Jump to content

IP-blocks while surfing at safe sites


Recommended Posts

Hello,

Over past few weeks the IP protection module on anti-malware has been making few notifications of blocked access from disreputable ip-addresses to and from my computer. The reports have come while I've been surfing, but the websites I've been in at the time are -as far as I know- considered safe(I'm pretty certain Youtube being the only one that runs ads). After the notifications I did full scans using the latest updates on anti-malware, superantispyware and avira antivirus. They have yielded nothing more than tracking cookies(superantispyware).

Attach.txt

DDS.txt

The anti-malware logs on the Ip Blocks

2012/03/20 13:31:36 +0200 VESA-PC Vesa IP-BLOCK 91.211.117.70 (Type: outgoing, Port: 50651, Process: chrome.exe)

2012/03/20 13:31:36 +0200 VESA-PC Vesa IP-BLOCK 91.211.117.70 (Type: outgoing, Port: 50652, Process: chrome.exe)

2012/03/20 13:31:36 +0200 VESA-PC Vesa IP-BLOCK 91.211.117.70 (Type: outgoing, Port: 50653, Process: chrome.exe)

2012/03/20 13:39:23 +0200 VESA-PC Vesa IP-BLOCK 93.114.42.168 (Type: outgoing, Port: 50794, Process: chrome.exe)

2012/03/20 13:45:00 +0200 VESA-PC Vesa IP-BLOCK 93.114.42.168 (Type: outgoing, Port: 50853, Process: chrome.exe)

2012/03/20 13:45:00 +0200 VESA-PC Vesa IP-BLOCK 93.114.42.168 (Type: outgoing, Port: 50854, Process: chrome.exe)

2012/03/20 13:45:00 +0200 VESA-PC Vesa IP-BLOCK 93.114.42.168 (Type: outgoing, Port: 50855, Process: chrome.exe)

2012/03/20 13:45:25 +0200 VESA-PC Vesa IP-BLOCK 93.114.42.168 (Type: outgoing, Port: 50874, Process: chrome.exe)

2012/03/20 13:45:25 +0200 VESA-PC Vesa IP-BLOCK 93.114.42.168 (Type: outgoing, Port: 50875, Process: chrome.exe)

2012/03/20 16:00:32 +0200 VESA-PC Vesa IP-BLOCK 93.114.42.168 (Type: outgoing, Port: 52358, Process: chrome.exe)

2012/04/03 00:16:23 +0300 VESA-PC Vesa IP-BLOCK 222.218.45.57 (Type: incoming, Port: 3389, Process: svchost.exe)

-----------

So should I be concerned about these notifications, even though the scans show nothing? Also, if the ip-address is indeed malicious in nature, is the anti-malware's ip-block the only thing insulating the process? I'm currently using windows 7 firewall. Until the time of the first ip-block cluster I used comodo, but since the scans showed nothing, the notices stopped and comodo's defence+ functionality started to complain that trusted and cleanly acquired programs like open office and bink video contained malware code, I changed my firewall to windows 7 default firewall

Link to post
Share on other sites

  • 1 month later...

Hello Bobobot and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

Note: Those IP's appear to be connected to a Ukranian site (it's definitely suspicious, if not malicious). Unless you're knowingly browsing Ukraninan websites, there is probably something on your computer causing it to happen. Let's take a look at your computer to see what may be causing it.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt

how the PC is running now?

-------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

Also, please let me know if any problems still remain.

-------------

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • TDSSKiller logfile
  • C:\ComboFix.txt
  • Security Check checkup.txt

How is your computer running now?

Link to post
Share on other sites

Hi,

Thanks for replying.

The ip-block notifications stopped coming more than a month ago. Is this functionality still present in the free version of mbam? The only other strangeness was/is that while connecting to the net via wireless network the computer occasionally tried to connect using roaming connections which are -unless I'm mistaken- used by my ISP for connecting to the net from abroad. However I was not abroad at the time.

TDSSkiller log:

577 1040 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31

02:31:49.0592 1040 ============================================================

02:31:49.0592 1040 Current date / time: 2012/06/06 02:31:49.0592

02:31:49.0592 1040 SystemInfo:

02:31:49.0592 1040

02:31:49.0592 1040 OS Version: 6.1.7601 ServicePack: 1.0

02:31:49.0592 1040 Product type: Workstation

02:31:49.0592 1040 ComputerName:

02:31:49.0592 1040 UserName:

02:31:49.0592 1040 Windows directory: C:\Windows

02:31:49.0592 1040 System windows directory: C:\Windows

02:31:49.0592 1040 Running under WOW64

02:31:49.0592 1040 Processor architecture: Intel x64

02:31:49.0592 1040 Number of processors: 4

02:31:49.0592 1040 Page size: 0x1000

02:31:49.0592 1040 Boot type: Normal boot

02:31:49.0592 1040 ============================================================

02:31:50.0091 1040 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

02:31:50.0107 1040 ============================================================

02:31:50.0107 1040 \Device\Harddisk0\DR0:

02:31:50.0107 1040 MBR partitions:

02:31:50.0107 1040 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2AF98B5, BlocksNum 0xE8E0909

02:31:50.0123 1040 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x113DB000, BlocksNum 0x28FAA800

02:31:50.0123 1040 ============================================================

02:31:50.0185 1040 C: <-> \Device\Harddisk0\DR0\Partition0

02:31:50.0201 1040 D: <-> \Device\Harddisk0\DR0\Partition1

02:31:50.0201 1040 ============================================================

02:31:50.0201 1040 Initialize success

02:31:50.0201 1040 ============================================================

02:31:53.0726 1272 ============================================================

02:31:53.0726 1272 Scan started

02:31:53.0726 1272 Mode: Manual;

02:31:53.0726 1272 ============================================================

02:31:54.0241 1272 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

02:31:54.0257 1272 !SASCORE - ok

02:31:54.0506 1272 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

02:31:54.0506 1272 1394ohci - ok

02:31:54.0615 1272 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

02:31:54.0615 1272 ACPI - ok

02:31:54.0662 1272 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

02:31:54.0662 1272 AcpiPmi - ok

02:31:54.0740 1272 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

02:31:54.0756 1272 adp94xx - ok

02:31:54.0818 1272 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

02:31:54.0818 1272 adpahci - ok

02:31:54.0849 1272 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

02:31:54.0849 1272 adpu320 - ok

02:31:54.0896 1272 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

02:31:54.0896 1272 AeLookupSvc - ok

02:31:54.0974 1272 AFBAgent (079cba3c5c9ab11b2b4e6bd729a860f2) C:\Windows\system32\FBAgent.exe

02:31:54.0990 1272 AFBAgent - ok

02:31:55.0083 1272 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

02:31:55.0099 1272 AFD - ok

02:31:55.0146 1272 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

02:31:55.0146 1272 agp440 - ok

02:31:55.0193 1272 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

02:31:55.0193 1272 ALG - ok

02:31:55.0224 1272 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

02:31:55.0224 1272 aliide - ok

02:31:55.0271 1272 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

02:31:55.0271 1272 amdide - ok

02:31:55.0317 1272 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

02:31:55.0317 1272 AmdK8 - ok

02:31:55.0364 1272 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

02:31:55.0380 1272 AmdPPM - ok

02:31:55.0427 1272 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

02:31:55.0427 1272 amdsata - ok

02:31:55.0473 1272 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

02:31:55.0473 1272 amdsbs - ok

02:31:55.0505 1272 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

02:31:55.0505 1272 amdxata - ok

02:31:55.0645 1272 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

02:31:55.0645 1272 AntiVirSchedulerService - ok

02:31:55.0707 1272 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

02:31:55.0707 1272 AntiVirService - ok

02:31:55.0754 1272 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

02:31:55.0754 1272 AppID - ok

02:31:55.0785 1272 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

02:31:55.0785 1272 AppIDSvc - ok

02:31:55.0832 1272 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

02:31:55.0832 1272 Appinfo - ok

02:31:55.0848 1272 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

02:31:55.0848 1272 arc - ok

02:31:55.0879 1272 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

02:31:55.0895 1272 arcsas - ok

02:31:55.0957 1272 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

02:31:55.0957 1272 ASLDRService - ok

02:31:55.0988 1272 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys

02:31:55.0988 1272 ASMMAP64 - ok

02:31:56.0035 1272 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

02:31:56.0035 1272 AsyncMac - ok

02:31:56.0082 1272 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

02:31:56.0082 1272 atapi - ok

02:31:56.0129 1272 AthBTPort (cbe61b4494165f458bd87e37181ee934) C:\Windows\system32\DRIVERS\btath_flt.sys

02:31:56.0129 1272 AthBTPort - ok

02:31:56.0207 1272 Atheros Bt&Wlan Coex Agent (a6307f356d778e18a76e7783ef98c6aa) C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe

02:31:56.0207 1272 Atheros Bt&Wlan Coex Agent - ok

02:31:56.0253 1272 AtherosSvc (749ff240dedafaff94288e0307104df3) C:\Program Files (x86)\Atheros\Bluetooth Suite\adminservice.exe

02:31:56.0253 1272 AtherosSvc - ok

02:31:56.0487 1272 athr (b4174564ad5834a1680610572477878c) C:\Windows\system32\DRIVERS\athrx.sys

02:31:56.0503 1272 athr - ok

02:31:56.0581 1272 ATKGFNEXSrv (7910158929571214a959d5a6d16dd9c0) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

02:31:56.0581 1272 ATKGFNEXSrv - ok

02:31:56.0612 1272 ATKWMIACPIIO (1f7238a37389ed92e9d8eee975cabd54) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys

02:31:56.0612 1272 ATKWMIACPIIO - ok

02:31:56.0799 1272 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

02:31:56.0815 1272 AudioEndpointBuilder - ok

02:31:56.0815 1272 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

02:31:56.0831 1272 AudioSrv - ok

02:31:56.0940 1272 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys

02:31:56.0940 1272 avgntflt - ok

02:31:57.0002 1272 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys

02:31:57.0002 1272 avipbb - ok

02:31:57.0049 1272 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys

02:31:57.0049 1272 avkmgr - ok

02:31:57.0127 1272 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

02:31:57.0127 1272 AxInstSV - ok

02:31:57.0205 1272 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

02:31:57.0221 1272 b06bdrv - ok

02:31:57.0330 1272 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

02:31:57.0330 1272 b57nd60a - ok

02:31:57.0392 1272 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

02:31:57.0392 1272 BDESVC - ok

02:31:57.0611 1272 BecHelperService (468dfcaa46ffa1d079392c38145e9023) C:\Program Files (x86)\Mobiililaajakaista\Mobiililaajakaista\BecHelperService.exe

