\System32\rasauto.dll
14:59:16.0886 6020 RasAuto - ok
14:59:16.0902 6020 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
14:59:16.0902 6020 Rasl2tp - ok
14:59:16.0933 6020 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\windows\System32\rasmans.dll
14:59:16.0948 6020 RasMan - ok
14:59:16.0948 6020 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
14:59:16.0964 6020 RasPppoe - ok
14:59:16.0980 6020 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
14:59:16.0980 6020 RasSstp - ok
14:59:16.0995 6020 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
14:59:16.0995 6020 rdbss - ok
14:59:17.0026 6020 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
14:59:17.0026 6020 rdpbus - ok
14:59:17.0058 6020 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
14:59:17.0058 6020 RDPCDD - ok
14:59:17.0073 6020 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
14:59:17.0073 6020 RDPENCDD - ok
14:59:17.0089 6020 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
14:59:17.0089 6020 RDPREFMP - ok
14:59:17.0120 6020 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
14:59:17.0120 6020 RDPWD - ok
14:59:17.0151 6020 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
14:59:17.0151 6020 rdyboost - ok
14:59:17.0167 6020 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\windows\System32\mprdim.dll
14:59:17.0182 6020 RemoteAccess - ok
14:59:17.0198 6020 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\windows\system32\regsvc.dll
14:59:17.0214 6020 RemoteRegistry - ok
14:59:17.0229 6020 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
14:59:17.0229 6020 RFCOMM - ok
14:59:17.0245 6020 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
14:59:17.0245 6020 RpcEptMapper - ok
14:59:17.0260 6020 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\windows\system32\locator.exe
14:59:17.0260 6020 RpcLocator - ok
14:59:17.0276 6020 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\windows\system32\rpcss.dll
14:59:17.0292 6020 RpcSs - ok
14:59:17.0323 6020 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
14:59:17.0323 6020 rspndr - ok
14:59:17.0338 6020 [ 6B065C88A4C05CF44793AC2BFC331AC5 ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
14:59:17.0354 6020 RSUSBSTOR - ok
14:59:17.0385 6020 [ 92787F633F2724772AA03CFFC2CCFFE0 ] RsvLock C:\windows\system32\drivers\RsvLock.sys
14:59:17.0385 6020 RsvLock - ok
14:59:17.0463 6020 [ 55DC71F0CFE9E74C4F34434F9ACD61DC ] RTHDMIAzAudService C:\windows\system32\drivers\RtHDMI.sys
14:59:17.0494 6020 RTHDMIAzAudService - ok
14:59:17.0541 6020 [ 06BD46BE6141556125F89DF738333720 ] RTL8167 C:\windows\system32\DRIVERS\Rt86win7.sys
14:59:17.0541 6020 RTL8167 - ok
14:59:17.0557 6020 [ FBF042E3750ACBF512E599B37B75BB53 ] SafeBoot C:\windows\system32\drivers\SafeBoot.sys
14:59:17.0557 6020 Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: FBF042E3750ACBF512E599B37B75BB53

[Hastalda]

2 část logu:

