Prosím o kontrolu logu, něco není v pořádku

frai · Příspěvekod **frai** » 07 pro 2012 14:29

Zdravím, poslední dobou se mi pořád něco stahuje do PC. Když se podívám na statistiku ve Firewallu (viz příloha) ,tak ve dny ,když jsem připojenej k netu, tak se tam něco stahovalo. Jak přes wifi, tak přes mobilní net (kde mi to rychle vyčerpalo FUP). Zkoumal jsem i správce úloh, ale všechny aktualizace jsou teď vypnuté, tak opravdu nevím co by to mohlo být, může mi někdo pomoci?

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 14:22:00, on 7.12.2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Vitware\Word Manager\Word Manager.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstall ... QBNAEIAUgA"&"inst=NwA2AC0AMQAyADUANgA3ADEAMgA3ADEAOAAtAEQAMwA4ADEATAArADUALQBJADEAMgArADEALQBTAFQAMQAyAEEAUABQACsAMQAtAEQARABUACsAMAAtAEUAVQBMAEEAKwAxAC0ASQA5ADAAKwAxAC0AUwBUADkAMABBAFAAUAArADEALQBQAEwAKwA5AA"&"prod=54"&"ver=9.0.914
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Firewall - ALWIL Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12647 bytes

Reklama

Příspěvekod **memphisto** » 07 pro 2012 19:20

ten druhý obrázek píše, že máš HJT spustit jako správce. Klik pravým na ikonu a vybrat spustit jako správce

v logu fixni:
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstall ... QBNAEIAUgA"&"inst=NwA2AC0AMQAyADUANgA3ADEAMgA3ADEAOAAtAEQAMwA4ADEATAArADUALQBJADEAMgArADEALQBTAFQAMQAyAEEAUABQAC

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranìní historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit doèasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po probìhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

frai · Příspěvekod **frai** » 07 pro 2012 20:00

Ok, provedeno.. Malware Bytes nic nenašel. Jinak nevíte čím by mohlo být zapříčiněno to stahování "něčeho" ? Teď to tolik nedělá ,ale v minulých dnech pořád..vrtá mi to hlavou a nevím jestli se to může opakovat

Příspěvekod **Žbeky** » 07 pro 2012 21:46

Zpětně asi těžko zjišťovat, který proces to byl

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

frai · Příspěvekod **frai** » 07 pro 2012 22:14

Tady je ten Killer, našlo to jen jednu podezřelou věc, zatím jsem s tím nic nedělal (Dávám to na část1 a část 2, páč se to tu celé najednou nevleze) ..zachvíli ještě vložím ten log z ComboFixu

