Kontrola logu Vyřešeno

[busak]

Prosim o kontrolu logu Win7 1,7 CPU 1,3 RAM HDD 40GB CPU pri cemkoliv skoro porad na 100%....


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:53:32, on 30.7.2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Opera\opera.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=110191 ... 11672ab0b1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files\Verdict Free\etnxp.dll
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 4943 bytes

[Reklama]

[jaro3]

Odinstaluj:
Babylon

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=110191 ... 11672ab0b1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O13 - Gopher Prefix:


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

Stáhni si RogueKiller
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- Až se objeví úvodní okno programu , klikni na „Prohledat“.
- Program skenuje PC. Po proskenování klikni na „Zpráva“, celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[busak]

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Verze databáze: v2012.07.30.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Miroslav :: MIROSLAV-PC [administrátor]

31.7.2012 18:54:16
mbam-log-2012-07-31 (18-54-16).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 175189
Uplynulý čas: 13 minut, 46 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

[busak]

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v: Normální režim
Uživatel: Miroslav [Práva správce]
Mód: Kontrola -- Datum: 07/31/2012 19:16:15

¤¤¤ Škodlivé procesy: 1 ¤¤¤
[SVCHOST] svchost.exe -- Path not found -> KILLED [TermProc]

¤¤¤ Záznamy Registrů: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST3402111A ATA Device +++++
--- User ---
[MBR] eb5af2ab0866a489839da4d865616b57
[BSP] c6d008366314cec130c49e4b4b05cf60 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38162 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST320011A ATA Device +++++
--- User ---
[MBR] be31e2cd8784cb478a0e59700a0c363c
[BSP] 9718cff6b4ba30f2f321d7c279e72133 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 19085 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: ST320410A ATA Device +++++
--- User ---
[MBR] 3cb07b49bad2469e5a87ebcc3d2268c4
[BSP] fcdee0a3c6e4a9e0f378a0d36230b577 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 19085 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[1].txt >>
RKreport[1].txt

[jaro3]

Stáhni si TDSSKiller

Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[busak]

ComboFix 12-07-31.03 - Miroslav 01.08.2012 17:44:26.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.1280.623 [GMT 2:00]
Spuštěný z: c:\users\Miroslav\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
c:\windows\system32\DEBUG.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-01 do 2012-08-01 )))))))))))))))))))))))))))))))
.
.
2012-08-01 16:04 . 2012-08-01 16:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-01 15:37 . 2012-08-01 15:37 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C91C9AF-BFE6-4F82-A5FD-B4C7C681D09F}\MpKsl9a4f6eb0.sys
2012-08-01 01:24 . 2012-07-16 00:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C91C9AF-BFE6-4F82-A5FD-B4C7C681D09F}\mpengine.dll
2012-07-31 20:18 . 2012-07-31 20:18 -------- d-----w- c:\program files\Microsoft SkyDrive
2012-07-31 20:15 . 2012-07-31 20:15 -------- d-----w- c:\programdata\Microsoft SkyDrive
2012-07-30 19:53 . 2012-07-16 00:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-30 17:38 . 2012-07-30 17:39 -------- d-----w- c:\program files\CrystalDiskInfo
2012-07-30 17:33 . 2012-07-30 17:33 -------- d-----w- c:\programdata\Malwarebytes
2012-07-30 17:32 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-30 17:32 . 2012-07-30 17:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-30 16:51 . 2012-07-30 16:51 -------- d-----w- c:\program files\Trend Micro
2012-07-30 16:30 . 2012-07-30 16:30 -------- d-----w- c:\program files\Verdict Free
2012-07-29 12:01 . 2012-07-29 12:01 -------- d-----w- c:\program files\Lavalys
2012-07-28 20:15 . 2012-07-28 20:16 -------- d-----w- c:\program files\7-Zip
2012-07-28 10:16 . 2012-07-28 10:16 -------- d-----w- c:\windows\system32\SPReview
2012-07-28 10:14 . 2012-07-28 10:14 -------- d-----w- c:\windows\system32\EventProviders
2012-07-28 10:03 . 2012-07-28 10:03 304 ----a-w- C:\user.js
2012-07-28 10:02 . 2012-07-28 10:33 -------- d-----w- c:\program files\hpmonitor
2012-07-28 10:00 . 2012-07-28 10:00 -------- d-----w- c:\programdata\Babylon
2012-07-28 09:59 . 1998-06-23 23:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2012-07-28 09:59 . 2004-03-08 23:00 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2012-07-28 09:59 . 2012-03-14 16:23 54784 ----a-w- c:\windows\system32\pdfcmon.dll
2012-07-28 09:59 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2012-07-28 09:59 . 2012-07-28 10:05 -------- d-----w- c:\program files\PDFCreator
2012-07-28 08:32 . 2012-07-28 08:32 -------- d-----w- c:\program files\Elaborate Bytes
2012-07-28 08:09 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
2012-07-28 08:09 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-07-27 18:34 . 2012-07-27 18:34 -------- d-----w- c:\program files\Mozilla Thunderbird
2012-07-27 17:51 . 2012-07-27 17:51 -------- d-----w- c:\program files\CCleaner
2012-07-27 01:42 . 2012-07-27 06:27 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-27 01:42 . 2012-07-27 06:27 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-26 21:21 . 2012-07-26 21:21 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-07-26 19:30 . 2012-07-26 19:30 -------- d-----w- c:\program files\KYE
2012-07-26 19:30 . 2012-07-26 19:30 -------- d-----w- c:\windows\Album
2012-07-26 19:30 . 2002-07-03 09:44 53248 ----a-w- c:\windows\amcap.exe
2012-07-26 19:28 . 2004-06-10 09:54 286720 ----a-w- c:\windows\vsnpstd2.exe
2012-07-26 19:28 . 2003-04-21 12:09 245408 ----a-w- c:\windows\system32\unicows.dll
2012-07-26 19:28 . 2004-06-08 16:25 53248 ----a-w- c:\windows\system32\dsnpstd2.dll
2012-07-26 19:26 . 2004-07-28 09:49 334080 ----a-w- c:\windows\system32\drivers\snpstd2.sys
2012-07-26 19:26 . 2004-06-08 16:56 40960 ----a-w- c:\windows\system32\rsnpstd2.dll
2012-07-26 19:26 . 2004-02-16 11:59 61440 ----a-w- c:\windows\system32\csnpstd2.dll
2012-07-26 19:26 . 2004-06-08 16:57 36864 ----a-w- c:\windows\system32\vsnpstd2.dll
2012-07-26 19:26 . 2004-06-08 16:57 36864 ----a-w- c:\windows\system32\dsnpstd2.ax
2012-07-26 19:25 . 2004-06-09 14:00 20480 ----a-w- c:\windows\usnpstd2.exe
2012-07-26 19:25 . 2012-07-26 19:28 -------- d-----w- c:\program files\Common Files\snpstd2
2012-07-26 19:23 . 2012-07-28 09:17 -------- d-----w- c:\program files\Common Files\InstallShield
2012-07-26 19:15 . 2012-07-28 07:54 -------- d-----w- c:\program files\Microsoft Silverlight
2012-07-26 19:14 . 2012-07-26 19:14 -------- dc----w- c:\windows\system32\DRVSTORE
2012-07-26 19:14 . 2010-04-28 05:44 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-07-26 19:03 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-07-26 19:01 . 2012-07-26 19:01 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-07-26 19:01 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-07-26 18:59 . 2010-11-20 12:20 9166336 ----a-w- c:\program files\DVD Maker\OmdBase.dll
2012-07-26 18:58 . 2010-11-20 12:21 381440 ----a-w- c:\windows\system32\wer.dll
2012-07-26 18:57 . 2010-11-20 12:18 494592 ----a-w- c:\windows\system32\BFE.DLL
2012-07-26 18:56 . 2010-11-20 12:18 321536 ----a-w- c:\windows\system32\aepdu.dll
2012-07-26 18:55 . 2010-11-20 12:36 1077248 ----a-w- c:\windows\system32\Narrator.exe
2012-07-26 18:54 . 2010-11-20 12:16 692736 ----a-w- c:\windows\system32\bthprops.cpl
2012-07-26 18:53 . 2010-11-20 12:21 541184 ----a-w- c:\windows\system32\WMVSDECD.DLL
2012-07-26 18:52 . 2010-11-20 12:21 4096 ----a-w- c:\windows\system32\dxmasf.dll
2012-07-26 18:51 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2012-07-26 18:51 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2012-07-26 18:47 . 2012-07-26 18:47 -------- d-----w- c:\program files\Common Files\Windows Live
2012-07-26 17:16 . 2012-07-26 17:16 -------- d-----w- c:\program files\Common Files\Skype
2012-07-26 17:16 . 2012-07-26 17:16 -------- d-----r- c:\program files\Skype
2012-07-26 17:14 . 2012-07-26 18:07 -------- d-----w- c:\programdata\Skype
2012-07-26 17:08 . 2012-07-26 17:11 -------- d-----w- c:\program files\QIP 2012
2012-07-26 15:30 . 2011-03-25 02:58 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-07-26 15:30 . 2011-03-25 02:57 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-07-26 15:30 . 2011-03-25 02:58 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-07-26 15:29 . 2011-03-25 02:58 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-07-26 15:29 . 2011-03-25 02:57 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-07-26 15:29 . 2011-03-25 02:57 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2012-07-26 15:29 . 2011-03-25 02:57 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-07-26 15:28 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\system32\esent.dll
2012-07-26 15:28 . 2011-03-11 05:39 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2012-07-26 15:28 . 2011-03-11 05:39 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-07-26 15:28 . 2011-03-11 05:39 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2012-07-26 15:28 . 2011-03-11 05:39 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2012-07-26 15:28 . 2011-03-11 05:38 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2012-07-26 15:28 . 2011-03-11 05:38 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2012-07-26 15:28 . 2011-03-11 05:38 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2012-07-26 15:28 . 2011-03-11 05:31 74240 ----a-w- c:\windows\system32\fsutil.exe
2012-07-26 15:26 . 2011-04-28 03:15 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-26 15:26 . 2011-04-28 03:15 60416 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2012-07-26 15:26 . 2010-11-20 12:17 219648 ----a-w- c:\windows\system32\fsquirt.exe
2012-07-26 07:37 . 2012-07-26 07:37 -------- d-----w- c:\windows\system32\Wat
2012-07-26 02:39 . 2012-07-27 17:56 -------- d-----w- c:\windows\Panther
2012-07-26 01:21 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-26 01:19 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-07-26 01:19 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-07-26 01:19 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-07-26 01:19 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-07-26 01:18 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2012-07-25 22:54 . 2012-07-26 19:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2012-07-25 22:52 . 2012-07-25 22:53 -------- d-----w- c:\program files\IrfanView
2012-07-25 22:51 . 2012-07-26 18:24 -------- d-----w- c:\program files\ICQ7.7
2012-07-25 22:40 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2012-07-25 22:40 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-07-25 22:39 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2012-07-25 22:39 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2012-07-25 22:39 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2012-07-25 22:39 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-07-25 22:39 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-07-25 22:38 . 2011-03-03 05:38 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2012-07-25 22:38 . 2011-03-03 05:36 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2012-07-25 22:38 . 2011-02-19 04:34 294912 ----a-w- c:\windows\system32\atmfd.dll
2012-07-25 22:38 . 2011-02-19 06:30 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-07-25 22:38 . 2010-09-30 06:47 70656 ----a-w- c:\windows\system32\fontsub.dll
2012-07-25 22:38 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-07-25 22:37 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll
2012-07-25 22:37 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax
2012-07-25 22:37 . 2010-11-20 12:16 204288 ----a-w- c:\windows\system32\MSNP.ax
2012-07-25 22:37 . 2010-11-20 12:16 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
2012-07-25 22:37 . 2010-11-20 12:16 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
2012-07-25 22:37 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-07-25 22:37 . 2012-04-28 04:41 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-07-25 22:37 . 2010-11-20 10:24 134656 ----a-w- c:\windows\system32\rdpudd.dll
2012-07-25 22:37 . 2010-11-20 10:21 15872 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2012-07-25 22:37 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-25 22:37 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2012-07-25 22:35 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-07-25 22:35 . 2010-11-20 12:29 187776 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-07-25 22:35 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-07-25 22:35 . 2010-11-20 12:17 1785344 ----a-w- c:\program files\Windows Journal\Journal.exe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-28 10:50 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-07-25 17:34 . 2012-07-25 17:34 203776 ----a-w- c:\windows\system32\webcheck.dll
2012-07-14 00:15 . 2012-07-25 18:18 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-07-31 20:29 220624 ----a-w- c:\users\Miroslav\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-07-31 20:29 220624 ----a-w- c:\users\Miroslav\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-07-31 20:29 220624 ----a-w- c:\users\Miroslav\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718_1\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Miroslav^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk]
path=c:\users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
backup=c:\windows\pss\Facebook Messenger.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Miroslav^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-28 08:11 138096 ----atw- c:\users\Miroslav\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 16:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware]
2012-07-03 11:46 462920 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Quick Moto Agent]
2004-03-21 13:43 459776 ----a-w- c:\program files\Quick Moto\Agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNPSTD2]
2004-06-10 09:54 286720 ----a-w- c:\windows\vsnpstd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2009-04-14 05:43 604704 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-05-26 22:31 85160 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 MpKsl9a4f6eb0;MpKsl9a4f6eb0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8C91C9AF-BFE6-4F82-A5FD-B4C7C681D09F}\MpKsl9a4f6eb0.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSL9A4F6EB0
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
Obsah adresáře 'Naplánované úlohy'
.
2012-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 06:27]
.
2012-08-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1445107617-2002140488-3262147951-1001Core.job
- c:\users\Miroslav\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-28 08:11]
.
2012-08-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1445107617-2002140488-3262147951-1001UA.job
- c:\users\Miroslav\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-28 08:11]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Verdict Free\etnxp.dll
TCP: DhcpNameServer = 10.29.2.1 192.168.0.1
FF - ProfilePath - c:\users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\e8s9w3st.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110191 ... 72ab0b1&q=
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.urlbar.hideGoButton - false
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110191&tt=3012_1
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 40ec84ee0000000000000011672ab0b1
FF - user.js: extensions.BabylonToolbar.instlDay - 15549
FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.112:02
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-08-01 18:13:32
ComboFix-quarantined-files.txt 2012-08-01 16:13
.
Před spuštěním: Volných bajtů: 17 262 428 160
Po spuštění: Volných bajtů: 17 183 674 368
.
- - End Of File - - ADDE3AF219857D0921AA6A7BAD12A591