14:59:17.0557 6020 SafeBoot ( LockedFile.Multi.Generic ) - warning
14:59:17.0557 6020 SafeBoot - detected LockedFile.Multi.Generic (1)
14:59:17.0572 6020 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\windows\system32\lsass.exe
14:59:17.0572 6020 SamSs - ok
14:59:17.0588 6020 [ 7ADBB5D76FC0452A413DC01F453112A0 ] SbAlg C:\windows\system32\drivers\SbAlg.sys
14:59:17.0588 6020 SbAlg - ok
14:59:17.0604 6020 [ 0B722E0E599E9DC6C3763DAAD1B2BBE3 ] SbFsLock C:\windows\system32\drivers\SbFsLock.sys
14:59:17.0604 6020 SbFsLock - ok
14:59:17.0635 6020 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\windows\system32\drivers\sbp2port.sys
14:59:17.0635 6020 sbp2port - ok
14:59:17.0666 6020 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\windows\System32\SCardSvr.dll
14:59:17.0666 6020 SCardSvr - ok
14:59:17.0682 6020 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
14:59:17.0682 6020 scfilter - ok
14:59:17.0728 6020 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\windows\system32\schedsvc.dll
14:59:17.0728 6020 Schedule - ok
14:59:17.0760 6020 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\windows\System32\certprop.dll
14:59:17.0760 6020 SCPolicySvc - ok
14:59:17.0791 6020 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\windows\System32\SDRSVC.dll
14:59:17.0806 6020 SDRSVC - ok
14:59:17.0853 6020 [ D358E077A0A05D9B12DA22D137EE8464 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
14:59:17.0853 6020 SeaPort - ok
14:59:17.0900 6020 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\windows\system32\drivers\secdrv.sys
14:59:17.0900 6020 secdrv - ok
14:59:17.0916 6020 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\windows\system32\seclogon.dll
14:59:17.0916 6020 seclogon - ok
14:59:17.0947 6020 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\windows\System32\sens.dll
14:59:17.0947 6020 SENS - ok
14:59:17.0962 6020 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\windows\system32\sensrsvc.dll
14:59:17.0962 6020 SensrSvc - ok
14:59:17.0994 6020 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
14:59:17.0994 6020 Serenum - ok
14:59:18.0009 6020 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\windows\system32\DRIVERS\serial.sys
14:59:18.0009 6020 Serial - ok
14:59:18.0040 6020 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
14:59:18.0040 6020 sermouse - ok
14:59:18.0072 6020 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\windows\system32\sessenv.dll
14:59:18.0072 6020 SessionEnv - ok
14:59:18.0087 6020 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\windows\system32\drivers\sffdisk.sys
14:59:18.0087 6020 sffdisk - ok
14:59:18.0103 6020 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
14:59:18.0103 6020 sffp_mmc - ok
14:59:18.0103 6020 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
14:59:18.0103 6020 sffp_sd - ok
14:59:18.0118 6020 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
14:59:18.0134 6020 sfloppy - ok
14:59:18.0150 6020 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\windows\System32\ipnathlp.dll
14:59:18.0150 6020 SharedAccess - ok
14:59:18.0165 6020 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
14:59:18.0165 6020 ShellHWDetection - ok
14:59:18.0196 6020 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\windows\system32\drivers\sisagp.sys
14:59:18.0196 6020 sisagp - ok
14:59:18.0228 6020 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
14:59:18.0228 6020 SiSRaid2 - ok
14:59:18.0259 6020 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
14:59:18.0259 6020 SiSRaid4 - ok
14:59:18.0290 6020 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\windows\system32\DRIVERS\smb.sys
14:59:18.0290 6020 Smb - ok
14:59:18.0352 6020 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\windows\System32\snmptrap.exe
14:59:18.0352 6020 SNMPTRAP - ok
14:59:18.0430 6020 [ 1FDD4915FD7E49D320AA8EEC9827EB09 ] SNP2UVC C:\windows\system32\DRIVERS\snp2uvc.sys
14:59:18.0446 6020 SNP2UVC - ok
14:59:18.0462 6020 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\windows\system32\drivers\spldr.sys
14:59:18.0462 6020 spldr - ok
14:59:18.0493 6020 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\windows\System32\spoolsv.exe
14:59:18.0508 6020 Spooler - ok
14:59:18.0602 6020 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\windows\system32\sppsvc.exe
14:59:18.0618 6020 sppsvc - ok
14:59:18.0649 6020 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\windows\system32\sppuinotify.dll
14:59:18.0649 6020 sppuinotify - ok
14:59:18.0664 6020 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\windows\system32\DRIVERS\srv.sys
14:59:18.0680 6020 srv - ok
14:59:18.0680 6020 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\windows\system32\DRIVERS\srv2.sys
14:59:18.0696 6020 srv2 - ok
14:59:18.0696 6020 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