Killer: část 1

22:06:58.0451 10504 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:07:00.0479 10504 ============================================================
22:07:00.0479 10504 Current date / time: 2012/12/07 22:07:00.0479
22:07:00.0479 10504 SystemInfo:
22:07:00.0479 10504
22:07:00.0479 10504 OS Version: 6.1.7601 ServicePack: 1.0
22:07:00.0479 10504 Product type: Workstation
22:07:00.0479 10504 ComputerName: 0038A
22:07:00.0479 10504 UserName: Pavel
22:07:00.0479 10504 Windows directory: C:\Windows
22:07:00.0479 10504 System windows directory: C:\Windows
22:07:00.0479 10504 Running under WOW64
22:07:00.0479 10504 Processor architecture: Intel x64
22:07:00.0479 10504 Number of processors: 2
22:07:00.0479 10504 Page size: 0x1000
22:07:00.0479 10504 Boot type: Normal boot
22:07:00.0479 10504 ============================================================
22:07:02.0491 10504 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:07:02.0522 10504 ============================================================
22:07:02.0522 10504 \Device\Harddisk0\DR0:
22:07:02.0522 10504 MBR partitions:
22:07:02.0522 10504 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000
22:07:02.0522 10504 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x38BE3030
22:07:02.0522 10504 ============================================================
22:07:02.0632 10504 C: <-> \Device\Harddisk0\DR0\Partition2
22:07:02.0632 10504 ============================================================
22:07:02.0632 10504 Initialize success
22:07:02.0632 10504 ============================================================
22:07:07.0421 10468 ============================================================
22:07:07.0421 10468 Scan started
22:07:07.0421 10468 Mode: Manual;
22:07:07.0421 10468 ============================================================
22:07:09.0106 10468 ================ Scan system memory ========================
22:07:09.0106 10468 System memory - ok
22:07:09.0106 10468 ================ Scan services =============================
22:07:09.0605 10468 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:07:09.0605 10468 1394ohci - ok
22:07:09.0652 10468 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:07:09.0667 10468 ACPI - ok
22:07:09.0698 10468 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:07:09.0698 10468 AcpiPmi - ok
22:07:09.0745 10468 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys
22:07:09.0745 10468 adfs - ok
22:07:09.0792 10468 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:07:09.0808 10468 adp94xx - ok
22:07:09.0839 10468 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:07:09.0870 10468 adpahci - ok
22:07:09.0901 10468 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:07:09.0932 10468 adpu320 - ok
22:07:09.0979 10468 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:07:09.0979 10468 AeLookupSvc - ok
22:07:10.0042 10468 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:07:10.0057 10468 AFD - ok
22:07:10.0104 10468 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:07:10.0104 10468 agp440 - ok
22:07:10.0151 10468 [ BC569A6C209D94F6643EE35710AEC1F6 ] aksdf C:\Windows\system32\DRIVERS\aksdf.sys
22:07:10.0151 10468 aksdf - ok
22:07:10.0182 10468 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:07:10.0198 10468 ALG - ok
22:07:10.0213 10468 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:07:10.0229 10468 aliide - ok
22:07:10.0276 10468 [ B4143CB1DD16AE73C6177C72F33450A6 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:07:10.0291 10468 AMD External Events Utility - ok
22:07:10.0322 10468 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:07:10.0322 10468 amdide - ok
22:07:10.0354 10468 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:07:10.0369 10468 AmdK8 - ok
22:07:10.0588 10468 [ D1D06810BF7E21F5763EB06CB7E7262B ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys
22:07:10.0775 10468 amdkmdag - ok
22:07:10.0806 10468 [ 6BA71D6616B56816E57394D77DD1BB6F ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
22:07:10.0806 10468 amdkmdap - ok
22:07:10.0837 10468 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:07:10.0837 10468 AmdPPM - ok
22:07:10.0884 10468 [ CC3021D064EB6D3C2F949530E2B0BA47 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
22:07:10.0884 10468 amdsata - ok
22:07:10.0931 10468 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:07:10.0931 10468 amdsbs - ok
22:07:10.0946 10468 [ FFC5A0F6263574EF0D5467496B721F77 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
22:07:10.0962 10468 amdxata - ok
22:07:10.0993 10468 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:07:10.0993 10468 AppID - ok
22:07:11.0040 10468 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:07:11.0040 10468 AppIDSvc - ok
22:07:11.0087 10468 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:07:11.0087 10468 Appinfo - ok
22:07:11.0118 10468 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:07:11.0118 10468 arc - ok
22:07:11.0149 10468 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:07:11.0149 10468 arcsas - ok
22:07:11.0196 10468 [ 5A1408B8F58CE21F6A46BB8CA0C297F3 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
22:07:11.0196 10468 aswFsBlk - ok
22:07:11.0258 10468 [ F8E13242F56C88FB6FB55BF91DE9F367 ] aswFW C:\Windows\system32\drivers\aswFW.sys
22:07:11.0274 10468 aswFW - ok
22:07:11.0336 10468 [ 199CCBB4A91BEC33E190EC35CCBCEE0F ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
22:07:11.0352 10468 aswMonFlt - ok
22:07:11.0446 10468 [ 518B8D447A1975AB46DA093A2E743256 ] aswNdis C:\Windows\system32\DRIVERS\aswNdis.sys
22:07:11.0446 10468 aswNdis - ok
22:07:11.0492 10468 [ D3C8C5E995E0F62AEE54101FB86C1C3B ] aswNdis2 C:\Windows\system32\drivers\aswNdis2.sys
22:07:11.0508 10468 aswNdis2 - ok
22:07:11.0555 10468 [ 4088EC72890EC83844E9C562E1CAEE63 ] aswRdr C:\Windows\system32\drivers\aswRdr.sys
22:07:11.0555 10468 aswRdr - ok
22:07:11.0602 10468 [ 0638226AF06876E92B0FBAEEBF87D365 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
22:07:11.0617 10468 aswSnx - ok
22:07:11.0664 10468 [ BDA2F93CB8623D1E42BC781B731F9CC6 ] aswSP C:\Windows\system32\drivers\aswSP.sys
22:07:11.0680 10468 aswSP - ok
22:07:11.0711 10468 [ E2415EEDDB4BF338FB6DB561462425F6 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
22:07:11.0711 10468 aswTdi - ok
22:07:11.0758 10468 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:07:11.0758 10468 AsyncMac - ok
22:07:11.0804 10468 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:07:11.0804 10468 atapi - ok
22:07:11.0882 10468 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys
22:07:11.0929 10468 athr - ok
22:07:11.0976 10468 [ 38467FF83C2B4265D51F418812A91E3C ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
22:07:11.0992 10468 AtiHdmiService - ok
22:07:12.0194 10468 [ D1D06810BF7E21F5763EB06CB7E7262B ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
22:07:12.0397 10468 atikmdag - ok
22:07:12.0428 10468 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
22:07:12.0444 10468 AtiPcie - ok
22:07:12.0491 10468 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:07:12.0522 10468 AudioEndpointBuilder - ok
22:07:12.0553 10468 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:07:12.0553 10468 AudioSrv - ok
22:07:12.0662 10468 [ 57E6D33E74C6D3F198890DB4933644A7 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
22:07:12.0662 10468 avast! Antivirus - ok
22:07:12.0694 10468 [ E35B4E2DBBF315334E3218DCC814A627 ] avast! Firewall C:\Program Files\Alwil Software\Avast5\afwServ.exe
22:07:12.0709 10468 avast! Firewall - ok
22:07:12.0725 10468 [ 57E6D33E74C6D3F198890DB4933644A7 ] avast! Mail Scanner C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
22:07:12.0725 10468 avast! Mail Scanner - ok
22:07:12.0740 10468 [ 57E6D33E74C6D3F198890DB4933644A7 ] avast! Web Scanner C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
22:07:12.0740 10468 avast! Web Scanner - ok
22:07:12.0787 10468 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:07:12.0787 10468 AxInstSV - ok
22:07:12.0834 10468 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:07:12.0865 10468 b06bdrv - ok
22:07:12.0881 10468 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:07:12.0912 10468 b57nd60a - ok
22:07:13.0052 10468 [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
22:07:13.0052 10468 BBSvc - ok
22:07:13.0099 10468 [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
22:07:13.0115 10468 BBUpdate - ok
22:07:13.0177 10468 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
22:07:13.0224 10468 BCM43XX - ok
22:07:13.0271 10468 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:07:13.0271 10468 BDESVC - ok
22:07:13.0302 10468 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:07:13.0318 10468 Beep - ok
22:07:13.0380 10468 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
22:07:13.0427 10468 BFE - ok
22:07:13.0474 10468 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
22:07:13.0505 10468 BITS - ok
22:07:13.0552 10468 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:07:13.0552 10468 blbdrive - ok
22:07:13.0598 10468 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:07:13.0598 10468 bowser - ok
22:07:13.0630 10468 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:07:13.0630 10468 BrFiltLo - ok
22:07:13.0661 10468 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:07:13.0661 10468 BrFiltUp - ok
22:07:13.0708 10468 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:07:13.0708 10468 Browser - ok
22:07:13.0739 10468 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:07:13.0770 10468 Brserid - ok
22:07:13.0786 10468 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:07:13.0801 10468 BrSerWdm - ok
22:07:13.0817 10468 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:07:13.0817 10468 BrUsbMdm - ok
22:07:13.0832 10468 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:07:13.0848 10468 BrUsbSer - ok
22:07:13.0864 10468 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:07:13.0864 10468 BTHMODEM - ok
22:07:13.0910 10468 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:07:13.0926 10468 bthserv - ok
22:07:13.0926 10468 catchme - ok
22:07:14.0020 10468 [ D1787E11C6A0078DDEAF8CF3EE2AB293 ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys
22:07:14.0066 10468 CAXHWAZL - ok
22:07:14.0113 10468 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:07:14.0113 10468 cdfs - ok
22:07:14.0160 10468 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:07:14.0160 10468 cdrom - ok
22:07:14.0207 10468 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:07:14.0207 10468 CertPropSvc - ok
22:07:14.0238 10468 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:07:14.0238 10468 circlass - ok