02:31:57.0626 1272 BecHelperService - ok

02:31:57.0767 1272 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

02:31:57.0767 1272 Beep - ok

02:31:57.0876 1272 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

02:31:57.0891 1272 BFE - ok

02:31:58.0032 1272 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

02:31:58.0047 1272 BITS - ok

02:31:58.0141 1272 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

02:31:58.0141 1272 blbdrive - ok

02:31:58.0188 1272 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

02:31:58.0188 1272 bowser - ok

02:31:58.0203 1272 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

02:31:58.0203 1272 BrFiltLo - ok

02:31:58.0235 1272 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

02:31:58.0235 1272 BrFiltUp - ok

02:31:58.0297 1272 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

02:31:58.0297 1272 Browser - ok

02:31:58.0391 1272 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

02:31:58.0391 1272 Brserid - ok

02:31:58.0453 1272 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

02:31:58.0453 1272 BrSerWdm - ok

02:31:58.0484 1272 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

02:31:58.0484 1272 BrUsbMdm - ok

02:31:58.0500 1272 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

02:31:58.0500 1272 BrUsbSer - ok

02:31:58.0562 1272 BTATH_A2DP (227c8f308de4af4808e587465ceab838) C:\Windows\system32\drivers\btath_a2dp.sys

02:31:58.0562 1272 BTATH_A2DP - ok

02:31:58.0609 1272 BTATH_BUS (a83a91d07d1fe6bbe7a9db46ca00434b) C:\Windows\system32\DRIVERS\btath_bus.sys

02:31:58.0609 1272 BTATH_BUS - ok

02:31:58.0640 1272 BTATH_HCRP (c864ff85ee16d61c2bdd5ef76824625f) C:\Windows\system32\DRIVERS\btath_hcrp.sys

02:31:58.0640 1272 BTATH_HCRP - ok

02:31:58.0718 1272 BTATH_LWFLT (0dea505efb5d771826d177ef8b8a208f) C:\Windows\system32\DRIVERS\btath_lwflt.sys

02:31:58.0718 1272 BTATH_LWFLT - ok

02:31:58.0749 1272 BTATH_RCP (724c8088c96efe7a3e63fec21d4681c0) C:\Windows\system32\DRIVERS\btath_rcp.sys

02:31:58.0765 1272 BTATH_RCP - ok

02:31:58.0812 1272 BtFilter (486720da2b3bb13d1080c83140c18b56) C:\Windows\system32\DRIVERS\btfilter.sys

02:31:58.0827 1272 BtFilter - ok

02:31:58.0859 1272 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

02:31:58.0859 1272 BthEnum - ok

02:31:58.0890 1272 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

02:31:58.0890 1272 BTHMODEM - ok

02:31:58.0921 1272 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

02:31:58.0921 1272 BthPan - ok

02:31:58.0983 1272 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

02:31:58.0983 1272 BTHPORT - ok

02:31:59.0030 1272 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

02:31:59.0030 1272 bthserv - ok

02:31:59.0046 1272 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

02:31:59.0046 1272 BTHUSB - ok

02:31:59.0077 1272 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

02:31:59.0077 1272 cdfs - ok

02:31:59.0139 1272 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

02:31:59.0139 1272 cdrom - ok

02:31:59.0186 1272 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

02:31:59.0186 1272 CertPropSvc - ok

02:31:59.0217 1272 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

02:31:59.0217 1272 circlass - ok

02:31:59.0249 1272 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

02:31:59.0249 1272 CLFS - ok

02:31:59.0327 1272 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

02:31:59.0327 1272 clr_optimization_v2.0.50727_32 - ok

02:31:59.0420 1272 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

02:31:59.0420 1272 clr_optimization_v2.0.50727_64 - ok

02:31:59.0498 1272 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

02:31:59.0498 1272 clr_optimization_v4.0.30319_32 - ok

02:31:59.0529 1272 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

02:31:59.0529 1272 clr_optimization_v4.0.30319_64 - ok

02:31:59.0561 1272 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

02:31:59.0561 1272 CmBatt - ok

02:31:59.0576 1272 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

02:31:59.0576 1272 cmdide - ok

02:31:59.0654 1272 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

02:31:59.0670 1272 CNG - ok

02:31:59.0701 1272 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

02:31:59.0701 1272 Compbatt - ok

02:31:59.0748 1272 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

02:31:59.0748 1272 CompositeBus - ok

02:31:59.0748 1272 COMSysApp - ok

02:31:59.0888 1272 cphs (f08c6020e57f5e5bf2fd034db10bedfb) C:\Windows\SysWow64\IntelCpHeciSvc.exe

02:31:59.0888 1272 cphs - ok

02:31:59.0904 1272 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

02:31:59.0904 1272 crcdisk - ok

02:31:59.0951 1272 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

02:31:59.0951 1272 CryptSvc - ok

02:32:00.0044 1272 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

02:32:00.0044 1272 DcomLaunch - ok

02:32:00.0107 1272 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

02:32:00.0107 1272 defragsvc - ok

02:32:00.0169 1272 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

02:32:00.0169 1272 DfsC - ok

02:32:00.0216 1272 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

02:32:00.0216 1272 Dhcp - ok

02:32:00.0247 1272 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

02:32:00.0247 1272 discache - ok

02:32:00.0278 1272 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

02:32:00.0278 1272 Disk - ok

02:32:00.0341 1272 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

02:32:00.0341 1272 Dnscache - ok

02:32:00.0387 1272 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

02:32:00.0387 1272 dot3svc - ok

02:32:00.0419 1272 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

02:32:00.0419 1272 DPS - ok

02:32:00.0450 1272 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

02:32:00.0450 1272 drmkaud - ok

02:32:00.0543 1272 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

02:32:00.0559 1272 DXGKrnl - ok

02:32:00.0606 1272 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

02:32:00.0606 1272 EapHost - ok

02:32:00.0840 1272 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

02:32:00.0871 1272 ebdrv - ok

02:32:01.0011 1272 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

02:32:01.0011 1272 EFS - ok

02:32:01.0105 1272 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

02:32:01.0121 1272 ehRecvr - ok

02:32:01.0183 1272 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

02:32:01.0183 1272 ehSched - ok

02:32:01.0323 1272 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

02:32:01.0323 1272 elxstor - ok

02:32:01.0401 1272 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

02:32:01.0401 1272 ErrDev - ok

02:32:01.0464 1272 ETD (5b042aa9cebdab5b61e747ddcebff51b) C:\Windows\system32\DRIVERS\ETD.sys

02:32:01.0464 1272 ETD - ok

02:32:01.0526 1272 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

02:32:01.0542 1272 EventSystem - ok

02:32:01.0620 1272 ewusbnet (d83eb7ade99d99a4cd6568ac1261d35e) C:\Windows\system32\DRIVERS\ewusbnet.sys

02:32:01.0635 1272 ewusbnet - ok

02:32:01.0667 1272 ew_hwusbdev (86f7951bbcee4a86e79a97306bd14318) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys

02:32:01.0667 1272 ew_hwusbdev - ok

02:32:01.0682 1272 ew_usbenumfilter (55e0eda185869f7ea67ea97fd0655b39) C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys

02:32:01.0682 1272 ew_usbenumfilter - ok

02:32:01.0745 1272 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

02:32:01.0745 1272 exfat - ok

02:32:01.0791 1272 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

02:32:01.0791 1272 fastfat - ok

02:32:01.0885 1272 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

02:32:01.0901 1272 Fax - ok

02:32:01.0932 1272 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

02:32:01.0932 1272 fdc - ok

02:32:01.0947 1272 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

02:32:01.0947 1272 fdPHost - ok

02:32:01.0963 1272 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

02:32:01.0963 1272 FDResPub - ok

02:32:01.0979 1272 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

02:32:01.0979 1272 FileInfo - ok

02:32:01.0994 1272 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

02:32:01.0994 1272 Filetrace - ok

02:32:02.0010 1272 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

02:32:02.0010 1272 flpydisk - ok

02:32:02.0088 1272 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

02:32:02.0088 1272 FltMgr - ok

02:32:02.0197 1272 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

02:32:02.0213 1272 FontCache - ok

02:32:02.0322 1272 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

02:32:02.0322 1272 FontCache3.0.0.0 - ok

02:32:02.0369 1272 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

02:32:02.0369 1272 FsDepends - ok

02:32:02.0415 1272 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys

02:32:02.0415 1272 fssfltr - ok

02:32:02.0649 1272 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

02:32:02.0681 1272 fsssvc - ok

02:32:02.0805 1272 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

02:32:02.0805 1272 Fs_Rec - ok

02:32:02.0883 1272 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

02:32:02.0883 1272 fvevol - ok

02:32:02.0961 1272 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

02:32:02.0961 1272 gagp30kx - ok

02:32:03.0039 1272 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

02:32:03.0055 1272 gpsvc - ok

02:32:03.0133 1272 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

02:32:03.0149 1272 gupdate - ok

02:32:03.0164 1272 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

02:32:03.0164 1272 gupdatem - ok

02:32:03.0211 1272 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

02:32:03.0211 1272 gusvc - ok

02:32:03.0242 1272 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

02:32:03.0242 1272 hcw85cir - ok

02:32:03.0320 1272 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

02:32:03.0336 1272 HdAudAddService - ok

02:32:03.0445 1272 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

02:32:03.0445 1272 HDAudBus - ok

02:32:03.0461 1272 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

02:32:03.0476 1272 HidBatt - ok

02:32:03.0492 1272 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

02:32:03.0492 1272 HidBth - ok

02:32:03.0539 1272 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

02:32:03.0539 1272 HidIr - ok

02:32:03.0570 1272 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

02:32:03.0570 1272 hidserv - ok

02:32:03.0601 1272 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

02:32:03.0601 1272 HidUsb - ok

02:32:03.0648 1272 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

02:32:03.0648 1272 hkmsvc - ok

02:32:03.0695 1272 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

02:32:03.0710 1272 HomeGroupListener - ok

02:32:03.0757 1272 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

02:32:03.0757 1272 HomeGroupProvider - ok

02:32:03.0788 1272 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

02:32:03.0804 1272 HpSAMD - ok

02:32:03.0882 1272 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

02:32:03.0882 1272 HTTP - ok

02:32:03.0944 1272 huawei_enumerator (09af4d7563efc283bedddafe60faf168) C:\Windows\system32\DRIVERS\ew_jubusenum.sys

02:32:03.0944 1272 huawei_enumerator - ok

02:32:03.0975 1272 hwdatacard (6e05228393cd614b983568ec40c262c3) C:\Windows\system32\DRIVERS\ewusbmdm.sys

