Kontrola logu Vyřešeno

[Nolax]

Dobrý den

Prosím o pomoc s řešením problému : Změna pozadí plochy, a nestála změna vzhledu oken. Nefungující Host Process for Windows services atd
Avira našla nějakého TRgraftor.
Mbam log byl čistý.
Díky.
Přikládám log z Hjt:
ogfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:09:20, on 27.10.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19328)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\nantan\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.hotspotshield.com/g/?c=h
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?CZ (file missing)
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/red ... &site=home (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5289 bytes

[Reklama]

[Orcus]

Odinstaluj:
Spybot-Search&Destroy

Fixni:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.hotspotshield.com/g/?c=h
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

===================================================


Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

====================================================

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

Pokud budou problémy , spusť v nouz. režimu.

[Nolax]

18:21:32.0283 3912 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
18:21:33.0250 3912 ============================================================
18:21:33.0250 3912 Current date / time: 2012/10/27 18:21:33.0250
18:21:33.0250 3912 SystemInfo:
18:21:33.0250 3912
18:21:33.0250 3912 OS Version: 6.0.6002 ServicePack: 2.0
18:21:33.0250 3912 Product type: Workstation
18:21:33.0250 3912 ComputerName: SKY3OM2
18:21:33.0250 3912 UserName: nantan
18:21:33.0250 3912 Windows directory: C:\Windows
18:21:33.0250 3912 System windows directory: C:\Windows
18:21:33.0250 3912 Processor architecture: Intel x86
18:21:33.0250 3912 Number of processors: 2
18:21:33.0250 3912 Page size: 0x1000
18:21:33.0250 3912 Boot type: Normal boot
18:21:33.0250 3912 ============================================================
18:21:47.0290 3912 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:21:47.0306 3912 ============================================================
18:21:47.0306 3912 \Device\Harddisk0\DR0:
18:21:47.0306 3912 MBR partitions:
18:21:47.0306 3912 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x129C7800
18:21:47.0306 3912 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12CB6000, BlocksNum 0x127782B0
18:21:47.0306 3912 ============================================================
18:21:47.0384 3912 C: <-> \Device\Harddisk0\DR0\Partition1
18:21:47.0524 3912 E: <-> \Device\Harddisk0\DR0\Partition2
18:21:47.0524 3912 ============================================================
18:21:47.0524 3912 Initialize success
18:21:47.0524 3912 ============================================================
18:22:19.0797 2544 ============================================================
18:22:19.0797 2544 Scan started
18:22:19.0797 2544 Mode: Manual;
18:22:19.0797 2544 ============================================================
18:22:22.0621 2544 ================ Scan system memory ========================
18:22:22.0621 2544 System memory - ok
18:22:22.0621 2544 ================ Scan services =============================
18:22:24.0992 2544 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
18:22:41.0684 2544 ACPI - ok
18:22:41.0684 2544 Scan interrupted by user!
18:22:41.0684 2544 ================ Scan global ===============================
18:22:41.0684 2544 Scan interrupted by user!
18:22:41.0684 2544 ================ Scan MBR ==================================
18:22:41.0684 2544 Scan interrupted by user!
18:22:41.0684 2544 ================ Scan VBR ==================================
18:22:41.0684 2544 Scan interrupted by user!
18:22:41.0684 2544 ================ Scan active images ========================
18:22:41.0684 2544 ============================================================
18:22:41.0684 2544 Scan finished
18:22:41.0684 2544 ============================================================
18:22:41.0699 2532 Detected object count: 0
18:22:41.0699 2532 Actual detected object count: 0
18:23:24.0360 1240 ============================================================
18:23:24.0360 1240 Scan started
18:23:24.0360 1240 Mode: Manual;
18:23:24.0360 1240 ============================================================
18:23:24.0890 1240 ================ Scan system memory ========================
18:23:24.0890 1240 System memory - ok
18:23:24.0890 1240 ================ Scan services =============================
18:23:25.0078 1240 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
18:23:25.0078 1240 ACPI - ok
18:23:25.0140 1240 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:23:25.0156 1240 adp94xx - ok
18:23:25.0218 1240 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:23:25.0234 1240 adpahci - ok
18:23:25.0265 1240 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
18:23:25.0265 1240 adpu160m - ok
18:23:25.0312 1240 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:23:25.0312 1240 adpu320 - ok
18:23:25.0358 1240 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:23:25.0358 1240 AeLookupSvc - ok
18:23:25.0405 1240 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
18:23:25.0436 1240 AFD - ok
18:23:25.0624 1240 [ 5D97943C128ED756D1B0A08302C1B1F8 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
18:23:25.0795 1240 AgereSoftModem - ok
18:23:25.0826 1240 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:23:25.0826 1240 agp440 - ok
18:23:25.0858 1240 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
18:23:25.0873 1240 aic78xx - ok
18:23:25.0920 1240 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
18:23:25.0920 1240 ALG - ok
18:23:25.0967 1240 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
18:23:25.0982 1240 aliide - ok
18:23:25.0998 1240 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:23:25.0998 1240 amdagp - ok
18:23:26.0045 1240 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
18:23:26.0045 1240 amdide - ok
18:23:26.0092 1240 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
18:23:26.0092 1240 AmdK7 - ok
18:23:26.0123 1240 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:23:26.0123 1240 AmdK8 - ok
18:23:26.0170 1240 [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
18:23:26.0185 1240 androidusb - ok
18:23:26.0497 1240 [ 548DFB36A6B1A8123BBA4DCFE0BEAD83 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:23:26.0497 1240 AntiVirSchedulerService - ok
18:23:26.0528 1240 [ 2FC40C57EECC7C7E400654605E76A0B3 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:23:26.0528 1240 AntiVirService - ok
18:23:26.0575 1240 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
18:23:26.0622 1240 Appinfo - ok
18:23:26.0669 1240 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
18:23:26.0700 1240 arc - ok
18:23:26.0731 1240 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:23:26.0747 1240 arcsas - ok
18:23:26.0778 1240 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:23:26.0903 1240 AsyncMac - ok
18:23:26.0934 1240 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
18:23:27.0028 1240 atapi - ok
18:23:27.0184 1240 [ 8BE56F8300E1C37B578DA23C71816B7A ] athr C:\Windows\system32\DRIVERS\athr.sys
18:23:27.0215 1240 athr - ok
18:23:27.0277 1240 [ 54D715AF597C06E87418C50F481BDD2C ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
18:23:27.0277 1240 Ati External Event Utility - ok
18:23:27.0480 1240 [ BE4D8FDC6B2598C46B2B5E6E4FBAAFC5 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:23:27.0605 1240 atikmdag - ok
18:23:27.0636 1240 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:23:27.0652 1240 AudioEndpointBuilder - ok
18:23:27.0652 1240 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:23:27.0652 1240 Audiosrv - ok
18:23:27.0714 1240 [ 583B68234A159BA64090F3CAE7360F03 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:23:27.0730 1240 avgntflt - ok
18:23:27.0761 1240 [ C499333D8915597FE415F0058EFFD7D2 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
18:23:27.0776 1240 avipbb - ok
18:23:27.0792 1240 [ 52EC5F852B42136C513B9009A3C27891 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
18:23:27.0792 1240 avkmgr - ok
18:23:27.0823 1240 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
18:23:27.0839 1240 Beep - ok
18:23:27.0870 1240 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
18:23:27.0870 1240 BFE - ok
18:23:27.0901 1240 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
18:23:27.0917 1240 BITS - ok
18:23:27.0948 1240 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
18:23:27.0948 1240 blbdrive - ok
18:23:27.0995 1240 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:23:28.0010 1240 bowser - ok
18:23:28.0026 1240 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
18:23:28.0026 1240 BrFiltLo - ok
18:23:28.0057 1240 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
18:23:28.0057 1240 BrFiltUp - ok
18:23:28.0088 1240 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
18:23:28.0088 1240 Browser - ok
18:23:28.0135 1240 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
18:23:28.0151 1240 Brserid - ok
18:23:28.0182 1240 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
18:23:28.0322 1240 BrSerWdm - ok
18:23:28.0354 1240 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
18:23:28.0400 1240 BrUsbMdm - ok
18:23:28.0416 1240 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
18:23:28.0603 1240 BrUsbSer - ok
18:23:28.0634 1240 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:23:28.0650 1240 BTHMODEM - ok
18:23:28.0666 1240 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:23:28.0666 1240 cdfs - ok
18:23:28.0697 1240 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:23:28.0712 1240 cdrom - ok
18:23:28.0728 1240 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
18:23:28.0744 1240 CertPropSvc - ok
18:23:28.0759 1240 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
18:23:28.0759 1240 circlass - ok
18:23:28.0790 1240 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
18:23:28.0806 1240 CLFS - ok
18:23:28.0853 1240 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:23:28.0868 1240 clr_optimization_v2.0.50727_32 - ok
18:23:28.0978 1240 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:23:28.0993 1240 clr_optimization_v4.0.30319_32 - ok
18:23:29.0009 1240 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:23:29.0024 1240 CmBatt - ok
18:23:29.0258 1240 [ 907324001AE25AC5959C91EAA34CABAE ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
18:23:29.0258 1240 cmdAgent - ok
18:23:29.0352 1240 [ 22D54351B7A2C94814D00FAA502FF381 ] cmdGuard C:\Windows\system32\DRIVERS\cmdguard.sys
18:23:29.0368 1240 cmdGuard - ok
18:23:29.0399 1240 [ FFB59CAD4BE8C317624D40959A48A5DB ] cmdHlp C:\Windows\system32\DRIVERS\cmdhlp.sys
18:23:29.0414 1240 cmdHlp - ok
18:23:29.0461 1240 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:23:29.0477 1240 cmdide - ok
18:23:29.0492 1240 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:23:29.0508 1240 Compbatt - ok
18:23:29.0508 1240 COMSysApp - ok
18:23:29.0570 1240 [ D10D01B2DFCD8D2F32A32ED29E8DA1C2 ] ConfigFree Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
18:23:29.0570 1240 ConfigFree Service - ok
18:23:29.0586 1240 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:23:29.0633 1240 crcdisk - ok
18:23:29.0664 1240 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
18:23:29.0820 1240 Crusoe - ok
18:23:29.0851 1240 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:23:29.0851 1240 CryptSvc - ok
18:23:29.0960 1240 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:23:29.0976 1240 DcomLaunch - ok
18:23:29.0992 1240 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:23:29.0992 1240 DfsC - ok
18:23:30.0054 1240 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
18:23:30.0163 1240 DFSR - ok
18:23:30.0210 1240 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
18:23:30.0210 1240 Dhcp - ok
18:23:30.0241 1240 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
18:23:30.0257 1240 disk - ok
18:23:30.0288 1240 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:23:30.0304 1240 Dnscache - ok
18:23:30.0366 1240 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:23:30.0397 1240 dot3svc - ok
18:23:30.0444 1240 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
18:23:30.0444 1240 DPS - ok
18:23:30.0538 1240 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:23:30.0538 1240 drmkaud - ok
18:23:30.0616 1240 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:23:30.0616 1240 DXGKrnl - ok
18:23:30.0647 1240 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
18:23:30.0662 1240 E1G60 - ok
18:23:30.0709 1240 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
18:23:30.0725 1240 EapHost - ok
18:23:30.0756 1240 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
18:23:30.0787 1240 Ecache - ok
18:23:30.0834 1240 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:23:30.0850 1240 ehRecvr - ok
18:23:30.0881 1240 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
18:23:30.0881 1240 ehSched - ok
18:23:30.0896 1240 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
18:23:30.0912 1240 ehstart - ok
18:23:31.0068 1240 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:23:31.0115 1240 elxstor - ok
18:23:31.0162 1240 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
18:23:31.0177 1240 EMDMgmt - ok
18:23:31.0208 1240 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:23:31.0224 1240 ErrDev - ok
18:23:31.0255 1240 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
18:23:31.0271 1240 EventSystem - ok
18:23:31.0380 1240 [ 82E7EB9F12321052CD9A904B13724EE2 ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
18:23:31.0489 1240 ewusbnet - ok
18:23:31.0552 1240 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
18:23:31.0614 1240 exfat - ok
18:23:31.0645 1240 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:23:31.0661 1240 fastfat - ok
18:23:31.0692 1240 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:23:31.0723 1240 fdc - ok
18:23:31.0739 1240 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
18:23:31.0739 1240 fdPHost - ok
18:23:31.0754 1240 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
18:23:31.0754 1240 FDResPub - ok
18:23:31.0770 1240 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:23:31.0786 1240 FileInfo - ok
18:23:31.0801 1240 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:23:31.0801 1240 Filetrace - ok
18:23:31.0817 1240 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:23:31.0832 1240 flpydisk - ok
18:23:31.0864 1240 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:23:31.0879 1240 FltMgr - ok
18:23:31.0926 1240 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
18:23:31.0926 1240 FontCache - ok
18:23:31.0973 1240 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:23:31.0973 1240 FontCache3.0.0.0 - ok
18:23:32.0035 1240 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:23:32.0051 1240 Fs_Rec - ok
18:23:32.0082 1240 [ CBC22823628544735625B280665E434E ] FwLnk C:\Windows\system32\DRIVERS\FwLnk.sys
18:23:32.0082 1240 FwLnk - ok
18:23:32.0113 1240 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:23:32.0113 1240 gagp30kx - ok
18:23:32.0207 1240 [ 947DA3AD94A7593BFA439939AC5E823B ] getPlusHelper C:\Program Files\NOS\bin\getPlus_Helper.dll
18:23:32.0238 1240 getPlusHelper - ok