[Žbeky]

Kde je ten TDSS log?

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

DirLook::
c:\windows\Album

File::
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1445107617-2002140488-3262147951-1001Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1445107617-2002140488-3262147951-1001UA.job

Firefox::
FF - ProfilePath - c:\users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\e8s9w3st.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110191 ... 72ab0b1&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110191&tt=3012_1
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 40ec84ee0000000000000011672ab0b1
FF - user.js: extensions.BabylonToolbar.instlDay - 15549
FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.112:02
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

RegNull::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[busak]

17:28:46.0039 1896 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
17:28:46.0523 1896 ============================================================
17:28:46.0523 1896 Current date / time: 2012/08/02 17:28:46.0523
17:28:46.0523 1896 SystemInfo:
17:28:46.0523 1896
17:28:46.0523 1896 OS Version: 6.1.7601 ServicePack: 1.0
17:28:46.0523 1896 Product type: Workstation
17:28:46.0523 1896 ComputerName: MIROSLAV-PC
17:28:46.0523 1896 UserName: Miroslav
17:28:46.0523 1896 Windows directory: C:\Windows
17:28:46.0523 1896 System windows directory: C:\Windows
17:28:46.0523 1896 Processor architecture: Intel x86
17:28:46.0523 1896 Number of processors: 1
17:28:46.0523 1896 Page size: 0x1000
17:28:46.0523 1896 Boot type: Normal boot
17:28:46.0523 1896 ============================================================
17:28:54.0945 1896 Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:28:58.0117 1896 Drive \Device\Harddisk1\DR1 - Size: 0x4A94F0000 (18.65 Gb), SectorSize: 0x200, Cylinders: 0x982, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:29:01.0447 1896 Drive \Device\Harddisk2\DR2 - Size: 0x4A94F0000 (18.65 Gb), SectorSize: 0x200, Cylinders: 0x982, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:29:01.0494 1896 ============================================================
17:29:01.0494 1896 \Device\Harddisk0\DR0:
17:29:01.0541 1896 MBR partitions:
17:29:01.0541 1896 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A89182
17:29:01.0541 1896 \Device\Harddisk1\DR1:
17:29:01.0603 1896 MBR partitions:
17:29:01.0603 1896 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2546802
17:29:01.0603 1896 \Device\Harddisk2\DR2:
17:29:01.0650 1896 MBR partitions:
17:29:01.0650 1896 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2546802
17:29:01.0650 1896 ============================================================
17:29:01.0853 1896 C: <-> \Device\Harddisk0\DR0\Partition0
17:29:02.0181 1896 D: <-> \Device\Harddisk1\DR1\Partition0
17:29:02.0369 1896 E: <-> \Device\Harddisk2\DR2\Partition0
17:29:02.0369 1896 ============================================================
17:29:02.0369 1896 Initialize success
17:29:02.0369 1896 ============================================================
17:29:35.0041 3144 ============================================================
17:29:35.0041 3144 Scan started
17:29:35.0041 3144 Mode: Manual;
17:29:35.0041 3144 ============================================================
17:29:35.0697 3144 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
17:29:35.0712 3144 1394ohci - ok
17:29:35.0884 3144 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
17:29:35.0900 3144 ACPI - ok
17:29:36.0025 3144 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
17:29:36.0025 3144 AcpiPmi - ok
17:29:36.0212 3144 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:29:36.0212 3144 AdobeARMservice - ok
17:29:36.0353 3144 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:29:36.0384 3144 AdobeFlashPlayerUpdateSvc - ok
17:29:36.0478 3144 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
17:29:36.0525 3144 adp94xx - ok
17:29:36.0619 3144 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
17:29:36.0634 3144 adpahci - ok
17:29:36.0728 3144 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
17:29:36.0744 3144 adpu320 - ok
17:29:36.0837 3144 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
17:29:36.0853 3144 AeLookupSvc - ok
17:29:36.0962 3144 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
17:29:36.0978 3144 AFD - ok
17:29:37.0072 3144 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
17:29:37.0087 3144 agp440 - ok
17:29:37.0166 3144 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
17:29:37.0166 3144 aic78xx - ok
17:29:37.0587 3144 ALCXWDM (7997b6f02cbda0e31fa18cc85871b938) C:\Windows\system32\drivers\RTKVAC.SYS
17:29:37.0744 3144 ALCXWDM - ok
17:29:37.0947 3144 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
17:29:37.0947 3144 ALG - ok
17:29:38.0087 3144 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
17:29:38.0103 3144 aliide - ok
17:29:38.0212 3144 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
17:29:38.0212 3144 amdagp - ok
17:29:38.0259 3144 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
17:29:38.0275 3144 amdide - ok
17:29:38.0369 3144 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
17:29:38.0369 3144 AmdK8 - ok
17:29:38.0462 3144 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
17:29:38.0462 3144 AmdPPM - ok
17:29:38.0587 3144 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
17:29:38.0603 3144 amdsata - ok
17:29:38.0681 3144 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
17:29:38.0697 3144 amdsbs - ok
17:29:38.0791 3144 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
17:29:38.0791 3144 amdxata - ok
17:29:38.0900 3144 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
17:29:38.0916 3144 AppID - ok
17:29:39.0009 3144 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
17:29:39.0009 3144 AppIDSvc - ok
17:29:39.0150 3144 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
17:29:39.0166 3144 Appinfo - ok
17:29:39.0259 3144 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
17:29:39.0291 3144 AppMgmt - ok
17:29:39.0384 3144 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
17:29:39.0384 3144 arc - ok
17:29:39.0447 3144 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
17:29:39.0462 3144 arcsas - ok
17:29:39.0525 3144 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
17:29:39.0525 3144 AsyncMac - ok
17:29:39.0634 3144 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
17:29:39.0650 3144 atapi - ok
17:29:40.0119 3144 atikmdag (712d8a95e45b070114c5309ada7358ff) C:\Windows\system32\drivers\atikmdag.sys
17:29:40.0322 3144 atikmdag - ok
17:29:40.0541 3144 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
17:29:40.0572 3144 AudioEndpointBuilder - ok
17:29:40.0650 3144 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
17:29:40.0666 3144 Audiosrv - ok
17:29:40.0759 3144 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
17:29:40.0775 3144 AxInstSV - ok
17:29:40.0916 3144 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
17:29:40.0947 3144 b06bdrv - ok
17:29:41.0041 3144 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
17:29:41.0056 3144 b57nd60x - ok
17:29:41.0181 3144 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
17:29:41.0212 3144 BDESVC - ok
17:29:41.0275 3144 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
17:29:41.0275 3144 Beep - ok
17:29:41.0431 3144 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
17:29:41.0462 3144 BFE - ok
17:29:41.0587 3144 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
17:29:41.0619 3144 BITS - ok
17:29:41.0728 3144 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
17:29:41.0728 3144 blbdrive - ok
17:29:41.0806 3144 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
17:29:41.0822 3144 bowser - ok
17:29:41.0884 3144 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:29:41.0916 3144 BrFiltLo - ok
17:29:41.0947 3144 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:29:41.0962 3144 BrFiltUp - ok
17:29:42.0041 3144 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
17:29:42.0041 3144 BridgeMP - ok
17:29:42.0134 3144 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
17:29:42.0166 3144 Browser - ok
17:29:42.0275 3144 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
17:29:42.0291 3144 Brserid - ok
17:29:42.0353 3144 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
17:29:42.0369 3144 BrSerWdm - ok
17:29:42.0431 3144 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:29:42.0447 3144 BrUsbMdm - ok
17:29:42.0509 3144 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
17:29:42.0509 3144 BrUsbSer - ok
17:29:42.0619 3144 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
17:29:42.0634 3144 BthEnum - ok
17:29:42.0697 3144 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
17:29:42.0712 3144 BTHMODEM - ok
17:29:42.0791 3144 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
17:29:42.0806 3144 BthPan - ok
17:29:42.0962 3144 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
17:29:42.0978 3144 BTHPORT - ok
17:29:43.0056 3144 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
17:29:43.0056 3144 bthserv - ok
17:29:43.0166 3144 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
17:29:43.0166 3144 BTHUSB - ok
17:29:43.0322 3144 catchme - ok
17:29:43.0416 3144 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
17:29:43.0416 3144 cdfs - ok
17:29:43.0556 3144 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
17:29:43.0572 3144 cdrom - ok
17:29:43.0666 3144 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
17:29:43.0681 3144 CertPropSvc - ok
17:29:43.0775 3144 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
17:29:43.0775 3144 circlass - ok
17:29:43.0869 3144 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
17:29:43.0884 3144 CLFS - ok
17:29:44.0025 3144 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:29:44.0072 3144 clr_optimization_v2.0.50727_32 - ok
17:29:44.0228 3144 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:29:44.0275 3144 clr_optimization_v4.0.30319_32 - ok
17:29:44.0353 3144 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
17:29:44.0353 3144 CmBatt - ok
17:29:44.0447 3144 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
17:29:44.0447 3144 cmdide - ok
17:29:44.0572 3144 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
17:29:44.0587 3144 CNG - ok
17:29:44.0650 3144 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
17:29:44.0650 3144 Compbatt - ok
17:29:44.0775 3144 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
17:29:44.0791 3144 CompositeBus - ok
17:29:44.0837 3144 COMSysApp - ok
17:29:44.0916 3144 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
17:29:44.0931 3144 crcdisk - ok
17:29:45.0056 3144 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
17:29:45.0072 3144 CryptSvc - ok
17:29:45.0181 3144 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
17:29:45.0212 3144 CSC - ok
17:29:45.0337 3144 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
17:29:45.0369 3144 CscService - ok
17:29:45.0509 3144 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
17:29:45.0556 3144 DcomLaunch - ok
17:29:45.0650 3144 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
17:29:45.0666 3144 defragsvc - ok
17:29:45.0822 3144 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
17:29:45.0837 3144 DfsC - ok
17:29:45.0947 3144 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
17:29:45.0962 3144 Dhcp - ok
17:29:46.0041 3144 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
17:29:46.0072 3144 discache - ok
17:29:46.0166 3144 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
17:29:46.0166 3144 Disk - ok
17:29:46.0275 3144 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
17:29:46.0322 3144 Dnscache - ok
17:29:46.0416 3144 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
17:29:46.0431 3144 dot3svc - ok
17:29:46.0541 3144 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
17:29:46.0572 3144 DPS - ok
17:29:46.0650 3144 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
17:29:46.0650 3144 drmkaud - ok
17:29:46.0759 3144 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
17:29:46.0822 3144 DXGKrnl - ok
17:29:46.0916 3144 E100B (20de769b84960606d8dbb2aec123021a) C:\Windows\system32\DRIVERS\e100b325.sys
17:29:46.0931 3144 E100B - ok
17:29:47.0009 3144 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
17:29:47.0009 3144 EapHost - ok
17:29:47.0369 3144 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
17:29:47.0494 3144 ebdrv - ok
17:29:47.0650 3144 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
17:29:47.0666 3144 EFS - ok
17:29:47.0837 3144 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
17:29:47.0869 3144 ehRecvr - ok
17:29:47.0931 3144 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
17:29:47.0947 3144 ehSched - ok
17:29:48.0087 3144 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\Windows\system32\Drivers\ElbyCDIO.sys
17:29:48.0087 3144 ElbyCDIO - ok
17:29:48.0212 3144 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
17:29:48.0228 3144 elxstor - ok
17:29:48.0322 3144 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
17:29:48.0337 3144 ErrDev - ok
17:29:48.0478 3144 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
17:29:48.0509 3144 EventSystem - ok
17:29:48.0697 3144 EverestDriver (708c29170f6beaa1592a78198bd6b50e) C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt
17:29:48.0697 3144 EverestDriver - ok
17:29:48.0791 3144 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
17:29:48.0806 3144 exfat - ok
17:29:48.0884 3144 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
17:29:48.0900 3144 fastfat - ok
17:29:49.0056 3144 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
17:29:49.0103 3144 Fax - ok
17:29:49.0166 3144 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
17:29:49.0166 3144 fdc - ok
17:29:49.0259 3144 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
17:29:49.0259 3144 fdPHost - ok
17:29:49.0337 3144 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
17:29:49.0353 3144 FDResPub - ok
17:29:49.0416 3144 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
17:29:49.0416 3144 FileInfo - ok