02:32:03.0975 1272 hwdatacard - ok

02:32:04.0022 1272 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

02:32:04.0022 1272 hwpolicy - ok

02:32:04.0085 1272 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

02:32:04.0085 1272 i8042prt - ok

02:32:04.0163 1272 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys

02:32:04.0163 1272 iaStor - ok

02:32:04.0225 1272 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

02:32:04.0225 1272 iaStorV - ok

02:32:04.0381 1272 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

02:32:04.0397 1272 idsvc - ok

02:32:05.0270 1272 igfx (371d7f91c0d2314eb984a4a6cbeabc92) C:\Windows\system32\DRIVERS\igdkmd64.sys

02:32:05.0333 1272 igfx - ok

02:32:05.0457 1272 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

02:32:05.0457 1272 iirsp - ok

02:32:05.0551 1272 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

02:32:05.0567 1272 IKEEXT - ok

02:32:05.0832 1272 IntcAzAudAddService (3e3926f4fa7c9162c5c3ec6bf1e4f349) C:\Windows\system32\drivers\RTKVHD64.sys

02:32:05.0847 1272 IntcAzAudAddService - ok

02:32:05.0972 1272 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys

02:32:05.0988 1272 IntcDAud - ok

02:32:06.0003 1272 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

02:32:06.0003 1272 intelide - ok

02:32:06.0035 1272 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

02:32:06.0035 1272 intelppm - ok

02:32:06.0081 1272 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

02:32:06.0081 1272 IPBusEnum - ok

02:32:06.0113 1272 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

02:32:06.0128 1272 IpFilterDriver - ok

02:32:06.0222 1272 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

02:32:06.0237 1272 iphlpsvc - ok

02:32:06.0284 1272 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

02:32:06.0284 1272 IPMIDRV - ok

02:32:06.0315 1272 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

02:32:06.0315 1272 IPNAT - ok

02:32:06.0347 1272 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

02:32:06.0347 1272 IRENUM - ok

02:32:06.0362 1272 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

02:32:06.0378 1272 isapnp - ok

02:32:06.0409 1272 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

02:32:06.0409 1272 iScsiPrt - ok

02:32:06.0487 1272 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

02:32:06.0487 1272 kbdclass - ok

02:32:06.0503 1272 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

02:32:06.0503 1272 kbdhid - ok

02:32:06.0549 1272 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys

02:32:06.0549 1272 kbfiltr - ok

02:32:06.0581 1272 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

02:32:06.0581 1272 KeyIso - ok

02:32:06.0612 1272 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

02:32:06.0612 1272 KSecDD - ok

02:32:06.0659 1272 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

02:32:06.0674 1272 KSecPkg - ok

02:32:06.0721 1272 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

02:32:06.0721 1272 ksthunk - ok

02:32:06.0783 1272 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

02:32:06.0799 1272 KtmRm - ok

02:32:06.0861 1272 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

02:32:06.0861 1272 LanmanServer - ok

02:32:06.0939 1272 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

02:32:06.0939 1272 LanmanWorkstation - ok

02:32:06.0971 1272 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

02:32:06.0986 1272 lltdio - ok

02:32:07.0033 1272 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

02:32:07.0049 1272 lltdsvc - ok

02:32:07.0049 1272 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

02:32:07.0049 1272 lmhosts - ok

02:32:07.0095 1272 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

02:32:07.0111 1272 LSI_FC - ok

02:32:07.0127 1272 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

02:32:07.0142 1272 LSI_SAS - ok

02:32:07.0158 1272 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

02:32:07.0158 1272 LSI_SAS2 - ok

02:32:07.0205 1272 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

02:32:07.0205 1272 LSI_SCSI - ok

02:32:07.0236 1272 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

02:32:07.0236 1272 luafv - ok

02:32:07.0283 1272 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

02:32:07.0283 1272 MBAMProtector - ok

02:32:07.0407 1272 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

02:32:07.0407 1272 MBAMService - ok

02:32:07.0454 1272 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

02:32:07.0454 1272 Mcx2Svc - ok

02:32:07.0470 1272 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

02:32:07.0470 1272 megasas - ok

02:32:07.0517 1272 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

02:32:07.0517 1272 MegaSR - ok

02:32:07.0548 1272 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

02:32:07.0548 1272 MEIx64 - ok

02:32:07.0579 1272 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

02:32:07.0579 1272 MMCSS - ok

02:32:07.0610 1272 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

02:32:07.0610 1272 Modem - ok

02:32:07.0626 1272 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

02:32:07.0626 1272 monitor - ok

02:32:07.0673 1272 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

02:32:07.0673 1272 mouclass - ok

02:32:07.0704 1272 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

02:32:07.0704 1272 mouhid - ok

02:32:07.0735 1272 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

02:32:07.0735 1272 mountmgr - ok

02:32:07.0797 1272 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

02:32:07.0797 1272 mpio - ok

02:32:07.0813 1272 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

02:32:07.0829 1272 mpsdrv - ok

02:32:07.0922 1272 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

02:32:07.0938 1272 MpsSvc - ok

02:32:07.0969 1272 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

02:32:07.0969 1272 MRxDAV - ok

02:32:08.0016 1272 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

02:32:08.0031 1272 mrxsmb - ok

02:32:08.0078 1272 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

02:32:08.0078 1272 mrxsmb10 - ok

02:32:08.0109 1272 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

02:32:08.0109 1272 mrxsmb20 - ok

02:32:08.0125 1272 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

02:32:08.0125 1272 msahci - ok

02:32:08.0156 1272 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

02:32:08.0156 1272 msdsm - ok

02:32:08.0187 1272 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

02:32:08.0187 1272 MSDTC - ok

02:32:08.0234 1272 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

02:32:08.0234 1272 Msfs - ok

02:32:08.0250 1272 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

02:32:08.0250 1272 mshidkmdf - ok

02:32:08.0265 1272 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

02:32:08.0265 1272 msisadrv - ok

02:32:08.0328 1272 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

02:32:08.0328 1272 MSiSCSI - ok

02:32:08.0328 1272 msiserver - ok

02:32:08.0359 1272 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

02:32:08.0359 1272 MSKSSRV - ok

02:32:08.0375 1272 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

02:32:08.0375 1272 MSPCLOCK - ok

02:32:08.0375 1272 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

02:32:08.0375 1272 MSPQM - ok

02:32:08.0437 1272 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

02:32:08.0453 1272 MsRPC - ok

02:32:08.0468 1272 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

02:32:08.0468 1272 mssmbios - ok

02:32:08.0484 1272 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

02:32:08.0484 1272 MSTEE - ok

02:32:08.0499 1272 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

02:32:08.0499 1272 MTConfig - ok

02:32:08.0531 1272 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

02:32:08.0531 1272 Mup - ok

02:32:08.0609 1272 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

02:32:08.0624 1272 napagent - ok

02:32:08.0718 1272 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

02:32:08.0718 1272 NativeWifiP - ok

02:32:08.0889 1272 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

02:32:08.0905 1272 NDIS - ok

02:32:08.0936 1272 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

02:32:08.0936 1272 NdisCap - ok

02:32:08.0967 1272 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

02:32:08.0967 1272 NdisTapi - ok

02:32:09.0014 1272 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

02:32:09.0014 1272 Ndisuio - ok

02:32:09.0077 1272 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

02:32:09.0077 1272 NdisWan - ok

02:32:09.0139 1272 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

02:32:09.0155 1272 NDProxy - ok

02:32:09.0170 1272 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

02:32:09.0170 1272 NetBIOS - ok

02:32:09.0217 1272 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

02:32:09.0217 1272 NetBT - ok

02:32:09.0279 1272 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

02:32:09.0279 1272 Netlogon - ok

02:32:09.0373 1272 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

02:32:09.0373 1272 Netman - ok

02:32:09.0467 1272 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

02:32:09.0467 1272 netprofm - ok

02:32:09.0576 1272 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

02:32:09.0576 1272 NetTcpPortSharing - ok

02:32:09.0638 1272 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

02:32:09.0638 1272 nfrd960 - ok

02:32:09.0716 1272 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

02:32:09.0716 1272 NlaSvc - ok

02:32:09.0732 1272 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

02:32:09.0747 1272 Npfs - ok

02:32:09.0763 1272 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

02:32:09.0763 1272 nsi - ok

02:32:09.0779 1272 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

02:32:09.0779 1272 nsiproxy - ok

02:32:09.0950 1272 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

02:32:09.0966 1272 Ntfs - ok

02:32:10.0075 1272 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

02:32:10.0075 1272 Null - ok

02:32:10.0855 1272 nvlddmkm (d5dea2c1865cab9ee6aa29cf9e79a2ce) C:\Windows\system32\DRIVERS\nvlddmkm.sys

02:32:10.0917 1272 nvlddmkm - ok

02:32:11.0011 1272 nvpciflt (5ef70f7714c664bcf50edfc141dea9b8) C:\Windows\system32\DRIVERS\nvpciflt.sys

02:32:11.0011 1272 nvpciflt - ok

02:32:11.0058 1272 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

02:32:11.0058 1272 nvraid - ok

02:32:11.0089 1272 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

02:32:11.0105 1272 nvstor - ok

02:32:11.0198 1272 NVSvc (5a4af8ea634b4feeaf6f16bb1845715a) C:\Windows\system32\nvvsvc.exe

02:32:11.0214 1272 NVSvc - ok

02:32:11.0495 1272 nvUpdatusService (4b7636c52a359ab0783b350a5fbdbb49) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