18:23:32.0378 1240 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
18:23:32.0456 1240 gpsvc - ok
18:23:32.0597 1240 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:23:32.0597 1240 gupdate - ok
18:23:32.0659 1240 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:23:32.0659 1240 gupdatem - ok
18:23:32.0690 1240 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:23:32.0706 1240 gusvc - ok
18:23:32.0753 1240 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:23:32.0768 1240 HdAudAddService - ok
18:23:32.0800 1240 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:23:32.0815 1240 HDAudBus - ok
18:23:32.0862 1240 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:23:32.0862 1240 HidBth - ok
18:23:32.0862 1240 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
18:23:32.0878 1240 HidIr - ok
18:23:32.0909 1240 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
18:23:32.0909 1240 hidserv - ok
18:23:32.0940 1240 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:23:32.0956 1240 HidUsb - ok
18:23:32.0987 1240 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:23:32.0987 1240 hkmsvc - ok
18:23:33.0034 1240 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
18:23:33.0080 1240 HpCISSs - ok
18:23:33.0127 1240 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:23:33.0158 1240 HTTP - ok
18:23:33.0190 1240 [ 348C3A9D01E68A0222A246346924AA55 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
18:23:33.0190 1240 hwdatacard - ok
18:23:33.0236 1240 [ 460B1945C3E6B0419A76E1B507B90B71 ] hwusbfake C:\Windows\system32\DRIVERS\ewusbfake.sys
18:23:33.0252 1240 hwusbfake - ok
18:23:33.0283 1240 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
18:23:33.0299 1240 i2omp - ok
18:23:33.0330 1240 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:23:33.0346 1240 i8042prt - ok
18:23:33.0392 1240 [ DB0CC620B27A928D968C1A1E9CD9CB87 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:23:33.0408 1240 iaStor - ok
18:23:33.0517 1240 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
18:23:33.0564 1240 iaStorV - ok
18:23:33.0798 1240 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:23:33.0876 1240 idsvc - ok
18:23:33.0907 1240 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:23:33.0907 1240 iirsp - ok
18:23:33.0970 1240 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
18:23:33.0985 1240 IKEEXT - ok
18:23:34.0048 1240 [ D9F7411DBC673DBCDF517192301C8530 ] inspect C:\Windows\system32\DRIVERS\inspect.sys
18:23:34.0048 1240 inspect - ok
18:23:34.0188 1240 [ B9CBD3DEA7CA02868621173BF7A2AF9F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
18:23:34.0235 1240 IntcAzAudAddService - ok
18:23:34.0282 1240 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
18:23:34.0313 1240 intelide - ok
18:23:34.0328 1240 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:23:34.0328 1240 intelppm - ok
18:23:34.0360 1240 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:23:34.0391 1240 IPBusEnum - ok
18:23:34.0406 1240 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:23:34.0438 1240 IpFilterDriver - ok
18:23:34.0500 1240 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:23:34.0500 1240 iphlpsvc - ok
18:23:34.0516 1240 IpInIp - ok
18:23:34.0531 1240 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
18:23:34.0562 1240 IPMIDRV - ok
18:23:34.0640 1240 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
18:23:34.0656 1240 IPNAT - ok
18:23:34.0687 1240 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:23:34.0687 1240 IRENUM - ok
18:23:34.0703 1240 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:23:34.0718 1240 isapnp - ok
18:23:34.0750 1240 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:23:34.0750 1240 iScsiPrt - ok
18:23:34.0796 1240 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
18:23:34.0859 1240 iteatapi - ok
18:23:34.0874 1240 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
18:23:34.0874 1240 iteraid - ok
18:23:34.0890 1240 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:23:34.0906 1240 kbdclass - ok
18:23:34.0937 1240 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:23:34.0952 1240 kbdhid - ok
18:23:34.0968 1240 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
18:23:34.0968 1240 KeyIso - ok
18:23:34.0999 1240 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:23:35.0015 1240 KSecDD - ok
18:23:35.0062 1240 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
18:23:35.0062 1240 KtmRm - ok
18:23:35.0093 1240 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
18:23:35.0093 1240 LanmanServer - ok
18:23:35.0124 1240 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:23:35.0124 1240 LanmanWorkstation - ok
18:23:35.0155 1240 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:23:35.0186 1240 lltdio - ok
18:23:35.0218 1240 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:23:35.0389 1240 lltdsvc - ok
18:23:35.0405 1240 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:23:35.0405 1240 lmhosts - ok
18:23:35.0436 1240 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:23:35.0452 1240 LSI_FC - ok
18:23:35.0467 1240 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:23:35.0483 1240 LSI_SAS - ok
18:23:35.0498 1240 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:23:35.0498 1240 LSI_SCSI - ok
18:23:35.0530 1240 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
18:23:35.0530 1240 luafv - ok
18:23:35.0561 1240 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:23:35.0561 1240 Mcx2Svc - ok
18:23:35.0576 1240 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
18:23:35.0576 1240 megasas - ok
18:23:35.0608 1240 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
18:23:35.0623 1240 MegaSR - ok
18:23:35.0654 1240 [ 41FE2F288E05A6C8AB85DD56770FFBAD ] mferkdk C:\Windows\system32\drivers\mferkdk.sys
18:23:35.0654 1240 mferkdk - ok
18:23:35.0686 1240 [ 096B52EA918AA909BA5903D79E129005 ] mfesmfk C:\Windows\system32\drivers\mfesmfk.sys
18:23:35.0686 1240 mfesmfk - ok
18:23:35.0717 1240 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
18:23:35.0717 1240 MMCSS - ok
18:23:35.0764 1240 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
18:23:35.0795 1240 Modem - ok
18:23:35.0795 1240 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:23:35.0795 1240 monitor - ok
18:23:35.0810 1240 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:23:35.0826 1240 mouclass - ok
18:23:35.0857 1240 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:23:35.0904 1240 mouhid - ok
18:23:35.0935 1240 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
18:23:35.0951 1240 MountMgr - ok
18:23:35.0982 1240 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
18:23:35.0982 1240 mpio - ok
18:23:36.0013 1240 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:23:36.0013 1240 mpsdrv - ok
18:23:36.0044 1240 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
18:23:36.0044 1240 MpsSvc - ok
18:23:36.0076 1240 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
18:23:36.0076 1240 Mraid35x - ok
18:23:36.0091 1240 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:23:36.0107 1240 MRxDAV - ok
18:23:36.0122 1240 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:23:36.0138 1240 mrxsmb - ok
18:23:36.0169 1240 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:23:36.0169 1240 mrxsmb10 - ok
18:23:36.0185 1240 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:23:36.0200 1240 mrxsmb20 - ok
18:23:36.0232 1240 [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci C:\Windows\system32\drivers\msahci.sys
18:23:36.0232 1240 msahci - ok
18:23:36.0263 1240 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:23:36.0263 1240 msdsm - ok
18:23:36.0294 1240 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
18:23:36.0310 1240 MSDTC - ok
18:23:36.0310 1240 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:23:36.0325 1240 Msfs - ok
18:23:36.0325 1240 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:23:36.0341 1240 msisadrv - ok
18:23:36.0372 1240 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:23:36.0372 1240 MSiSCSI - ok
18:23:36.0388 1240 msiserver - ok
18:23:36.0403 1240 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:23:36.0419 1240 MSKSSRV - ok
18:23:36.0434 1240 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:23:36.0434 1240 MSPCLOCK - ok
18:23:36.0450 1240 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:23:36.0450 1240 MSPQM - ok
18:23:36.0481 1240 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:23:36.0512 1240 MsRPC - ok
18:23:36.0528 1240 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:23:36.0528 1240 mssmbios - ok
18:23:36.0544 1240 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:23:36.0544 1240 MSTEE - ok
18:23:36.0559 1240 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
18:23:36.0559 1240 Mup - ok
18:23:36.0606 1240 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
18:23:36.0606 1240 napagent - ok
18:23:36.0622 1240 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:23:36.0637 1240 NativeWifiP - ok
18:23:36.0700 1240 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:23:36.0715 1240 NDIS - ok
18:23:36.0746 1240 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:23:36.0809 1240 NdisTapi - ok
18:23:36.0824 1240 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:23:36.0840 1240 Ndisuio - ok
18:23:36.0856 1240 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:23:36.0871 1240 NdisWan - ok
18:23:36.0902 1240 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:23:36.0902 1240 NDProxy - ok
18:23:36.0934 1240 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:23:36.0934 1240 NetBIOS - ok
18:23:36.0965 1240 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
18:23:36.0965 1240 netbt - ok
18:23:36.0980 1240 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
18:23:36.0980 1240 Netlogon - ok
18:23:37.0012 1240 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
18:23:37.0012 1240 Netman - ok
18:23:37.0027 1240 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
18:23:37.0043 1240 netprofm - ok
18:23:37.0090 1240 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:23:37.0105 1240 NetTcpPortSharing - ok
18:23:37.0152 1240 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:23:37.0168 1240 nfrd960 - ok
18:23:37.0183 1240 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:23:37.0183 1240 NlaSvc - ok
18:23:37.0230 1240 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF C:\Windows\system32\drivers\npf.sys
18:23:37.0230 1240 NPF - ok
18:23:37.0261 1240 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:23:37.0277 1240 Npfs - ok
18:23:37.0292 1240 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
18:23:37.0292 1240 nsi - ok
18:23:37.0339 1240 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:23:37.0339 1240 nsiproxy - ok
18:23:37.0417 1240 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:23:37.0464 1240 Ntfs - ok
18:23:37.0480 1240 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
18:23:37.0480 1240 ntrigdigi - ok
18:23:37.0511 1240 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
18:23:37.0511 1240 Null - ok
18:23:37.0526 1240 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:23:37.0604 1240 nvraid - ok
18:23:37.0620 1240 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:23:37.0636 1240 nvstor - ok
18:23:37.0651 1240 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:23:37.0682 1240 nv_agp - ok
18:23:37.0682 1240 NwlnkFlt - ok
18:23:37.0698 1240 NwlnkFwd - ok
18:23:37.0792 1240 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:23:37.0807 1240 odserv - ok
18:23:37.0838 1240 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
18:23:37.0838 1240 ohci1394 - ok
18:23:37.0885 1240 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:23:37.0916 1240 ose - ok
18:23:37.0963 1240 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
18:23:38.0057 1240 p2pimsvc - ok
18:23:38.0072 1240 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
18:23:38.0072 1240 p2psvc - ok
18:23:38.0104 1240 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
18:23:38.0135 1240 Parport - ok
18:23:38.0166 1240 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:23:38.0182 1240 partmgr - ok
18:23:38.0197 1240 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
18:23:38.0197 1240 Parvdm - ok
18:23:38.0244 1240 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
18:23:38.0244 1240 PcaSvc - ok
18:23:38.0275 1240 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
18:23:38.0275 1240 pci - ok
18:23:38.0291 1240 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\DRIVERS\pciide.sys
18:23:38.0306 1240 pciide - ok
18:23:38.0338 1240 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:23:38.0353 1240 pcmcia - ok
18:23:38.0384 1240 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:23:38.0416 1240 PEAUTH - ok
18:23:38.0618 1240 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
18:23:38.0728 1240 pla - ok
18:23:38.0759 1240 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:23:38.0759 1240 PlugPlay - ok
18:23:38.0837 1240 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
18:23:38.0837 1240 PNRPAutoReg - ok
18:23:38.0868 1240 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
18:23:38.0868 1240 PNRPsvc - ok
18:23:38.0899 1240 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:23:38.0915 1240 PolicyAgent - ok
18:23:38.0946 1240 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:23:38.0946 1240 PptpMiniport - ok
18:23:38.0977 1240 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
18:23:38.0977 1240 Processor - ok
18:23:39.0008 1240 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
18:23:39.0008 1240 ProfSvc - ok
18:23:39.0024 1240 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
18:23:39.0024 1240 ProtectedStorage - ok
18:23:39.0071 1240 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
18:23:39.0102 1240 PSched - ok
18:23:39.0118 1240 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
18:23:39.0149 1240 PxHelp20 - ok
18:23:39.0196 1240 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:23:39.0227 1240 ql2300 - ok
18:23:39.0274 1240 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:23:39.0274 1240 ql40xx - ok
18:23:39.0305 1240 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
18:23:39.0320 1240 QWAVE - ok
18:23:39.0352 1240 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:23:39.0352 1240 QWAVEdrv - ok
18:23:39.0398 1240 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:23:39.0398 1240 RasAcd - ok
18:23:39.0414 1240 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
18:23:39.0430 1240 RasAuto - ok
18:23:39.0445 1240 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:23:39.0461 1240 Rasl2tp - ok
18:23:39.0492 1240 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
18:23:39.0492 1240 RasMan - ok
18:23:39.0523 1240 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:23:39.0523 1240 RasPppoe - ok
18:23:39.0554 1240 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:23:39.0554 1240 RasSstp - ok
18:23:39.0570 1240 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:23:39.0586 1240 rdbss - ok
18:23:39.0601 1240 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:23:39.0601 1240 RDPCDD - ok
18:23:39.0648 1240 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
18:23:39.0648 1240 rdpdr - ok