14:59:18.0711 6020 srvnet - ok
14:59:18.0727 6020 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
14:59:18.0727 6020 SSDPSRV - ok
14:59:18.0742 6020 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\windows\system32\sstpsvc.dll
14:59:18.0742 6020 SstpSvc - ok
14:59:18.0820 6020 [ 03F6CF42A1DB74290448CDE668578C87 ] STacSV C:\Program Files\IDT\WDM\STacSV.exe
14:59:18.0820 6020 STacSV - ok
14:59:18.0836 6020 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
14:59:18.0836 6020 stexstor - ok
14:59:18.0867 6020 [ 8A8246F40792956E957F3E8D0C188963 ] STHDA C:\windows\system32\DRIVERS\stwrt.sys
14:59:18.0883 6020 STHDA - ok
14:59:18.0914 6020 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\windows\System32\wiaservc.dll
14:59:18.0930 6020 StiSvc - ok
14:59:18.0945 6020 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\windows\system32\drivers\swenum.sys
14:59:18.0945 6020 swenum - ok
14:59:18.0961 6020 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\windows\System32\swprv.dll
14:59:18.0976 6020 swprv - ok
14:59:18.0992 6020 [ 07FDB043F69EB95E1DAD7CE16B95BDD3 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
14:59:18.0992 6020 SynTP - ok
14:59:19.0039 6020 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\windows\system32\sysmain.dll
14:59:19.0054 6020 SysMain - ok
14:59:19.0070 6020 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
14:59:19.0070 6020 TabletInputService - ok
14:59:19.0101 6020 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\windows\System32\tapisrv.dll
14:59:19.0101 6020 TapiSrv - ok
14:59:19.0117 6020 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\windows\System32\tbssvc.dll
14:59:19.0132 6020 TBS - ok
14:59:19.0179 6020 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip C:\windows\system32\drivers\tcpip.sys
14:59:19.0179 6020 Tcpip - ok
14:59:19.0210 6020 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
14:59:19.0210 6020 TCPIP6 - ok
14:59:19.0242 6020 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
14:59:19.0257 6020 tcpipreg - ok
14:59:19.0273 6020 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
14:59:19.0273 6020 TDPIPE - ok
14:59:19.0288 6020 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
14:59:19.0288 6020 TDTCP - ok
14:59:19.0320 6020 [ B459575348C20E8121D6039DA063C704 ] tdx C:\windows\system32\DRIVERS\tdx.sys
14:59:19.0320 6020 tdx - ok
14:59:19.0351 6020 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\windows\system32\drivers\termdd.sys
14:59:19.0351 6020 TermDD - ok
14:59:19.0382 6020 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\windows\System32\termsrv.dll
14:59:19.0398 6020 TermService - ok
14:59:19.0413 6020 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\windows\system32\themeservice.dll
14:59:19.0413 6020 Themes - ok
14:59:19.0429 6020 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\windows\system32\mmcss.dll
14:59:19.0429 6020 THREADORDER - ok
14:59:19.0460 6020 [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM C:\windows\system32\drivers\tpm.sys
14:59:19.0460 6020 TPM - ok
14:59:19.0491 6020 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\windows\System32\trkwks.dll
14:59:19.0491 6020 TrkWks - ok
14:59:19.0538 6020 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
14:59:19.0538 6020 TrustedInstaller - ok
14:59:19.0554 6020 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
14:59:19.0554 6020 tssecsrv - ok
14:59:19.0616 6020 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
14:59:19.0616 6020 TsUsbFlt - ok
14:59:19.0647 6020 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
14:59:19.0647 6020 tunnel - ok
14:59:19.0663 6020 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
14:59:19.0663 6020 uagp35 - ok
14:59:19.0694 6020 [ C92E13E0DB1548455CFFC4AAF80FDFE7 ] uArcCapture C:\windows\system32\uArcCapture.exe
14:59:19.0710 6020 uArcCapture - ok
14:59:19.0725 6020 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\windows\system32\DRIVERS\udfs.sys
14:59:19.0725 6020 udfs - ok
14:59:19.0756 6020 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\windows\system32\UI0Detect.exe
14:59:19.0756 6020 UI0Detect - ok
14:59:19.0788 6020 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
14:59:19.0788 6020 uliagpkx - ok
14:59:19.0803 6020 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\windows\system32\drivers\umbus.sys
14:59:19.0803 6020 umbus - ok
14:59:19.0819 6020 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\windows\system32\DRIVERS\umpass.sys
14:59:19.0819 6020 UmPass - ok
14:59:19.0897 6020 [ 44AA8D5D3B3B5610FEF46CA8A9C52D8C ] UNS C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
14:59:19.0912 6020 UNS - ok
14:59:19.0944 6020 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\windows\System32\upnphost.dll
14:59:19.0944 6020 upnphost - ok
14:59:19.0959 6020 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