02:32:11.0526 1272 nvUpdatusService - ok

02:32:11.0619 1272 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

02:32:11.0619 1272 nv_agp - ok

02:32:11.0651 1272 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

02:32:11.0651 1272 ohci1394 - ok

02:32:11.0713 1272 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

02:32:11.0713 1272 p2pimsvc - ok

02:32:11.0775 1272 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

02:32:11.0791 1272 p2psvc - ok

02:32:11.0822 1272 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

02:32:11.0822 1272 Parport - ok

02:32:11.0869 1272 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

02:32:11.0869 1272 partmgr - ok

02:32:11.0900 1272 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

02:32:11.0900 1272 PcaSvc - ok

02:32:11.0978 1272 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

02:32:11.0978 1272 pci - ok

02:32:11.0994 1272 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

02:32:11.0994 1272 pciide - ok

02:32:12.0041 1272 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

02:32:12.0056 1272 pcmcia - ok

02:32:12.0087 1272 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

02:32:12.0087 1272 pcw - ok

02:32:12.0150 1272 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

02:32:12.0165 1272 PEAUTH - ok

02:32:12.0259 1272 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

02:32:12.0275 1272 PerfHost - ok

02:32:12.0477 1272 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

02:32:12.0509 1272 pla - ok

02:32:12.0633 1272 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

02:32:12.0633 1272 PlugPlay - ok

02:32:12.0665 1272 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

02:32:12.0665 1272 PNRPAutoReg - ok

02:32:12.0711 1272 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

02:32:12.0711 1272 PNRPsvc - ok

02:32:12.0774 1272 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

02:32:12.0774 1272 PolicyAgent - ok

02:32:12.0821 1272 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

02:32:12.0821 1272 Power - ok

02:32:12.0899 1272 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

02:32:12.0899 1272 PptpMiniport - ok

02:32:12.0914 1272 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

02:32:12.0914 1272 Processor - ok

02:32:12.0961 1272 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

02:32:12.0961 1272 ProfSvc - ok

02:32:12.0992 1272 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

02:32:12.0992 1272 ProtectedStorage - ok

02:32:13.0039 1272 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

02:32:13.0039 1272 Psched - ok

02:32:13.0211 1272 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

02:32:13.0226 1272 ql2300 - ok

02:32:13.0289 1272 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

02:32:13.0289 1272 ql40xx - ok

02:32:13.0320 1272 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

02:32:13.0335 1272 QWAVE - ok

02:32:13.0351 1272 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

02:32:13.0351 1272 QWAVEdrv - ok

02:32:13.0382 1272 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

02:32:13.0382 1272 RasAcd - ok

02:32:13.0413 1272 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

02:32:13.0413 1272 RasAgileVpn - ok

02:32:13.0445 1272 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

02:32:13.0445 1272 RasAuto - ok

02:32:13.0476 1272 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

02:32:13.0476 1272 Rasl2tp - ok

02:32:13.0554 1272 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

02:32:13.0569 1272 RasMan - ok

02:32:13.0585 1272 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

02:32:13.0585 1272 RasPppoe - ok

02:32:13.0632 1272 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

02:32:13.0647 1272 RasSstp - ok

02:32:13.0679 1272 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

02:32:13.0694 1272 rdbss - ok

02:32:13.0710 1272 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

02:32:13.0710 1272 rdpbus - ok

02:32:13.0741 1272 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

02:32:13.0741 1272 RDPCDD - ok

02:32:13.0788 1272 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

02:32:13.0788 1272 RDPENCDD - ok

02:32:13.0803 1272 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

02:32:13.0803 1272 RDPREFMP - ok

02:32:13.0850 1272 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

02:32:13.0850 1272 RDPWD - ok

02:32:13.0897 1272 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

02:32:13.0897 1272 rdyboost - ok

02:32:13.0944 1272 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

02:32:13.0944 1272 RemoteAccess - ok

02:32:13.0975 1272 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

02:32:13.0991 1272 RemoteRegistry - ok

02:32:14.0022 1272 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

02:32:14.0022 1272 RFCOMM - ok

02:32:14.0053 1272 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

02:32:14.0053 1272 RpcEptMapper - ok

02:32:14.0069 1272 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

02:32:14.0069 1272 RpcLocator - ok

02:32:14.0193 1272 rpcnet (3297445bb9fd3e8363e7559010ed2ae7) C:\Windows\SysWOW64\rpcnet.exe

02:32:14.0193 1272 rpcnet - ok

02:32:14.0271 1272 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

02:32:14.0287 1272 RpcSs - ok

02:32:14.0349 1272 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

02:32:14.0349 1272 rspndr - ok

02:32:14.0427 1272 RSUSBVSTOR (e57fac2cdb73f06586ed2ed310b80932) C:\Windows\system32\Drivers\RtsUVStor.sys

02:32:14.0427 1272 RSUSBVSTOR - ok

02:32:14.0490 1272 RTL8167 (20a466b9ea2bd828c0ec723f99b8cfe7) C:\Windows\system32\DRIVERS\Rt64win7.sys

02:32:14.0505 1272 RTL8167 - ok

02:32:14.0521 1272 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

02:32:14.0521 1272 SamSs - ok

02:32:14.0615 1272 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

02:32:14.0615 1272 SASDIFSV - ok

02:32:14.0646 1272 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

02:32:14.0646 1272 SASKUTIL - ok

02:32:14.0693 1272 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

02:32:14.0693 1272 sbp2port - ok

02:32:14.0724 1272 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

02:32:14.0724 1272 SCardSvr - ok

02:32:14.0771 1272 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

02:32:14.0771 1272 scfilter - ok

02:32:14.0880 1272 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

02:32:14.0895 1272 Schedule - ok

02:32:14.0927 1272 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

02:32:14.0927 1272 SCPolicySvc - ok

02:32:14.0973 1272 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

02:32:14.0989 1272 SDRSVC - ok

02:32:15.0020 1272 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

02:32:15.0020 1272 secdrv - ok

02:32:15.0067 1272 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

02:32:15.0067 1272 seclogon - ok

02:32:15.0098 1272 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

02:32:15.0114 1272 SENS - ok

02:32:15.0129 1272 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

02:32:15.0145 1272 SensrSvc - ok

02:32:15.0161 1272 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

02:32:15.0161 1272 Serenum - ok

02:32:15.0207 1272 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

02:32:15.0207 1272 Serial - ok

02:32:15.0223 1272 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

02:32:15.0223 1272 sermouse - ok

02:32:15.0270 1272 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

02:32:15.0270 1272 SessionEnv - ok

02:32:15.0301 1272 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

02:32:15.0301 1272 sffdisk - ok

02:32:15.0317 1272 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

02:32:15.0317 1272 sffp_mmc - ok

02:32:15.0332 1272 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

02:32:15.0332 1272 sffp_sd - ok

02:32:15.0363 1272 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

02:32:15.0363 1272 sfloppy - ok

02:32:15.0441 1272 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

02:32:15.0441 1272 SharedAccess - ok

02:32:15.0504 1272 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

02:32:15.0519 1272 ShellHWDetection - ok

02:32:15.0566 1272 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys

02:32:15.0566 1272 SiSGbeLH - ok

02:32:15.0613 1272 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

02:32:15.0613 1272 SiSRaid2 - ok

02:32:15.0644 1272 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

02:32:15.0644 1272 SiSRaid4 - ok

02:32:15.0660 1272 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

02:32:15.0675 1272 Smb - ok

02:32:15.0707 1272 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

02:32:15.0722 1272 SNMPTRAP - ok

02:32:15.0738 1272 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

02:32:15.0738 1272 spldr - ok

02:32:15.0800 1272 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

02:32:15.0800 1272 Spooler - ok

02:32:16.0050 1272 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

02:32:16.0081 1272 sppsvc - ok

02:32:16.0206 1272 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

02:32:16.0206 1272 sppuinotify - ok

02:32:16.0299 1272 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

02:32:16.0299 1272 srv - ok

02:32:16.0362 1272 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

02:32:16.0377 1272 srv2 - ok

02:32:16.0424 1272 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

02:32:16.0424 1272 srvnet - ok

02:32:16.0471 1272 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

02:32:16.0487 1272 SSDPSRV - ok

02:32:16.0502 1272 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

02:32:16.0502 1272 SstpSvc - ok

02:32:16.0580 1272 Steam Client Service - ok

02:32:16.0611 1272 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

02:32:16.0611 1272 stexstor - ok

02:32:16.0689 1272 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

02:32:16.0705 1272 stisvc - ok

02:32:16.0736 1272 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

02:32:16.0736 1272 swenum - ok

02:32:16.0783 1272 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

02:32:16.0799 1272 swprv - ok

02:32:16.0955 1272 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

02:32:16.0970 1272 SysMain - ok

02:32:17.0064 1272 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

02:32:17.0064 1272 TabletInputService - ok

02:32:17.0111 1272 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

02:32:17.0126 1272 TapiSrv - ok

02:32:17.0157 1272 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

02:32:17.0173 1272 TBS - ok

02:32:17.0329 1272 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

02:32:17.0360 1272 Tcpip - ok

02:32:17.0594 1272 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

02:32:17.0610 1272 TCPIP6 - ok

02:32:17.0703 1272 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

02:32:17.0703 1272 tcpipreg - ok

02:32:17.0750 1272 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

02:32:17.0750 1272 TDPIPE - ok

02:32:17.0781 1272 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

02:32:17.0781 1272 TDTCP - ok

02:32:17.0828 1272 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

02:32:17.0828 1272 tdx - ok

02:32:17.0859 1272 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

02:32:17.0859 1272 TermDD - ok

02:32:17.0922 1272 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

02:32:17.0937 1272 TermService - ok

02:32:17.0953 1272 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

02:32:17.0953 1272 Themes - ok

02:32:18.0000 1272 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

02:32:18.0000 1272 THREADORDER - ok

02:32:18.0031 1272 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

02:32:18.0031 1272 TrkWks - ok

02:32:18.0078 1272 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

02:32:18.0078 1272 TrustedInstaller - ok

02:32:18.0125 1272 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

02:32:18.0125 1272 tssecsrv - ok

02:32:18.0218 1272 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

02:32:18.0218 1272 TsUsbFlt - ok

02:32:18.0265 1272 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

02:32:18.0265 1272 tunnel - ok

02:32:18.0296 1272 TurboB (b355581a9da34c92e2dbafa410d2f829) C:\Windows\system32\DRIVERS\TurboB.sys

02:32:18.0296 1272 TurboB - ok

02:32:18.0359 1272 TurboBoost (6564e84b1522c12ea1c3a181ed03276f) C:\Program Files\Intel\TurboBoost\TurboBoost.exe