17:29:49.0494 3144 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
17:29:49.0494 3144 Filetrace - ok
17:29:49.0572 3144 FlashUSB (5575ee5823de1558f8486eb4e33ffa99) C:\Windows\system32\DRIVERS\FlashUSB.sys
17:29:49.0603 3144 FlashUSB - ok
17:29:49.0650 3144 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
17:29:49.0666 3144 flpydisk - ok
17:29:49.0744 3144 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
17:29:49.0759 3144 FltMgr - ok
17:29:49.0916 3144 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
17:29:49.0947 3144 FontCache - ok
17:29:50.0119 3144 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:29:50.0150 3144 FontCache3.0.0.0 - ok
17:29:50.0228 3144 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
17:29:50.0244 3144 FsDepends - ok
17:29:50.0322 3144 fssfltr (491e9d9a26a745f6ae7d570849f4bd87) C:\Windows\system32\DRIVERS\fssfltr.sys
17:29:50.0369 3144 fssfltr - ok
17:29:50.0619 3144 fsssvc (45b52394f9624237f33a8a3d73c0b221) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
17:29:50.0666 3144 fsssvc - ok
17:29:50.0728 3144 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
17:29:50.0744 3144 Fs_Rec - ok
17:29:50.0869 3144 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
17:29:50.0884 3144 fvevol - ok
17:29:50.0978 3144 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:29:50.0978 3144 gagp30kx - ok
17:29:51.0150 3144 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
17:29:51.0166 3144 gpsvc - ok
17:29:51.0259 3144 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
17:29:51.0259 3144 hcw85cir - ok
17:29:51.0369 3144 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
17:29:51.0384 3144 HDAudBus - ok
17:29:51.0447 3144 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
17:29:51.0462 3144 HidBatt - ok
17:29:51.0525 3144 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
17:29:51.0525 3144 HidBth - ok
17:29:51.0619 3144 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
17:29:51.0619 3144 HidIr - ok
17:29:51.0697 3144 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
17:29:51.0712 3144 hidserv - ok
17:29:51.0806 3144 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
17:29:51.0822 3144 HidUsb - ok
17:29:51.0931 3144 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
17:29:51.0947 3144 hkmsvc - ok
17:29:52.0009 3144 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
17:29:52.0025 3144 HomeGroupListener - ok
17:29:52.0134 3144 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
17:29:52.0166 3144 HomeGroupProvider - ok
17:29:52.0275 3144 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
17:29:52.0291 3144 HpSAMD - ok
17:29:52.0431 3144 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
17:29:52.0462 3144 HTTP - ok
17:29:52.0556 3144 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
17:29:52.0556 3144 hwpolicy - ok
17:29:52.0666 3144 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
17:29:52.0681 3144 i8042prt - ok
17:29:52.0791 3144 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
17:29:52.0806 3144 iaStorV - ok
17:29:53.0025 3144 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:29:53.0087 3144 idsvc - ok
17:29:53.0181 3144 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
17:29:53.0197 3144 iirsp - ok
17:29:53.0353 3144 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
17:29:53.0384 3144 IKEEXT - ok
17:29:53.0509 3144 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
17:29:53.0509 3144 intelide - ok
17:29:53.0603 3144 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
17:29:53.0603 3144 intelppm - ok
17:29:53.0681 3144 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
17:29:53.0712 3144 IPBusEnum - ok
17:29:53.0775 3144 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:29:53.0775 3144 IpFilterDriver - ok
17:29:53.0916 3144 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
17:29:53.0962 3144 iphlpsvc - ok
17:29:54.0056 3144 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
17:29:54.0056 3144 IPMIDRV - ok
17:29:54.0134 3144 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
17:29:54.0150 3144 IPNAT - ok
17:29:54.0259 3144 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
17:29:54.0259 3144 IRENUM - ok
17:29:54.0353 3144 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
17:29:54.0369 3144 isapnp - ok
17:29:54.0494 3144 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
17:29:54.0509 3144 iScsiPrt - ok
17:29:54.0619 3144 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
17:29:54.0619 3144 kbdclass - ok
17:29:54.0744 3144 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
17:29:54.0759 3144 kbdhid - ok
17:29:54.0822 3144 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:29:54.0837 3144 KeyIso - ok
17:29:54.0900 3144 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
17:29:54.0900 3144 KSecDD - ok
17:29:54.0962 3144 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
17:29:54.0994 3144 KSecPkg - ok
17:29:55.0103 3144 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
17:29:55.0119 3144 KtmRm - ok
17:29:55.0259 3144 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
17:29:55.0275 3144 LanmanServer - ok
17:29:55.0369 3144 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
17:29:55.0384 3144 LanmanWorkstation - ok
17:29:55.0462 3144 lgbusenum - ok
17:29:55.0556 3144 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
17:29:55.0556 3144 lltdio - ok
17:29:55.0650 3144 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
17:29:55.0666 3144 lltdsvc - ok
17:29:55.0744 3144 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
17:29:55.0744 3144 lmhosts - ok
17:29:55.0837 3144 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:29:55.0837 3144 LSI_FC - ok
17:29:55.0916 3144 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:29:55.0931 3144 LSI_SAS - ok
17:29:56.0025 3144 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:29:56.0041 3144 LSI_SAS2 - ok
17:29:56.0103 3144 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:29:56.0119 3144 LSI_SCSI - ok
17:29:56.0181 3144 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
17:29:56.0212 3144 luafv - ok
17:29:56.0306 3144 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
17:29:56.0322 3144 Mcx2Svc - ok
17:29:56.0384 3144 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
17:29:56.0384 3144 megasas - ok
17:29:56.0478 3144 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
17:29:56.0509 3144 MegaSR - ok
17:29:56.0650 3144 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
17:29:56.0666 3144 Microsoft Office Groove Audit Service - ok
17:29:56.0728 3144 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
17:29:56.0744 3144 MMCSS - ok
17:29:56.0822 3144 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
17:29:56.0822 3144 Modem - ok
17:29:56.0900 3144 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
17:29:56.0900 3144 monitor - ok
17:29:57.0041 3144 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
17:29:57.0041 3144 mouclass - ok
17:29:57.0119 3144 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
17:29:57.0119 3144 mouhid - ok
17:29:57.0244 3144 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
17:29:57.0244 3144 mountmgr - ok
17:29:57.0353 3144 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:29:57.0369 3144 MozillaMaintenance - ok
17:29:57.0462 3144 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
17:29:57.0478 3144 MpFilter - ok
17:29:57.0587 3144 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
17:29:57.0603 3144 mpio - ok
17:29:57.0822 3144 MpKsl307cf3a4 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B01B73CB-806A-48EB-82D3-98AE2B84164D}\MpKsl307cf3a4.sys
17:29:57.0822 3144 MpKsl307cf3a4 - ok
17:29:57.0884 3144 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
17:29:57.0900 3144 mpsdrv - ok
17:29:58.0041 3144 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
17:29:58.0103 3144 MpsSvc - ok
17:29:58.0212 3144 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
17:29:58.0212 3144 MRxDAV - ok
17:29:58.0322 3144 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:29:58.0337 3144 mrxsmb - ok
17:29:58.0416 3144 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:29:58.0416 3144 mrxsmb10 - ok
17:29:58.0494 3144 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:29:58.0494 3144 mrxsmb20 - ok
17:29:58.0603 3144 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
17:29:58.0619 3144 msahci - ok
17:29:58.0712 3144 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
17:29:58.0728 3144 msdsm - ok
17:29:58.0791 3144 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
17:29:58.0837 3144 MSDTC - ok
17:29:58.0947 3144 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
17:29:58.0947 3144 Msfs - ok
17:29:59.0009 3144 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
17:29:59.0025 3144 mshidkmdf - ok
17:29:59.0119 3144 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
17:29:59.0134 3144 msisadrv - ok
17:29:59.0228 3144 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
17:29:59.0244 3144 MSiSCSI - ok
17:29:59.0306 3144 msiserver - ok
17:29:59.0384 3144 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
17:29:59.0400 3144 MSKSSRV - ok
17:29:59.0525 3144 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
17:29:59.0541 3144 MsMpSvc - ok
17:29:59.0619 3144 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
17:29:59.0634 3144 MSPCLOCK - ok
17:29:59.0697 3144 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
17:29:59.0697 3144 MSPQM - ok
17:30:00.0056 3144 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
17:30:00.0087 3144 MsRPC - ok
17:30:00.0228 3144 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
17:30:00.0228 3144 mssmbios - ok
17:30:00.0291 3144 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
17:30:00.0353 3144 MSTEE - ok
17:30:00.0431 3144 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
17:30:00.0462 3144 MTConfig - ok
17:30:00.0525 3144 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
17:30:00.0525 3144 Mup - ok
17:30:00.0697 3144 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
17:30:00.0712 3144 napagent - ok
17:30:00.0822 3144 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
17:30:00.0869 3144 NativeWifiP - ok
17:30:01.0025 3144 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
17:30:01.0103 3144 NDIS - ok
17:30:01.0181 3144 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
17:30:01.0244 3144 NdisCap - ok
17:30:01.0322 3144 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
17:30:01.0337 3144 NdisTapi - ok
17:30:01.0462 3144 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
17:30:01.0541 3144 Ndisuio - ok
17:30:01.0634 3144 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
17:30:01.0681 3144 NdisWan - ok
17:30:01.0791 3144 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
17:30:01.0869 3144 NDProxy - ok
17:30:02.0009 3144 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
17:30:02.0056 3144 NetBIOS - ok
17:30:02.0181 3144 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
17:30:02.0212 3144 NetBT - ok
17:30:02.0306 3144 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:30:02.0306 3144 Netlogon - ok
17:30:02.0416 3144 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
17:30:02.0447 3144 Netman - ok
17:30:02.0556 3144 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
17:30:02.0587 3144 netprofm - ok
17:30:02.0791 3144 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:30:02.0791 3144 NetTcpPortSharing - ok
17:30:02.0900 3144 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
17:30:02.0900 3144 nfrd960 - ok
17:30:02.0994 3144 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:30:03.0009 3144 NisDrv - ok
17:30:03.0166 3144 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
17:30:03.0181 3144 NisSrv - ok
17:30:03.0322 3144 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
17:30:03.0353 3144 NlaSvc - ok
17:30:03.0400 3144 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
17:30:03.0400 3144 Npfs - ok
17:30:03.0478 3144 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
17:30:03.0494 3144 nsi - ok
17:30:03.0587 3144 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
17:30:03.0587 3144 nsiproxy - ok
17:30:03.0791 3144 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
17:30:03.0853 3144 Ntfs - ok
17:30:03.0931 3144 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
17:30:03.0931 3144 Null - ok
17:30:04.0041 3144 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
17:30:04.0056 3144 nvraid - ok
17:30:04.0212 3144 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
17:30:04.0212 3144 nvstor - ok
17:30:04.0275 3144 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
17:30:04.0291 3144 nv_agp - ok
17:30:04.0462 3144 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:30:04.0494 3144 odserv - ok
17:30:04.0603 3144 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
17:30:04.0619 3144 ohci1394 - ok
17:30:04.0697 3144 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:30:04.0712 3144 ose - ok
17:30:04.0822 3144 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
17:30:04.0869 3144 p2pimsvc - ok
17:30:04.0962 3144 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
17:30:04.0994 3144 p2psvc - ok
17:30:05.0103 3144 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
17:30:05.0103 3144 Parport - ok
17:30:05.0244 3144 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
17:30:05.0244 3144 partmgr - ok
17:30:05.0306 3144 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
17:30:05.0322 3144 Parvdm - ok
17:30:05.0416 3144 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
17:30:05.0447 3144 PcaSvc - ok
17:30:05.0541 3144 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
17:30:05.0556 3144 pci - ok
17:30:05.0681 3144 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
17:30:05.0681 3144 pciide - ok
17:30:05.0775 3144 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
17:30:05.0775 3144 pcmcia - ok
17:30:05.0869 3144 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
17:30:05.0869 3144 pcw - ok
17:30:05.0978 3144 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
17:30:06.0009 3144 PEAUTH - ok
17:30:06.0212 3144 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll

[busak]

17:30:06.0259 3144 PeerDistSvc - ok
17:30:06.0556 3144 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
17:30:06.0619 3144 pla - ok
17:30:06.0822 3144 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
17:30:06.0853 3144 PlugPlay - ok
17:30:06.0931 3144 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
17:30:06.0947 3144 PNRPAutoReg - ok
17:30:07.0041 3144 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
17:30:07.0056 3144 PNRPsvc - ok
17:30:07.0181 3144 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
17:30:07.0228 3144 PolicyAgent - ok
17:30:07.0337 3144 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
17:30:07.0369 3144 Power - ok
17:30:07.0494 3144 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
17:30:07.0494 3144 PptpMiniport - ok
17:30:07.0556 3144 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
17:30:07.0572 3144 Processor - ok
17:30:07.0666 3144 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
17:30:07.0697 3144 ProfSvc - ok
17:30:07.0775 3144 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:30:07.0775 3144 ProtectedStorage - ok
17:30:07.0869 3144 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
17:30:07.0884 3144 Psched - ok
17:30:08.0087 3144 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
17:30:08.0134 3144 ql2300 - ok
17:30:08.0322 3144 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
17:30:08.0337 3144 ql40xx - ok
17:30:08.0431 3144 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
17:30:08.0447 3144 QWAVE - ok
17:30:08.0509 3144 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
17:30:08.0525 3144 QWAVEdrv - ok
17:30:08.0572 3144 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
17:30:08.0587 3144 RasAcd - ok
17:30:08.0666 3144 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:30:08.0666 3144 RasAgileVpn - ok
17:30:08.0759 3144 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
17:30:08.0775 3144 RasAuto - ok
17:30:08.0853 3144 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:30:08.0869 3144 Rasl2tp - ok
17:30:09.0009 3144 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
17:30:09.0025 3144 RasMan - ok
17:30:09.0103 3144 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
17:30:09.0119 3144 RasPppoe - ok
17:30:09.0181 3144 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
17:30:09.0212 3144 RasSstp - ok
17:30:09.0337 3144 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
17:30:09.0353 3144 rdbss - ok
17:30:09.0431 3144 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
17:30:09.0431 3144 rdpbus - ok
17:30:09.0541 3144 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:30:09.0541 3144 RDPCDD - ok
17:30:09.0666 3144 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
17:30:09.0681 3144 RDPDR - ok
17:30:09.0759 3144 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
17:30:09.0759 3144 RDPENCDD - ok
17:30:09.0853 3144 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
17:30:09.0869 3144 RDPREFMP - ok
17:30:09.0994 3144 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
17:30:10.0134 3144 RdpVideoMiniport - ok
17:30:10.0259 3144 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
17:30:10.0337 3144 RDPWD - ok
17:30:10.0462 3144 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
17:30:10.0478 3144 rdyboost - ok
17:30:10.0572 3144 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
17:30:10.0634 3144 RemoteAccess - ok
17:30:10.0744 3144 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
17:30:10.0837 3144 RemoteRegistry - ok
17:30:10.0931 3144 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
17:30:10.0978 3144 RFCOMM - ok
17:30:11.0072 3144 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
17:30:11.0134 3144 RpcEptMapper - ok
17:30:11.0212 3144 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
17:30:11.0244 3144 RpcLocator - ok
17:30:11.0384 3144 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
17:30:11.0400 3144 RpcSs - ok
17:30:11.0494 3144 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
17:30:11.0494 3144 rspndr - ok
17:30:11.0572 3144 RTL8023xp (4e20765744bfbc16f6d6e5bd5598786b) C:\Windows\system32\DRIVERS\Rtnicxp.sys
17:30:11.0603 3144 RTL8023xp - ok
17:30:11.0697 3144 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
17:30:11.0697 3144 s3cap - ok
17:30:11.0775 3144 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:30:11.0775 3144 SamSs - ok
17:30:11.0900 3144 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
17:30:11.0916 3144 sbp2port - ok
17:30:12.0009 3144 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
17:30:12.0025 3144 SCardSvr - ok
17:30:12.0119 3144 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
17:30:12.0134 3144 scfilter - ok
17:30:12.0275 3144 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
17:30:12.0337 3144 Schedule - ok
17:30:12.0431 3144 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
17:30:12.0431 3144 SCPolicySvc - ok
17:30:12.0525 3144 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
17:30:12.0556 3144 SDRSVC - ok
17:30:12.0666 3144 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:30:12.0666 3144 secdrv - ok
17:30:12.0744 3144 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
17:30:12.0744 3144 seclogon - ok
17:30:12.0822 3144 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
17:30:12.0853 3144 SENS - ok
17:30:12.0931 3144 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
17:30:12.0931 3144 SensrSvc - ok
17:30:12.0994 3144 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
17:30:13.0009 3144 Serenum - ok
17:30:13.0119 3144 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
17:30:13.0119 3144 Serial - ok
17:30:13.0228 3144 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
17:30:13.0228 3144 sermouse - ok
17:30:13.0416 3144 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
17:30:13.0431 3144 SessionEnv - ok
17:30:13.0525 3144 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
17:30:13.0525 3144 sffdisk - ok
17:30:13.0603 3144 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
17:30:13.0603 3144 sffp_mmc - ok
17:30:13.0650 3144 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
17:30:13.0728 3144 sffp_sd - ok
17:30:13.0791 3144 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
17:30:13.0791 3144 sfloppy - ok
17:30:13.0916 3144 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
17:30:13.0931 3144 SharedAccess - ok
17:30:14.0056 3144 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
17:30:14.0087 3144 ShellHWDetection - ok
17:30:14.0181 3144 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
17:30:14.0212 3144 sisagp - ok
17:30:14.0291 3144 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:30:14.0306 3144 SiSRaid2 - ok
17:30:14.0369 3144 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
17:30:14.0369 3144 SiSRaid4 - ok
17:30:14.0509 3144 SkypeUpdate (f07af60b152221472fbdb2fecec4896d) C:\Program Files\Skype\Updater\Updater.exe
17:30:14.0525 3144 SkypeUpdate - ok
17:30:14.0603 3144 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
17:30:14.0603 3144 Smb - ok
17:30:14.0744 3144 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
17:30:14.0759 3144 SNMPTRAP - ok
17:30:14.0884 3144 snpstd2 (46de6152af860ebd24b5d72d46b26f10) C:\Windows\system32\DRIVERS\snpstd2.sys
17:30:14.0931 3144 snpstd2 - ok
17:30:15.0009 3144 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
17:30:15.0009 3144 spldr - ok
17:30:15.0150 3144 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
17:30:15.0212 3144 Spooler - ok
17:30:15.0556 3144 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
17:30:15.0775 3144 sppsvc - ok
17:30:15.0978 3144 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
17:30:15.0978 3144 sppuinotify - ok
17:30:16.0125 3144 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
17:30:16.0140 3144 srv - ok
17:30:16.0265 3144 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
17:30:16.0281 3144 srv2 - ok
17:30:16.0375 3144 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
17:30:16.0390 3144 srvnet - ok
17:30:16.0484 3144 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
17:30:16.0500 3144 SSDPSRV - ok
17:30:16.0578 3144 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
17:30:16.0593 3144 SstpSvc - ok
17:30:16.0671 3144 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
17:30:16.0671 3144 stexstor - ok
17:30:16.0812 3144 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
17:30:16.0843 3144 StiSvc - ok
17:30:16.0937 3144 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
17:30:16.0968 3144 storflt - ok
17:30:17.0062 3144 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
17:30:17.0062 3144 storvsc - ok
17:30:17.0125 3144 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
17:30:17.0140 3144 swenum - ok
17:30:17.0265 3144 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
17:30:17.0296 3144 swprv - ok
17:30:17.0343 3144 Synth3dVsc - ok
17:30:17.0546 3144 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
17:30:17.0593 3144 SysMain - ok
17:30:17.0687 3144 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
17:30:17.0703 3144 TabletInputService - ok
17:30:17.0828 3144 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
17:30:17.0859 3144 TapiSrv - ok
17:30:17.0937 3144 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
17:30:17.0937 3144 TBS - ok
17:30:18.0171 3144 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
17:30:18.0250 3144 Tcpip - ok
17:30:18.0343 3144 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
17:30:18.0359 3144 TCPIP6 - ok
17:30:18.0500 3144 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
17:30:18.0500 3144 tcpipreg - ok
17:30:18.0593 3144 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
17:30:18.0609 3144 TDPIPE - ok
17:30:18.0656 3144 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
17:30:18.0671 3144 TDTCP - ok
17:30:18.0765 3144 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
17:30:18.0765 3144 tdx - ok
17:30:18.0875 3144 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