22:07:14.0285 10468 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:07:14.0316 10468 CLFS - ok
22:07:14.0378 10468 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:07:14.0378 10468 clr_optimization_v2.0.50727_32 - ok
22:07:14.0441 10468 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:07:14.0456 10468 clr_optimization_v2.0.50727_64 - ok
22:07:14.0519 10468 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:07:14.0534 10468 clr_optimization_v4.0.30319_32 - ok
22:07:14.0581 10468 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:07:14.0581 10468 clr_optimization_v4.0.30319_64 - ok
22:07:14.0612 10468 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:07:14.0612 10468 CmBatt - ok
22:07:14.0644 10468 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:07:14.0659 10468 cmdide - ok
22:07:14.0706 10468 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
22:07:14.0737 10468 CNG - ok
22:07:14.0768 10468 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:07:14.0768 10468 Compbatt - ok
22:07:14.0815 10468 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:07:14.0815 10468 CompositeBus - ok
22:07:14.0831 10468 COMSysApp - ok
22:07:14.0878 10468 [ C9C25778EFE890BAA4087E32937016A0 ] cpuz132 C:\Windows\system32\drivers\cpuz132_x64.sys
22:07:14.0878 10468 cpuz132 - ok
22:07:14.0893 10468 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:07:14.0909 10468 crcdisk - ok
22:07:14.0940 10468 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:07:14.0956 10468 CryptSvc - ok
22:07:15.0034 10468 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:07:15.0065 10468 DcomLaunch - ok
22:07:15.0112 10468 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:07:15.0143 10468 defragsvc - ok
22:07:15.0174 10468 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:07:15.0174 10468 DfsC - ok
22:07:15.0221 10468 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:07:15.0236 10468 Dhcp - ok
22:07:15.0268 10468 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:07:15.0283 10468 discache - ok
22:07:15.0314 10468 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:07:15.0314 10468 Disk - ok
22:07:15.0502 10468 DKbFltr - ok
22:07:15.0564 10468 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:07:15.0564 10468 Dnscache - ok
22:07:15.0626 10468 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:07:15.0642 10468 dot3svc - ok
22:07:15.0689 10468 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:07:15.0689 10468 DPS - ok
22:07:15.0704 10468 DritekPortIO - ok
22:07:15.0782 10468 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:07:15.0782 10468 drmkaud - ok
22:07:15.0876 10468 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:07:15.0907 10468 DXGKrnl - ok
22:07:15.0954 10468 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:07:15.0970 10468 EapHost - ok
22:07:16.0079 10468 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:07:16.0172 10468 ebdrv - ok
22:07:16.0219 10468 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:07:16.0235 10468 EFS - ok
22:07:16.0313 10468 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:07:16.0328 10468 ehRecvr - ok
22:07:16.0360 10468 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:07:16.0375 10468 ehSched - ok
22:07:16.0406 10468 [ 702D5606CF2199E0EDEA6F0E0D27CD10 ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
22:07:16.0406 10468 ElbyCDIO - ok
22:07:16.0453 10468 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:07:16.0484 10468 elxstor - ok
22:07:16.0594 10468 [ 7C35C6865957289D9EFE6CC73F4AB2E1 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
22:07:16.0625 10468 ePowerSvc - ok
22:07:16.0672 10468 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:07:16.0687 10468 ErrDev - ok
22:07:16.0750 10468 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:07:16.0781 10468 EventSystem - ok
22:07:16.0812 10468 [ 53913561A7089C9A4649CE4E42F6101B ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
22:07:16.0812 10468 ewusbnet - ok
22:07:16.0859 10468 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:07:16.0874 10468 exfat - ok
22:07:16.0906 10468 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:07:16.0921 10468 fastfat - ok
22:07:16.0984 10468 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:07:17.0015 10468 Fax - ok
22:07:17.0046 10468 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:07:17.0046 10468 fdc - ok
22:07:17.0077 10468 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:07:17.0093 10468 fdPHost - ok
22:07:17.0108 10468 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:07:17.0108 10468 FDResPub - ok
22:07:17.0140 10468 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:07:17.0140 10468 FileInfo - ok
22:07:17.0171 10468 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:07:17.0171 10468 Filetrace - ok
22:07:17.0280 10468 [ 167D24A045499EBEF438F231976158DF ] FirebirdServerMAGIXInstance C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe
22:07:17.0342 10468 FirebirdServerMAGIXInstance - ok
22:07:17.0420 10468 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:07:17.0452 10468 FLEXnet Licensing Service - ok
22:07:17.0530 10468 [ A4297244D4F817278A6AE45B1899CA9C ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
22:07:17.0576 10468 FLEXnet Licensing Service 64 - ok
22:07:17.0623 10468 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:07:17.0639 10468 flpydisk - ok
22:07:17.0670 10468 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:07:17.0686 10468 FltMgr - ok
22:07:17.0764 10468 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
22:07:17.0810 10468 FontCache - ok
22:07:17.0888 10468 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:07:17.0904 10468 FontCache3.0.0.0 - ok
22:07:17.0935 10468 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:07:17.0951 10468 FsDepends - ok
22:07:17.0982 10468 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:07:17.0982 10468 Fs_Rec - ok
22:07:18.0029 10468 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:07:18.0029 10468 fvevol - ok
22:07:18.0060 10468 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:07:18.0060 10468 gagp30kx - ok
22:07:18.0122 10468 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:07:18.0154 10468 gpsvc - ok
22:07:18.0247 10468 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
22:07:18.0278 10468 Greg_Service - ok
22:07:18.0372 10468 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:07:18.0372 10468 gupdate - ok
22:07:18.0388 10468 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:07:18.0403 10468 gupdatem - ok
22:07:18.0450 10468 [ F8F0851D336C3B88DBD7232B6348E09A ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
22:07:18.0450 10468 hamachi - ok
22:07:18.0528 10468 [ D8BF3C594BD17A37960362E6C6739B90 ] Hardlock C:\Windows\system32\drivers\hardlock.sys
22:07:18.0544 10468 Hardlock - ok
22:07:18.0575 10468 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:07:18.0575 10468 hcw85cir - ok
22:07:18.0622 10468 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:07:18.0653 10468 HdAudAddService - ok
22:07:18.0684 10468 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:07:18.0684 10468 HDAudBus - ok
22:07:18.0715 10468 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:07:18.0715 10468 HidBatt - ok
22:07:18.0746 10468 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:07:18.0762 10468 HidBth - ok
22:07:18.0793 10468 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:07:18.0793 10468 HidIr - ok
22:07:18.0809 10468 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
22:07:18.0824 10468 hidserv - ok
22:07:18.0840 10468 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
22:07:18.0856 10468 HidUsb - ok
22:07:18.0887 10468 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:07:18.0902 10468 hkmsvc - ok
22:07:18.0934 10468 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:07:18.0965 10468 HomeGroupListener - ok
22:07:19.0012 10468 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:07:19.0027 10468 HomeGroupProvider - ok
22:07:19.0058 10468 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:07:19.0058 10468 HpSAMD - ok
22:07:19.0105 10468 [ 447256D1C026654C5CD3CC17E7B20631 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll
22:07:19.0136 10468 HsfXAudioService - ok
22:07:19.0214 10468 [ 26C5D00321937E49B6BC91029947D094 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
22:07:19.0261 10468 HSF_DPV - ok
22:07:19.0324 10468 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:07:19.0355 10468 HTTP - ok
22:07:19.0402 10468 [ D96A290F699081AE737390C0FE329D7C ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
22:07:19.0417 10468 hwdatacard - ok
22:07:19.0448 10468 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:07:19.0464 10468 hwpolicy - ok
22:07:19.0542 10468 [ E0C7255498640FC64B19AAE17FD6F965 ] hwusbfake C:\Windows\system32\DRIVERS\ewusbfake.sys
22:07:19.0604 10468 hwusbfake - ok
22:07:19.0651 10468 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:07:19.0698 10468 i8042prt - ok
22:07:19.0745 10468 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:07:19.0776 10468 iaStorV - ok
22:07:19.0870 10468 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:07:19.0870 10468 IDriverT - ok
22:07:19.0948 10468 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:07:19.0979 10468 idsvc - ok
22:07:20.0197 10468 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
22:07:20.0369 10468 igfx - ok
22:07:20.0400 10468 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:07:20.0416 10468 iirsp - ok
22:07:20.0462 10468 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:07:20.0509 10468 IKEEXT - ok
22:07:20.0603 10468 [ 9AA6A93852E36FE76C3F7FC2904F3B01 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:07:20.0665 10468 IntcAzAudAddService - ok
22:07:20.0696 10468 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:07:20.0712 10468 intelide - ok
22:07:20.0743 10468 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:07:20.0759 10468 intelppm - ok
22:07:20.0790 10468 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:07:20.0790 10468 IPBusEnum - ok
22:07:20.0837 10468 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:07:20.0837 10468 IpFilterDriver - ok
22:07:20.0899 10468 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:07:20.0915 10468 iphlpsvc - ok
22:07:20.0962 10468 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:07:20.0962 10468 IPMIDRV - ok
22:07:21.0008 10468 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:07:21.0008 10468 IPNAT - ok
22:07:21.0024 10468 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:07:21.0040 10468 IRENUM - ok