18:23:39.0664 1240 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:23:39.0664 1240 RDPENCDD - ok
18:23:39.0695 1240 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:23:39.0710 1240 RDPWD - ok
18:23:39.0773 1240 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:23:39.0773 1240 RemoteAccess - ok
18:23:39.0788 1240 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:23:39.0804 1240 RemoteRegistry - ok
18:23:39.0820 1240 [ C2EF513BBE069F0D4EE0938A76F975D3 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
18:23:39.0820 1240 rimmptsk - ok
18:23:39.0851 1240 [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
18:23:39.0851 1240 rimsptsk - ok
18:23:39.0866 1240 [ 2A2554CB24506E0A0508FC395C4A1B42 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
18:23:39.0866 1240 rismxdp - ok
18:23:39.0866 1240 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
18:23:39.0882 1240 RpcLocator - ok
18:23:39.0898 1240 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
18:23:39.0913 1240 RpcSs - ok
18:23:39.0913 1240 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:23:39.0913 1240 rspndr - ok
18:23:39.0944 1240 [ 2D19A7469EA19993D0C12E627F4530BC ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
18:23:39.0960 1240 RTL8169 - ok
18:23:39.0960 1240 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
18:23:39.0960 1240 SamSs - ok
18:23:39.0976 1240 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:23:40.0007 1240 sbp2port - ok
18:23:40.0038 1240 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:23:40.0038 1240 SCardSvr - ok
18:23:40.0085 1240 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
18:23:40.0100 1240 Schedule - ok
18:23:40.0116 1240 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:23:40.0116 1240 SCPolicySvc - ok
18:23:40.0132 1240 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
18:23:40.0147 1240 sdbus - ok
18:23:40.0178 1240 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:23:40.0178 1240 SDRSVC - ok
18:23:40.0210 1240 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:23:40.0225 1240 secdrv - ok
18:23:40.0241 1240 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
18:23:40.0272 1240 seclogon - ok
18:23:40.0288 1240 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
18:23:40.0303 1240 SENS - ok
18:23:40.0319 1240 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
18:23:40.0334 1240 Serenum - ok
18:23:40.0366 1240 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
18:23:40.0397 1240 Serial - ok
18:23:40.0428 1240 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:23:40.0428 1240 sermouse - ok
18:23:40.0475 1240 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
18:23:40.0490 1240 SessionEnv - ok
18:23:40.0506 1240 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
18:23:40.0615 1240 sffdisk - ok
18:23:40.0646 1240 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:23:40.0662 1240 sffp_mmc - ok
18:23:40.0693 1240 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
18:23:40.0693 1240 sffp_sd - ok
18:23:40.0709 1240 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:23:40.0724 1240 sfloppy - ok
18:23:40.0787 1240 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:23:40.0787 1240 SharedAccess - ok
18:23:40.0818 1240 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:23:40.0834 1240 ShellHWDetection - ok
18:23:40.0865 1240 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:23:40.0896 1240 sisagp - ok
18:23:40.0912 1240 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
18:23:40.0912 1240 SiSRaid2 - ok
18:23:40.0927 1240 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:23:40.0943 1240 SiSRaid4 - ok
18:23:41.0114 1240 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
18:23:41.0130 1240 slsvc - ok
18:23:41.0192 1240 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
18:23:41.0192 1240 SLUINotify - ok
18:23:41.0255 1240 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:23:41.0270 1240 Smb - ok
18:23:41.0317 1240 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:23:41.0333 1240 SNMPTRAP - ok
18:23:41.0395 1240 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
18:23:41.0395 1240 spldr - ok
18:23:41.0426 1240 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
18:23:41.0442 1240 Spooler - ok
18:23:41.0582 1240 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\Windows\system32\Drivers\sptd.sys
18:23:41.0582 1240 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
18:23:41.0582 1240 sptd ( LockedFile.Multi.Generic ) - warning
18:23:41.0582 1240 sptd - detected LockedFile.Multi.Generic (1)
18:23:41.0645 1240 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:23:41.0707 1240 srv - ok
18:23:41.0738 1240 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:23:41.0738 1240 srv2 - ok
18:23:41.0785 1240 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:23:41.0785 1240 srvnet - ok
18:23:41.0832 1240 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
18:23:41.0832 1240 ssadbus - ok
18:23:41.0879 1240 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
18:23:41.0879 1240 ssadmdfl - ok
18:23:41.0926 1240 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
18:23:41.0926 1240 ssadmdm - ok
18:23:41.0957 1240 [ 1A5A397BC459F346AB56492B61EF79F6 ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
18:23:41.0972 1240 ssadserd - ok
18:23:42.0019 1240 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:23:42.0019 1240 SSDPSRV - ok
18:23:42.0066 1240 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
18:23:42.0082 1240 ssmdrv - ok
18:23:42.0097 1240 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:23:42.0097 1240 SstpSvc - ok
18:23:42.0160 1240 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
18:23:42.0191 1240 stisvc - ok
18:23:42.0206 1240 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:23:42.0206 1240 swenum - ok
18:23:42.0238 1240 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
18:23:42.0253 1240 swprv - ok
18:23:42.0269 1240 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
18:23:42.0284 1240 Symc8xx - ok
18:23:42.0300 1240 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
18:23:42.0300 1240 Sym_hi - ok
18:23:42.0331 1240 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
18:23:42.0331 1240 Sym_u3 - ok
18:23:42.0409 1240 [ 70534D1E4F9AC990536D5FB5B550B3DE ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:23:42.0409 1240 SynTP - ok
18:23:42.0503 1240 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
18:23:42.0503 1240 SysMain - ok
18:23:42.0534 1240 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:23:42.0534 1240 TabletInputService - ok
18:23:42.0581 1240 [ 0C3B2A9C4BD2DD9A6C2E4084314DD719 ] taphss C:\Windows\system32\DRIVERS\taphss.sys
18:23:42.0581 1240 taphss - ok
18:23:42.0628 1240 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:23:42.0628 1240 TapiSrv - ok
18:23:42.0643 1240 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
18:23:42.0643 1240 TBS - ok
18:23:42.0784 1240 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:23:42.0815 1240 Tcpip - ok
18:23:42.0830 1240 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
18:23:42.0830 1240 Tcpip6 - ok
18:23:42.0862 1240 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:23:42.0877 1240 tcpipreg - ok
18:23:42.0893 1240 [ 1825BCEB47BF41C5A9F0E44DE82FC27A ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
18:23:42.0893 1240 tdcmdpst - ok
18:23:42.0940 1240 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:23:42.0940 1240 TDPIPE - ok
18:23:42.0955 1240 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:23:42.0955 1240 TDTCP - ok
18:23:42.0986 1240 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:23:43.0002 1240 tdx - ok
18:23:43.0033 1240 [ 24EA631FEC13E87AFE07A2B28732EF38 ] TemproMonitoringService C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
18:23:43.0049 1240 TemproMonitoringService - ok
18:23:43.0064 1240 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:23:43.0064 1240 TermDD - ok
18:23:43.0158 1240 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
18:23:43.0174 1240 TermService - ok
18:23:43.0205 1240 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
18:23:43.0205 1240 Themes - ok
18:23:43.0236 1240 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
18:23:43.0236 1240 THREADORDER - ok
18:23:43.0267 1240 [ 89F74C86523F5E334628DBCE66E6D165 ] TNaviSrv C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
18:23:43.0267 1240 TNaviSrv - ok
18:23:43.0298 1240 [ C5AC715B65B01788ABC22D10749DDDD8 ] TODDSrv C:\Windows\system32\TODDSrv.exe
18:23:43.0298 1240 TODDSrv - ok
18:23:43.0361 1240 [ DA6903958CBDC091FFCBBCA70CCFF34C ] TosCoSrv C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
18:23:43.0361 1240 TosCoSrv - ok
18:23:43.0454 1240 [ F95208D35A9667C58CF8122EE22805A6 ] TOSHIBA Bluetooth Service C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
18:23:43.0470 1240 TOSHIBA Bluetooth Service - ok
18:23:43.0517 1240 [ 22690DFFC7F2A18279A7A0489AA02BAC ] TOSHIBA SMART Log Service C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
18:23:43.0517 1240 TOSHIBA SMART Log Service - ok
18:23:43.0548 1240 [ 90AFA1A4451BBBEE87C9F18A665D8121 ] tosporte C:\Windows\system32\DRIVERS\tosporte.sys
18:23:43.0610 1240 tosporte - ok
18:23:43.0642 1240 [ 490A76AB428F34EA676A23E429DD6DA4 ] tosrfbd C:\Windows\system32\DRIVERS\tosrfbd.sys
18:23:43.0673 1240 tosrfbd - ok
18:23:43.0688 1240 [ 75CD3C238A0FFC66C4581C3870C09314 ] tosrfbnp C:\Windows\system32\Drivers\tosrfbnp.sys
18:23:43.0704 1240 tosrfbnp - ok
18:23:43.0735 1240 [ B551D3F266DDA311256F963E8CFD1E9B ] Tosrfcom C:\Windows\system32\Drivers\tosrfcom.sys
18:23:43.0735 1240 Tosrfcom - ok
18:23:43.0751 1240 [ 51BAA142744E236C3A886479CAD99A06 ] tosrfec C:\Windows\system32\DRIVERS\tosrfec.sys
18:23:43.0766 1240 tosrfec - ok
18:23:43.0798 1240 [ F3E8762163EE87F3AC95537584CF5B4F ] Tosrfhid C:\Windows\system32\DRIVERS\Tosrfhid.sys
18:23:43.0798 1240 Tosrfhid - ok
18:23:43.0829 1240 [ B2A1A6538245FD69578224BBF2FD4677 ] tosrfnds C:\Windows\system32\DRIVERS\tosrfnds.sys
18:23:43.0860 1240 tosrfnds - ok
18:23:43.0876 1240 [ F1CA74CCA8241D8B8A024AECC643C547 ] TosRfSnd C:\Windows\system32\drivers\tosrfsnd.sys
18:23:43.0907 1240 TosRfSnd - ok
18:23:43.0922 1240 [ AF5126FB6E9ED41C99AB7A10E98729CD ] Tosrfusb C:\Windows\system32\DRIVERS\tosrfusb.sys
18:23:43.0954 1240 Tosrfusb - ok
18:23:44.0016 1240 [ 4399A9BF7D8F49991A07FD86590A1619 ] tos_sps32 C:\Windows\system32\DRIVERS\tos_sps32.sys
18:23:44.0047 1240 tos_sps32 - ok
18:23:44.0078 1240 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
18:23:44.0078 1240 TrkWks - ok
18:23:44.0141 1240 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:23:44.0141 1240 TrustedInstaller - ok
18:23:44.0172 1240 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:23:44.0188 1240 tssecsrv - ok
18:23:44.0203 1240 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
18:23:44.0203 1240 tunmp - ok
18:23:44.0219 1240 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:23:44.0234 1240 tunnel - ok
18:23:44.0266 1240 [ 792A8B80F8188ABA4B2BE271583F3E46 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
18:23:44.0281 1240 TVALZ - ok
18:23:44.0297 1240 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:23:44.0297 1240 uagp35 - ok
18:23:44.0344 1240 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:23:44.0359 1240 udfs - ok
18:23:44.0375 1240 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:23:44.0406 1240 UI0Detect - ok
18:23:44.0468 1240 [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
18:23:44.0484 1240 UleadBurningHelper - ok
18:23:44.0531 1240 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:23:44.0546 1240 uliagpkx - ok
18:23:44.0562 1240 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
18:23:44.0562 1240 uliahci - ok
18:23:44.0578 1240 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
18:23:44.0593 1240 UlSata - ok
18:23:44.0609 1240 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
18:23:44.0624 1240 ulsata2 - ok
18:23:44.0640 1240 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:23:44.0656 1240 umbus - ok
18:23:44.0687 1240 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
18:23:44.0718 1240 upnphost - ok
18:23:44.0749 1240 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:23:44.0749 1240 usbaudio - ok
18:23:44.0780 1240 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:23:44.0780 1240 usbccgp - ok
18:23:44.0796 1240 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:23:44.0827 1240 usbcir - ok
18:23:44.0858 1240 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:23:44.0874 1240 usbehci - ok
18:23:44.0874 1240 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:23:44.0890 1240 usbhub - ok
18:23:44.0905 1240 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:23:44.0921 1240 usbohci - ok
18:23:44.0936 1240 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
18:23:44.0936 1240 usbprint - ok
18:23:44.0968 1240 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:23:44.0968 1240 USBSTOR - ok
18:23:44.0999 1240 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:23:45.0014 1240 usbuhci - ok
18:23:45.0030 1240 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:23:45.0030 1240 usbvideo - ok
18:23:45.0077 1240 [ 237C444FBD1C697A2E3FA60F02C61F22 ] UVCFTR C:\Windows\system32\Drivers\UVCFTR_S.SYS
18:23:45.0108 1240 UVCFTR - ok
18:23:45.0139 1240 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
18:23:45.0139 1240 UxSms - ok
18:23:45.0202 1240 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
18:23:45.0233 1240 vds - ok
18:23:45.0264 1240 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:23:45.0280 1240 vga - ok
18:23:45.0295 1240 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
18:23:45.0311 1240 VgaSave - ok
18:23:45.0326 1240 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:23:45.0342 1240 viaagp - ok
18:23:45.0373 1240 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
18:23:45.0389 1240 ViaC7 - ok
18:23:45.0404 1240 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
18:23:45.0420 1240 viaide - ok
18:23:45.0467 1240 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:23:45.0482 1240 volmgr - ok
18:23:45.0545 1240 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:23:45.0560 1240 volmgrx - ok
18:23:45.0592 1240 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:23:45.0607 1240 volsnap - ok
18:23:45.0638 1240 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:23:45.0654 1240 vsmraid - ok
18:23:45.0779 1240 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
18:23:45.0841 1240 VSS - ok
18:23:45.0857 1240 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
18:23:45.0904 1240 W32Time - ok
18:23:45.0919 1240 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:23:45.0950 1240 WacomPen - ok
18:23:45.0982 1240 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
18:23:45.0982 1240 Wanarp - ok
18:23:45.0982 1240 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:23:45.0982 1240 Wanarpv6 - ok
18:23:46.0013 1240 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:23:46.0013 1240 wcncsvc - ok
18:23:46.0044 1240 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:23:46.0044 1240 WcsPlugInService - ok
18:23:46.0075 1240 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
18:23:46.0106 1240 Wd - ok
18:23:46.0122 1240 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:23:46.0153 1240 Wdf01000 - ok