02:32:18.0359 1272 TurboBoost - ok

02:32:18.0390 1272 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

02:32:18.0390 1272 uagp35 - ok

02:32:18.0452 1272 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

02:32:18.0468 1272 udfs - ok

02:32:18.0499 1272 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

02:32:18.0499 1272 UI0Detect - ok

02:32:18.0530 1272 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

02:32:18.0530 1272 uliagpkx - ok

02:32:18.0593 1272 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

02:32:18.0593 1272 umbus - ok

02:32:18.0624 1272 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

02:32:18.0624 1272 UmPass - ok

02:32:18.0686 1272 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

02:32:18.0686 1272 upnphost - ok

02:32:18.0733 1272 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

02:32:18.0733 1272 usbccgp - ok

02:32:18.0764 1272 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

02:32:18.0780 1272 usbcir - ok

02:32:18.0780 1272 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

02:32:18.0780 1272 usbehci - ok

02:32:18.0858 1272 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

02:32:18.0858 1272 usbhub - ok

02:32:18.0920 1272 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

02:32:18.0920 1272 usbohci - ok

02:32:18.0951 1272 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

02:32:18.0951 1272 usbprint - ok

02:32:18.0998 1272 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

02:32:18.0998 1272 usbscan - ok

02:32:19.0014 1272 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

02:32:19.0014 1272 USBSTOR - ok

02:32:19.0029 1272 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

02:32:19.0029 1272 usbuhci - ok

02:32:19.0076 1272 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

02:32:19.0092 1272 usbvideo - ok

02:32:19.0107 1272 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

02:32:19.0107 1272 UxSms - ok

02:32:19.0139 1272 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

02:32:19.0139 1272 VaultSvc - ok

02:32:19.0154 1272 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

02:32:19.0170 1272 vdrvroot - ok

02:32:19.0232 1272 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

02:32:19.0232 1272 vds - ok

02:32:19.0263 1272 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

02:32:19.0263 1272 vga - ok

02:32:19.0279 1272 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

02:32:19.0279 1272 VgaSave - ok

02:32:19.0326 1272 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

02:32:19.0326 1272 vhdmp - ok

02:32:19.0341 1272 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

02:32:19.0341 1272 viaide - ok

02:32:19.0373 1272 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

02:32:19.0373 1272 volmgr - ok

02:32:19.0435 1272 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

02:32:19.0435 1272 volmgrx - ok

02:32:19.0482 1272 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

02:32:19.0482 1272 volsnap - ok

02:32:19.0529 1272 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

02:32:19.0529 1272 vsmraid - ok

02:32:19.0700 1272 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

02:32:19.0716 1272 VSS - ok

02:32:19.0856 1272 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

02:32:19.0856 1272 vwifibus - ok

02:32:19.0887 1272 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

02:32:19.0887 1272 vwififlt - ok

02:32:19.0919 1272 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

02:32:19.0919 1272 vwifimp - ok

02:32:19.0981 1272 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

02:32:19.0997 1272 W32Time - ok

02:32:20.0028 1272 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

02:32:20.0028 1272 WacomPen - ok

02:32:20.0059 1272 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

02:32:20.0059 1272 WANARP - ok

02:32:20.0075 1272 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

02:32:20.0075 1272 Wanarpv6 - ok

02:32:20.0231 1272 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

02:32:20.0246 1272 WatAdminSvc - ok

02:32:20.0402 1272 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

02:32:20.0418 1272 wbengine - ok

02:32:20.0527 1272 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

02:32:20.0527 1272 WbioSrvc - ok

02:32:20.0589 1272 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

02:32:20.0605 1272 wcncsvc - ok

02:32:20.0652 1272 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

02:32:20.0667 1272 WcsPlugInService - ok

02:32:20.0683 1272 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

02:32:20.0683 1272 Wd - ok

02:32:20.0761 1272 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

02:32:20.0777 1272 Wdf01000 - ok

02:32:20.0808 1272 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

02:32:20.0808 1272 WdiServiceHost - ok

02:32:20.0808 1272 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

02:32:20.0823 1272 WdiSystemHost - ok

02:32:20.0870 1272 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

02:32:20.0870 1272 WebClient - ok

02:32:20.0917 1272 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

02:32:20.0917 1272 Wecsvc - ok

02:32:20.0948 1272 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

02:32:20.0948 1272 wercplsupport - ok

02:32:20.0964 1272 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

02:32:20.0979 1272 WerSvc - ok

02:32:20.0995 1272 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

02:32:20.0995 1272 WfpLwf - ok

02:32:21.0042 1272 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys

02:32:21.0042 1272 WimFltr - ok

02:32:21.0073 1272 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

02:32:21.0073 1272 WIMMount - ok

02:32:21.0135 1272 WinDefend - ok

02:32:21.0135 1272 WinHttpAutoProxySvc - ok

02:32:21.0213 1272 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

02:32:21.0213 1272 Winmgmt - ok

02:32:21.0416 1272 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

02:32:21.0432 1272 WinRM - ok

02:32:21.0603 1272 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

02:32:21.0603 1272 WinUsb - ok

02:32:21.0697 1272 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

02:32:21.0713 1272 Wlansvc - ok

02:32:21.0775 1272 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

02:32:21.0775 1272 wlcrasvc - ok

02:32:21.0978 1272 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

02:32:21.0993 1272 wlidsvc - ok

02:32:22.0071 1272 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

02:32:22.0071 1272 WmiAcpi - ok

02:32:22.0118 1272 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

02:32:22.0118 1272 wmiApSrv - ok

02:32:22.0134 1272 WMPNetworkSvc - ok

02:32:22.0149 1272 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

02:32:22.0149 1272 WPCSvc - ok

02:32:22.0196 1272 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

02:32:22.0196 1272 WPDBusEnum - ok

02:32:22.0274 1272 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

02:32:22.0274 1272 ws2ifsl - ok

02:32:22.0305 1272 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

02:32:22.0305 1272 wscsvc - ok

02:32:22.0321 1272 WSearch - ok

02:32:22.0524 1272 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

02:32:22.0539 1272 wuauserv - ok

02:32:22.0633 1272 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

02:32:22.0633 1272 WudfPf - ok

02:32:22.0742 1272 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

02:32:22.0742 1272 WUDFRd - ok

02:32:22.0773 1272 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

02:32:22.0789 1272 wudfsvc - ok

02:32:22.0820 1272 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

02:32:22.0820 1272 WwanSvc - ok

02:32:22.0883 1272 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

02:32:23.0148 1272 \Device\Harddisk0\DR0 - ok

02:32:23.0163 1272 Boot (0x1200) (b5f6be6cdbce8afec77e24d29abd022d) \Device\Harddisk0\DR0\Partition0

02:32:23.0163 1272 \Device\Harddisk0\DR0\Partition0 - ok

02:32:23.0179 1272 Boot (0x1200) (5ee60bfdce741c68bea6e759d22b676a) \Device\Harddisk0\DR0\Partition1

02:32:23.0179 1272 \Device\Harddisk0\DR0\Partition1 - ok

02:32:23.0179 1272 ============================================================

02:32:23.0179 1272 Scan finished

02:32:23.0179 1272 ============================================================

02:32:23.0195 5048 Detected object count: 0

02:32:23.0195 5048 Actual detected object count: 0

02:33:04.0836 5672 Deinitialize success

Link to post
Share on other sites

ComboFix 12-06-05.03 - Vesa 06.06.2012 2:37.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.358.1035.18.4008.2574 [GMT 3:00]

Sijainti: c:\users\Vesa\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\FullRemove.exe

.

.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2012-05-06 to 2012-06-06 )))))))))))))))))

.

.

2012-06-01 14:15 . 2012-06-01 14:16 -------- d-----w- c:\users\usertili\AppData\Roaming\Mount&Blade Warband

2012-05-31 20:23 . 2012-05-31 20:23 -------- d-----w- c:\users\usertili\AppData\Local\My Games

2012-05-13 15:54 . 2012-05-13 15:54 -------- d-----w- c:\users\usertili\AppData\Local\Skyrim

2012-05-13 15:51 . 2012-05-13 15:51 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-10 00:19 . 2012-05-10 00:19 -------- d-----w- c:\program files\Microsoft Silverlight

2012-05-10 00:19 . 2012-05-10 00:19 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2012-05-09 23:52 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-09 23:52 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-09 23:52 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys

2012-05-09 23:52 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-09 23:52 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-09 23:52 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-05-09 23:52 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-05-09 23:52 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-05-09 23:52 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-05-09 23:52 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-09 23:52 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-05-09 23:52 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-09 23:51 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-09 02:08 . 2012-06-02 21:33 -------- d-----w- c:\users\usertili\AppData\Local\CrashDumps

.

.

.

(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-05 23:13 . 2011-03-23 12:08 17920 ----a-w- c:\windows\system32\rpcnetp.exe

2012-06-05 23:13 . 2011-05-21 15:19 45056 ----a-w- c:\windows\system32\acovcnt.exe

2012-06-05 23:13 . 2011-05-22 18:56 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll

2012-05-08 23:22 . 2012-05-01 15:50 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-05-08 23:22 . 2012-05-01 15:50 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-04-18 00:03 . 2012-05-01 11:22 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1581912-766F-4EA8-AB42-2BD0C7729558}\mpengine.dll

2012-04-04 12:56 . 2012-02-20 12:02 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-03 13:13 . 2011-05-29 16:04 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-03-20 14:39 . 2012-03-20 14:39 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-03-20 14:39 . 2012-03-20 14:39 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-03-20 14:39 . 2012-03-20 14:39 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-03-20 14:39 . 2012-03-20 14:39 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-03-20 14:39 . 2012-03-20 14:39 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-03-20 14:39 . 2012-03-20 14:39 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-03-20 14:39 . 2012-03-20 14:39 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-03-20 14:39 . 2012-03-20 14:39 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-03-20 14:39 . 2012-03-20 14:39 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-03-20 14:39 . 2012-03-20 14:39 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-03-20 14:39 . 2012-03-20 14:39 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-03-20 14:39 . 2012-03-20 14:39 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-03-20 14:39 . 2012-03-20 14:39 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-03-20 14:39 . 2012-03-20 14:39 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-03-20 14:39 . 2012-03-20 14:39 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-03-20 14:39 . 2012-03-20 14:39 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2012-03-20 14:39 . 2012-03-20 14:39 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-03-20 14:39 . 2012-03-20 14:39 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-03-20 14:39 . 2012-03-20 14:39 222208 ----a-w- c:\windows\system32\msls31.dll

2012-03-20 14:39 . 2012-03-20 14:39 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-03-20 14:39 . 2012-03-20 14:39 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-03-20 14:39 . 2012-03-20 14:39 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-03-20 14:39 . 2012-03-20 14:39 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-03-20 14:39 . 2012-03-20 14:39 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-03-20 14:39 . 2012-03-20 14:39 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-03-20 14:39 . 2012-03-20 14:39 12288 ----a-w- c:\windows\system32\mshta.exe

2012-03-20 14:39 . 2012-03-20 14:39 114176 ----a-w- c:\windows\system32\admparse.dll

2012-03-20 14:39 . 2012-03-20 14:39 111616 ----a-w- c:\windows\system32\iesysprep.dll

2012-03-20 14:39 . 2012-03-20 14:39 448512 ----a-w- c:\windows\system32\html.iec

2012-03-20 14:39 . 2012-03-20 14:39 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-03-20 14:39 . 2012-03-20 14:39 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-03-20 14:39 . 2012-03-20 14:39 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-03-20 14:39 . 2012-03-20 14:39 160256 ----a-w- c:\windows\system32\wextract.exe

2012-03-20 14:39 . 2012-03-20 14:39 603648 ----a-w- c:\windows\system32\vbscript.dll

2012-03-19 20:44 . 2012-03-19 20:44 5888792 ----a-w- c:\windows\system32\GfxUI.exe

2012-03-19 20:44 . 2012-03-19 20:44 509720 ----a-w- c:\windows\system32\igfxsrvc.exe

2012-03-19 20:44 . 2012-03-19 20:44 439064 ----a-w- c:\windows\system32\igfxpers.exe