22:07:21.0055 10468 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:07:21.0071 10468 isapnp - ok
22:07:21.0102 10468 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:07:21.0118 10468 iScsiPrt - ok
22:07:21.0164 10468 [ 249EE2D26CB1530F3BEDE0AC8B9E3099 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
22:07:21.0196 10468 k57nd60a - ok
22:07:21.0211 10468 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
22:07:21.0211 10468 kbdclass - ok
22:07:21.0258 10468 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
22:07:21.0258 10468 kbdhid - ok
22:07:21.0289 10468 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:07:21.0305 10468 KeyIso - ok
22:07:21.0320 10468 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:07:21.0336 10468 KSecDD - ok
22:07:21.0383 10468 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:07:21.0383 10468 KSecPkg - ok
22:07:21.0398 10468 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:07:21.0414 10468 ksthunk - ok
22:07:21.0461 10468 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:07:21.0492 10468 KtmRm - ok
22:07:21.0508 10468 [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys
22:07:21.0523 10468 L1E - ok
22:07:21.0554 10468 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
22:07:21.0586 10468 LanmanServer - ok
22:07:21.0617 10468 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:07:21.0632 10468 LanmanWorkstation - ok
22:07:21.0664 10468 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:07:21.0679 10468 lltdio - ok
22:07:21.0710 10468 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:07:21.0742 10468 lltdsvc - ok
22:07:21.0773 10468 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:07:21.0773 10468 lmhosts - ok
22:07:21.0820 10468 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:07:21.0820 10468 LSI_FC - ok
22:07:21.0851 10468 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:07:21.0866 10468 LSI_SAS - ok
22:07:21.0898 10468 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:07:21.0898 10468 LSI_SAS2 - ok
22:07:21.0929 10468 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:07:21.0929 10468 LSI_SCSI - ok
22:07:21.0960 10468 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:07:21.0960 10468 luafv - ok
22:07:22.0007 10468 [ 024DA28053D57E9E32BEE52600576BBB ] MarvinBus C:\Windows\system32\DRIVERS\MarvinBus64.sys
22:07:22.0022 10468 MarvinBus - ok
22:07:22.0069 10468 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
22:07:22.0085 10468 mcdbus - ok
22:07:22.0210 10468 [ 2DBD66025339C2540EFECFFBB5EB2380 ] McNASvc c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
22:07:22.0303 10468 McNASvc - ok
22:07:22.0334 10468 [ 447FA93BB3E0AD783B1AD39B60C843E8 ] McProxy c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
22:07:22.0366 10468 McProxy - ok
22:07:22.0412 10468 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:07:22.0412 10468 Mcx2Svc - ok
22:07:22.0459 10468 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
22:07:22.0459 10468 mdmxsdk - ok
22:07:22.0506 10468 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:07:22.0506 10468 megasas - ok
22:07:22.0553 10468 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:07:22.0568 10468 MegaSR - ok
22:07:22.0662 10468 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:07:22.0662 10468 Microsoft Office Groove Audit Service - ok
22:07:22.0709 10468 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:07:22.0724 10468 MMCSS - ok
22:07:22.0740 10468 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:07:22.0756 10468 Modem - ok
22:07:22.0771 10468 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:07:22.0771 10468 monitor - ok
22:07:22.0818 10468 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
22:07:22.0818 10468 mouclass - ok
22:07:22.0849 10468 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:07:22.0849 10468 mouhid - ok
22:07:22.0880 10468 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:07:22.0896 10468 mountmgr - ok
22:07:22.0927 10468 [ AE2E68527013EB4F761ECCC630F7F1A3 ] MPFP C:\Windows\system32\Drivers\Mpfp.sys
22:07:22.0943 10468 MPFP - ok
22:07:22.0990 10468 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:07:22.0990 10468 mpio - ok
22:07:23.0021 10468 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:07:23.0036 10468 mpsdrv - ok
22:07:23.0099 10468 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:07:23.0130 10468 MpsSvc - ok
22:07:23.0192 10468 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:07:23.0192 10468 MRxDAV - ok
22:07:23.0239 10468 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:07:23.0239 10468 mrxsmb - ok
22:07:23.0286 10468 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:07:23.0302 10468 mrxsmb10 - ok
22:07:23.0348 10468 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:07:23.0364 10468 mrxsmb20 - ok
22:07:23.0380 10468 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:07:23.0380 10468 msahci - ok
22:07:23.0426 10468 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:07:23.0426 10468 msdsm - ok
22:07:23.0458 10468 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:07:23.0473 10468 MSDTC - ok
22:07:23.0520 10468 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:07:23.0520 10468 Msfs - ok
22:07:23.0551 10468 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:07:23.0551 10468 mshidkmdf - ok
22:07:23.0582 10468 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:07:23.0582 10468 msisadrv - ok
22:07:23.0645 10468 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:07:23.0660 10468 MSiSCSI - ok
22:07:23.0676 10468 msiserver - ok
22:07:23.0707 10468 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:07:23.0707 10468 MSKSSRV - ok
22:07:23.0738 10468 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:07:23.0738 10468 MSPCLOCK - ok
22:07:23.0754 10468 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:07:23.0754 10468 MSPQM - ok
22:07:23.0816 10468 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:07:23.0832 10468 MsRPC - ok
22:07:23.0879 10468 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:07:23.0879 10468 mssmbios - ok
22:07:23.0972 10468 MSSQL$ECSQLEXPRESS - ok
22:07:24.0035 10468 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
22:07:24.0035 10468 MSSQLServerADHelper - ok
22:07:24.0066 10468 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:07:24.0082 10468 MSTEE - ok
22:07:24.0097 10468 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:07:24.0113 10468 MTConfig - ok
22:07:24.0144 10468 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:07:24.0144 10468 Mup - ok
22:07:24.0175 10468 [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
22:07:24.0191 10468 mwlPSDFilter - ok
22:07:24.0206 10468 [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
22:07:24.0206 10468 mwlPSDNServ - ok
22:07:24.0238 10468 [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
22:07:24.0238 10468 mwlPSDVDisk - ok
22:07:24.0300 10468 [ 0F5FAAC852DB4C340B7A2F187E3358B8 ] MWLService C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
22:07:24.0316 10468 MWLService - ok
22:07:24.0378 10468 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:07:24.0394 10468 napagent - ok
22:07:24.0440 10468 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:07:24.0472 10468 NativeWifiP - ok
22:07:24.0550 10468 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:07:24.0581 10468 NDIS - ok
22:07:24.0612 10468 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:07:24.0612 10468 NdisCap - ok
22:07:24.0659 10468 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:07:24.0659 10468 NdisTapi - ok
22:07:24.0706 10468 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:07:24.0721 10468 Ndisuio - ok
22:07:24.0768 10468 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:07:24.0768 10468 NdisWan - ok
22:07:24.0799 10468 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:07:24.0799 10468 NDProxy - ok
22:07:24.0908 10468 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
22:07:24.0940 10468 Nero BackItUp Scheduler 4.0 - ok
22:07:24.0971 10468 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:07:24.0986 10468 NetBIOS - ok
22:07:25.0033 10468 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:07:25.0049 10468 NetBT - ok
22:07:25.0064 10468 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:07:25.0080 10468 Netlogon - ok
22:07:25.0127 10468 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:07:25.0142 10468 Netman - ok
22:07:25.0189 10468 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:07:25.0205 10468 netprofm - ok
22:07:25.0252 10468 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:07:25.0252 10468 NetTcpPortSharing - ok
22:07:25.0298 10468 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:07:25.0298 10468 nfrd960 - ok
22:07:25.0361 10468 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:07:25.0376 10468 NlaSvc - ok
22:07:25.0423 10468 [ 903681BAB213D5F84717C0FC42AFB28A ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys
22:07:25.0439 10468 nmwcd - ok
22:07:25.0470 10468 [ 41C1AC1F3613435EB32D67BCB80A5FA5 ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys
22:07:25.0486 10468 nmwcdc - ok
22:07:25.0548 10468 [ 9573223E205907247AE6D948E3453770 ] nmwcdnsux64 C:\Windows\system32\drivers\nmwcdnsux64.sys
22:07:25.0564 10468 nmwcdnsux64 - ok
22:07:25.0579 10468 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:07:25.0595 10468 Npfs - ok
22:07:25.0626 10468 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:07:25.0642 10468 nsi - ok
22:07:25.0673 10468 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:07:25.0673 10468 nsiproxy - ok
22:07:25.0766 10468 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:07:25.0829 10468 Ntfs - ok
22:07:25.0891 10468 [ 70E3EB0CEF795D348F05E5A9B115F491 ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
22:07:25.0891 10468 NTI IScheduleSvc - ok
22:07:25.0954 10468 [ FD324CCE1D4D5BB5AF65F8E55B462C7E ] NTIBackupSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
22:07:25.0969 10468 NTIBackupSvc - ok
22:07:26.0000 10468 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
22:07:26.0000 10468 NTIDrvr - ok
22:07:26.0047 10468 [ 3F6268A2EC33CD38CF75C880AF8DED42 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
22:07:26.0094 10468 NTISchedulerSvc - ok
22:07:26.0141 10468 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:07:26.0141 10468 Null - ok
22:07:26.0188 10468 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:07:26.0203 10468 nvraid - ok
22:07:26.0234 10468 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:07:26.0234 10468 nvstor - ok
22:07:26.0281 10468 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:07:26.0281 10468 nv_agp - ok