[Nolax]

18:23:46.0153 1240 Wdf01000 - ok
18:23:46.0169 1240 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:23:46.0169 1240 WdiServiceHost - ok
18:23:46.0184 1240 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:23:46.0184 1240 WdiSystemHost - ok
18:23:46.0216 1240 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
18:23:46.0216 1240 WebClient - ok
18:23:46.0247 1240 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:23:46.0262 1240 Wecsvc - ok
18:23:46.0309 1240 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:23:46.0325 1240 wercplsupport - ok
18:23:46.0356 1240 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
18:23:46.0372 1240 WerSvc - ok
18:23:46.0450 1240 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:23:46.0450 1240 WinDefend - ok
18:23:46.0465 1240 WinHttpAutoProxySvc - ok
18:23:46.0762 1240 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:23:46.0762 1240 Winmgmt - ok
18:23:47.0011 1240 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
18:23:47.0245 1240 WinRM - ok
18:23:47.0308 1240 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:23:47.0308 1240 Wlansvc - ok
18:23:47.0354 1240 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:23:47.0354 1240 WmiAcpi - ok
18:23:47.0401 1240 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:23:47.0401 1240 wmiApSrv - ok
18:23:47.0510 1240 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:23:47.0573 1240 WMPNetworkSvc - ok
18:23:47.0698 1240 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:23:47.0698 1240 WPCSvc - ok
18:23:47.0760 1240 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:23:47.0760 1240 WPDBusEnum - ok
18:23:47.0807 1240 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
18:23:47.0822 1240 WpdUsb - ok
18:23:48.0010 1240 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:23:48.0056 1240 WPFFontCache_v0400 - ok
18:23:48.0088 1240 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:23:48.0103 1240 ws2ifsl - ok
18:23:48.0150 1240 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
18:23:48.0150 1240 wscsvc - ok
18:23:48.0150 1240 WSearch - ok
18:23:48.0244 1240 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
18:23:48.0275 1240 wuauserv - ok
18:23:48.0322 1240 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:23:48.0353 1240 WUDFRd - ok
18:23:48.0400 1240 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:23:48.0415 1240 wudfsvc - ok
18:23:48.0462 1240 ================ Scan global ===============================
18:23:48.0649 1240 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
18:23:48.0743 1240 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
18:23:48.0774 1240 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
18:23:48.0805 1240 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
18:23:48.0821 1240 [Global] - ok
18:23:48.0821 1240 ================ Scan MBR ==================================
18:23:48.0836 1240 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
18:23:49.0476 1240 \Device\Harddisk0\DR0 - ok
18:23:49.0476 1240 ================ Scan VBR ==================================
18:23:49.0492 1240 [ BEBA27144D2C358842042B706592AE82 ] \Device\Harddisk0\DR0\Partition1
18:23:49.0492 1240 \Device\Harddisk0\DR0\Partition1 - ok
18:23:49.0507 1240 [ E197BB987326F54A05CE0608D7B6D6C2 ] \Device\Harddisk0\DR0\Partition2
18:23:49.0585 1240 \Device\Harddisk0\DR0\Partition2 - ok
18:23:49.0585 1240 ================ Scan active images ========================
18:23:49.0585 1240 ============================================================
18:23:49.0585 1240 Scan finished
18:23:49.0585 1240 ============================================================
18:23:49.0601 3072 Detected object count: 1
18:23:49.0601 3072 Actual detected object count: 1
18:24:22.0267 3072 sptd ( LockedFile.Multi.Generic ) - skipped by user
18:24:22.0267 3072 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
18:26:38.0736 3892 Deinitialize success

[Nolax]

ComboFix 12-10-26.05 - nantan 27.10.2012 18:36:21.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3069.1660 [GMT 2:00]
Spuštěný z: c:\users\nantan\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\d.ini
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\drivers\npf.sys
c:\windows\system32\muzapp.exe
c:\windows\system32\Packet.dll
c:\windows\system32\pt
c:\windows\system32\pt\toscdspd.cpl.mui
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-27 do 2012-10-27 )))))))))))))))))))))))))))))))
.
.
2012-10-27 16:30 . 2012-10-27 16:30 -------- d-----w- c:\users\nantan\AppData\Local\ATI
2012-10-27 15:38 . 2012-10-17 00:32 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F7599080-686E-49CE-A008-A5D2E6175F10}\mpengine.dll
2012-10-27 14:04 . 2012-09-29 17:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-27 11:55 . 2012-10-27 11:55 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-25 21:18 . 2012-10-25 21:18 -------- d---a-w- c:\windows\VDLL.DLL
2012-10-25 21:18 . 2012-10-25 21:18 -------- d---a-w- c:\windows\system32\runouce.exe
2012-10-25 21:18 . 2012-10-25 21:18 -------- d---a-w- c:\windows\rundll16.exe
2012-10-25 21:18 . 2012-10-25 21:18 -------- d---a-w- c:\windows\RUNDL132.EXE
2012-10-25 21:18 . 2012-10-25 21:18 -------- d---a-w- c:\windows\logo1_.exe
2012-10-25 21:18 . 2012-10-25 21:18 -------- d---a-w- c:\windows\logo_1.exe
2012-10-25 21:06 . 2012-10-25 21:06 632064 ----a-w- c:\windows\system32\msvcr80.dll
2012-10-25 21:06 . 2012-10-25 21:06 554240 ----a-w- c:\windows\system32\msvcp80.dll
2012-10-25 21:06 . 2012-10-25 21:06 572928 ----a-w- c:\windows\system32\msvcp90.dll
2012-10-25 21:06 . 2012-10-25 21:06 655872 ----a-w- c:\windows\system32\msvcr90.dll
2012-10-25 21:06 . 2012-10-25 21:06 34048 ----a-w- c:\windows\system32\eEmpty.exe
2012-10-25 21:06 . 2012-10-25 21:06 -------- d-----w- c:\program files\Common Files\MicroWorld
2012-10-25 21:06 . 2012-10-25 21:06 -------- d-----w- c:\programdata\MicroWorld
2012-10-24 21:07 . 2012-10-24 21:07 -------- d-----w- C:\VundoFix Backups
2012-10-24 20:10 . 2012-10-27 16:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-10-21 22:37 . 2012-10-21 22:37 -------- d-----w- C:\VritualRoot
2012-10-21 22:29 . 2012-10-21 22:44 -------- d-----w- c:\programdata\Comodo
2012-10-21 22:23 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll
2012-10-21 22:23 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-21 22:23 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-21 22:23 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-21 22:23 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-21 22:15 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-21 22:15 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-21 21:33 . 2012-10-21 21:33 -------- d-----w- c:\users\nantan\AppData\Roaming\Avira
2012-10-21 21:32 . 2012-10-01 15:14 134184 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-10-21 21:32 . 2012-09-24 07:58 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-10-21 21:32 . 2012-09-13 08:58 83792 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-10-21 21:32 . 2012-10-21 21:32 -------- d-----w- c:\programdata\Avira
2012-10-21 21:32 . 2012-10-21 21:32 -------- d-----w- c:\program files\Avira
2012-10-21 16:54 . 2012-10-21 16:54 -------- d-----w- c:\users\nantan\AppData\Local\MFAData
2012-10-21 13:22 . 2012-10-21 13:22 -------- d-----w- c:\programdata\Malwarebytes
2012-10-21 13:22 . 2012-10-27 14:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-25 21:24 . 2012-10-25 21:22 15723846 ----a-w- c:\windows\REGBK00.ZIP
2012-08-25 11:50 . 2012-09-22 13:47 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-25 11:44 . 2012-09-22 13:47 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-25 11:44 . 2012-09-22 13:47 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-25 11:44 . 2012-09-22 13:47 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-08-25 11:44 . 2012-09-22 13:47 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-08-25 10:11 . 2012-09-22 13:47 385024 ----a-w- c:\windows\system32\html.iec
2012-08-25 08:31 . 2012-09-22 13:47 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-25 08:29 . 2012-09-22 13:47 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-17 11:01 . 2012-07-14 13:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-17 11:01 . 2012-07-14 13:51 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-09-25 386336]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk.disabled]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk.disabled
backup=c:\windows\pss\Bluetooth Manager.lnk.disabled.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2012-04-27 00:13 21392 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\nantan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"KiesHelper"=c:\program files\Samsung\Kies\KiesHelper.exe /s
"KiesPDLR"=c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"00TCrdMain"=%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" -h
"Google EULA Launcher"=c:\program files\Google\Google EULA\GoogleEULALauncher.exe IE PA
"ITSecMng"=%ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
"KiesTrayAgent"=c:\program files\Samsung\Kies\KiesTrayAgent.exe
"topi"=c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
"Toshiba Registration"=c:\program files\Toshiba\Registration\ToshibaRegistration.exe
"Toshiba TEMPRO"=c:\program files\Toshiba TEMPRO\TemproTray.exe
"TPwrMain"=%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-06 17:26]
.
2012-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-06 17:26]
.
2012-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1205577352-4108370160-2730100894-1000Core.job
- c:\users\nantan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-31 17:37]
.
2012-10-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1205577352-4108370160-2730100894-1000UA.job
- c:\users\nantan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-31 17:37]
.
.
------- Doplňkový sken -------
.
mStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=TSEA
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-15428441.sys
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-27 18:49
Windows 6.0.6002 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1205577352-4108370160-2730100894-1000\Software\SecuROM\License information*]
"datasecu"=hex:fb,ca,f1,4f,f1,9a,44,af,8f,35,7b,a9,ea,06,94,b6,bf,30,8e,a6,89,
38,19,0f,3a,7f,3c,03,63,3e,f6,fc,2a,2b,63,30,e3,59,c4,10,61,ef,85,9b,13,01,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(800)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'Explorer.exe'(2680)
c:\windows\system32\guard32.dll
c:\windows\System32\fwpuclnt.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2012-10-27 18:55:43 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-10-27 16:55
.
Před spuštěním: Volných bajtů: 118 126 112 768
Po spuštění: Volných bajtů: 117 780 242 432
.
- - End Of File - - 860E090F058436656A03691B17E08D43