17:30:18.0875 3144 TermDD - ok
17:30:19.0000 3144 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
17:30:19.0062 3144 TermService - ok
17:30:19.0156 3144 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
17:30:19.0156 3144 Themes - ok
17:30:19.0250 3144 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
17:30:19.0250 3144 THREADORDER - ok
17:30:19.0343 3144 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
17:30:19.0359 3144 TrkWks - ok
17:30:19.0484 3144 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
17:30:19.0484 3144 TrustedInstaller - ok
17:30:19.0625 3144 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:30:19.0640 3144 tssecsrv - ok
17:30:19.0734 3144 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
17:30:19.0750 3144 TsUsbFlt - ok
17:30:19.0781 3144 tsusbhub - ok
17:30:19.0921 3144 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
17:30:19.0937 3144 tunnel - ok
17:30:20.0015 3144 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
17:30:20.0031 3144 uagp35 - ok
17:30:20.0156 3144 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
17:30:20.0187 3144 udfs - ok
17:30:20.0312 3144 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
17:30:20.0343 3144 UI0Detect - ok
17:30:20.0437 3144 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
17:30:20.0453 3144 uliagpkx - ok
17:30:20.0562 3144 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
17:30:20.0562 3144 umbus - ok
17:30:20.0656 3144 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
17:30:20.0671 3144 UmPass - ok
17:30:20.0781 3144 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
17:30:20.0796 3144 UmRdpService - ok
17:30:20.0890 3144 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
17:30:20.0921 3144 upnphost - ok
17:30:21.0031 3144 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
17:30:21.0031 3144 usbaudio - ok
17:30:21.0156 3144 usbbus (af9388e736af0c325067f05edc350010) C:\Windows\system32\DRIVERS\lgusbbus.sys
17:30:21.0156 3144 usbbus - ok
17:30:21.0265 3144 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
17:30:21.0265 3144 usbccgp - ok
17:30:21.0390 3144 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
17:30:21.0406 3144 usbcir - ok
17:30:21.0484 3144 UsbDiag (ae30ea96e60e823c7b525da356283ae8) C:\Windows\system32\DRIVERS\lgusbdiag.sys
17:30:21.0484 3144 UsbDiag - ok
17:30:21.0609 3144 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
17:30:21.0625 3144 usbehci - ok
17:30:21.0734 3144 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
17:30:21.0765 3144 usbhub - ok
17:30:21.0812 3144 USBModem (46ac66df3d6efe81f69bea823a53aab5) C:\Windows\system32\DRIVERS\lgusbmodem.sys
17:30:21.0812 3144 USBModem - ok
17:30:21.0937 3144 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
17:30:21.0953 3144 usbohci - ok
17:30:22.0015 3144 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
17:30:22.0015 3144 usbprint - ok
17:30:22.0125 3144 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:30:22.0140 3144 USBSTOR - ok
17:30:22.0234 3144 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
17:30:22.0250 3144 usbuhci - ok
17:30:22.0312 3144 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
17:30:22.0328 3144 UxSms - ok
17:30:22.0406 3144 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:30:22.0421 3144 VaultSvc - ok
17:30:22.0500 3144 VClone (1cdaa48cb2f7744b8d25650e050766a5) C:\Windows\system32\DRIVERS\VClone.sys
17:30:22.0500 3144 VClone - ok
17:30:22.0625 3144 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
17:30:22.0625 3144 vdrvroot - ok
17:30:22.0750 3144 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
17:30:22.0796 3144 vds - ok
17:30:22.0906 3144 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
17:30:22.0906 3144 vga - ok
17:30:22.0968 3144 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
17:30:22.0968 3144 VgaSave - ok
17:30:23.0015 3144 VGPU - ok
17:30:23.0140 3144 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
17:30:23.0156 3144 vhdmp - ok
17:30:23.0265 3144 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
17:30:23.0265 3144 viaagp - ok
17:30:23.0343 3144 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
17:30:23.0359 3144 ViaC7 - ok
17:30:23.0468 3144 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
17:30:23.0468 3144 viaide - ok
17:30:23.0578 3144 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
17:30:23.0593 3144 vmbus - ok
17:30:23.0687 3144 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
17:30:23.0703 3144 VMBusHID - ok
17:30:23.0781 3144 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
17:30:23.0796 3144 volmgr - ok
17:30:23.0875 3144 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
17:30:23.0921 3144 volmgrx - ok
17:30:24.0031 3144 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
17:30:24.0062 3144 volsnap - ok
17:30:24.0171 3144 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
17:30:24.0171 3144 vsmraid - ok
17:30:24.0359 3144 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
17:30:24.0421 3144 VSS - ok
17:30:24.0500 3144 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
17:30:24.0500 3144 vwifibus - ok
17:30:24.0593 3144 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
17:30:24.0625 3144 W32Time - ok
17:30:24.0734 3144 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
17:30:24.0734 3144 WacomPen - ok
17:30:24.0843 3144 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
17:30:24.0859 3144 WANARP - ok
17:30:24.0890 3144 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
17:30:24.0906 3144 Wanarpv6 - ok
17:30:25.0109 3144 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
17:30:25.0203 3144 WatAdminSvc - ok
17:30:25.0390 3144 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
17:30:25.0468 3144 wbengine - ok
17:30:25.0546 3144 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
17:30:25.0578 3144 WbioSrvc - ok
17:30:25.0703 3144 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
17:30:25.0718 3144 wcncsvc - ok
17:30:25.0796 3144 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
17:30:25.0812 3144 WcsPlugInService - ok
17:30:25.0906 3144 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
17:30:25.0906 3144 Wd - ok
17:30:26.0015 3144 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
17:30:26.0046 3144 Wdf01000 - ok
17:30:26.0125 3144 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
17:30:26.0140 3144 WdiServiceHost - ok
17:30:26.0203 3144 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
17:30:26.0218 3144 WdiSystemHost - ok
17:30:26.0328 3144 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
17:30:26.0359 3144 WebClient - ok
17:30:26.0468 3144 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
17:30:26.0484 3144 Wecsvc - ok
17:30:26.0531 3144 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
17:30:26.0546 3144 wercplsupport - ok
17:30:26.0640 3144 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
17:30:26.0656 3144 WerSvc - ok
17:30:26.0750 3144 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
17:30:26.0750 3144 WfpLwf - ok
17:30:26.0812 3144 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
17:30:26.0843 3144 WIMMount - ok
17:30:27.0046 3144 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
17:30:27.0078 3144 WinDefend - ok
17:30:27.0140 3144 WinHttpAutoProxySvc - ok
17:30:27.0265 3144 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
17:30:27.0281 3144 Winmgmt - ok
17:30:27.0453 3144 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
17:30:27.0531 3144 WinRM - ok
17:30:27.0718 3144 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
17:30:27.0765 3144 Wlansvc - ok
17:30:27.0890 3144 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
17:30:27.0906 3144 WmiAcpi - ok
17:30:28.0125 3144 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
17:30:28.0140 3144 wmiApSrv - ok
17:30:28.0359 3144 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
17:30:28.0406 3144 WMPNetworkSvc - ok
17:30:28.0500 3144 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
17:30:28.0500 3144 WPCSvc - ok
17:30:28.0609 3144 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
17:30:28.0625 3144 WPDBusEnum - ok
17:30:28.0750 3144 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
17:30:28.0750 3144 ws2ifsl - ok
17:30:28.0828 3144 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
17:30:28.0828 3144 wscsvc - ok
17:30:29.0109 3144 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
17:30:29.0203 3144 wuauserv - ok
17:30:29.0437 3144 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
17:30:29.0453 3144 WudfPf - ok
17:30:29.0593 3144 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:30:29.0609 3144 WUDFRd - ok
17:30:29.0718 3144 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
17:30:29.0718 3144 wudfsvc - ok
17:30:29.0828 3144 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
17:30:29.0843 3144 WwanSvc - ok
17:30:30.0062 3144 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:30:30.0296 3144 \Device\Harddisk0\DR0 - ok
17:30:30.0375 3144 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk1\DR1
17:30:31.0000 3144 \Device\Harddisk1\DR1 - ok
17:30:31.0078 3144 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk2\DR2
17:30:31.0187 3144 \Device\Harddisk2\DR2 - ok
17:30:31.0234 3144 Boot (0x1200) (e86d18c78bfc10e4e6100a9518878405) \Device\Harddisk0\DR0\Partition0
17:30:31.0234 3144 \Device\Harddisk0\DR0\Partition0 - ok
17:30:31.0296 3144 Boot (0x1200) (54557f98f0c5e24899ad17b3bc7a876b) \Device\Harddisk1\DR1\Partition0
17:30:31.0296 3144 \Device\Harddisk1\DR1\Partition0 - ok
17:30:31.0343 3144 Boot (0x1200) (bdd3ae5c0d676e9b080210959c7b0d83) \Device\Harddisk2\DR2\Partition0
17:30:31.0343 3144 \Device\Harddisk2\DR2\Partition0 - ok
17:30:31.0375 3144 ============================================================
17:30:31.0375 3144 Scan finished
17:30:31.0375 3144 ============================================================
17:30:31.0453 0876 Detected object count: 0
17:30:31.0453 0876 Actual detected object count: 0