22:07:26.0375 10468 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:07:26.0406 10468 odserv - ok
22:07:26.0453 10468 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:07:26.0453 10468 ohci1394 - ok
22:07:26.0500 10468 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:07:26.0515 10468 ose - ok
22:07:26.0578 10468 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:07:26.0593 10468 p2pimsvc - ok
22:07:26.0640 10468 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:07:26.0671 10468 p2psvc - ok
22:07:26.0718 10468 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:07:26.0718 10468 Parport - ok
22:07:26.0749 10468 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:07:26.0765 10468 partmgr - ok
22:07:26.0796 10468 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:07:26.0827 10468 PcaSvc - ok
22:07:26.0858 10468 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:07:26.0858 10468 pci - ok
22:07:26.0905 10468 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:07:26.0921 10468 pciide - ok
22:07:26.0952 10468 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:07:26.0968 10468 pcmcia - ok
22:07:26.0999 10468 [ AF7CE12C4F3DC8CB2B07685C916BBCFE ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
22:07:27.0014 10468 pcouffin - ok
22:07:27.0046 10468 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:07:27.0046 10468 pcw - ok
22:07:27.0108 10468 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:07:27.0124 10468 PEAUTH - ok
22:07:27.0342 10468 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:07:27.0358 10468 PerfHost - ok
22:07:27.0482 10468 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:07:27.0529 10468 pla - ok
22:07:27.0592 10468 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:07:27.0623 10468 PlugPlay - ok
22:07:27.0670 10468 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:07:27.0685 10468 PNRPAutoReg - ok
22:07:27.0716 10468 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:07:27.0732 10468 PNRPsvc - ok
22:07:27.0779 10468 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:07:27.0810 10468 PolicyAgent - ok
22:07:27.0857 10468 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:07:27.0888 10468 Power - ok
22:07:27.0935 10468 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:07:27.0935 10468 PptpMiniport - ok
22:07:27.0982 10468 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:07:27.0982 10468 Processor - ok
22:07:28.0044 10468 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:07:28.0060 10468 ProfSvc - ok
22:07:28.0091 10468 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:07:28.0091 10468 ProtectedStorage - ok
22:07:28.0138 10468 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:07:28.0153 10468 Psched - ok
22:07:28.0216 10468 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:07:28.0262 10468 ql2300 - ok
22:07:28.0294 10468 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:07:28.0309 10468 ql40xx - ok
22:07:28.0356 10468 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:07:28.0372 10468 QWAVE - ok
22:07:28.0403 10468 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:07:28.0418 10468 QWAVEdrv - ok
22:07:28.0434 10468 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:07:28.0450 10468 RasAcd - ok
22:07:28.0481 10468 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:07:28.0481 10468 RasAgileVpn - ok
22:07:28.0496 10468 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:07:28.0512 10468 RasAuto - ok
22:07:28.0543 10468 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:07:28.0559 10468 Rasl2tp - ok
22:07:28.0606 10468 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:07:28.0621 10468 RasMan - ok
22:07:28.0668 10468 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:07:28.0668 10468 RasPppoe - ok
22:07:28.0699 10468 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:07:28.0699 10468 RasSstp - ok
22:07:28.0762 10468 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:07:28.0777 10468 rdbss - ok
22:07:28.0808 10468 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:07:28.0808 10468 rdpbus - ok
22:07:28.0840 10468 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:07:28.0840 10468 RDPCDD - ok
22:07:28.0886 10468 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:07:28.0886 10468 RDPENCDD - ok
22:07:28.0918 10468 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:07:28.0918 10468 RDPREFMP - ok
22:07:28.0964 10468 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:07:28.0980 10468 RDPWD - ok
22:07:29.0027 10468 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:07:29.0027 10468 rdyboost - ok
22:07:29.0089 10468 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:07:29.0105 10468 RemoteAccess - ok
22:07:29.0136 10468 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:07:29.0152 10468 RemoteRegistry - ok
22:07:29.0198 10468 [ 9C3AC71A9934B884FAC567A8807E9C4D ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys
22:07:29.0198 10468 Revoflt - ok
22:07:29.0230 10468 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:07:29.0245 10468 RpcEptMapper - ok
22:07:29.0292 10468 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:07:29.0308 10468 RpcLocator - ok
22:07:29.0354 10468 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
22:07:29.0370 10468 RpcSs - ok
22:07:29.0401 10468 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:07:29.0417 10468 rspndr - ok
22:07:29.0464 10468 [ DB30AA4DAA0D492FA5D7717D8181FFA1 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
22:07:29.0464 10468 RSUSBSTOR - ok
22:07:29.0510 10468 [ 116D03E901246AC7AF006121E1E22842 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
22:07:29.0526 10468 RTHDMIAzAudService - ok
22:07:29.0557 10468 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:07:29.0557 10468 SamSs - ok
22:07:29.0604 10468 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:07:29.0604 10468 sbp2port - ok
22:07:29.0666 10468 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:07:29.0682 10468 SCardSvr - ok
22:07:29.0729 10468 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:07:29.0729 10468 scfilter - ok
22:07:29.0807 10468 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:07:29.0854 10468 Schedule - ok
22:07:29.0885 10468 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:07:29.0900 10468 SCPolicySvc - ok
22:07:29.0932 10468 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:07:29.0947 10468 SDRSVC - ok
22:07:29.0994 10468 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:07:29.0994 10468 secdrv - ok
22:07:30.0041 10468 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:07:30.0056 10468 seclogon - ok
22:07:30.0088 10468 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
22:07:30.0088 10468 SENS - ok
22:07:30.0134 10468 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:07:30.0150 10468 SensrSvc - ok
22:07:30.0181 10468 Sentinel - ok
22:07:30.0212 10468 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:07:30.0212 10468 Serenum - ok
22:07:30.0259 10468 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:07:30.0259 10468 Serial - ok
22:07:30.0306 10468 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:07:30.0306 10468 sermouse - ok
22:07:30.0384 10468 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:07:30.0400 10468 SessionEnv - ok
22:07:30.0446 10468 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:07:30.0446 10468 sffdisk - ok
22:07:30.0478 10468 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:07:30.0478 10468 sffp_mmc - ok
22:07:30.0509 10468 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:07:30.0509 10468 sffp_sd - ok
22:07:30.0540 10468 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:07:30.0540 10468 sfloppy - ok
22:07:30.0602 10468 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:07:30.0634 10468 SharedAccess - ok
22:07:30.0680 10468 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:07:30.0696 10468 ShellHWDetection - ok
22:07:30.0727 10468 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:07:30.0743 10468 SiSRaid2 - ok
22:07:30.0774 10468 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:07:30.0774 10468 SiSRaid4 - ok
22:07:30.0868 10468 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:07:30.0868 10468 SkypeUpdate - ok
22:07:30.0914 10468 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:07:30.0914 10468 Smb - ok
22:07:30.0977 10468 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:07:30.0992 10468 SNMPTRAP - ok
22:07:31.0024 10468 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:07:31.0024 10468 spldr - ok
22:07:31.0070 10468 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:07:31.0102 10468 Spooler - ok
22:07:31.0242 10468 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:07:31.0367 10468 sppsvc - ok
22:07:31.0414 10468 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:07:31.0429 10468 sppuinotify - ok
22:07:31.0492 10468 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
22:07:31.0492 10468 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
22:07:31.0523 10468 sptd ( LockedFile.Multi.Generic ) - warning
22:07:31.0523 10468 sptd - detected LockedFile.Multi.Generic (1)
22:07:31.0632 10468 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
22:07:31.0648 10468 SQLBrowser - ok
22:07:31.0741 10468 [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
22:07:31.0757 10468 SQLWriter - ok
22:07:31.0804 10468 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:07:31.0835 10468 srv - ok
22:07:31.0866 10468 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:07:31.0897 10468 srv2 - ok
22:07:31.0944 10468 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
22:07:31.0975 10468 SrvHsfHDA - ok
22:07:32.0053 10468 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
22:07:32.0100 10468 SrvHsfV92 - ok
22:07:32.0147 10468 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
22:07:32.0178 10468 SrvHsfWinac - ok
22:07:32.0225 10468 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:07:32.0240 10468 srvnet - ok
22:07:32.0287 10468 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:07:32.0303 10468 SSDPSRV - ok
22:07:32.0334 10468 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:07:32.0350 10468 SstpSvc - ok
22:07:32.0396 10468 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:07:32.0412 10468 stexstor - ok
22:07:32.0459 10468 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:07:32.0506 10468 stisvc - ok
22:07:32.0552 10468 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
22:07:32.0552 10468 swenum - ok
22:07:32.0693 10468 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
22:07:32.0708 10468 SwitchBoard - ok