[memphisto]

Z Comoda máš předpokládám jen firewall

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Folder::
c:\programdata\Spybot - Search & Destroy
c:\users\nantan\AppData\Local\Google\Update

File::
c:\windows\REGBK00.ZIP
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1205577352-4108370160-2730100894-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1205577352-4108370160-2730100894-1000UA.job

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"=-
"SpybotSD TeaTimer"=-

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

RegNull::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upus.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[Nolax]

Ano Comodo je jen firewall..

ComboFix 12-10-26.05 - nantan 28.10.2012 0:12.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3069.2163 [GMT 2:00]
Spuštěný z: c:\users\nantan\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\nantan\Desktop\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\REGBK00.ZIP"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1205577352-4108370160-2730100894-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1205577352-4108370160-2730100894-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Spybot - Search & Destroy
c:\programdata\Spybot - Search & Destroy\Logs\Resident.log
c:\programdata\Spybot - Search & Destroy\ProcCache.sbc
c:\programdata\Spybot - Search & Destroy\Recovery\patncestaaplikace.zip
c:\programdata\Spybot - Search & Destroy\Recovery\patncestaaplikace1.zip
c:\programdata\Spybot - Search & Destroy\Recovery\patncestaaplikace2.zip
c:\programdata\Spybot - Search & Destroy\Recovery\patncestaaplikace3.zip
c:\programdata\Spybot - Search & Destroy\Recovery\patnodinstalaninformace.zip
c:\programdata\Spybot - Search & Destroy\Recovery\patnodinstalaninformace1.zip
c:\programdata\Spybot - Search & Destroy\Recovery\patnodinstalaninformace10.zip
c:\programdata\Spybot - Search & Destroy\Recovery\patnodinstalaninformace11.zip
c:\programdata\Spybot - Search & Destroy\Recovery\patnodinstalaninformace12.zip
c:\programdata\Spybot - Search & Destroy\Recovery\patnodinstalaninformace13.zip
c:\programdata\Spybot - Search & Destroy\Recovery\patnodinstalaninformace14.zip
c:\programdata\Spybot - Search & Destroy\Recovery\patnodinstalaninformace15.zip
c:\programdata\Spybot - Search & Destroy\Recovery\patnodinstalaninformace16.zip
c:\programdata\Spybot - Search & Destroy\Recovery\patnodinstalaninformace17.zip
c:\programdata\Spybot - Search & Destroy\Recovery\patnodinstalaninformace18.zip
c:\programdata\Spybot - Search & Destroy\Recovery\patnodinstalaninformace19.zip
c:\programdata\Spybot - Search & Destroy\Recovery\patnodinstalaninformace2.zip
c:\programdata\Spybot - Search & Destroy\Recovery\patnodinstalaninformace3.zip
c:\programdata\Spybot - Search & Destroy\Recovery\patnodinstalaninformace4.zip
c:\programdata\Spybot - Search & Destroy\Recovery\patnodinstalaninformace5.zip
c:\programdata\Spybot - Search & Destroy\Recovery\patnodinstalaninformace6.zip
c:\programdata\Spybot - Search & Destroy\Recovery\patnodinstalaninformace7.zip
c:\programdata\Spybot - Search & Destroy\Recovery\patnodinstalaninformace8.zip
c:\programdata\Spybot - Search & Destroy\Recovery\patnodinstalaninformace9.zip
c:\programdata\Spybot - Search & Destroy\Recovery\Pokozenodkaz.zip
c:\users\nantan\AppData\Local\Google\Update
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\GoogleUpdate.exe
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateBroker.exe
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateHelper.msi
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateSetup.exe
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdate.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_am.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_ar.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_bg.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_bn.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_ca.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_cs.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_da.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_de.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_el.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_en-GB.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_en.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_es-419.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_es.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_et.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_fa.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_fi.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_fil.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_fr.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_gu.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_hi.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_hr.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_hu.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_id.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_is.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_it.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_iw.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_ja.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_kn.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_ko.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_lt.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_lv.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_ml.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_mr.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_ms.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_nl.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_no.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_pl.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_pt-BR.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_pt-PT.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_ro.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_ru.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_sk.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_sl.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_sr.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_sv.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_sw.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_ta.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_te.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_th.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_tr.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_uk.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_ur.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_vi.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_zh-CN.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\goopdateres_zh-TW.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\psmachine.dll
c:\users\nantan\AppData\Local\Google\Update\1.3.21.123\psuser.dll
c:\users\nantan\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.123\GoogleUpdateSetup.exe
c:\users\nantan\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\22.0.1229.79\22.0.1229.79_21.0.1180.89_chrome_updater.exe
c:\users\nantan\AppData\Local\Google\Update\GoogleUpdate.exe
c:\windows\REGBK00.ZIP
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1205577352-4108370160-2730100894-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1205577352-4108370160-2730100894-1000UA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-27 do 2012-10-27 )))))))))))))))))))))))))))))))
.
.
2012-10-27 22:18 . 2012-10-27 22:21 -------- d-----w- c:\users\nantan\AppData\Local\temp
2012-10-27 22:18 . 2012-10-27 22:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-27 16:30 . 2012-10-27 16:30 -------- d-----w- c:\users\nantan\AppData\Local\ATI
2012-10-27 15:38 . 2012-10-17 00:32 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F7599080-686E-49CE-A008-A5D2E6175F10}\mpengine.dll
2012-10-27 14:04 . 2012-09-29 17:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-27 11:55 . 2012-10-27 11:55 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-25 21:18 . 2012-10-25 21:18 -------- d---a-w- c:\windows\VDLL.DLL
2012-10-25 21:18 . 2012-10-25 21:18 -------- d---a-w- c:\windows\system32\runouce.exe
2012-10-25 21:18 . 2012-10-25 21:18 -------- d---a-w- c:\windows\rundll16.exe
2012-10-25 21:18 . 2012-10-25 21:18 -------- d---a-w- c:\windows\RUNDL132.EXE
2012-10-25 21:18 . 2012-10-25 21:18 -------- d---a-w- c:\windows\logo1_.exe
2012-10-25 21:18 . 2012-10-25 21:18 -------- d---a-w- c:\windows\logo_1.exe
2012-10-25 21:06 . 2012-10-25 21:06 632064 ----a-w- c:\windows\system32\msvcr80.dll
2012-10-25 21:06 . 2012-10-25 21:06 554240 ----a-w- c:\windows\system32\msvcp80.dll
2012-10-25 21:06 . 2012-10-25 21:06 572928 ----a-w- c:\windows\system32\msvcp90.dll
2012-10-25 21:06 . 2012-10-25 21:06 655872 ----a-w- c:\windows\system32\msvcr90.dll
2012-10-25 21:06 . 2012-10-25 21:06 34048 ----a-w- c:\windows\system32\eEmpty.exe
2012-10-25 21:06 . 2012-10-25 21:06 -------- d-----w- c:\program files\Common Files\MicroWorld
2012-10-25 21:06 . 2012-10-25 21:06 -------- d-----w- c:\programdata\MicroWorld
2012-10-24 21:07 . 2012-10-24 21:07 -------- d-----w- C:\VundoFix Backups
2012-10-21 22:37 . 2012-10-21 22:37 -------- d-----w- C:\VritualRoot
2012-10-21 22:29 . 2012-10-21 22:44 -------- d-----w- c:\programdata\Comodo
2012-10-21 22:23 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll
2012-10-21 22:23 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-21 22:23 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-21 22:23 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-21 22:23 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-21 22:15 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-21 22:15 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-21 21:33 . 2012-10-21 21:33 -------- d-----w- c:\users\nantan\AppData\Roaming\Avira
2012-10-21 21:32 . 2012-10-01 15:14 134184 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-10-21 21:32 . 2012-09-24 07:58 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-10-21 21:32 . 2012-09-13 08:58 83792 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-10-21 21:32 . 2012-10-21 21:32 -------- d-----w- c:\programdata\Avira
2012-10-21 21:32 . 2012-10-21 21:32 -------- d-----w- c:\program files\Avira
2012-10-21 16:54 . 2012-10-21 16:54 -------- d-----w- c:\users\nantan\AppData\Local\MFAData
2012-10-21 13:22 . 2012-10-21 13:22 -------- d-----w- c:\programdata\Malwarebytes
2012-10-21 13:22 . 2012-10-27 14:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-25 11:50 . 2012-09-22 13:47 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-25 11:44 . 2012-09-22 13:47 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-25 11:44 . 2012-09-22 13:47 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-25 11:44 . 2012-09-22 13:47 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-08-25 11:44 . 2012-09-22 13:47 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-08-25 10:11 . 2012-09-22 13:47 385024 ----a-w- c:\windows\system32\html.iec
2012-08-25 08:31 . 2012-09-22 13:47 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-25 08:29 . 2012-09-22 13:47 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-17 11:01 . 2012-07-14 13:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-17 11:01 . 2012-07-14 13:51 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-09-25 386336]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk.disabled]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk.disabled
backup=c:\windows\pss\Bluetooth Manager.lnk.disabled.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2012-04-27 00:13 21392 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"KiesHelper"=c:\program files\Samsung\Kies\KiesHelper.exe /s
"KiesPDLR"=c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"00TCrdMain"=%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" -h
"Google EULA Launcher"=c:\program files\Google\Google EULA\GoogleEULALauncher.exe IE PA
"ITSecMng"=%ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
"KiesTrayAgent"=c:\program files\Samsung\Kies\KiesTrayAgent.exe
"topi"=c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
"Toshiba Registration"=c:\program files\Toshiba\Registration\ToshibaRegistration.exe
"Toshiba TEMPRO"=c:\program files\Toshiba TEMPRO\TemproTray.exe
"TPwrMain"=%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Doplňkový sken -------
.
mStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=TSEA
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-28 00:21
Windows 6.0.6002 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1205577352-4108370160-2730100894-1000\Software\SecuROM\License information*]
"datasecu"=hex:fb,ca,f1,4f,f1,9a,44,af,8f,35,7b,a9,ea,06,94,b6,bf,30,8e,a6,89,
38,19,0f,3a,7f,3c,03,63,3e,f6,fc,2a,2b,63,30,e3,59,c4,10,61,ef,85,9b,13,01,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(800)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'Explorer.exe'(3708)
c:\windows\system32\guard32.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2012-10-28 00:25:23 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-10-27 22:25
ComboFix2.txt 2012-10-27 16:55
.
Před spuštěním: Volných bajtů: 117 416 218 624
Po spuštění: Volných bajtů: 117 361 029 120
.
- - End Of File - - 965BDCE7BB6C84D4AA56BF0152959268

[memphisto]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials

+ Nový log z HJT

Jak se chová PC?