14:59:19.0959 6020 usbccgp - ok
14:59:19.0975 6020 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\windows\system32\drivers\usbcir.sys
14:59:19.0975 6020 usbcir - ok
14:59:20.0006 6020 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\windows\system32\drivers\usbehci.sys
14:59:20.0006 6020 usbehci - ok
14:59:20.0037 6020 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
14:59:20.0037 6020 usbhub - ok
14:59:20.0053 6020 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\windows\system32\drivers\usbohci.sys
14:59:20.0053 6020 usbohci - ok
14:59:20.0084 6020 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
14:59:20.0084 6020 usbprint - ok
14:59:20.0100 6020 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\windows\system32\drivers\USBSTOR.SYS
14:59:20.0100 6020 USBSTOR - ok
14:59:20.0115 6020 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\windows\system32\drivers\usbuhci.sys
14:59:20.0115 6020 usbuhci - ok
14:59:20.0146 6020 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
14:59:20.0146 6020 usbvideo - ok
14:59:20.0162 6020 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\windows\System32\uxsms.dll
14:59:20.0162 6020 UxSms - ok
14:59:20.0178 6020 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\windows\system32\lsass.exe
14:59:20.0178 6020 VaultSvc - ok
14:59:20.0240 6020 [ FC6F12C84F7194B77EC9AF9F46F68ADC ] vcsFPService C:\windows\system32\vcsFPService.exe
14:59:20.0256 6020 vcsFPService - ok
14:59:20.0271 6020 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
14:59:20.0271 6020 vdrvroot - ok
14:59:20.0318 6020 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\windows\System32\vds.exe
14:59:20.0318 6020 vds - ok
14:59:20.0349 6020 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
14:59:20.0349 6020 vga - ok
14:59:20.0349 6020 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\windows\System32\drivers\vga.sys
14:59:20.0349 6020 VgaSave - ok
14:59:20.0380 6020 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\windows\system32\drivers\vhdmp.sys
14:59:20.0380 6020 vhdmp - ok
14:59:20.0412 6020 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\windows\system32\drivers\viaagp.sys
14:59:20.0412 6020 viaagp - ok
14:59:20.0443 6020 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\windows\system32\DRIVERS\viac7.sys
14:59:20.0443 6020 ViaC7 - ok
14:59:20.0490 6020 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\windows\system32\drivers\viaide.sys
14:59:20.0490 6020 viaide - ok
14:59:20.0505 6020 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\windows\system32\drivers\volmgr.sys
14:59:20.0505 6020 volmgr - ok
14:59:20.0536 6020 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
14:59:20.0536 6020 volmgrx - ok
14:59:20.0568 6020 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\windows\system32\drivers\volsnap.sys
14:59:20.0568 6020 volsnap - ok
14:59:20.0599 6020 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
14:59:20.0599 6020 vsmraid - ok
14:59:20.0646 6020 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\windows\system32\vssvc.exe
14:59:20.0661 6020 VSS - ok
14:59:20.0692 6020 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
14:59:20.0692 6020 vwifibus - ok
14:59:20.0708 6020 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
14:59:20.0708 6020 vwififlt - ok
14:59:20.0724 6020 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
14:59:20.0724 6020 vwifimp - ok
14:59:20.0770 6020 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\windows\system32\w32time.dll
14:59:20.0770 6020 W32Time - ok
14:59:20.0786 6020 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
14:59:20.0786 6020 WacomPen - ok
14:59:20.0817 6020 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
14:59:20.0833 6020 WANARP - ok
14:59:20.0833 6020 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
14:59:20.0833 6020 Wanarpv6 - ok
14:59:20.0895 6020 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
14:59:20.0911 6020 WatAdminSvc - ok
14:59:20.0973 6020 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\windows\system32\wbengine.exe
14:59:20.0973 6020 wbengine - ok
14:59:20.0989 6020 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
14:59:21.0004 6020 WbioSrvc - ok
14:59:21.0020 6020 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\windows\System32\wcncsvc.dll
14:59:21.0036 6020 wcncsvc - ok
14:59:21.0036 6020 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
14:59:21.0051 6020 WcsPlugInService - ok
14:59:21.0051 6020 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\windows\system32\DRIVERS\wd.sys
14:59:21.0051 6020 Wd - ok
14:59:21.0082 6020 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
14:59:21.0082 6020 Wdf01000 - ok
14:59:21.0098 6020 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\windows\system32\wdi.dll
14:59:21.0098 6020 WdiServiceHost - ok
14:59:21.0114 6020 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\windows\system32\wdi.dll
14:59:21.0114 6020 WdiSystemHost - ok
14:59:21.0145 6020 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\windows\System32\webclnt.dll
14:59:21.0145 6020 WebClient - ok
14:59:21.0176 6020 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\windows\system32\wecsvc.dll
14:59:21.0176 6020 Wecsvc - ok
14:59:21.0192 6020 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\windows\System32\wercplsupport.dll
14:59:21.0192 6020 wercplsupport - ok
14:59:21.0223 6020 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\windows\System32\WerSvc.dll
14:59:21.0223 6020 WerSvc - ok
14:59:21.0238 6020 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
14:59:21.0238 6020 WfpLwf - ok
14:59:21.0254 6020 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\windows\system32\drivers\wimmount.sys
14:59:21.0254 6020 WIMMount - ok
14:59:21.0316 6020 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
14:59:21.0332 6020 WinDefend - ok
14:59:21.0348 6020 WinHttpAutoProxySvc - ok
14:59:21.0394 6020 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
14:59:21.0394 6020 Winmgmt - ok
14:59:21.0441 6020 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\windows\system32\WsmSvc.dll
14:59:21.0457 6020 WinRM - ok
14:59:21.0519 6020 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
14:59:21.0519 6020 WinUsb - ok
14:59:21.0550 6020 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\windows\System32\wlansvc.dll
14:59:21.0566 6020 Wlansvc - ok
14:59:21.0597 6020 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
14:59:21.0597 6020 WmiAcpi - ok
14:59:21.0613 6020 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
14:59:21.0613 6020 wmiApSrv - ok
14:59:21.0675 6020 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
14:59:21.0691 6020 WMPNetworkSvc - ok
14:59:21.0706 6020 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\windows\System32\wpcsvc.dll
14:59:21.0706 6020 WPCSvc - ok
14:59:21.0738 6020 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
14:59:21.0738 6020 WPDBusEnum - ok
14:59:21.0769 6020 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
14:59:21.0769 6020 ws2ifsl - ok
14:59:21.0784 6020 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\windows\System32\wscsvc.dll
14:59:21.0800 6020 wscsvc - ok
14:59:21.0800 6020 WSearch - ok
14:59:21.0862 6020 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\windows\system32\wuaueng.dll
14:59:21.0878 6020 wuauserv - ok
14:59:21.0909 6020 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
14:59:21.0909 6020 WudfPf - ok
14:59:21.0925 6020 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
14:59:21.0925 6020 WUDFRd - ok
14:59:21.0956 6020 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\windows\System32\WUDFSvc.dll
14:59:21.0956 6020 wudfsvc - ok
14:59:21.0987 6020 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\windows\System32\wwansvc.dll
14:59:21.0987 6020 WwanSvc - ok
14:59:22.0018 6020 ================ Scan global ===============================
14:59:22.0050 6020 [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
14:59:22.0065 6020 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\windows\system32\winsrv.dll
14:59:22.0081 6020 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\windows\system32\winsrv.dll
14:59:22.0096 6020 [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
14:59:22.0112 6020 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
14:59:22.0128 6020 [Global] - ok
14:59:22.0128 6020 ================ Scan MBR ==================================
14:59:22.0128 6020 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
14:59:22.0393 6020 \Device\Harddisk0\DR0 - ok
14:59:22.0393 6020 ================ Scan VBR ==================================
14:59:22.0408 6020 [ 15D1C892952F79EE4302964A6CA222E6 ] \Device\Harddisk0\DR0\Partition1
14:59:22.0408 6020 \Device\Harddisk0\DR0\Partition1 - ok
14:59:22.0424 6020 [ 48FD72FBB19A5AD18FD5680EFEBE81BF ] \Device\Harddisk0\DR0\Partition2
14:59:22.0424 6020 \Device\Harddisk0\DR0\Partition2 - ok
14:59:22.0440 6020 [ 392E71D268AA8CF0F1A1186182C5F590 ] \Device\Harddisk0\DR0\Partition3
14:59:22.0471 6020 \Device\Harddisk0\DR0\Partition3 - ok
14:59:22.0502 6020 [ FF1457EC9B0A4159F86E6031BCDD8EA9 ] \Device\Harddisk0\DR0\Partition4
14:59:22.0502 6020 \Device\Harddisk0\DR0\Partition4 - ok
14:59:22.0502 6020 ============================================================
14:59:22.0502 6020 Scan finished
14:59:22.0502 6020 ============================================================
14:59:22.0518 1820 Detected object count: 1
14:59:22.0518 1820 Actual detected object count: 1
15:00:09.0194 1820 SafeBoot ( LockedFile.Multi.Generic ) - skipped by user
15:00:09.0194 1820 SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip
15:00:39.0676 5676 Deinitialize success