frai · Příspěvekod **frai** » 07 pro 2012 22:15

Killer: část 2

22:07:32.0771 10468 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:07:32.0786 10468 swprv - ok
22:07:32.0833 10468 [ B6428203F700B691B3C25EC953337069 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
22:07:32.0864 10468 SynTP - ok
22:07:32.0942 10468 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:07:33.0020 10468 SysMain - ok
22:07:33.0067 10468 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:07:33.0083 10468 TabletInputService - ok
22:07:33.0145 10468 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:07:33.0161 10468 TapiSrv - ok
22:07:33.0208 10468 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:07:33.0223 10468 TBS - ok
22:07:33.0317 10468 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:07:33.0364 10468 Tcpip - ok
22:07:33.0442 10468 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:07:33.0473 10468 TCPIP6 - ok
22:07:33.0535 10468 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:07:33.0535 10468 tcpipreg - ok
22:07:33.0598 10468 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:07:33.0598 10468 TDPIPE - ok
22:07:33.0644 10468 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:07:33.0644 10468 TDTCP - ok
22:07:33.0691 10468 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:07:33.0691 10468 tdx - ok
22:07:33.0754 10468 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:07:33.0754 10468 TermDD - ok
22:07:33.0800 10468 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:07:33.0832 10468 TermService - ok
22:07:33.0878 10468 [ 9201BE2BAB8A9FF8E20D8439AE3BB04D ] Themes C:\Windows\system32\themeservice.dll
22:07:33.0894 10468 Themes - ok
22:07:33.0941 10468 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:07:33.0956 10468 THREADORDER - ok
22:07:34.0003 10468 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:07:34.0019 10468 TrkWks - ok
22:07:34.0081 10468 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:07:34.0081 10468 TrustedInstaller - ok
22:07:34.0144 10468 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:07:34.0144 10468 tssecsrv - ok
22:07:34.0206 10468 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:07:34.0206 10468 TsUsbFlt - ok
22:07:34.0300 10468 [ B8D28DA3D16DD18F8268DC18CA75C922 ] TuneUp.Defrag C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
22:07:34.0315 10468 TuneUp.Defrag - ok
22:07:34.0393 10468 [ F38438C7775D42CF7C1F647B75F23F08 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
22:07:34.0440 10468 TuneUp.UtilitiesSvc - ok
22:07:34.0471 10468 [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
22:07:34.0471 10468 TuneUpUtilitiesDrv - ok
22:07:34.0518 10468 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:07:34.0518 10468 tunnel - ok
22:07:34.0549 10468 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:07:34.0565 10468 uagp35 - ok
22:07:34.0612 10468 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
22:07:34.0627 10468 UBHelper - ok
22:07:34.0674 10468 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:07:34.0690 10468 udfs - ok
22:07:34.0768 10468 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:07:34.0783 10468 UI0Detect - ok
22:07:34.0830 10468 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:07:34.0830 10468 uliagpkx - ok
22:07:34.0877 10468 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
22:07:34.0877 10468 umbus - ok
22:07:34.0908 10468 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:07:34.0908 10468 UmPass - ok
22:07:34.0986 10468 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
22:07:35.0002 10468 Updater Service - ok
22:07:35.0033 10468 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:07:35.0080 10468 upnphost - ok
22:07:35.0142 10468 [ 4E93C8496359E97830C75AC36393654D ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
22:07:35.0142 10468 upperdev - ok
22:07:35.0204 10468 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:07:35.0204 10468 usbaudio - ok
22:07:35.0251 10468 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:07:35.0267 10468 usbccgp - ok
22:07:35.0314 10468 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:07:35.0314 10468 usbcir - ok
22:07:35.0376 10468 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:07:35.0376 10468 usbehci - ok
22:07:35.0407 10468 [ 6648C6D7323A2CE0C4776C36CEFBCB14 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
22:07:35.0423 10468 usbfilter - ok
22:07:35.0470 10468 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:07:35.0485 10468 usbhub - ok
22:07:35.0516 10468 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
22:07:35.0516 10468 usbohci - ok
22:07:35.0563 10468 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:07:35.0579 10468 usbprint - ok
22:07:35.0626 10468 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:07:35.0626 10468 usbscan - ok
22:07:35.0657 10468 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys
22:07:35.0672 10468 usbser - ok
22:07:35.0704 10468 [ 66C25CB20B2974E0C0CFDAB49FB72A02 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
22:07:35.0719 10468 UsbserFilt - ok
22:07:35.0750 10468 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:07:35.0766 10468 USBSTOR - ok
22:07:35.0782 10468 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:07:35.0797 10468 usbuhci - ok
22:07:35.0860 10468 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
22:07:35.0875 10468 usbvideo - ok
22:07:35.0906 10468 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:07:35.0922 10468 UxSms - ok
22:07:35.0984 10468 [ 27450FD963039450903FA42AFD2F6129 ] UxTuneUp C:\Windows\System32\uxtuneup.dll
22:07:35.0984 10468 UxTuneUp - ok
22:07:36.0031 10468 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:07:36.0031 10468 VaultSvc - ok
22:07:36.0078 10468 [ C5E70C4E64666DB9D69C9F2FDAE22428 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
22:07:36.0078 10468 VClone - ok
22:07:36.0109 10468 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:07:36.0125 10468 vdrvroot - ok
22:07:36.0172 10468 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:07:36.0203 10468 vds - ok
22:07:36.0250 10468 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:07:36.0250 10468 vga - ok
22:07:36.0296 10468 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:07:36.0296 10468 VgaSave - ok
22:07:36.0343 10468 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:07:36.0374 10468 vhdmp - ok
22:07:36.0406 10468 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:07:36.0406 10468 viaide - ok
22:07:36.0484 10468 [ 60C4B117ED03861379B2EE54EBFC8581 ] VMCService C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
22:07:36.0484 10468 VMCService - ok
22:07:36.0515 10468 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:07:36.0530 10468 volmgr - ok
22:07:36.0577 10468 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:07:36.0593 10468 volmgrx - ok
22:07:36.0640 10468 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:07:36.0655 10468 volsnap - ok
22:07:36.0702 10468 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:07:36.0718 10468 vsmraid - ok
22:07:36.0796 10468 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:07:36.0842 10468 VSS - ok
22:07:36.0889 10468 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:07:36.0889 10468 vwifibus - ok
22:07:36.0920 10468 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:07:36.0936 10468 vwififlt - ok
22:07:36.0998 10468 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:07:37.0014 10468 W32Time - ok
22:07:37.0061 10468 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:07:37.0076 10468 WacomPen - ok
22:07:37.0123 10468 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:07:37.0123 10468 WANARP - ok
22:07:37.0154 10468 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:07:37.0154 10468 Wanarpv6 - ok
22:07:37.0248 10468 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:07:37.0295 10468 WatAdminSvc - ok
22:07:37.0388 10468 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:07:37.0451 10468 wbengine - ok
22:07:37.0498 10468 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:07:37.0513 10468 WbioSrvc - ok
22:07:37.0576 10468 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:07:37.0591 10468 wcncsvc - ok
22:07:37.0638 10468 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:07:37.0638 10468 WcsPlugInService - ok
22:07:37.0685 10468 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:07:37.0685 10468 Wd - ok
22:07:37.0747 10468 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:07:37.0778 10468 Wdf01000 - ok
22:07:37.0825 10468 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:07:37.0825 10468 WdiServiceHost - ok
22:07:37.0856 10468 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:07:37.0872 10468 WdiSystemHost - ok
22:07:37.0919 10468 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:07:37.0950 10468 WebClient - ok
22:07:37.0981 10468 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:07:37.0997 10468 Wecsvc - ok
22:07:38.0044 10468 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:07:38.0059 10468 wercplsupport - ok
22:07:38.0090 10468 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:07:38.0106 10468 WerSvc - ok
22:07:38.0137 10468 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:07:38.0153 10468 WfpLwf - ok
22:07:38.0184 10468 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:07:38.0200 10468 WIMMount - ok
22:07:38.0262 10468 [ A6EA7A3FC4B00F48535B506DB1E86EFD ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
22:07:38.0293 10468 winachsf - ok
22:07:38.0340 10468 WinDefend - ok
22:07:38.0371 10468 WinHttpAutoProxySvc - ok
22:07:38.0480 10468 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:07:38.0496 10468 Winmgmt - ok
22:07:38.0605 10468 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:07:38.0668 10468 WinRM - ok
22:07:38.0746 10468 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:07:38.0761 10468 WinUsb - ok
22:07:38.0824 10468 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:07:38.0870 10468 Wlansvc - ok
22:07:39.0026 10468 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:07:39.0089 10468 wlidsvc - ok
22:07:39.0151 10468 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:07:39.0151 10468 WmiAcpi - ok
22:07:39.0214 10468 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:07:39.0229 10468 wmiApSrv - ok
22:07:39.0276 10468 WMPNetworkSvc - ok
22:07:39.0323 10468 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:07:39.0338 10468 WPCSvc - ok
22:07:39.0370 10468 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:07:39.0385 10468 WPDBusEnum - ok
22:07:39.0448 10468 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:07:39.0448 10468 ws2ifsl - ok
22:07:39.0479 10468 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
22:07:39.0494 10468 wscsvc - ok
22:07:39.0526 10468 WSearch - ok
22:07:39.0650 10468 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:07:39.0728 10468 wuauserv - ok
22:07:39.0775 10468 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:07:39.0775 10468 WudfPf - ok
22:07:39.0822 10468 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:07:39.0853 10468 WUDFRd - ok
22:07:39.0916 10468 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:07:39.0931 10468 wudfsvc - ok
22:07:39.0978 10468 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:07:39.0994 10468 WwanSvc - ok
22:07:40.0025 10468 [ E8F3FA126A06F8E7088F63757112A186 ] XAudio C:\Windows\system32\DRIVERS\XAudio64.sys
22:07:40.0040 10468 XAudio - ok
22:07:40.0196 10468 ================ Scan global ===============================
22:07:40.0259 10468 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:07:40.0290 10468 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
22:07:40.0321 10468 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
22:07:40.0368 10468 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:07:40.0399 10468 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:07:40.0415 10468 [Global] - ok
22:07:40.0415 10468 ================ Scan MBR ==================================
22:07:40.0446 10468 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
22:07:41.0164 10468 \Device\Harddisk0\DR0 - ok
22:07:41.0164 10468 ================ Scan VBR ==================================
22:07:41.0164 10468 [ F6DB4357816CB62E20C12650128FA49F ] \Device\Harddisk0\DR0\Partition1
22:07:41.0179 10468 \Device\Harddisk0\DR0\Partition1 - ok
22:07:41.0195 10468 [ 56874C2103766A2591DC32DE20C17B6D ] \Device\Harddisk0\DR0\Partition2
22:07:41.0195 10468 \Device\Harddisk0\DR0\Partition2 - ok
22:07:41.0195 10468 ============================================================
22:07:41.0195 10468 Scan finished
22:07:41.0195 10468 ============================================================
22:07:41.0226 11052 Detected object count: 1
22:07:41.0226 11052 Actual detected object count: 1
22:09:25.0347 11052 sptd ( LockedFile.Multi.Generic ) - skipped by user
22:09:25.0347 11052 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