2012-03-19 20:44 . 2012-03-19 20:44 398616 ----a-w- c:\windows\system32\hkcmd.exe

2012-03-19 20:44 . 2012-03-19 20:44 276248 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe

2012-03-19 20:44 . 2012-03-19 20:44 250136 ----a-w- c:\windows\system32\igfxext.exe

2012-03-19 20:44 . 2012-03-19 20:44 184600 ----a-w- c:\windows\system32\difx64.exe

2012-03-19 20:44 . 2012-03-19 20:44 170264 ----a-w- c:\windows\system32\igfxtray.exe

2012-03-19 20:42 . 2012-03-19 20:42 90112 ----a-w- c:\windows\system32\igfxCoIn_v2696.dll

2012-03-19 20:32 . 2012-03-19 20:32 14745600 ----a-w- c:\windows\system32\drivers\igdkmd64.sys

2012-03-19 20:31 . 2012-03-19 20:31 8087040 ----a-w- c:\windows\system32\igdumd64.dll

2012-03-19 20:31 . 2012-03-19 20:31 79360 ----a-w- c:\windows\system32\igdde64.dll

2012-03-19 20:26 . 2012-03-19 20:26 6120960 ----a-w- c:\windows\SysWow64\igdumd32.dll

2012-03-19 20:25 . 2012-03-19 20:25 58880 ----a-w- c:\windows\SysWow64\igdde32.dll

2012-03-19 20:22 . 2011-03-23 12:19 9605632 ----a-w- c:\windows\system32\igd10umd64.dll

2012-03-19 20:11 . 2012-03-19 20:11 7795200 ----a-w- c:\windows\SysWow64\igd10umd32.dll

2012-03-19 19:31 . 2012-03-19 19:31 18137088 ----a-w- c:\windows\system32\ig4icd64.dll

2012-03-19 19:21 . 2012-03-19 19:21 13212672 ----a-w- c:\windows\SysWow64\ig4icd32.dll

2012-03-19 19:18 . 2012-03-19 19:18 439296 ----a-w- c:\windows\system32\igfxrrom.lrc

2012-03-19 19:18 . 2012-03-19 19:18 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc

2012-03-19 19:18 . 2012-03-19 19:18 438272 ----a-w- c:\windows\system32\igfxrsky.lrc

2012-03-19 19:18 . 2012-03-19 19:18 437760 ----a-w- c:\windows\system32\igfxrslv.lrc

2012-03-19 19:18 . 2012-03-19 19:18 439808 ----a-w- c:\windows\system32\igfxresn.lrc

2012-03-19 19:18 . 2012-03-19 19:18 439296 ----a-w- c:\windows\system32\igfxrrus.lrc

2012-03-19 19:18 . 2012-03-19 19:18 438784 ----a-w- c:\windows\system32\igfxrptg.lrc

2012-03-19 19:18 . 2012-03-19 19:18 438784 ----a-w- c:\windows\system32\igfxrplk.lrc

2012-03-19 19:18 . 2012-03-19 19:18 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc

2012-03-19 19:18 . 2012-03-19 19:18 437760 ----a-w- c:\windows\system32\igfxrsve.lrc

2012-03-19 19:18 . 2012-03-19 19:18 437760 ----a-w- c:\windows\system32\igfxrptb.lrc

2012-03-19 19:18 . 2012-03-19 19:18 437248 ----a-w- c:\windows\system32\igfxrtha.lrc

2012-03-19 19:18 . 2012-03-19 19:18 440320 ----a-w- c:\windows\system32\igfxrell.lrc

2012-03-19 19:18 . 2012-03-19 19:18 438784 ----a-w- c:\windows\system32\igfxrita.lrc

2012-03-19 19:18 . 2012-03-19 19:18 438272 ----a-w- c:\windows\system32\igfxrhun.lrc

2012-03-19 19:18 . 2012-03-19 19:18 437760 ----a-w- c:\windows\system32\igfxrnor.lrc

2012-03-19 19:18 . 2012-03-19 19:18 435712 ----a-w- c:\windows\system32\igfxrheb.lrc

2012-03-19 19:18 . 2012-03-19 19:18 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc

2012-03-19 19:18 . 2012-03-19 19:18 430592 ----a-w- c:\windows\system32\igfxrkor.lrc

2012-03-19 19:18 . 2012-03-19 19:18 439808 ----a-w- c:\windows\system32\igfxrfra.lrc

2012-03-19 19:18 . 2012-03-19 19:18 438784 ----a-w- c:\windows\system32\igfxrnld.lrc

2012-03-19 19:18 . 2012-03-19 19:18 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc

2012-03-19 19:18 . 2012-03-19 19:18 438272 ----a-w- c:\windows\system32\igfxrfin.lrc

2012-03-19 19:18 . 2012-03-19 19:18 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc

2012-03-19 19:18 . 2012-03-19 19:18 437248 ----a-w- c:\windows\system32\igfxrdan.lrc

2012-03-19 19:18 . 2012-03-19 19:18 429056 ----a-w- c:\windows\system32\igfxrcht.lrc

2012-03-19 19:18 . 2012-03-19 19:18 435712 ----a-w- c:\windows\system32\igfxrara.lrc

2012-03-19 19:18 . 2012-03-19 19:18 428544 ----a-w- c:\windows\system32\igfxrchs.lrc

2012-03-19 19:18 . 2012-03-19 19:18 126976 ----a-w- c:\windows\system32\igfxcpl.cpl

2012-03-19 19:18 . 2012-03-19 19:18 386560 ----a-w- c:\windows\system32\igfxpph.dll

2012-03-19 19:18 . 2012-03-19 19:18 410624 ----a-w- c:\windows\system32\igfxTMM.dll

2012-03-19 19:17 . 2012-03-19 19:17 28672 ----a-w- c:\windows\system32\igfxexps.dll

2012-03-19 19:17 . 2011-03-23 12:19 63488 ----a-w- c:\windows\system32\igfxsrvc.dll

2012-03-19 19:17 . 2011-03-23 12:19 110592 ----a-w- c:\windows\system32\hccutils.dll

2012-03-19 19:17 . 2012-03-19 19:17 9216 ----a-w- c:\windows\system32\IGFXDEVLib.dll

2012-03-19 19:17 . 2012-03-19 19:17 434688 ----a-w- c:\windows\system32\igfxdev.dll

2012-03-19 19:17 . 2012-03-19 19:17 172032 ----a-w- c:\windows\system32\gfxSrvc.dll

2012-03-19 19:16 . 2012-03-19 19:16 286208 ----a-w- c:\windows\system32\igfxrenu.lrc

2012-03-19 19:16 . 2012-03-19 19:16 142336 ----a-w- c:\windows\system32\igfxdo.dll

2012-03-19 19:16 . 2011-03-23 12:19 9007616 ----a-w- c:\windows\system32\igfxress.dll

.

.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Steam"="d:\progs\steam\Steam.exe" [2012-05-13 1242448]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-04-27 4786048]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]

.

c:\users\usertili\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\users\Vesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-3-23 548528]

FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2011-3-23 12862]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-23 135664]

R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]

R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]

R3 gupdatem;Google Päivitä-palvelu (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-23 135664]

R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [x]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windowsin aktivointitekniikoiden palvelu;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-09-29 140672]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Atheros\Ath_CoexAgent.exe [2010-05-24 151552]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Atheros\Bluetooth Suite\adminservice.exe [2010-11-26 52896]

S2 BecHelperService;BecHelperService;c:\program files (x86)\Mobiililaajakaista\Mobiililaajakaista\BecHelperService.exe [2011-03-09 1958272]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-02-19 2009704]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]

S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

--- Muut muistissa olevat ajurit/palvelut ---

.

*NewlyCreated* - 30838599

*NewlyCreated* - 35801033

*Deregistered* - 30838599

*Deregistered* - 35801033

.

'Ajoitetut tehtävät'-kansion sisältö

.

2012-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-23 12:34]

.

2012-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-23 12:34]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-23 2188904]

"AtherosBtStack"="c:\program files (x86)\Atheros\Bluetooth Suite\BtvStack.exe" [2010-11-26 613536]

"AthBtTray"="c:\program files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe" [2010-11-26 379040]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Täydentävä tarkistus -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://asus.msn.com

mStart Page = hxxp://asus.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.254.254 192.168.254.254

TCP: Interfaces\{5BFECA8C-2C50-4D21-84A5-BC2F322CCCB6}: NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{DCA7AF32-EF46-497E-9AA2-296A20952E8A}: NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{F5D1B026-3400-4E74-98DE-E527BC0448A2}: NameServer = 156.154.70.22,156.154.71.22

.

- - - - POISTETUT JäMäRIVIT - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe

HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd

.

.

.

--------------------- LUKITUT REKISTERIAVAIMET ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Valmistumisajankohta: 2012-06-06 03:03:00

ComboFix-quarantined-files.txt 2012-06-06 00:03

.

Ennen ajoa: 68 537 425 920 tavua vapaana

Ajon jälkeen: 71 546 228 736 tavua vapaana

.

- - End Of File - - EC4F7A3860798348858CCE4AB2F6F7A4

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.41

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Avira Desktop

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware versio 1.61.0.1400

Java 6 Update 22

Java 6 Update 31

Java version out of date!

Adobe Flash Player 10 Flash Player out of date!

Google Chrome 19.0.1084.46

Google Chrome 19.0.1084.52

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Let's give this a shot:

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Driver::

30838599

35801033

File::

C:\Windows\System32\Drivers\30838599.sys

C:\Windows\System32\Drivers\35801033.sys

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now ;)

Link to post
Share on other sites

Hi,

Well the combofix completed now within the 10 minute timeframe. Last time it took about twenty minutes to finish. Afterwards I had to reboot the computer again since combofix apparently did something to the registry entries of all the other programs preventing their use. Everything seems to work fine now.

I'd also be interested in knowing what combofix actually found on my computer.

ComboFix 12-06-05.03 - Vesa 07.06.2012 6:19.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.358.1035.18.4008.2322 [GMT 3:00]

Sijainti: c:\users\Vesa\Desktop\ComboFix.exe

Käytetyt komentorivivalitsimet :: c:\users\Vesa\Desktop\CFScript.txt

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Uusi palautuspiste luotu

.

FILE ::

"c:\windows\System32\Drivers\30838599.sys"

"c:\windows\System32\Drivers\35801033.sys"

.

.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Ajurit/Palvelut )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_30838599

-------\Legacy_35801033

.

.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2012-05-07 to 2012-06-07 )))))))))))))))))

.

.