[busak]

ComboFix 12-07-31.03 - Miroslav 02.08.2012 17:45:45.2.1 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.1280.609 [GMT 2:00]
Spuštěný z: c:\users\Miroslav\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Miroslav\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1445107617-2002140488-3262147951-1001Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1445107617-2002140488-3262147951-1001UA.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-02 do 2012-08-02 )))))))))))))))))))))))))))))))
.
.
2012-08-02 16:06 . 2012-08-02 16:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-02 15:29 . 2012-08-02 15:29 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B01B73CB-806A-48EB-82D3-98AE2B84164D}\MpKsl307cf3a4.sys
2012-08-02 13:27 . 2012-08-02 13:27 -------- d-----w- c:\users\Marketka
2012-08-02 06:48 . 2012-07-16 00:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B01B73CB-806A-48EB-82D3-98AE2B84164D}\mpengine.dll
2012-08-01 18:46 . 2012-08-01 18:46 -------- d-----w- C:\ifx
2012-08-01 18:46 . 2010-05-12 01:23 16896 ----a-w- c:\windows\system32\drivers\FlashUSB.sys
2012-08-01 18:43 . 2012-03-02 14:03 25216 ----a-w- c:\windows\system32\drivers\lgusbmodem.sys
2012-08-01 18:43 . 2012-03-02 14:03 20864 ----a-w- c:\windows\system32\drivers\lgusbdiag.sys
2012-08-01 18:43 . 2012-03-02 14:03 13056 ----a-w- c:\windows\system32\drivers\lgusbbus.sys
2012-08-01 18:40 . 2012-08-01 18:40 -------- d-----w- C:\LG_USB
2012-08-01 18:01 . 2009-10-19 19:49 1164728 ----a-w- c:\windows\system32\NMSDVDXU.dll
2012-08-01 18:01 . 2009-05-22 11:26 419240 ----a-w- c:\windows\system32\Vsflex7L.ocx
2012-08-01 18:01 . 2009-05-22 11:26 244416 ----a-w- c:\windows\system32\Msflxgrd.ocx
2012-08-01 18:01 . 2009-05-22 11:26 630784 ----a-w- c:\windows\system32\vsflex8u.ocx
2012-08-01 17:58 . 2011-05-10 11:37 655872 ----a-w- c:\windows\system32\msvcr90.dll
2012-08-01 17:58 . 2011-05-10 11:37 568832 ----a-w- c:\windows\system32\msvcp90.dll
2012-08-01 17:58 . 2011-05-10 11:37 224768 ----a-w- c:\windows\system32\msvcm90.dll
2012-08-01 17:58 . 2006-05-04 06:33 53248 ----a-w- c:\windows\system32\CommonDL.dll
2012-08-01 17:58 . 2005-11-24 00:34 82432 ----a-w- c:\windows\system32\msxml4r.dll
2012-08-01 17:58 . 2005-10-03 23:39 44544 ----a-w- c:\windows\system32\msxml4a.dll
2012-08-01 17:58 . 2005-09-11 12:51 1233920 ----a-w- c:\windows\system32\msxml4.dll
2012-08-01 17:58 . 2012-08-01 17:59 -------- d-----w- c:\programdata\LGMOBILEAX
2012-08-01 17:56 . 2012-08-01 18:43 -------- d-----w- c:\program files\LG Electronics
2012-08-01 16:14 . 2012-07-16 00:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-31 20:18 . 2012-07-31 20:18 -------- d-----w- c:\program files\Microsoft SkyDrive
2012-07-31 20:15 . 2012-07-31 20:15 -------- d-----w- c:\programdata\Microsoft SkyDrive
2012-07-30 17:38 . 2012-07-30 17:39 -------- d-----w- c:\program files\CrystalDiskInfo
2012-07-30 17:33 . 2012-07-30 17:33 -------- d-----w- c:\programdata\Malwarebytes
2012-07-30 17:32 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-30 17:32 . 2012-07-30 17:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-30 16:51 . 2012-07-30 16:51 -------- d-----w- c:\program files\Trend Micro
2012-07-30 16:30 . 2012-07-30 16:30 -------- d-----w- c:\program files\Verdict Free
2012-07-29 12:01 . 2012-07-29 12:01 -------- d-----w- c:\program files\Lavalys
2012-07-28 20:15 . 2012-07-28 20:16 -------- d-----w- c:\program files\7-Zip
2012-07-28 10:16 . 2012-07-28 10:16 -------- d-----w- c:\windows\system32\SPReview
2012-07-28 10:14 . 2012-07-28 10:14 -------- d-----w- c:\windows\system32\EventProviders
2012-07-28 10:03 . 2012-07-28 10:03 304 ----a-w- C:\user.js
2012-07-28 10:02 . 2012-07-28 10:33 -------- d-----w- c:\program files\hpmonitor
2012-07-28 10:00 . 2012-07-28 10:00 -------- d-----w- c:\programdata\Babylon
2012-07-28 09:59 . 1998-06-23 23:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2012-07-28 09:59 . 2004-03-08 23:00 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2012-07-28 09:59 . 2012-03-14 16:23 54784 ----a-w- c:\windows\system32\pdfcmon.dll
2012-07-28 09:59 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2012-07-28 09:59 . 2012-07-28 10:05 -------- d-----w- c:\program files\PDFCreator
2012-07-28 08:32 . 2012-07-28 08:32 -------- d-----w- c:\program files\Elaborate Bytes
2012-07-28 08:09 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
2012-07-28 08:09 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-07-27 18:34 . 2012-07-27 18:34 -------- d-----w- c:\program files\Mozilla Thunderbird
2012-07-27 17:51 . 2012-07-27 17:51 -------- d-----w- c:\program files\CCleaner
2012-07-27 01:42 . 2012-07-27 06:27 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-27 01:42 . 2012-07-27 06:27 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-26 21:21 . 2012-07-26 21:21 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-07-26 19:30 . 2012-07-26 19:30 -------- d-----w- c:\program files\KYE
2012-07-26 19:30 . 2012-07-26 19:30 -------- d-----w- c:\windows\Album
2012-07-26 19:30 . 2002-07-03 09:44 53248 ----a-w- c:\windows\amcap.exe
2012-07-26 19:28 . 2004-06-10 09:54 286720 ----a-w- c:\windows\vsnpstd2.exe
2012-07-26 19:28 . 2003-04-21 12:09 245408 ----a-w- c:\windows\system32\unicows.dll
2012-07-26 19:28 . 2004-06-08 16:25 53248 ----a-w- c:\windows\system32\dsnpstd2.dll
2012-07-26 19:26 . 2004-07-28 09:49 334080 ----a-w- c:\windows\system32\drivers\snpstd2.sys
2012-07-26 19:26 . 2004-06-08 16:56 40960 ----a-w- c:\windows\system32\rsnpstd2.dll
2012-07-26 19:26 . 2004-02-16 11:59 61440 ----a-w- c:\windows\system32\csnpstd2.dll
2012-07-26 19:26 . 2004-06-08 16:57 36864 ----a-w- c:\windows\system32\vsnpstd2.dll
2012-07-26 19:26 . 2004-06-08 16:57 36864 ----a-w- c:\windows\system32\dsnpstd2.ax
2012-07-26 19:25 . 2004-06-09 14:00 20480 ----a-w- c:\windows\usnpstd2.exe
2012-07-26 19:25 . 2012-07-26 19:28 -------- d-----w- c:\program files\Common Files\snpstd2
2012-07-26 19:23 . 2012-07-28 09:17 -------- d-----w- c:\program files\Common Files\InstallShield
2012-07-26 19:15 . 2012-07-28 07:54 -------- d-----w- c:\program files\Microsoft Silverlight
2012-07-26 19:14 . 2012-07-26 19:14 -------- dc----w- c:\windows\system32\DRVSTORE
2012-07-26 19:14 . 2010-04-28 05:44 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-07-26 19:03 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-07-26 19:01 . 2012-07-26 19:01 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-07-26 19:01 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-07-26 18:59 . 2010-11-20 12:20 9166336 ----a-w- c:\program files\DVD Maker\OmdBase.dll
2012-07-26 18:58 . 2010-11-20 12:21 381440 ----a-w- c:\windows\system32\wer.dll
2012-07-26 18:57 . 2010-11-20 12:18 494592 ----a-w- c:\windows\system32\BFE.DLL
2012-07-26 18:56 . 2010-11-20 12:18 321536 ----a-w- c:\windows\system32\aepdu.dll
2012-07-26 18:55 . 2010-11-20 12:36 1077248 ----a-w- c:\windows\system32\Narrator.exe
2012-07-26 18:54 . 2010-11-20 12:16 692736 ----a-w- c:\windows\system32\bthprops.cpl
2012-07-26 18:53 . 2010-11-20 12:21 541184 ----a-w- c:\windows\system32\WMVSDECD.DLL
2012-07-26 18:52 . 2010-11-20 12:21 4096 ----a-w- c:\windows\system32\dxmasf.dll
2012-07-26 18:51 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2012-07-26 18:51 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2012-07-26 18:47 . 2012-07-26 18:47 -------- d-----w- c:\program files\Common Files\Windows Live