Teď se jdu poprat s tím ComboFixem..

[Hastalda]

Log z ComboFix (snad jsem všechno udělala dobře):

ComboFix 12-09-12.03 - Zeryk 13.09.2012 15:20:42.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2998.1710 [GMT 2:00]
Spuštěný z: c:\users\Zeryk\Downloads\ComboFix.exe
AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpoFeedb.dll
c:\users\Zeryk\AppData\Roaming\inst.exe
c:\users\Zeryk\AppData\Roaming\vso_ts_preview.xml
c:\windows\iun6002.exe
c:\windows\system32\pt
c:\windows\system32\pt\DPCont32.dll.mui
c:\windows\system32\pt\DPCrProv.dll.mui
c:\windows\system32\pt\DPFPApiUI.dll.mui
c:\windows\system32\pt\DPPassFilter.dll.mui
c:\windows\system32\pt\DPStoreMan.dll.mui
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-13 do 2012-09-13 )))))))))))))))))))))))))))))))
.
.
2012-09-13 13:29 . 2012-09-13 13:31 -------- d-----w- c:\users\Zeryk\AppData\Local\temp
2012-09-12 17:07 . 2012-09-12 17:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-12 17:07 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-12 14:01 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 14:01 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 14:01 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 14:01 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 14:01 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 14:01 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 14:00 . 2012-08-27 23:50 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FD22438F-DDF5-4E90-93E5-58BEF1C4BD3F}\mpengine.dll
2012-09-08 18:47 . 2012-09-08 18:47 -------- d-----w- c:\users\Zeryk\AppData\Local\ESET
2012-09-08 18:46 . 2012-09-08 18:46 -------- d-----w- c:\program files\ESET
2012-09-08 18:26 . 2012-09-08 18:26 47360 ----a-w- c:\users\Zeryk\AppData\Roaming\pcouffin.sys
2012-09-08 15:08 . 2012-09-08 15:08 388096 ----a-r- c:\users\Zeryk\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-09-08 15:08 . 2012-09-08 15:08 -------- d-----w- c:\program files\Trend Micro
2012-09-08 13:10 . 2012-09-08 13:10 83872 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-09-08 13:10 . 2012-09-08 13:10 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-09-08 12:47 . 2012-09-08 12:52 -------- d-----w- c:\users\Zeryk\AppData\Roaming\Skype
2012-09-08 12:15 . 2012-09-08 12:15 -------- d-----w- c:\users\Zeryk\AppData\Roaming\Malwarebytes
2012-09-08 12:15 . 2012-09-08 12:15 -------- d-----w- c:\programdata\Malwarebytes
2012-09-08 11:44 . 2012-09-08 11:44 -------- d-----w- c:\windows\system32\SPReview
2012-09-08 11:34 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-09-08 11:34 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-09-08 11:34 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-09-08 11:34 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-09-08 11:33 . 2012-07-06 19:23 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-09-08 11:25 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-09-08 11:25 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-09-08 11:25 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-09-08 11:23 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-09-08 11:23 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-09-08 11:23 . 2010-11-20 10:21 18432 ----a-w- c:\windows\system32\drivers\tdpipe.sys
2012-09-08 09:44 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-09-08 09:44 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-09-08 09:44 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-09-08 09:44 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-09-08 09:44 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-09-08 09:44 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-09-08 09:44 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-09-08 09:43 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-09-08 09:43 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-08 11:57 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-01-05 254520]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2009-12-16 1690680]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-04 1594664]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2009-12-16 8192]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-12-12 11265536]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-09 98304]
"DTRun"="c:\program files\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe" [2009-11-19 518656]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-09-08 495708]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 3117344]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-11-17 22:39 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 RsvLock;RsvLock; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [x]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [x]
S2 uArcCapture;ArcCapture;c:\windows\system32\uArcCapture.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 20:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
mStart Page = hxxp://www.bing.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(608)
c:\windows\system32\DPFPApi.DLL
.
- - - - - - - > 'Explorer.exe'(5152)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\IDT\WDM\STacSV.exe
c:\windows\system32\atieclxx.exe
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\taskhost.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
c:\program files\Hewlett-Packard\Shared\hpCaslNotification.exe
.
**************************************************************************
.
Celkový čas: 2012-09-13 15:40:28 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-09-13 13:40
.
Před spuštěním: Volných bajtů: 450 107 117 568
Po spuštění: Volných bajtů: 449 722 626 048
.
- - End Of File - - AC807CCEA0C36CD45198B2155A763FDD

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJaqvaCache::

KillAll::
DDS::
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[Hastalda]

Vkládám log z ComboFix:

ComboFix 12-09-13.03 - Zeryk 14.09.2012 13:26:29.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2998.1653 [GMT 2:00]
Spuštěný z: c:\users\Zeryk\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Zeryk\Desktop\CFScript.txt
AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-08-14 do 2012-09-14 )))))))))))))))))))))))))))))))
.
.
2012-09-14 11:32 . 2012-09-14 11:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-14 11:17 . 2012-08-27 23:50 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C78C0E09-8D03-4765-9722-73AF10E9933E}\mpengine.dll
2012-09-13 13:54 . 2012-09-13 13:54 -------- d-----w- c:\program files\CCleaner
2012-09-13 13:29 . 2012-09-14 11:33 -------- d-----w- c:\users\Zeryk\AppData\Local\temp
2012-09-12 17:07 . 2012-09-12 17:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-12 17:07 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-12 14:01 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 14:01 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 14:01 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 14:01 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 14:01 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 14:01 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-08 18:47 . 2012-09-08 18:47 -------- d-----w- c:\users\Zeryk\AppData\Local\ESET
2012-09-08 18:46 . 2012-09-08 18:46 -------- d-----w- c:\program files\ESET
2012-09-08 18:26 . 2012-09-08 18:26 47360 ----a-w- c:\users\Zeryk\AppData\Roaming\pcouffin.sys
2012-09-08 15:08 . 2012-09-08 15:08 388096 ----a-r- c:\users\Zeryk\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-09-08 15:08 . 2012-09-08 15:08 -------- d-----w- c:\program files\Trend Micro
2012-09-08 13:10 . 2012-09-08 13:10 83872 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-09-08 13:10 . 2012-09-08 13:10 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-09-08 12:47 . 2012-09-08 12:52 -------- d-----w- c:\users\Zeryk\AppData\Roaming\Skype
2012-09-08 12:15 . 2012-09-08 12:15 -------- d-----w- c:\users\Zeryk\AppData\Roaming\Malwarebytes
2012-09-08 12:15 . 2012-09-08 12:15 -------- d-----w- c:\programdata\Malwarebytes
2012-09-08 11:44 . 2012-09-08 11:44 -------- d-----w- c:\windows\system32\SPReview
2012-09-08 11:34 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-09-08 11:34 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-09-08 11:34 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-09-08 11:34 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-09-08 11:33 . 2012-07-06 19:23 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-09-08 11:25 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-09-08 11:25 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-09-08 11:25 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-09-08 11:23 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-09-08 11:23 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-09-08 11:23 . 2010-11-20 10:21 18432 ----a-w- c:\windows\system32\drivers\tdpipe.sys
2012-09-08 09:44 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-09-08 09:44 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-09-08 09:44 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-09-08 09:44 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-09-08 09:44 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-09-08 09:44 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-09-08 09:44 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-09-08 09:43 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-09-08 09:43 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-08 11:57 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-01-05 254520]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2009-12-16 1690680]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-04 1594664]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2009-12-16 8192]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-12-12 11265536]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-09 98304]
"DTRun"="c:\program files\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe" [2009-11-19 518656]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-09-08 495708]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 3117344]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-11-17 22:39 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 RsvLock;RsvLock; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [x]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [x]
S2 uArcCapture;ArcCapture;c:\windows\system32\uArcCapture.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 20:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
mStart Page = hxxp://www.bing.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(604)
c:\windows\system32\DPFPApi.DLL
.
- - - - - - - > 'Explorer.exe'(5220)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\IDT\WDM\STacSV.exe
c:\windows\system32\atieclxx.exe
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\taskhost.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\sppsvc.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
c:\program files\Hewlett-Packard\Shared\hpCaslNotification.exe
.
**************************************************************************
.
Celkový čas: 2012-09-14 13:36:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-09-14 11:36
ComboFix2.txt 2012-09-13 13:40
.
Před spuštěním: Volných bajtů: 449 761 746 944
Po spuštění: Volných bajtů: 449 673 805 824
.
- - End Of File - - 6960895F6914E9CD2E5A0100BF4A2BDD

[Hastalda]

Teď nevím - mám před spuštěním aswMBR taky deaktivovat antivirový program, malwarabytes apod. jako před spuštěním ComboFix ???

[Hastalda]

Tak jsem provedla přesně podle instrukcí - stáhla jsem na plochu ntbu aswMBR, spustila, po nabídce stažení databáze AVAST jsem dala NE, po naběhnutí okna jsem dala Log, aplikace se spustila... ale před dokončením (a možností zadání Safe Log) se ntb zrestartoval a naběhla hláška něco v tom smyslu, že windows nenaběhly v pořádku a poté se zobrazilo okno s informací: "Systém Windows byl po neočekávaném vypnutí obnoven. Záznam události problému: BlueScreen (6.1.7601.2.1.0.768.3).