2012-06-07 03:27 . 2012-06-07 03:27 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-06-01 14:15 . 2012-06-01 14:16 -------- d-----w- c:\users\usertili\AppData\Roaming\Mount&Blade Warband

2012-05-31 20:23 . 2012-05-31 20:23 -------- d-----w- c:\users\usertili\AppData\Local\My Games

2012-05-13 15:54 . 2012-05-13 15:54 -------- d-----w- c:\users\usertili\AppData\Local\Skyrim

2012-05-13 15:51 . 2012-05-13 15:51 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-10 00:19 . 2012-05-10 00:19 -------- d-----w- c:\program files\Microsoft Silverlight

2012-05-10 00:19 . 2012-05-10 00:19 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2012-05-09 23:52 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-09 23:52 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-09 23:52 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys

2012-05-09 23:52 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-09 23:52 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-09 23:52 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-05-09 23:52 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-05-09 23:52 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-05-09 23:52 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-05-09 23:52 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-09 23:52 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-05-09 23:52 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-09 23:51 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-09 02:08 . 2012-06-02 21:33 -------- d-----w- c:\users\usertili\AppData\Local\CrashDumps

.

.

.

(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-07 03:28 . 2011-05-21 15:19 45056 ----a-w- c:\windows\system32\acovcnt.exe

2012-06-07 03:28 . 2011-03-23 12:08 17920 ----a-w- c:\windows\system32\rpcnetp.exe

2012-06-07 03:28 . 2011-05-22 18:56 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll

2012-05-08 23:22 . 2012-05-01 15:50 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2012-05-08 23:22 . 2012-05-01 15:50 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys

2012-04-18 00:03 . 2012-05-01 11:22 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1581912-766F-4EA8-AB42-2BD0C7729558}\mpengine.dll

2012-04-04 12:56 . 2012-02-20 12:02 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-03 13:13 . 2011-05-29 16:04 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-03-20 14:39 . 2012-03-20 14:39 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-03-20 14:39 . 2012-03-20 14:39 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-03-20 14:39 . 2012-03-20 14:39 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2012-03-20 14:39 . 2012-03-20 14:39 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2012-03-20 14:39 . 2012-03-20 14:39 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2012-03-20 14:39 . 2012-03-20 14:39 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2012-03-20 14:39 . 2012-03-20 14:39 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2012-03-20 14:39 . 2012-03-20 14:39 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2012-03-20 14:39 . 2012-03-20 14:39 367104 ----a-w- c:\windows\SysWow64\html.iec

2012-03-20 14:39 . 2012-03-20 14:39 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-03-20 14:39 . 2012-03-20 14:39 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2012-03-20 14:39 . 2012-03-20 14:39 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2012-03-20 14:39 . 2012-03-20 14:39 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2012-03-20 14:39 . 2012-03-20 14:39 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-03-20 14:39 . 2012-03-20 14:39 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2012-03-20 14:39 . 2012-03-20 14:39 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2012-03-20 14:39 . 2012-03-20 14:39 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-03-20 14:39 . 2012-03-20 14:39 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2012-03-20 14:39 . 2012-03-20 14:39 222208 ----a-w- c:\windows\system32\msls31.dll

2012-03-20 14:39 . 2012-03-20 14:39 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-03-20 14:39 . 2012-03-20 14:39 76800 ----a-w- c:\windows\system32\tdc.ocx

2012-03-20 14:39 . 2012-03-20 14:39 49664 ----a-w- c:\windows\system32\imgutil.dll

2012-03-20 14:39 . 2012-03-20 14:39 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-03-20 14:39 . 2012-03-20 14:39 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-03-20 14:39 . 2012-03-20 14:39 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-03-20 14:39 . 2012-03-20 14:39 12288 ----a-w- c:\windows\system32\mshta.exe

2012-03-20 14:39 . 2012-03-20 14:39 114176 ----a-w- c:\windows\system32\admparse.dll

2012-03-20 14:39 . 2012-03-20 14:39 111616 ----a-w- c:\windows\system32\iesysprep.dll

2012-03-20 14:39 . 2012-03-20 14:39 448512 ----a-w- c:\windows\system32\html.iec

2012-03-20 14:39 . 2012-03-20 14:39 85504 ----a-w- c:\windows\system32\iesetup.dll

2012-03-20 14:39 . 2012-03-20 14:39 30720 ----a-w- c:\windows\system32\licmgr10.dll

2012-03-20 14:39 . 2012-03-20 14:39 165888 ----a-w- c:\windows\system32\iexpress.exe

2012-03-20 14:39 . 2012-03-20 14:39 160256 ----a-w- c:\windows\system32\wextract.exe

2012-03-20 14:39 . 2012-03-20 14:39 603648 ----a-w- c:\windows\system32\vbscript.dll

2012-03-19 20:44 . 2012-03-19 20:44 5888792 ----a-w- c:\windows\system32\GfxUI.exe

2012-03-19 20:44 . 2012-03-19 20:44 509720 ----a-w- c:\windows\system32\igfxsrvc.exe

2012-03-19 20:44 . 2012-03-19 20:44 439064 ----a-w- c:\windows\system32\igfxpers.exe

2012-03-19 20:44 . 2012-03-19 20:44 398616 ----a-w- c:\windows\system32\hkcmd.exe

2012-03-19 20:44 . 2012-03-19 20:44 276248 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe

2012-03-19 20:44 . 2012-03-19 20:44 250136 ----a-w- c:\windows\system32\igfxext.exe

2012-03-19 20:44 . 2012-03-19 20:44 184600 ----a-w- c:\windows\system32\difx64.exe

2012-03-19 20:44 . 2012-03-19 20:44 170264 ----a-w- c:\windows\system32\igfxtray.exe

2012-03-19 20:42 . 2012-03-19 20:42 90112 ----a-w- c:\windows\system32\igfxCoIn_v2696.dll

2012-03-19 20:32 . 2012-03-19 20:32 14745600 ----a-w- c:\windows\system32\drivers\igdkmd64.sys

2012-03-19 20:31 . 2012-03-19 20:31 8087040 ----a-w- c:\windows\system32\igdumd64.dll

2012-03-19 20:31 . 2012-03-19 20:31 79360 ----a-w- c:\windows\system32\igdde64.dll

2012-03-19 20:26 . 2012-03-19 20:26 6120960 ----a-w- c:\windows\SysWow64\igdumd32.dll

2012-03-19 20:25 . 2012-03-19 20:25 58880 ----a-w- c:\windows\SysWow64\igdde32.dll

2012-03-19 20:22 . 2011-03-23 12:19 9605632 ----a-w- c:\windows\system32\igd10umd64.dll

2012-03-19 20:11 . 2012-03-19 20:11 7795200 ----a-w- c:\windows\SysWow64\igd10umd32.dll

2012-03-19 19:31 . 2012-03-19 19:31 18137088 ----a-w- c:\windows\system32\ig4icd64.dll

2012-03-19 19:21 . 2012-03-19 19:21 13212672 ----a-w- c:\windows\SysWow64\ig4icd32.dll

2012-03-19 19:18 . 2012-03-19 19:18 439296 ----a-w- c:\windows\system32\igfxrrom.lrc

2012-03-19 19:18 . 2012-03-19 19:18 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc

2012-03-19 19:18 . 2012-03-19 19:18 438272 ----a-w- c:\windows\system32\igfxrsky.lrc

2012-03-19 19:18 . 2012-03-19 19:18 437760 ----a-w- c:\windows\system32\igfxrslv.lrc

2012-03-19 19:18 . 2012-03-19 19:18 439808 ----a-w- c:\windows\system32\igfxresn.lrc

2012-03-19 19:18 . 2012-03-19 19:18 439296 ----a-w- c:\windows\system32\igfxrrus.lrc

2012-03-19 19:18 . 2012-03-19 19:18 438784 ----a-w- c:\windows\system32\igfxrptg.lrc

2012-03-19 19:18 . 2012-03-19 19:18 438784 ----a-w- c:\windows\system32\igfxrplk.lrc

2012-03-19 19:18 . 2012-03-19 19:18 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc

2012-03-19 19:18 . 2012-03-19 19:18 437760 ----a-w- c:\windows\system32\igfxrsve.lrc

2012-03-19 19:18 . 2012-03-19 19:18 437760 ----a-w- c:\windows\system32\igfxrptb.lrc

2012-03-19 19:18 . 2012-03-19 19:18 437248 ----a-w- c:\windows\system32\igfxrtha.lrc

2012-03-19 19:18 . 2012-03-19 19:18 440320 ----a-w- c:\windows\system32\igfxrell.lrc

2012-03-19 19:18 . 2012-03-19 19:18 438784 ----a-w- c:\windows\system32\igfxrita.lrc

2012-03-19 19:18 . 2012-03-19 19:18 438272 ----a-w- c:\windows\system32\igfxrhun.lrc

2012-03-19 19:18 . 2012-03-19 19:18 437760 ----a-w- c:\windows\system32\igfxrnor.lrc

2012-03-19 19:18 . 2012-03-19 19:18 435712 ----a-w- c:\windows\system32\igfxrheb.lrc

2012-03-19 19:18 . 2012-03-19 19:18 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc

2012-03-19 19:18 . 2012-03-19 19:18 430592 ----a-w- c:\windows\system32\igfxrkor.lrc

2012-03-19 19:18 . 2012-03-19 19:18 439808 ----a-w- c:\windows\system32\igfxrfra.lrc

2012-03-19 19:18 . 2012-03-19 19:18 438784 ----a-w- c:\windows\system32\igfxrnld.lrc

2012-03-19 19:18 . 2012-03-19 19:18 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc

2012-03-19 19:18 . 2012-03-19 19:18 438272 ----a-w- c:\windows\system32\igfxrfin.lrc

2012-03-19 19:18 . 2012-03-19 19:18 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc

2012-03-19 19:18 . 2012-03-19 19:18 437248 ----a-w- c:\windows\system32\igfxrdan.lrc

2012-03-19 19:18 . 2012-03-19 19:18 429056 ----a-w- c:\windows\system32\igfxrcht.lrc

2012-03-19 19:18 . 2012-03-19 19:18 435712 ----a-w- c:\windows\system32\igfxrara.lrc

2012-03-19 19:18 . 2012-03-19 19:18 428544 ----a-w- c:\windows\system32\igfxrchs.lrc

2012-03-19 19:18 . 2012-03-19 19:18 126976 ----a-w- c:\windows\system32\igfxcpl.cpl

2012-03-19 19:18 . 2012-03-19 19:18 386560 ----a-w- c:\windows\system32\igfxpph.dll

2012-03-19 19:18 . 2012-03-19 19:18 410624 ----a-w- c:\windows\system32\igfxTMM.dll

2012-03-19 19:17 . 2012-03-19 19:17 28672 ----a-w- c:\windows\system32\igfxexps.dll