2012-07-26 17:16 . 2012-07-26 17:16 -------- d-----w- c:\program files\Common Files\Skype
2012-07-26 17:16 . 2012-07-26 17:16 -------- d-----r- c:\program files\Skype
2012-07-26 17:14 . 2012-07-26 18:07 -------- d-----w- c:\programdata\Skype
2012-07-26 17:08 . 2012-07-26 17:11 -------- d-----w- c:\program files\QIP 2012
2012-07-26 15:30 . 2011-03-25 02:58 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-07-26 15:30 . 2011-03-25 02:57 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-07-26 15:30 . 2011-03-25 02:58 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-07-26 15:29 . 2011-03-25 02:58 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-07-26 15:29 . 2011-03-25 02:57 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-07-26 15:29 . 2011-03-25 02:57 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2012-07-26 15:29 . 2011-03-25 02:57 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-07-26 15:28 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\system32\esent.dll
2012-07-26 15:28 . 2011-03-11 05:39 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2012-07-26 15:28 . 2011-03-11 05:39 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-07-26 15:28 . 2011-03-11 05:39 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2012-07-26 15:28 . 2011-03-11 05:39 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2012-07-26 15:28 . 2011-03-11 05:38 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2012-07-26 15:28 . 2011-03-11 05:38 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2012-07-26 15:28 . 2011-03-11 05:38 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2012-07-26 15:28 . 2011-03-11 05:31 74240 ----a-w- c:\windows\system32\fsutil.exe
2012-07-26 15:26 . 2011-04-28 03:15 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-26 15:26 . 2011-04-28 03:15 60416 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2012-07-26 15:26 . 2010-11-20 12:17 219648 ----a-w- c:\windows\system32\fsquirt.exe
2012-07-26 07:37 . 2012-07-26 07:37 -------- d-----w- c:\windows\system32\Wat
2012-07-26 02:39 . 2012-07-27 17:56 -------- d-----w- c:\windows\Panther
2012-07-26 01:21 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-26 01:19 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-07-26 01:19 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-07-26 01:19 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-07-26 01:19 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-07-26 01:18 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2012-07-25 22:54 . 2012-08-01 17:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2012-07-25 22:52 . 2012-07-25 22:53 -------- d-----w- c:\program files\IrfanView
2012-07-25 22:51 . 2012-07-26 18:24 -------- d-----w- c:\program files\ICQ7.7
2012-07-25 22:40 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2012-07-25 22:40 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-07-25 22:39 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2012-07-25 22:39 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2012-07-25 22:39 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2012-07-25 22:39 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-07-25 22:39 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-07-25 22:38 . 2011-03-03 05:38 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-28 10:50 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-07-25 17:34 . 2012-07-25 17:34 203776 ----a-w- c:\windows\system32\webcheck.dll
2012-07-14 00:15 . 2012-07-25 18:18 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\Album ----
.
2012-07-26 19:30 . 2003-08-06 16:18 39462 ----a-w- c:\windows\Album\Music\Space Alarm.wav
2012-07-26 19:30 . 2003-08-06 16:18 100396 ----a-w- c:\windows\Album\Music\Police Siren.wav
2012-07-26 19:30 . 2003-08-06 16:18 43628 ----a-w- c:\windows\Album\Music\High Tech Alarm.wav
2012-07-26 19:30 . 2003-08-06 16:18 9264 ----a-w- c:\windows\Album\Music\Click.wav
2012-07-26 19:30 . 2003-08-06 16:18 109886 ----a-w- c:\windows\Album\Music\Cavalry to the Rescue.wav
2012-07-26 19:30 . 2003-08-06 16:18 20076 ----a-w- c:\windows\Album\Music\Breaking Glass.wav
2012-07-26 19:30 . 2003-08-06 16:18 49004 ----a-w- c:\windows\Album\Music\Barking Dog.wav
2012-07-26 19:30 . 2003-08-06 16:18 17404 ----a-w- c:\windows\Album\Music\Alien Alert.wav
2012-07-26 19:30 . 2003-08-06 16:18 1058 ----a-w- c:\windows\Album\Music\Alert.wav
2012-07-26 19:30 . 2003-08-06 16:18 30210 ----a-w- c:\windows\Album\Music\Zapped by Electricity.wav
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-07-31 20:29 220624 ----a-w- c:\users\Miroslav\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-07-31 20:29 220624 ----a-w- c:\users\Miroslav\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-07-31 20:29 220624 ----a-w- c:\users\Miroslav\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718_1\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Miroslav^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk]
path=c:\users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
backup=c:\windows\pss\Facebook Messenger.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Miroslav^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]
2012-03-28 00:53 404568 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-28 08:11 138096 ----atw- c:\users\Miroslav\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 16:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware]
2012-07-03 11:46 462920 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Quick Moto Agent]
2004-03-21 13:43 459776 ----a-w- c:\program files\Quick Moto\Agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNPSTD2]
2004-06-10 09:54 286720 ----a-w- c:\windows\vsnpstd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2009-04-14 05:43 604704 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-05-26 22:31 85160 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [x]
R3 FlashUSB;FlashUSB;c:\windows\system32\DRIVERS\FlashUSB.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 MpKsl307cf3a4;MpKsl307cf3a4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B01B73CB-806A-48EB-82D3-98AE2B84164D}\MpKsl307cf3a4.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 06:27]
.
2012-08-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1445107617-2002140488-3262147951-1001Core.job
- c:\users\Miroslav\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-28 08:11]
.
2012-08-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1445107617-2002140488-3262147951-1001UA.job
- c:\users\Miroslav\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-28 08:11]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Verdict Free\etnxp.dll
TCP: DhcpNameServer = 10.29.2.1 192.168.0.1
FF - ProfilePath - c:\users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\e8s9w3st.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.urlbar.hideGoButton - false
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2012-08-02 18:16:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-08-02 16:16
ComboFix2.txt 2012-08-01 16:13
.
Před spuštěním: Volných bajtů: 16 385 327 104
Po spuštění: Volných bajtů: 16 362 348 544
.
- - End Of File - - 46768484537600EADCDB19C88E7FF1BC