Příspěvekod **jaro3** » 07 pro 2012 22:41

Ještě Combofix.

frai · Příspěvekod **frai** » 07 pro 2012 23:56

tak tady to je, docela to trvalo :)

ComboFix 12-12-04.01 - Pavel 07.12.2012 22:27:25.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4094.2480 [GMT 1:00]
Spuštěný z: c:\users\Pavel.Pavel-PC\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
FW: avast! Internet Security *Enabled* {FB460EB6-4C6D-E564-6BF5-EEEF2B44B473}
SP: avast! Internet Security *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\users\Pavel.Pavel-PC\AppData\Roaming\langInstall.exe.t
c:\users\Pavel.Pavel-PC\AppData\Roaming\vso_ts_preview.xml
c:\users\Pavel.Pavel-PC\Documents\Downloads\googleearthprowin.exe
c:\windows\IsUn0405.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\system
c:\windows\SysWow64\UNWISE.EXE
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Copyright (C) 1997-2008 Mark Russinovich
-------\Service_Handle v3.42
-------\Service_No matching handles found.
-------\Service_Sysinternals - www.sysinternals.com
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-07 do 2012-12-07 )))))))))))))))))))))))))))))))
.
.
2012-12-07 22:31 . 2012-12-07 22:31 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-12-07 22:31 . 2012-12-07 22:31 -------- d-----w- c:\users\PAVEL~1~PAV\AppData\Local\temp
2012-12-07 22:31 . 2012-12-07 22:31 -------- d-----w- c:\users\Pavel\AppData\Local\temp
2012-12-07 22:31 . 2012-12-07 22:31 -------- d-----w- c:\users\jiný uživatel\AppData\Local\temp
2012-12-07 22:31 . 2012-12-07 22:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-07 22:31 . 2012-12-07 22:31 -------- d-----w- c:\users\AppData\AppData\Local\temp
2012-12-05 16:46 . 2012-12-05 16:46 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D7614B0-289D-4CFD-BB63-27360AAD74C5}\offreg.dll
2012-12-04 19:51 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D7614B0-289D-4CFD-BB63-27360AAD74C5}\mpengine.dll
2012-11-23 18:54 . 2012-11-23 18:57 -------- d-----w- C:\Fraps
2012-11-19 14:07 . 2012-07-26 07:40 2560 ----a-w- c:\windows\system32\drivers\cs-CZ\wdf01000.sys.mui
2012-11-19 14:07 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-19 14:07 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-19 14:07 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-19 13:52 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-19 13:52 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-19 13:52 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-19 13:52 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-19 13:52 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-19 13:52 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-19 13:52 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 15:20 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-15 15:20 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-15 15:20 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-11-15 15:20 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-11-15 15:20 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-11-15 15:19 . 2012-10-03 17:56 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-15 15:19 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-15 15:19 . 2012-10-03 17:44 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-15 15:19 . 2012-10-03 17:44 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-15 15:19 . 2012-10-03 17:44 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-11-15 15:19 . 2012-10-03 17:42 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-15 15:19 . 2012-10-03 16:42 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-11-15 15:19 . 2012-10-03 16:42 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-11-15 15:19 . 2012-10-03 16:07 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-15 15:19 . 2012-01-13 07:12 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2012-11-15 15:19 . 2012-10-03 17:44 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-15 15:19 . 2012-10-03 16:42 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-11-15 15:18 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-15 15:18 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-28 15:14 . 2010-11-05 21:02 5564 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-11-19 13:53 . 2009-12-05 10:36 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-16 08:38 . 2012-11-28 15:30 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 15:30 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 15:30 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-09-29 17:54 . 2010-01-31 19:38 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-14 19:19 . 2012-10-12 14:55 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-12 14:55 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2009-09-04 16:01 . 2009-09-04 16:01 525656 ----a-w- c:\program files (x86)\DXSETUP.exe
2009-09-04 16:01 . 2009-09-04 16:01 94024 ----a-w- c:\program files (x86)\DSETUP.dll
2009-09-04 16:01 . 2009-09-04 16:01 1691464 ----a-w- c:\program files (x86)\dsetup32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-04-14 16:33 140288 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"TrayServer"=c:\program files (x86)\MAGIX\Movie_Edit_Pro_15_Plus_Download_version\TrayServer.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
"SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-07-23 132608]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-05-28 1436424]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-07-23 113792]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1255736]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2010-03-19 12368]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-12 834544]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S2 aksdf;aksdf;c:\windows\system32\DRIVERS\aksdf.sys [2006-12-13 65024]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-03 202752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-04-14 63568]
S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2010-04-14 119200]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 MSSQL$ECSQLEXPRESS;SQL Server (ECSQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-07 311592]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-21 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-02-25 1398088]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-18 9216]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-02-13 292864]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-20 317480]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-09-04 82816]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-02-25 11856]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-11 17:01]
.
2012-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-11 17:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-04-14 16:41 162304 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 828960]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-05 8060960]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-04 1661736]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\SYSTEM32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Převést cíl vazby do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz
TCP: DhcpNameServer = 94.74.192.252 94.74.192.244
FF - ProfilePath - c:\users\Pavel.Pavel-PC\AppData\Roaming\Mozilla\Firefox\Profiles\dqx384lh.default\
FF - prefs.js: browser.search.selectedEngine - Inbox HledĂˇnĂ
FF - prefs.js: browser.startup.homepage - hxxp://www.inbox.com/homepage.aspx?tbid=80093&lng=cs
FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatc ... ge=cs&qkw=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: GamePlayLabs Plugin: plugin2@gameplaylabs.com - %profile%\extensions\plugin2@gameplaylabs.com
FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
------- Asociace souborů -------
.
.scr=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - (no file)
AddRemove-Hardlock Device Drivers - c:\windows\system32\UNWISE.EXE
AddRemove-Rainbow Sentinel Driver - c:\windows\SYSTEM32\RNBOSENT\SETUPX86.EXE
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4109576704-114344065-74489034-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{507EF32B-4260-FDAA-2CBF-5AB5E4EA7C4F}*]
"pafefbilhdbkkkhibkhbgmgpomppadml"=hex:6a,61,64,65,6d,66,70,6f,61,64,6e,6b,6f,
62,64,69,63,61,66,68,00,01
.
[HKEY_USERS\S-1-5-21-4109576704-114344065-74489034-1004\Software\SecuROM\License information*]
"datasecu"=hex:9a,ad,0e,a3,d6,7a,f7,1f,3d,6a,d8,db,ed,cb,99,b9,6d,6d,e5,e5,92,
3f,d1,9a,11,e3,6c,65,e0,76,3b,0b,da,b9,bd,b6,1b,04,2e,df,03,c5,3d,db,0d,9d,\
"rkeysecu"=hex:cd,f1,89,66,cf,c8,b0,29,1e,54,e5,47,cc,6f,61,a6
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7AB26635-9F4B-A953-0EE2-4D35E57F6A9B}\InProcServer32*]
"jacbjpdikmflpcagbhej"=hex:6a,61,61,63,66,6d,6a,69,6d,70,62,70,68,67,6b,62,62,
6e,66,65,00,f9
"iacbpancnbehaobffa"=hex:6a,61,61,63,66,6d,6a,69,6d,70,62,70,68,67,6b,62,62,6e,
66,65,00,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\IObit\Game Booster\GameBox.exe
c:\program files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
.
**************************************************************************
.
Celkový čas: 2012-12-07 23:51:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-07 22:51
ComboFix2.txt 2011-03-24 16:27
ComboFix3.txt 2011-03-22 19:59
.
Před spuštěním: Volných bajtů: 54 391 164 928
Po spuštění: Volných bajtů: 54 048 759 808
.
- - End Of File - - FAC9BFF9D4EA2B9D059CDED685077A8E