[Nolax]

Reakcne lepsi, po spusteni se rozjede jak Firewall tak antivir. Nicmene Host Process for Windows services pada pri pokusu pripojit se v normalnim modu. Ale pocitam ze to bude problem jinde.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:01:28, on 28.10.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19328)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\nantan\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?CZ (file missing)
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/red ... &site=home (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O20 - AppInit_DLLs: C:\Windows\System32\guard32.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 4423 bytes

[jaro3]

Fixni:

Kód: Vybrat vše

O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url2.pl?CZ (file missing)
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/red ... &site=home (file missing)

Stáhni si OTL by OldTimer
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.

[Nolax]

Zdravím.


OTL logfile created on: 28.10.2012 11:14:24 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\nantan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 73,58% Memory free
6,19 Gb Paging File | 5,34 Gb Available in Paging File | 86,17% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,89 Gb Total Space | 110,18 Gb Free Space | 74,00% Space Free | Partition Type: NTFS
Drive E: | 147,73 Gb Total Space | 29,89 Gb Free Space | 20,23% Space Free | Partition Type: NTFS

Computer Name: SKY3OM2 | User Name: nantan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (All) ==========

PRC - C:\Users\nantan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\Comodo\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Windows\System32\lsass.exe (Microsoft Corporation)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\spoolsv.exe (Microsoft Corporation)
PRC - C:\Windows\System32\winlogon.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Windows\System32\smss.exe (Microsoft Corporation)
PRC - C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\services.exe (Microsoft Corporation)
PRC - C:\Windows\System32\SLsvc.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\dwm.exe (Microsoft Corporation)
PRC - C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
PRC - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Windows\System32\csrss.exe (Microsoft Corporation)
PRC - C:\Windows\System32\lsm.exe (Microsoft Corporation)
PRC - C:\Windows\System32\svchost.exe [comLaunch] (Microsoft Corporation)
PRC - C:\Windows\System32\svchost.exe [comLaunch] (Microsoft Corporation)
PRC - C:\Windows\System32\svchost.exe [comLaunch] (Microsoft Corporation)
PRC - C:\Windows\System32\svchost.exe [comLaunch] (Microsoft Corporation)
PRC - C:\Windows\System32\svchost.exe [comLaunch] (Microsoft Corporation)
PRC - C:\Windows\System32\svchost.exe [comLaunch] (Microsoft Corporation)
PRC - C:\Windows\System32\svchost.exe [comLaunch] (Microsoft Corporation)
PRC - C:\Windows\System32\svchost.exe [comLaunch] (Microsoft Corporation)
PRC - C:\Windows\System32\svchost.exe [comLaunch] (Microsoft Corporation)
PRC - C:\Windows\System32\svchost.exe [comLaunch] (Microsoft Corporation)
PRC - C:\Windows\System32\svchost.exe [comLaunch] (Microsoft Corporation)
PRC - C:\Windows\System32\svchost.exe [comLaunch] (Microsoft Corporation)
PRC - C:\Windows\System32\svchost.exe [comLaunch] (Microsoft Corporation)
PRC - C:\Windows\System32\svchost.exe [comLaunch] (Microsoft Corporation)
PRC - C:\Windows\System32\svchost.exe [comLaunch] (Microsoft Corporation)
PRC - C:\Windows\System32\wininit.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wlanext.exe (Microsoft Corporation)
PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3019.36870__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3019.36924__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3019.36904__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3019.36890__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3019.36912__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3019.37131__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3019.37109__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3019.37100__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3019.37065__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3019.37022__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3019.37137__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3019.36884__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3019.37030__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3019.37092__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3019.37072__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3019.37130__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3019.37079__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3019.37029__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3019.37071__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3019.37129__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3019.37102__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3019.36936__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3019.37023__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3019.37015__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3019.36891__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3019.37058__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3019.36943__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3019.36930__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3019.37044__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3019.37022__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3019.36942__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3019.37029__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3019.37044__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3019.37058__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3019.36897__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3019.37122__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3019.37121__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3019.37147__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3019.36862__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3019.36878__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3019.36862__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3019.36863__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3019.36861__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3019.36862__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3019.37122__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_cs_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_cs_b77a5c561934e089\System.resources.dll ()


========== Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (cmdAgent) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (TemproMonitoringService) -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (getPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (TNaviSrv) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (ConfigFree Service) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Driver Services (All) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (acurpdyo) -- File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (KSecDD) -- C:\Windows\System32\drivers\ksecdd.sys (Microsoft Corporation)
DRV - (RDPWD) -- C:\Windows\System32\drivers\rdpwd.sys (Microsoft Corporation)
DRV - (Tcpip6) -- C:\Windows\System32\drivers\tcpip.sys (Microsoft Corporation)
DRV - (Tcpip) -- C:\Windows\System32\drivers\tcpip.sys (Microsoft Corporation)
DRV - (partmgr) -- C:\Windows\System32\drivers\partmgr.sys (Microsoft Corporation)
DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO)
DRV - (Fs_Rec) -- C:\Windows\System32\drivers\fs_rec.sys (Microsoft Corporation)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (mrxsmb10) -- C:\Windows\System32\drivers\mrxsmb10.sys (Microsoft Corporation)
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadserd) -- C:\Windows\System32\drivers\ssadserd.sys (MCCI Corporation)
DRV - (ssadmdfl) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (srv2) -- C:\Windows\System32\drivers\srv2.sys (Microsoft Corporation)
DRV - (srvnet) -- C:\Windows\System32\drivers\srvnet.sys (Microsoft Corporation)
DRV - (mrxsmb20) -- C:\Windows\System32\drivers\mrxsmb20.sys (Microsoft Corporation)
DRV - (mrxsmb) -- C:\Windows\System32\drivers\mrxsmb.sys (Microsoft Corporation)
DRV - (AFD) -- C:\Windows\System32\drivers\afd.sys (Microsoft Corporation)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (DfsC) -- C:\Windows\System32\drivers\dfsc.sys (Microsoft Corporation)
DRV - (bowser) -- C:\Windows\System32\drivers\bowser.sys (Microsoft Corporation)
DRV - (srv) -- C:\Windows\System32\drivers\srv.sys (Microsoft Corporation)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (DXGKrnl) -- C:\Windows\System32\drivers\dxgkrnl.sys (Microsoft Corporation)
DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (HTTP) -- C:\Windows\System32\drivers\http.sys (Microsoft Corporation)
DRV - (tunnel) -- C:\Windows\System32\drivers\tunnel.sys (Microsoft Corporation)
DRV - (tcpipreg) -- C:\Windows\System32\drivers\tcpipreg.sys (Microsoft Corporation)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (WpdUsb) -- C:\Windows\System32\drivers\WpdUsb.sys (Microsoft Corporation)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbfake) -- C:\Windows\System32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (volmgrx) -- C:\Windows\System32\drivers\volmgrx.sys (Microsoft Corporation)
DRV - (volsnap) -- C:\Windows\System32\drivers\volsnap.sys (Microsoft Corporation)
DRV - (pci) -- C:\Windows\System32\drivers\pci.sys (Microsoft Corporation)
DRV - (TermDD) -- C:\Windows\System32\drivers\termdd.sys (Microsoft Corporation)
DRV - (Ntfs) -- C:\Windows\System32\drivers\ntfs.sys (Společnost Microsoft)
DRV - (NDIS) -- C:\Windows\System32\drivers\ndis.sys (Microsoft Corporation)
DRV - (ACPI) -- C:\Windows\System32\drivers\acpi.sys (Microsoft Corporation)
DRV - (CLFS) -- C:\Windows\System32\clfs.sys (Microsoft Corporation)
DRV - (FltMgr) -- C:\Windows\System32\drivers\fltMgr.sys (Společnost Microsoft)
DRV - (iScsiPrt) -- C:\Windows\System32\drivers\msiscsi.sys (Microsoft Corporation)
DRV - (MsRPC) -- C:\Windows\System32\drivers\msrpc.sys (Microsoft Corporation)
DRV - (Ecache) -- C:\Windows\System32\drivers\ecache.sys (Microsoft Corporation)
DRV - (disk) -- C:\Windows\System32\drivers\disk.sys (Microsoft Corporation)
DRV - (Mup) -- C:\Windows\System32\drivers\mup.sys (Microsoft Corporation)
DRV - (atapi) -- C:\Windows\System32\drivers\atapi.sys (Microsoft Corporation)
DRV - (RasSstp) -- C:\Windows\System32\drivers\rassstp.sys (Microsoft Corporation)
DRV - (NdisWan) -- C:\Windows\System32\drivers\ndiswan.sys (Microsoft Corporation)
DRV - (RasPppoe) -- C:\Windows\System32\drivers\raspppoe.sys (Microsoft Corporation)
DRV - (tdx) -- C:\Windows\System32\drivers\tdx.sys (Microsoft Corporation)
DRV - (PSched) -- C:\Windows\System32\drivers\pacer.sys (Microsoft Corporation)
DRV - (netbt) -- C:\Windows\System32\drivers\netbt.sys (Microsoft Corporation)
DRV - (Smb) -- C:\Windows\System32\drivers\smb.sys (Microsoft Corporation)
DRV - (NativeWifiP) -- C:\Windows\System32\drivers\nwifi.sys (Microsoft Corporation)
DRV - (usbhub) -- C:\Windows\System32\drivers\usbhub.sys (Microsoft Corporation)
DRV - (ohci1394) -- C:\Windows\System32\drivers\ohci1394.sys (Microsoft Corporation)
DRV - (USBSTOR) -- C:\Windows\System32\drivers\USBSTOR.SYS (Microsoft Corporation)
DRV - (usbaudio) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (usbehci) -- C:\Windows\System32\drivers\usbehci.sys (Microsoft Corporation)
DRV - (HidUsb) -- C:\Windows\System32\drivers\hidusb.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\Windows\System32\drivers\hdaudbus.sys (Microsoft Corporation)
DRV - (cdrom) -- C:\Windows\System32\drivers\cdrom.sys (Microsoft Corporation)
DRV - (sffp_sd) -- C:\Windows\System32\drivers\sffp_sd.sys (Microsoft Corporation)
DRV - (kbdhid) -- C:\Windows\System32\drivers\kbdhid.sys (Microsoft Corporation)
DRV - (sdbus) -- C:\Windows\System32\drivers\sdbus.sys (Microsoft Corporation)
DRV - (MRxDAV) -- C:\Windows\System32\drivers\mrxdav.sys (Microsoft Corporation)
DRV - (rdbss) -- C:\Windows\System32\drivers\rdbss.sys (Microsoft Corporation)
DRV - (Npfs) -- C:\Windows\System32\drivers\npfs.sys (Microsoft Corporation)
DRV - (udfs) -- C:\Windows\System32\drivers\udfs.sys (Microsoft Corporation)
DRV - (exfat) -- C:\Windows\System32\drivers\exfat.sys (Microsoft Corporation)
DRV - (fastfat) -- C:\Windows\System32\drivers\fastfat.sys (Microsoft Corporation)
DRV - (PxHelp20) -- C:\Windows\System32\drivers\pxhelp20.sys (Sonic Solutions)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (iaStor) -- C:\Windows\System32\drivers\iaStor.sys (Intel Corporation)
DRV - (IntcAzAudAddService) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (msahci) -- C:\Windows\System32\drivers\msahci.sys (Microsoft Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (WUDFRd) -- C:\Windows\System32\drivers\WUDFRd.sys (Microsoft Corporation)
DRV - (tssecsrv) -- C:\Windows\System32\drivers\tssecsrv.sys (Microsoft Corporation)
DRV - (Modem) -- C:\Windows\System32\drivers\modem.sys (Microsoft Corporation)
DRV - (Rasl2tp) -- C:\Windows\System32\drivers\rasl2tp.sys (Microsoft Corporation)
DRV - (PptpMiniport) -- C:\Windows\System32\drivers\raspptp.sys (Microsoft Corporation)
DRV - (Ndisuio) -- C:\Windows\System32\drivers\ndisuio.sys (Microsoft Corporation)
DRV - (MSTEE) -- C:\Windows\System32\drivers\mstee.sys (Microsoft Corporation)
DRV - (MSPCLOCK) -- C:\Windows\System32\drivers\mspclock.sys (Microsoft Corporation)
DRV - (MSPQM) -- C:\Windows\System32\drivers\mspqm.sys (Microsoft Corporation)
DRV - (VgaSave) -- C:\Windows\System32\drivers\vga.sys (Microsoft Corporation)
DRV - (MSKSSRV) -- C:\Windows\System32\drivers\mskssrv.sys (Microsoft Corporation)
DRV - (RDPENCDD) -- C:\Windows\System32\drivers\RDPENCDD.sys (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\System32\drivers\mpsdrv.sys (Microsoft Corporation)
DRV - (nsiproxy) -- C:\Windows\System32\drivers\nsiproxy.sys (Microsoft Corporation)
DRV - (ws2ifsl) -- C:\Windows\System32\drivers\ws2ifsl.sys (Microsoft Corporation)
DRV - (IpFilterDriver) -- C:\Windows\System32\drivers\ipfltdrv.sys (Microsoft Corporation)
DRV - (luafv) -- C:\Windows\System32\drivers\luafv.sys (Microsoft Corporation)
DRV - (rspndr) -- C:\Windows\System32\drivers\rspndr.sys (Microsoft Corporation)
DRV - (lltdio) -- C:\Windows\System32\drivers\lltdio.sys (Microsoft Corporation)
DRV - (IPNAT) -- C:\Windows\System32\drivers\ipnat.sys (Microsoft Corporation)
DRV - (Wanarpv6) -- C:\Windows\System32\drivers\wanarp.sys (Microsoft Corporation)
DRV - (Wanarp) -- C:\Windows\System32\drivers\wanarp.sys (Microsoft Corporation)
DRV - (NDProxy) -- C:\Windows\System32\drivers\ndproxy.sys (Microsoft Corporation)
DRV - (NdisTapi) -- C:\Windows\System32\drivers\ndistapi.sys (Microsoft Corporation)
DRV - (tunmp) -- C:\Windows\System32\drivers\TUNMP.SYS (Microsoft Corporation)
DRV - (Filetrace) -- C:\Windows\System32\drivers\filetrace.sys (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\System32\drivers\netbios.sys (Microsoft Corporation)
DRV - (RasAcd) -- C:\Windows\System32\drivers\rasacd.sys (Microsoft Corporation)
DRV - (spldr) -- C:\Windows\System32\drivers\spldr.sys (Microsoft Corporation)
DRV - (TDTCP) -- C:\Windows\System32\drivers\tdtcp.sys (Microsoft Corporation)
DRV - (TDPIPE) -- C:\Windows\System32\drivers\tdpipe.sys (Microsoft Corporation)
DRV - (RDPCDD) -- C:\Windows\System32\drivers\RDPCDD.sys (Microsoft Corporation)
DRV - (FileInfo) -- C:\Windows\System32\drivers\fileinfo.sys (Microsoft Corporation)
DRV - (AsyncMac) -- C:\Windows\System32\drivers\asyncmac.sys (Microsoft Corporation)
DRV - (IRENUM) -- C:\Windows\System32\drivers\irenum.sys (Microsoft Corporation)
DRV - (Wdf01000) -- C:\Windows\System32\drivers\Wdf01000.sys (Microsoft Corporation)
DRV - (cdfs) -- C:\Windows\System32\drivers\cdfs.sys (Microsoft Corporation)
DRV - (Msfs) -- C:\Windows\System32\drivers\msfs.sys (Microsoft Corporation)
DRV - (Null) -- C:\Windows\System32\drivers\null.sys (Microsoft Corporation)
DRV - (Beep) -- C:\Windows\System32\drivers\beep.sys (Microsoft Corporation)
DRV - (MountMgr) -- C:\Windows\System32\drivers\mountmgr.sys (Microsoft Corporation)
DRV - (QWAVEdrv) -- C:\Windows\System32\drivers\qwavedrv.sys (Microsoft Corporation)
DRV - (MegaSR) -- C:\Windows\System32\drivers\MegaSR.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\System32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\System32\drivers\megasas.sys (LSI Corporation)
DRV - (usbvideo) -- C:\Windows\System32\drivers\usbvideo.sys (Microsoft Corporation)
DRV - (adpu160m) -- C:\Windows\System32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\System32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (SiSRaid2) -- C:\Windows\System32\drivers\sisraid2.sys (Microsoft Corporation)
DRV - (HpCISSs) -- C:\Windows\System32\drivers\HpCISSs.sys (Hewlett-Packard Company)
DRV - (circlass) -- C:\Windows\System32\drivers\circlass.sys (Microsoft Corporation)
DRV - (CmBatt) -- C:\Windows\System32\drivers\CmBatt.sys (Microsoft Corporation)
DRV - (adpahci) -- C:\Windows\System32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\System32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\System32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\System32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (Wd) -- C:\Windows\System32\drivers\wd.sys (Microsoft Corporation)
DRV - (iaStorV) -- C:\Windows\System32\drivers\iaStorV.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\System32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\System32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\System32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\System32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\System32\drivers\arc.sys (Adaptec, Inc.)
DRV - (kbdclass) -- C:\Windows\System32\drivers\kbdclass.sys (Microsoft Corporation)
DRV - (sffdisk) -- C:\Windows\System32\drivers\sffdisk.sys (Microsoft Corporation)
DRV - (sffp_mmc) -- C:\Windows\System32\drivers\sffp_mmc.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\System32\drivers\elxstor.sys (Emulex)
DRV - (IPMIDRV) -- C:\Windows\System32\drivers\IPMIDrv.sys (Microsoft Corporation)
DRV - (gagp30kx) -- C:\Windows\System32\drivers\GAGP30KX.SYS (Microsoft Corporation)
DRV - (uagp35) -- C:\Windows\System32\drivers\UAGP35.SYS (Microsoft Corporation)
DRV - (monitor) -- C:\Windows\System32\drivers\monitor.sys (Microsoft Corporation)
DRV - (umbus) -- C:\Windows\System32\drivers\umbus.sys (Microsoft Corporation)
DRV - (crcdisk) -- C:\Windows\System32\drivers\crcdisk.sys (Microsoft Corporation)
DRV - (adp94xx) -- C:\Windows\System32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\System32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (msdsm) -- C:\Windows\System32\drivers\msdsm.sys (Microsoft Corporation)
DRV - (nvstor) -- C:\Windows\System32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (drmkaud) -- C:\Windows\System32\drivers\drmkaud.sys (Microsoft Corporation)
DRV - (uliahci) -- C:\Windows\System32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (mpio) -- C:\Windows\System32\drivers\mpio.sys (Microsoft Corporation)
DRV - (usbccgp) -- C:\Windows\System32\drivers\usbccgp.sys (Microsoft Corporation)
DRV - (i8042prt) -- C:\Windows\System32\drivers\i8042prt.sys (Microsoft Corporation)
DRV - (mouclass) -- C:\Windows\System32\drivers\mouclass.sys (Microsoft Corporation)
DRV - (fdc) -- C:\Windows\System32\drivers\fdc.sys (Microsoft Corporation)
DRV - (flpydisk) -- C:\Windows\System32\drivers\flpydisk.sys (Microsoft Corporation)
DRV - (sermouse) -- C:\Windows\System32\drivers\sermouse.sys (Microsoft Corporation)
DRV - (mouhid) -- C:\Windows\System32\drivers\mouhid.sys (Microsoft Corporation)
DRV - (usbuhci) -- C:\Windows\System32\drivers\usbuhci.sys (Microsoft Corporation)
DRV - (i2omp) -- C:\Windows\System32\drivers\i2omp.sys (Microsoft Corporation)
DRV - (vga) -- C:\Windows\System32\drivers\vgapnp.sys (Microsoft Corporation)
DRV - (rdpdr) -- C:\Windows\System32\drivers\rdpdr.sys (Microsoft Corporation)
DRV - (nv_agp) -- C:\Windows\System32\drivers\NV_AGP.SYS (Microsoft Corporation)
DRV - (uliagpkx) -- C:\Windows\System32\drivers\ULIAGPKX.SYS (Microsoft Corporation)
DRV - (amdagp) -- C:\Windows\System32\drivers\AMDAGP.SYS (Microsoft Corporation)
DRV - (viaagp) -- C:\Windows\System32\drivers\VIAAGP.SYS (Microsoft Corporation)
DRV - (agp440) -- C:\Windows\System32\drivers\AGP440.sys (Microsoft Corporation)
DRV - (sisagp) -- C:\Windows\System32\drivers\SISAGP.SYS (Microsoft Corporation)
DRV - (volmgr) -- C:\Windows\System32\drivers\volmgr.sys (Microsoft Corporation)
DRV - (isapnp) -- C:\Windows\System32\drivers\isapnp.sys (Microsoft Corporation)
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys (Microsoft Corporation)
DRV - (mssmbios) -- C:\Windows\System32\drivers\mssmbios.sys (Microsoft Corporation)
DRV - (msisadrv) -- C:\Windows\System32\drivers\msisadrv.sys (Microsoft Corporation)
DRV - (swenum) -- C:\Windows\System32\drivers\swenum.sys (Microsoft Corporation)
DRV - (AmdK8) -- C:\Windows\System32\drivers\amdk8.sys (Microsoft Corporation)
DRV - (ViaC7) -- C:\Windows\System32\drivers\viac7.sys (Microsoft Corporation)
DRV - (intelppm) -- C:\Windows\System32\drivers\intelppm.sys (Microsoft Corporation)
DRV - (AmdK7) -- C:\Windows\System32\drivers\amdk7.sys (Microsoft Corporation)
DRV - (Processor) -- C:\Windows\System32\drivers\processr.sys (Microsoft Corporation)
DRV - (Crusoe) -- C:\Windows\System32\drivers\crusoe.sys (Microsoft Corporation)
DRV - (Compbatt) -- C:\Windows\System32\drivers\compbatt.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\System32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\System32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (intelide) -- C:\Windows\System32\drivers\intelide.sys (Microsoft Corporation)
DRV - (amdide) -- C:\Windows\System32\drivers\amdide.sys (Microsoft Corporation)
DRV - (aliide) -- C:\Windows\System32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (pciide) -- C:\Windows\System32\drivers\pciide.sys (Microsoft Corporation)
DRV - (WmiAcpi) -- C:\Windows\System32\drivers\wmiacpi.sys (Microsoft Corporation)
DRV - (ErrDev) -- C:\Windows\System32\drivers\errdev.sys (Microsoft Corporation)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (pcmcia) -- C:\Windows\System32\drivers\pcmcia.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\System32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\System32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\System32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\System32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (sbp2port) -- C:\Windows\System32\drivers\sbp2port.sys (Microsoft Corporation)
DRV - (aic78xx) -- C:\Windows\System32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\System32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\System32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\System32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\System32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\System32\drivers\Mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\System32\drivers\sym_hi.sys (LSI Logic)
DRV - (usbprint) -- C:\Windows\System32\drivers\usbprint.sys (Microsoft Corporation)
DRV - (PEAUTH) -- C:\Windows\System32\drivers\PEAuth.sys (Microsoft Corporation)
DRV - (BTHMODEM) -- C:\Windows\System32\drivers\bthmodem.sys (Microsoft Corporation)
DRV - (HidBth) -- C:\Windows\System32\drivers\hidbth.sys (Microsoft Corporation)
DRV - (usbcir) -- C:\Windows\System32\drivers\usbcir.sys (Microsoft Corporation)
DRV - (usbohci) -- C:\Windows\System32\drivers\usbohci.sys (Microsoft Corporation)
DRV - (HidIr) -- C:\Windows\System32\drivers\hidir.sys (Microsoft Corporation)
DRV - (WacomPen) -- C:\Windows\System32\drivers\wacompen.sys (Microsoft Corporation)
DRV - (sfloppy) -- C:\Windows\System32\drivers\sfloppy.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Microsoft Corporation)
DRV - (Parport) -- C:\Windows\System32\drivers\parport.sys (Microsoft Corporation)
DRV - (Serenum) -- C:\Windows\System32\drivers\serenum.sys (Microsoft Corporation)
DRV - (Parvdm) -- C:\Windows\System32\drivers\parvdm.sys (Microsoft Corporation)
DRV - (Brserid) -- C:\Windows\System32\drivers\BrSerId.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\System32\drivers\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\System32\drivers\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\System32\drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (ntrigdigi) -- C:\Windows\System32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\HdAudio.sys (Microsoft Corporation)
DRV - (Winsock) -- C:\Windows\System32\WINSOCK.DLL (Microsoft Corporation)
DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SYSTEM32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain ... &bmod=TSEA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{4A197EA8-F991-4CF6-9108-0828197E9EEF}: "URL" = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SYSTEM32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{4A197EA8-F991-4CF6-9108-0828197E9EEF}: "URL" = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GGLL_cs
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:16.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\nantan\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\nantan\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010.01.29 03:05:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 00:03:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.10 22:50:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2012.10.28 00:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nantan\AppData\Roaming\Mozilla\Extensions
[2012.10.28 00:03:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.10.28 00:03:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007.04.10 16:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2010.01.25 10:02:20 | 000,031,936 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\mozilla firefox\plugins\np_gp.dll
[2012.10.25 01:03:24 | 000,003,581 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2012.10.25 01:03:24 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2012.10.25 01:03:25 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2012.10.25 01:03:25 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2012.10.25 01:03:25 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2012.10.25 01:03:25 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2012.10.27 23:18:06 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStartupSound = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