Zkusila jsem celý postup znovu a po spuštění logu zvýraznilo: "533 Service SafeBoot C:\windows\System32\Drivers\SafeBootSystem "LOCKED" 32 ...pak už standardně doběhlo a nabídlo možnost SafeLog:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-14 13:53:28
-----------------------------
13:53:28.084 OS Version: Windows 6.1.7601 Service Pack 1
13:53:28.084 Number of processors: 4 586 0x2502
13:53:28.084 ComputerName: ZERYK-HP UserName: Zeryk
13:53:52.435 Initialize success
13:54:18.581 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:54:18.596 Disk 0 Vendor: TOSHIBA_ LH00 Size: 476940MB BusType: 3
13:54:18.612 Disk 0 MBR read successfully
13:54:18.612 Disk 0 MBR scan
13:54:18.628 Disk 0 Windows VISTA default MBR code
13:54:18.628 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 2048
13:54:18.643 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 459231 MB offset 616448
13:54:18.674 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15360 MB offset 941121536
13:54:18.706 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 2043 MB offset 972578816
13:54:18.706 Disk 0 scanning sectors +976762880
13:54:18.784 Disk 0 scanning C:\windows\system32\drivers
13:54:26.381 Service scanning
13:54:38.533 Service SafeBoot C:\windows\System32\Drivers\SafeBoot.sys **LOCKED** 32
13:54:41.263 Disk 0 MBR has been saved successfully to "C:\Users\Zeryk\Desktop\MBR.dat"
13:54:41.279 The log file has been saved successfully to "C:\Users\Zeryk\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-14 13:53:28
-----------------------------
13:53:28.084 OS Version: Windows 6.1.7601 Service Pack 1
13:53:28.084 Number of processors: 4 586 0x2502
13:53:28.084 ComputerName: ZERYK-HP UserName: Zeryk
13:53:52.435 Initialize success
13:54:18.581 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:54:18.596 Disk 0 Vendor: TOSHIBA_ LH00 Size: 476940MB BusType: 3
13:54:18.612 Disk 0 MBR read successfully
13:54:18.612 Disk 0 MBR scan
13:54:18.628 Disk 0 Windows VISTA default MBR code
13:54:18.628 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 2048
13:54:18.643 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 459231 MB offset 616448
13:54:18.674 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15360 MB offset 941121536
13:54:18.706 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 2043 MB offset 972578816
13:54:18.706 Disk 0 scanning sectors +976762880
13:54:18.784 Disk 0 scanning C:\windows\system32\drivers
13:54:26.381 Service scanning
13:54:38.533 Service SafeBoot C:\windows\System32\Drivers\SafeBoot.sys **LOCKED** 32
13:54:41.263 Disk 0 MBR has been saved successfully to "C:\Users\Zeryk\Desktop\MBR.dat"
13:54:41.279 The log file has been saved successfully to "C:\Users\Zeryk\Desktop\aswMBR.txt"
13:54:43.901 Modules scanning
13:54:52.637 Disk 0 trace - called modules:
13:54:52.653 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll ACPI.sys iaStor.sys
13:54:52.669 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f67030]
13:54:52.684 3 CLASSPNP.SYS[8b7c459e] -> nt!IofCallDriver -> [0x86f66a08]
13:54:52.700 5 hpdskflt.sys[8b82f090] -> nt!IofCallDriver -> [0x864d1700]
13:54:52.715 7 ACPI.sys[8b0b93d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86464028]
13:54:52.715 Scan finished successfully
13:55:58.425 Disk 0 MBR has been saved successfully to "C:\Users\Zeryk\Desktop\MBR.dat"
13:55:58.425 The log file has been saved successfully to "C:\Users\Zeryk\Desktop\aswMBR.txt"

[Hastalda]

Jjjj.., zapomněla jsem před spuštěním aswMBR ještě provést nový log HJT:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:07:13, on 14.9.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\windows\system32\Dwm.exe
C:\windows\system32\taskhost.exe
C:\windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [DTRun] c:\Program Files\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\windows\system32\atiesrxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\Windows\system32\flcdlock.exe
O23 - Service: HP Health Check Service - Unknown owner - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (file missing)
O23 - Service: HP Power Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP DayStarter Service (HPDayStarterService) - Hewlett-Packard Company - c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - c:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: HP Hotkey Monitor (hpHotkeyMonitor) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard - C:\windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: @%SystemRoot%\system32\stlang.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\windows\system32\uArcCapture.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe

--
End of file - 9432 bytes