[Žbeky]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1445107617-2002140488-3262147951-1001Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1445107617-2002140488-3262147951-1001UA.job

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

RegNull::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[busak]

ComboFix 12-07-31.06 - Miroslav 03.08.2012 18:28:33.3.1 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.1280.793 [GMT 2:00]
Spuštěný z: c:\users\Miroslav\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Miroslav\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1445107617-2002140488-3262147951-1001Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1445107617-2002140488-3262147951-1001UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1445107617-2002140488-3262147951-1001Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1445107617-2002140488-3262147951-1001UA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-03 do 2012-08-03 )))))))))))))))))))))))))))))))
.
.
2012-08-03 16:48 . 2012-08-03 16:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-03 08:09 . 2012-07-16 00:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9676D43B-B221-4EE2-921F-3B0D12DCBDD5}\mpengine.dll
2012-08-02 17:07 . 2012-07-16 00:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-02 13:27 . 2012-08-02 17:08 -------- d-----w- c:\users\Marketka
2012-08-01 18:46 . 2012-08-01 18:46 -------- d-----w- C:\ifx
2012-08-01 18:46 . 2010-05-12 01:23 16896 ----a-w- c:\windows\system32\drivers\FlashUSB.sys
2012-08-01 18:43 . 2012-03-02 14:03 25216 ----a-w- c:\windows\system32\drivers\lgusbmodem.sys
2012-08-01 18:43 . 2012-03-02 14:03 20864 ----a-w- c:\windows\system32\drivers\lgusbdiag.sys
2012-08-01 18:43 . 2012-03-02 14:03 13056 ----a-w- c:\windows\system32\drivers\lgusbbus.sys
2012-08-01 18:40 . 2012-08-01 18:40 -------- d-----w- C:\LG_USB
2012-08-01 18:01 . 2009-10-19 19:49 1164728 ----a-w- c:\windows\system32\NMSDVDXU.dll
2012-08-01 18:01 . 2009-05-22 11:26 419240 ----a-w- c:\windows\system32\Vsflex7L.ocx
2012-08-01 18:01 . 2009-05-22 11:26 244416 ----a-w- c:\windows\system32\Msflxgrd.ocx
2012-08-01 18:01 . 2009-05-22 11:26 630784 ----a-w- c:\windows\system32\vsflex8u.ocx
2012-08-01 17:58 . 2011-05-10 11:37 655872 ----a-w- c:\windows\system32\msvcr90.dll
2012-08-01 17:58 . 2011-05-10 11:37 568832 ----a-w- c:\windows\system32\msvcp90.dll
2012-08-01 17:58 . 2011-05-10 11:37 224768 ----a-w- c:\windows\system32\msvcm90.dll
2012-08-01 17:58 . 2006-05-04 06:33 53248 ----a-w- c:\windows\system32\CommonDL.dll
2012-08-01 17:58 . 2005-11-24 00:34 82432 ----a-w- c:\windows\system32\msxml4r.dll
2012-08-01 17:58 . 2005-10-03 23:39 44544 ----a-w- c:\windows\system32\msxml4a.dll
2012-08-01 17:58 . 2005-09-11 12:51 1233920 ----a-w- c:\windows\system32\msxml4.dll
2012-08-01 17:58 . 2012-08-01 17:59 -------- d-----w- c:\programdata\LGMOBILEAX
2012-08-01 17:56 . 2012-08-01 18:43 -------- d-----w- c:\program files\LG Electronics
2012-07-31 20:18 . 2012-07-31 20:18 -------- d-----w- c:\program files\Microsoft SkyDrive
2012-07-31 20:15 . 2012-07-31 20:15 -------- d-----w- c:\programdata\Microsoft SkyDrive
2012-07-30 17:38 . 2012-07-30 17:39 -------- d-----w- c:\program files\CrystalDiskInfo
2012-07-30 17:33 . 2012-07-30 17:33 -------- d-----w- c:\programdata\Malwarebytes
2012-07-30 17:32 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-30 17:32 . 2012-07-30 17:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-30 16:51 . 2012-07-30 16:51 -------- d-----w- c:\program files\Trend Micro
2012-07-30 16:30 . 2012-07-30 16:30 -------- d-----w- c:\program files\Verdict Free
2012-07-29 12:01 . 2012-07-29 12:01 -------- d-----w- c:\program files\Lavalys
2012-07-28 20:15 . 2012-07-28 20:16 -------- d-----w- c:\program files\7-Zip
2012-07-28 10:16 . 2012-07-28 10:16 -------- d-----w- c:\windows\system32\SPReview
2012-07-28 10:14 . 2012-07-28 10:14 -------- d-----w- c:\windows\system32\EventProviders
2012-07-28 10:03 . 2012-07-28 10:03 304 ----a-w- C:\user.js
2012-07-28 10:02 . 2012-07-28 10:33 -------- d-----w- c:\program files\hpmonitor
2012-07-28 09:59 . 1998-06-23 23:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2012-07-28 09:59 . 2004-03-08 23:00 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2012-07-28 09:59 . 2012-03-14 16:23 54784 ----a-w- c:\windows\system32\pdfcmon.dll
2012-07-28 09:59 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2012-07-28 09:59 . 2012-07-28 10:05 -------- d-----w- c:\program files\PDFCreator
2012-07-28 08:32 . 2012-07-28 08:32 -------- d-----w- c:\program files\Elaborate Bytes
2012-07-28 08:09 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
2012-07-28 08:09 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-07-27 18:34 . 2012-07-27 18:34 -------- d-----w- c:\program files\Mozilla Thunderbird
2012-07-27 17:51 . 2012-07-27 17:51 -------- d-----w- c:\program files\CCleaner
2012-07-27 01:42 . 2012-07-27 06:27 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-27 01:42 . 2012-07-27 06:27 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-26 21:21 . 2012-07-26 21:21 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-07-26 19:30 . 2012-07-26 19:30 -------- d-----w- c:\program files\KYE
2012-07-26 19:30 . 2012-07-26 19:30 -------- d-----w- c:\windows\Album
2012-07-26 19:30 . 2002-07-03 09:44 53248 ----a-w- c:\windows\amcap.exe
2012-07-26 19:28 . 2004-06-10 09:54 286720 ----a-w- c:\windows\vsnpstd2.exe
2012-07-26 19:28 . 2003-04-21 12:09 245408 ----a-w- c:\windows\system32\unicows.dll
2012-07-26 19:28 . 2004-06-08 16:25 53248 ----a-w- c:\windows\system32\dsnpstd2.dll
2012-07-26 19:26 . 2004-07-28 09:49 334080 ----a-w- c:\windows\system32\drivers\snpstd2.sys
2012-07-26 19:26 . 2004-06-08 16:56 40960 ----a-w- c:\windows\system32\rsnpstd2.dll
2012-07-26 19:26 . 2004-02-16 11:59 61440 ----a-w- c:\windows\system32\csnpstd2.dll
2012-07-26 19:26 . 2004-06-08 16:57 36864 ----a-w- c:\windows\system32\vsnpstd2.dll
2012-07-26 19:26 . 2004-06-08 16:57 36864 ----a-w- c:\windows\system32\dsnpstd2.ax
2012-07-26 19:25 . 2004-06-09 14:00 20480 ----a-w- c:\windows\usnpstd2.exe
2012-07-26 19:25 . 2012-07-26 19:28 -------- d-----w- c:\program files\Common Files\snpstd2
2012-07-26 19:23 . 2012-07-28 09:17 -------- d-----w- c:\program files\Common Files\InstallShield
2012-07-26 19:15 . 2012-07-28 07:54 -------- d-----w- c:\program files\Microsoft Silverlight
2012-07-26 19:14 . 2012-07-26 19:14 -------- dc----w- c:\windows\system32\DRVSTORE
2012-07-26 19:14 . 2010-04-28 05:44 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-07-26 19:03 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-07-26 19:01 . 2012-07-26 19:01 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-07-26 19:01 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-07-26 18:59 . 2010-11-20 12:20 9166336 ----a-w- c:\program files\DVD Maker\OmdBase.dll
2012-07-26 18:58 . 2010-11-20 12:21 381440 ----a-w- c:\windows\system32\wer.dll
2012-07-26 18:57 . 2010-11-20 12:18 494592 ----a-w- c:\windows\system32\BFE.DLL
2012-07-26 18:56 . 2010-11-20 12:18 321536 ----a-w- c:\windows\system32\aepdu.dll
2012-07-26 18:55 . 2010-11-20 12:36 1077248 ----a-w- c:\windows\system32\Narrator.exe
2012-07-26 18:54 . 2010-11-20 12:16 692736 ----a-w- c:\windows\system32\bthprops.cpl
2012-07-26 18:53 . 2010-11-20 12:21 541184 ----a-w- c:\windows\system32\WMVSDECD.DLL
2012-07-26 18:52 . 2010-11-20 12:21 4096 ----a-w- c:\windows\system32\dxmasf.dll
2012-07-26 18:51 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2012-07-26 18:51 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2012-07-26 18:47 . 2012-07-26 18:47 -------- d-----w- c:\program files\Common Files\Windows Live
2012-07-26 17:16 . 2012-07-26 17:16 -------- d-----w- c:\program files\Common Files\Skype
2012-07-26 17:16 . 2012-07-26 17:16 -------- d-----r- c:\program files\Skype
2012-07-26 17:14 . 2012-07-26 18:07 -------- d-----w- c:\programdata\Skype
2012-07-26 17:08 . 2012-07-26 17:11 -------- d-----w- c:\program files\QIP 2012
2012-07-26 15:30 . 2011-03-25 02:58 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-07-26 15:30 . 2011-03-25 02:57 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-07-26 15:30 . 2011-03-25 02:58 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-07-26 15:29 . 2011-03-25 02:58 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-07-26 15:29 . 2011-03-25 02:57 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-07-26 15:29 . 2011-03-25 02:57 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2012-07-26 15:29 . 2011-03-25 02:57 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-07-26 15:28 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\system32\esent.dll
2012-07-26 15:28 . 2011-03-11 05:39 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2012-07-26 15:28 . 2011-03-11 05:39 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-07-26 15:28 . 2011-03-11 05:39 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2012-07-26 15:28 . 2011-03-11 05:39 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2012-07-26 15:28 . 2011-03-11 05:38 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2012-07-26 15:28 . 2011-03-11 05:38 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2012-07-26 15:28 . 2011-03-11 05:38 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2012-07-26 15:28 . 2011-03-11 05:31 74240 ----a-w- c:\windows\system32\fsutil.exe
2012-07-26 15:26 . 2011-04-28 03:15 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-26 15:26 . 2011-04-28 03:15 60416 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2012-07-26 15:26 . 2010-11-20 12:17 219648 ----a-w- c:\windows\system32\fsquirt.exe
2012-07-26 07:37 . 2012-07-26 07:37 -------- d-----w- c:\windows\system32\Wat
2012-07-26 02:39 . 2012-07-27 17:56 -------- d-----w- c:\windows\Panther
2012-07-26 01:21 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-26 01:19 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-07-26 01:19 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-07-26 01:19 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-07-26 01:19 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-07-26 01:18 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2012-07-25 22:54 . 2012-08-01 17:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2012-07-25 22:52 . 2012-07-25 22:53 -------- d-----w- c:\program files\IrfanView
2012-07-25 22:51 . 2012-07-26 18:24 -------- d-----w- c:\program files\ICQ7.7
2012-07-25 22:40 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2012-07-25 22:40 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-07-25 22:39 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2012-07-25 22:39 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2012-07-25 22:39 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2012-07-25 22:39 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2012-07-25 22:39 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll
2012-07-25 22:38 . 2011-03-03 05:38 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2012-07-25 22:38 . 2011-03-03 05:36 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2012-07-25 22:38 . 2011-02-19 04:34 294912 ----a-w- c:\windows\system32\atmfd.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-28 10:50 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-07-25 17:34 . 2012-07-25 17:34 203776 ----a-w- c:\windows\system32\webcheck.dll
2012-07-14 00:15 . 2012-07-25 18:18 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-07-31 20:29 220624 ----a-w- c:\users\Miroslav\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-07-31 20:29 220624 ----a-w- c:\users\Miroslav\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-07-31 20:29 220624 ----a-w- c:\users\Miroslav\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718_1\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Miroslav^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk]
path=c:\users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
backup=c:\windows\pss\Facebook Messenger.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Miroslav^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\Miroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]
2012-03-28 00:53 404568 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-28 08:11 138096 ----atw- c:\users\Miroslav\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 16:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware]
2012-07-03 11:46 462920 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Quick Moto Agent]
2004-03-21 13:43 459776 ----a-w- c:\program files\Quick Moto\Agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNPSTD2]
2004-06-10 09:54 286720 ----a-w- c:\windows\vsnpstd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2009-04-14 05:43 604704 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-05-26 22:31 85160 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [x]
R3 FlashUSB;FlashUSB;c:\windows\system32\DRIVERS\FlashUSB.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 06:27]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
IE: {{230D1201-7607-4CF6-A11F-9E4BF0A333E0} - {0DB13731-CEFD-43CF-A8FD-B61DCBC4D5B8} - c:\program files\Verdict Free\etnxp.dll
IE: {{2C73F784-D2DE-4422-B070-2E3332FE5744} - {0320AC26-52C8-4316-B2C4-24BB6FA73C9A} - c:\program files\Verdict Free\etnxp.dll
TCP: DhcpNameServer = 10.29.2.1 192.168.0.1
FF - ProfilePath - c:\users\Miroslav\AppData\Roaming\Mozilla\Firefox\Profiles\e8s9w3st.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.urlbar.hideGoButton - false
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
Celkový čas: 2012-08-03 18:55:47
ComboFix-quarantined-files.txt 2012-08-03 16:55
ComboFix2.txt 2012-08-02 16:16
ComboFix3.txt 2012-08-01 16:13
.
Před spuštěním: Volných bajtů: 16 477 962 240
Po spuštění: Volných bajtů: 16 435 867 648
.
- - End Of File - - 80F8E9064AE741E355464D537ED5C741