[Nolax]

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Společnost Microsoft)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000053 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000054 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000055 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000056 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000057 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000058 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000059 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000060 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000061 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000062 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000063 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000064 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000065 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000066 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000067 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000068 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000069 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000070 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000071 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000072 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000073 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000074 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000075 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000076 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000077 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000078 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000079 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000080 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000081 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000082 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000083 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000084 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000085 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000086 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000087 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000088 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000089 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000090 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000091 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000092 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000093 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000094 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000095 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000096 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000097 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000098 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000099 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000100 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000101 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000102 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000103 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000104 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000105 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000106 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000107 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000108 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000109 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000110 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000111 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000112 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000113 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000114 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000115 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000116 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000117 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000118 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000119 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000120 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000121 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000122 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02D51302-E053-4A1D-BF02-727E3707C618}: DhcpNameServer = 217.77.165.81 217.77.161.131
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1741CBC1-A017-4262-983E-DD56B3F4B14A}: DhcpNameServer = 217.77.165.81 217.77.161.131
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F8D4962-7B4C-4D5F-A7C6-2C30F1DA357F}: DhcpNameServer = 217.77.165.81 217.77.161.131
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C85C1DFD-3CE2-43AF-955F-118F543AA396}: DhcpNameServer = 213.46.172.36 213.46.172.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F90827CA-65DB-4D58-A7B6-59393318F070}: DhcpNameServer = 217.77.165.81 217.77.161.131
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.10.28 11:06:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\nantan\Desktop\OTL.exe
[2012.10.28 00:03:35 | 000,000,000 | ---D | C] -- C:\Users\nantan\AppData\Roaming\Mozilla
[2012.10.28 00:03:35 | 000,000,000 | ---D | C] -- C:\Users\nantan\AppData\Local\Mozilla
[2012.10.28 00:03:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.10.27 23:55:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.10.27 23:25:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.10.27 23:25:26 | 000,000,000 | ---D | C] -- C:\Users\nantan\AppData\Local\temp
[2012.10.27 17:30:07 | 000,000,000 | ---D | C] -- C:\Users\nantan\AppData\Local\ATI
[2012.10.27 17:13:46 | 000,000,000 | ---D | C] -- C:\Users\nantan\Desktop\backups
[2012.10.27 16:08:58 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\nantan\Desktop\HiJackThis.exe
[2012.10.27 15:04:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.27 15:04:23 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.10.27 12:53:04 | 000,000,000 | ---D | C] -- C:\Users\nantan\Desktop\log
[2012.10.27 12:53:03 | 000,000,000 | ---D | C] -- C:\Users\nantan\Desktop\TMRBLog
[2012.10.27 12:48:51 | 008,656,400 | ---- | C] (Trend Micro Inc.) -- C:\Users\nantan\Desktop\RootkitBuster_v5_1061.exe
[2012.10.27 12:35:13 | 021,414,880 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\nantan\Desktop\SUPERAntiSpyware.exe
[2012.10.26 08:45:51 | 001,528,184 | ---- | C] (Microsoft Corporation) -- C:\Users\nantan\Desktop\GenuineCheck.exe
[2012.10.25 22:18:15 | 000,000,000 | ---D | C] -- C:\Users\nantan\Desktop\TempBK
[2012.10.25 22:06:39 | 000,572,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp90.dll
[2012.10.25 22:06:38 | 000,655,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr90.dll
[2012.10.21 23:46:22 | 000,000,000 | ---D | C] -- C:\Users\nantan\AppData\Roaming\Macromedia
[2012.10.21 23:37:23 | 000,000,000 | ---D | C] -- C:\VritualRoot
[2012.10.21 23:29:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012.10.21 23:27:32 | 035,226,440 | ---- | C] (COMODO) -- C:\Users\nantan\Desktop\cfw_installer_x86.exe
[2012.10.21 23:23:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.10.21 23:15:29 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.10.21 23:15:29 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.10.21 22:33:05 | 000,000,000 | ---D | C] -- C:\Users\nantan\AppData\Roaming\Avira
[2012.10.21 22:32:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.10.21 22:32:25 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.10.21 22:32:23 | 000,134,184 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.10.21 22:32:23 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.10.21 22:32:23 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.10.21 22:32:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.10.21 22:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.10.21 22:22:47 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.10.21 21:46:35 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.10.21 17:54:23 | 000,000,000 | ---D | C] -- C:\Users\nantan\AppData\Local\MFAData
[2012.10.21 14:22:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.21 14:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.10 00:30:02 | 000,000,000 | ---D | C] -- C:\Users\nantan\Desktop\Autoruns

========== Files - Modified Within 30 Days ==========

[2012.10.28 11:08:49 | 000,607,464 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2012.10.28 11:08:49 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.28 11:08:49 | 000,118,096 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2012.10.28 11:08:49 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.28 11:06:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\nantan\Desktop\OTL.exe
[2012.10.28 10:57:19 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.28 10:57:19 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.28 10:57:15 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.10.28 10:57:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.28 10:57:04 | 3219,120,128 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.28 00:03:33 | 000,000,851 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.28 00:01:28 | 000,004,424 | ---- | M] () -- C:\Users\nantan\Desktop\hijackthis28.10
[2012.10.28 00:00:21 | 000,349,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.10.27 23:51:00 | 000,188,416 | ---- | M] () -- C:\Users\nantan\Desktop\T-Cleaner (1).exe
[2012.10.27 23:18:06 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.10.27 15:04:48 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.27 14:13:04 | 000,028,672 | ---- | M] () -- C:\Users\nantan\Desktop\catchme02.exe
[2012.10.27 14:09:10 | 000,302,592 | ---- | M] () -- C:\Users\nantan\Desktop\t8xuht9l.exe
[2012.10.27 12:48:52 | 008,656,400 | ---- | M] (Trend Micro Inc.) -- C:\Users\nantan\Desktop\RootkitBuster_v5_1061.exe
[2012.10.27 12:45:52 | 000,450,985 | ---- | M] () -- C:\Users\nantan\Desktop\GrantPerms.zip
[2012.10.27 12:35:18 | 021,414,880 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\nantan\Desktop\SUPERAntiSpyware.exe
[2012.10.27 12:19:39 | 000,017,270 | ---- | M] () -- C:\Users\nantan\Desktop\Bez názvu 1.odt
[2012.10.26 08:45:51 | 001,528,184 | ---- | M] (Microsoft Corporation) -- C:\Users\nantan\Desktop\GenuineCheck.exe
[2012.10.25 22:06:38 | 000,572,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp90.dll
[2012.10.25 22:06:37 | 000,655,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr90.dll
[2012.10.24 21:32:44 | 142,102,192 | ---- | M] () -- C:\Users\nantan\Desktop\mwav.exe
[2012.10.21 23:30:11 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2012.10.21 23:28:02 | 035,226,440 | ---- | M] (COMODO) -- C:\Users\nantan\Desktop\cfw_installer_x86.exe
[2012.10.21 22:58:14 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2012.10.21 22:32:34 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.10.01 16:14:23 | 000,134,184 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.09.29 18:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012.10.28 10:57:04 | 3219,120,128 | -HS- | C] () -- C:\hiberfil.sys
[2012.10.28 00:03:33 | 000,000,863 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.10.28 00:03:33 | 000,000,851 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.28 00:01:28 | 000,004,424 | ---- | C] () -- C:\Users\nantan\Desktop\hijackthis28.10
[2012.10.27 23:59:50 | 000,349,680 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.10.27 23:50:59 | 000,188,416 | ---- | C] () -- C:\Users\nantan\Desktop\T-Cleaner (1).exe
[2012.10.27 15:04:48 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.27 14:13:03 | 000,028,672 | ---- | C] () -- C:\Users\nantan\Desktop\catchme02.exe
[2012.10.27 14:09:07 | 000,302,592 | ---- | C] () -- C:\Users\nantan\Desktop\t8xuht9l.exe
[2012.10.27 12:45:49 | 000,450,985 | ---- | C] () -- C:\Users\nantan\Desktop\GrantPerms.zip
[2012.10.27 12:19:36 | 000,017,270 | ---- | C] () -- C:\Users\nantan\Desktop\Bez názvu 1.odt
[2012.10.24 21:30:55 | 142,102,192 | ---- | C] () -- C:\Users\nantan\Desktop\mwav.exe
[2012.10.21 23:30:11 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2012.10.21 22:32:34 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.09.05 23:44:52 | 000,000,218 | ---- | C] () -- C:\Users\nantan\.recently-used.xbel
[2012.05.03 22:21:16 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2012.05.03 22:21:16 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2012.04.10 12:52:30 | 000,008,439 | ---- | C] () -- C:\Users\nantan\BF.ods
[2012.04.05 11:19:06 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2012.03.15 22:16:59 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012.03.15 22:16:57 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012.03.15 22:16:57 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012.03.15 22:16:57 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.10.11 11:19:22 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2011.04.15 12:08:14 | 000,010,752 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2011.03.02 06:57:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.03.02 06:57:40 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.03.02 06:57:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.03.02 06:57:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.03.02 06:57:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010.01.21 13:55:13 | 000,050,688 | ---- | C] () -- C:\Users\nantan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.10.21 22:13:12 | 000,000,000 | ---D | M] -- C:\Users\nantan\AppData\Roaming\GHISLER
[2012.10.21 22:13:12 | 000,000,000 | ---D | M] -- C:\Users\nantan\AppData\Roaming\GlarySoft
[2012.10.21 22:13:12 | 000,000,000 | ---D | M] -- C:\Users\nantan\AppData\Roaming\gtk-2.0
[2012.10.21 22:13:12 | 000,000,000 | ---D | M] -- C:\Users\nantan\AppData\Roaming\IMSIDesign
[2011.02.06 14:00:18 | 000,000,000 | ---D | M] -- C:\Users\nantan\AppData\Roaming\OpenOffice.org
[2012.10.21 22:13:13 | 000,000,000 | ---D | M] -- C:\Users\nantan\AppData\Roaming\Opera
[2010.10.20 20:33:50 | 000,000,000 | ---D | M] -- C:\Users\nantan\AppData\Roaming\TOSHIBA
[2012.05.13 14:23:22 | 000,000,000 | ---D | M] -- C:\Users\nantan\AppData\Roaming\uTorrent

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:C43ED645
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:99671BE2
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:FD34FE88

< End of report >