2012-03-19 19:17 . 2011-03-23 12:19 63488 ----a-w- c:\windows\system32\igfxsrvc.dll

2012-03-19 19:17 . 2011-03-23 12:19 110592 ----a-w- c:\windows\system32\hccutils.dll

2012-03-19 19:17 . 2012-03-19 19:17 9216 ----a-w- c:\windows\system32\IGFXDEVLib.dll

2012-03-19 19:17 . 2012-03-19 19:17 434688 ----a-w- c:\windows\system32\igfxdev.dll

2012-03-19 19:17 . 2012-03-19 19:17 172032 ----a-w- c:\windows\system32\gfxSrvc.dll

2012-03-19 19:16 . 2012-03-19 19:16 286208 ----a-w- c:\windows\system32\igfxrenu.lrc

2012-03-19 19:16 . 2012-03-19 19:16 142336 ----a-w- c:\windows\system32\igfxdo.dll

2012-03-19 19:16 . 2011-03-23 12:19 9007616 ----a-w- c:\windows\system32\igfxress.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-06-06_00.00.55 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-03-23 13:11 . 2012-06-07 03:07 51454 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-06-07 03:30 34806 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-05-21 15:20 . 2012-06-07 03:30 18404 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2065890004-3735609052-1085264056-1001_UserData.bin

- 2009-08-04 11:04 . 2012-06-05 23:18 90988 c:\windows\system32\perfc00B.dat

+ 2009-08-04 11:04 . 2012-06-06 08:30 90988 c:\windows\system32\perfc00B.dat

+ 2011-05-22 19:02 . 2012-06-07 03:07 6906 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2065890004-3735609052-1085264056-1002_UserData.bin

+ 2012-06-07 03:28 . 2012-06-07 03:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-06-05 23:13 . 2012-06-05 23:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-06-07 03:28 . 2012-06-07 03:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-06-05 23:13 . 2012-06-05 23:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-08-04 11:04 . 2012-06-06 08:30 460390 c:\windows\system32\perfh00B.dat

- 2009-08-04 11:04 . 2012-06-05 23:18 460390 c:\windows\system32\perfh00B.dat

- 2009-07-14 02:36 . 2012-06-05 23:18 635938 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-06-06 08:30 635938 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-06-05 23:18 114262 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2012-06-06 08:30 114262 c:\windows\system32\perfc009.dat

- 2011-03-22 22:50 . 2012-06-05 23:12 662400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-03-22 22:50 . 2012-06-07 03:27 662400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2009-07-14 05:01 . 2012-06-05 23:12 277996 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-06-07 03:27 277996 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-06-19 00:23 . 2012-06-07 03:27 645161 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2065890004-3735609052-1085264056-1001-8192.dat

- 2011-06-19 00:23 . 2012-05-01 16:16 645161 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2065890004-3735609052-1085264056-1001-8192.dat

+ 2012-04-26 15:23 . 2012-06-07 03:27 1257412 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2065890004-3735609052-1085264056-1002-8192.dat

- 2012-04-26 15:23 . 2012-06-05 23:12 1257412 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2065890004-3735609052-1085264056-1002-8192.dat

.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Steam"="d:\progs\steam\Steam.exe" [2012-05-13 1242448]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-04-27 4786048]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]

.

c:\users\usertili\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\users\Vesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-3-23 548528]

FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2011-3-23 12862]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-23 135664]

R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]

R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]

R3 gupdatem;Google Päivitä-palvelu (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-23 135664]

R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [x]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windowsin aktivointitekniikoiden palvelu;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-09-29 140672]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Atheros\Ath_CoexAgent.exe [2010-05-24 151552]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Atheros\Bluetooth Suite\adminservice.exe [2010-11-26 52896]

S2 BecHelperService;BecHelperService;c:\program files (x86)\Mobiililaajakaista\Mobiililaajakaista\BecHelperService.exe [2011-03-09 1958272]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-02-19 2009704]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]

S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

'Ajoitetut tehtävät'-kansion sisältö

.

2012-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-23 12:34]

.

2012-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-23 12:34]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-23 2188904]

"AtherosBtStack"="c:\program files (x86)\Atheros\Bluetooth Suite\BtvStack.exe" [2010-11-26 613536]

"AthBtTray"="c:\program files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe" [2010-11-26 379040]

"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU]

"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [bU]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Täydentävä tarkistus -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://asus.msn.com

mStart Page = hxxp://asus.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.254.254 192.168.254.254

TCP: Interfaces\{5BFECA8C-2C50-4D21-84A5-BC2F322CCCB6}: NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{DCA7AF32-EF46-497E-9AA2-296A20952E8A}: NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{F5D1B026-3400-4E74-98DE-E527BC0448A2}: NameServer = 156.154.70.22,156.154.71.22

.

- - - - POISTETUT JäMäRIVIT - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LUKITUT REKISTERIAVAIMET ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Muut prosessit ------------------------

.

c:\program files (x86)\ASUS\SmartLogon\smartlogon.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Mobiililaajakaista\Mobiililaajakaista\LoggerServer.exe

c:\windows\SysWOW64\rpcnet.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe

c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

c:\windows\AsScrPro.exe

c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe

.

**************************************************************************

.

Valmistumisajankohta: 2012-06-07 06:34:41 - kone käynnistettiin uudelleen

ComboFix-quarantined-files.txt 2012-06-07 03:34

ComboFix2.txt 2012-06-06 00:03

.

Ennen ajoa: 71 348 457 472 tavua vapaana

Ajon jälkeen: 73 112 899 584 tavua vapaana

.

- - End Of File - - 5E349EAD2801C2774D76C6139BBCD24E

Link to post
Share on other sites

Glad to hear things are running smoother! :)

I'd also be interested in knowing what combofix actually found on my computer.

We used ComboFix to manually remove an illegitimate driver that was created by the rootkit present on your machine.

Things are looking good. Let's run an online scan to verify there aren't any traces left we may have missed ;):

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Nothing on scan. Does this mean that the rootkit is removed?

Yep, I'd say you're all clear. ;)

Before we move on, let's update some of your programs.

Program updates are a crucial step in preventing malware, as outdated applications are often used by the cybercriminals to gain a foothold on your system.

-----------

Java is out of date and older versions contain vulnerabilities. Please update to the newest version.

Download the newest version from here http://java.com/en/download/index.jsp.

It's important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.

Go to Start > Control Panel and open Add or Remove Programs.

Search in the list for all previous installed versions of Java. (J2SE Runtime Environment).

They will have this icon next to them: javaicon.gif

Select each in turn and click Remove.

Once old versions are gone, please install the newest version.

-----------

Your Flash Player is out of date!

To make sure you have the latest version of Adobe Flash Player installed:

1. To uninstall an older version, visit this link: uninstall_flash_player.exe

2. Quit ALL running applications, including all Internet Explorer or other browser windows, and messenger applications (like AOL Instant Messenger, Yahoo Messenger, MSN Messenger).

3. Double-click on the file you've downloaded to uninstall Flash.

4. If uninstalled successfully, go to this site: Install Adobe Flash Player, and choose Agree and install now. This will install the newest version of Flash for your browser (note: Flash plugins for IE and Firefox must be installed separately).

Note: I recommend you uncheck an optional install (Free McAfee Security Scan or Free Google Toolbar).

-----------

Let me know how the program updates go, as failed updates may be a sign of additional malware. ;)

Link to post
Share on other sites

Ok. Uninstalled the out of fate versions and the newly installed flash and java seem to be working just fine. Also ran the securitycheck again and it no longer complains about the outdated versions. However according to the link chrome updates flash automatically, but I installed flash on explorer with no problems. It just complained about not being able to find chrome, even though I unchecked the option to install chrome.

So this thing is finally resolved then? If it is then thanks for all the help. Nice to be finally rid of that thing.

Link to post
Share on other sites

Umm... Can I really be sure about the safety of the computer without complete reformat of the OS?

Rootkit presence on the computer often implies that there was a backdoor present on the computer and apparently a lot of the experts think that the only way to be really certain that the computer in clean is to re-format the OS.

So would it be prudent to just re-format everything?

Link to post
Share on other sites

It's never a bad idea to reformat, though I generally only advise it when there's a confirmed presence of a known backdoor... you appear to have had a rather simple rootkit, and I'd say (judging from past experiences) that the risk is now mitigated.

If you'd like me to provide instructions on reformatting/reinstalling Windows, let me know and I can do so. ;)

Link to post
Share on other sites

You wouldn't happen to know what that particular rootkit was designed to do on the computer? Apparently it was active for months and still managed to remain more or less undetected by any of the scanners on the system.

Reformatting windows would probably be the most reassuring choice for me. I'm just wondering how to get the necessary updates for windows and other programs offline. I lack easy access to a clean computer at the moment. But yes, instructions on reformatting windows would be most welcome.

Link to post
Share on other sites

You wouldn't happen to know what that particular rootkit was designed to do on the computer? Apparently it was active for months and still managed to remain more or less undetected by any of the scanners on the system.

It looked like just a little component leftover from something like the ZeroAccess or TDL4 rootkits. It's tough to say which one specifically, because when you get infected with one, it's very possible that they'll attempt to download others at the same time. The problem is, that AV's have a lot of trouble picking up rootkits because ot the stealthily nature of them.

If you watch out for the warning signs like redirects, programs failing to run, etc... that's your best bet to figure out if you have a rootkit.

As requested :):

Visit the following sites for more information on internet theft and when to reformat!

How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

If you have any questions before making a final decision, please feel free to ask.

Instructions how to format and reinstall Windows can be found here

Link to post
Share on other sites

Hello again. No more questions after this.

I wasn't entirely sure what you meant when you called the rootkit a leftover. Did you mean that the more sinister rootkits failed to install themselves on the computer or that they at some point possibly were installed on the computer, but were removed?

The windows reinstall instruction link leads to mit site that gives the 404 error. However, if resetting this asus laptop to factory settings equals reformatting the OS, I probably won't need the instructions though.

Anyways. Thanks again for all the lovely help.

Link to post
Share on other sites

Hello again. No more questions after this.

If you've got something that you'd like clarifying on, don't hestitate to ask. :)

I wasn't entirely sure what you meant when you called the rootkit a leftover. Did you mean that the more sinister rootkits failed to install themselves on the computer or that they at some point possibly were installed on the computer, but were removed?

The components left over appear to be part of a bigger infection, most of which was removed. ;)

The windows reinstall instruction link leads to mit site that gives the 404 error. However, if resetting this asus laptop to factory settings equals reformatting the OS, I probably won't need the instructions though.

Yes, using the Factory Reset (or equivalent option within Asus) should be suffecient.

Anyways. Thanks again for all the lovely help.

No problem!

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.