Příspěvekod **jaro3** » 08 pro 2012 11:24

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Google\Update

Driver::
SkypeUpdate

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

RegLock::
[HKEY_USERS\S-1-5-21-4109576704-114344065-74489034-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{507EF32B-4260-FDAA-2CBF-5AB5E4EA7C4F}*]
"pafefbilhdbkkkhibkhbgmgpomppadml"=hex:6a,61,64,65,6d,66,70,6f,61,64,6e,6b,6f,
 62,64,69,63,61,66,68,00,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7AB26635-9F4B-A953-0EE2-4D35E57F6A9B}\InProcServer32*]
"jacbjpdikmflpcagbhej"=hex:6a,61,61,63,66,6d,6a,69,6d,70,62,70,68,67,6b,62,62,
 6e,66,65,00,f9
"iacbpancnbehaobffa"=hex:6a,61,61,63,66,6d,6a,69,6d,70,62,70,68,67,6b,62,62,6e,
 66,65,00,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

frai · Příspěvekod **frai** » 08 pro 2012 14:32

ok, provedeno
ComboFix 12-12-04.01 - Pavel 08.12.2012 13:45:51.6.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4094.2795 [GMT 1:00]
Spuštěný z: c:\users\Pavel.Pavel-PC\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Pavel.Pavel-PC\Desktop\CFScript.txt
AV: avast! Internet Security *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
FW: avast! Internet Security *Disabled* {FB460EB6-4C6D-E564-6BF5-EEEF2B44B473}
SP: avast! Internet Security *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Copyright (C) 1997-2008 Mark Russinovich
-------\Service_Handle v3.42
-------\Service_No matching handles found.
-------\Service_SkypeUpdate
-------\Service_Sysinternals - http://www.sysinternals.com
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-08 do 2012-12-08 )))))))))))))))))))))))))))))))
.
.
2012-12-08 13:09 . 2012-12-08 13:09 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-12-08 13:09 . 2012-12-08 13:09 -------- d-----w- c:\users\PAVEL~1~PAV\AppData\Local\temp
2012-12-08 13:09 . 2012-12-08 13:09 -------- d-----w- c:\users\Pavel\AppData\Local\temp
2012-12-08 13:09 . 2012-12-08 13:09 -------- d-----w- c:\users\jiný uživatel\AppData\Local\temp
2012-12-08 13:09 . 2012-12-08 13:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-08 13:09 . 2012-12-08 13:09 -------- d-----w- c:\users\AppData\AppData\Local\temp
2012-12-05 16:46 . 2012-12-05 16:46 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D7614B0-289D-4CFD-BB63-27360AAD74C5}\offreg.dll
2012-12-04 19:51 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D7614B0-289D-4CFD-BB63-27360AAD74C5}\mpengine.dll
2012-11-23 18:54 . 2012-11-23 18:57 -------- d-----w- C:\Fraps
2012-11-19 14:07 . 2012-07-26 07:40 2560 ----a-w- c:\windows\system32\drivers\cs-CZ\wdf01000.sys.mui
2012-11-19 14:07 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-19 14:07 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-19 14:07 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-19 13:52 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-19 13:52 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-19 13:52 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-19 13:52 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-19 13:52 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-19 13:52 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-19 13:52 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 15:20 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-15 15:20 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-15 15:20 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-11-15 15:20 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-11-15 15:20 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-11-15 15:19 . 2012-10-03 17:56 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-15 15:19 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-15 15:19 . 2012-10-03 17:44 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-15 15:19 . 2012-10-03 17:44 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-15 15:19 . 2012-10-03 17:44 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-11-15 15:19 . 2012-10-03 17:42 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-15 15:19 . 2012-10-03 16:42 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-11-15 15:19 . 2012-10-03 16:42 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-11-15 15:19 . 2012-10-03 16:07 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-15 15:19 . 2012-01-13 07:12 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2012-11-15 15:19 . 2012-10-03 17:44 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-15 15:19 . 2012-10-03 16:42 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-11-15 15:18 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-15 15:18 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-28 15:14 . 2010-11-05 21:02 5564 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-11-19 13:53 . 2009-12-05 10:36 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-16 08:38 . 2012-11-28 15:30 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 15:30 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 15:30 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-09-29 17:54 . 2010-01-31 19:38 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-14 19:19 . 2012-10-12 14:55 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-12 14:55 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2009-09-04 16:01 . 2009-09-04 16:01 525656 ----a-w- c:\program files (x86)\DXSETUP.exe
2009-09-04 16:01 . 2009-09-04 16:01 94024 ----a-w- c:\program files (x86)\DSETUP.dll
2009-09-04 16:01 . 2009-09-04 16:01 1691464 ----a-w- c:\program files (x86)\dsetup32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-04-14 16:33 140288 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"TrayServer"=c:\program files (x86)\MAGIX\Movie_Edit_Pro_15_Plus_Download_version\TrayServer.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
"SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-07-23 132608]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-05-28 1436424]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-07-23 113792]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-08-17 171008]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1255736]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2010-03-19 12368]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-12 834544]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S2 aksdf;aksdf;c:\windows\system32\DRIVERS\aksdf.sys [2006-12-13 65024]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-03 202752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-04-14 63568]
S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2010-04-14 119200]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 MSSQL$ECSQLEXPRESS;SQL Server (ECSQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-07 311592]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-21 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-02-25 1398088]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-18 9216]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-02-13 292864]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-20 317480]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-09-04 82816]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-02-25 11856]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-04-14 16:41 162304 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 828960]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-05 8060960]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-04 1661736]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\SYSTEM32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Převést cíl vazby do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz
TCP: DhcpNameServer = 94.74.192.252 94.74.192.244
FF - ProfilePath - c:\users\Pavel.Pavel-PC\AppData\Roaming\Mozilla\Firefox\Profiles\dqx384lh.default\
FF - prefs.js: browser.search.selectedEngine - Inbox HledĂˇnĂ
FF - prefs.js: browser.startup.homepage - hxxp://www.inbox.com/homepage.aspx?tbid=80093&lng=cs
FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatc ... ge=cs&qkw=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: GamePlayLabs Plugin: plugin2@gameplaylabs.com - %profile%\extensions\plugin2@gameplaylabs.com
FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - (no file)
AddRemove-Hardlock Device Drivers - c:\windows\system32\UNWISE.EXE
AddRemove-Rainbow Sentinel Driver - c:\windows\SYSTEM32\RNBOSENT\SETUPX86.EXE
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4109576704-114344065-74489034-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{507EF32B-4260-FDAA-2CBF-5AB5E4EA7C4F}*]
"pafefbilhdbkkkhibkhbgmgpomppadml"=hex:6a,61,64,65,6d,66,70,6f,61,64,6e,6b,6f,
62,64,69,63,61,66,68,00,01
.
[HKEY_USERS\S-1-5-21-4109576704-114344065-74489034-1004\Software\SecuROM\License information*]
"datasecu"=hex:9a,ad,0e,a3,d6,7a,f7,1f,3d,6a,d8,db,ed,cb,99,b9,6d,6d,e5,e5,92,
3f,d1,9a,11,e3,6c,65,e0,76,3b,0b,da,b9,bd,b6,1b,04,2e,df,03,c5,3d,db,0d,9d,\
"rkeysecu"=hex:cd,f1,89,66,cf,c8,b0,29,1e,54,e5,47,cc,6f,61,a6
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7AB26635-9F4B-A953-0EE2-4D35E57F6A9B}\InProcServer32*]
"jacbjpdikmflpcagbhej"=hex:6a,61,61,63,66,6d,6a,69,6d,70,62,70,68,67,6b,62,62,
6e,66,65,00,f9
"iacbpancnbehaobffa"=hex:6a,61,61,63,66,6d,6a,69,6d,70,62,70,68,67,6b,62,62,6e,
66,65,00,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\IObit\Game Booster\GameBox.exe
c:\program files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
.
**************************************************************************
.
Celkový čas: 2012-12-08 14:28:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-08 13:28
ComboFix2.txt 2012-12-07 22:51
ComboFix3.txt 2011-03-24 16:27
ComboFix4.txt 2011-03-22 19:59
.
Před spuštěním: Volných bajtů: 54 140 252 160
Po spuštění: Volných bajtů: 53 815 701 504
.
- - End Of File - - 832A95E2A416AC7F88F53416505A8CD2

frai · Příspěvekod **frai** » 08 pro 2012 14:35

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 14:33:54, on 8.12.2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Firewall - ALWIL Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10661 bytes

frai · Příspěvekod **frai** » 08 pro 2012 15:21

A tady je log z aswMBR:

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-08 14:38:09
-----------------------------
14:38:09.077 OS Version: Windows x64 6.1.7601 Service Pack 1
14:38:09.077 Number of processors: 2 586 0x301
14:38:09.077 ComputerName: 0038A UserName: Pavel
14:38:14.662 Initialize success
14:38:14.849 AVAST engine defs: 10041401
14:38:21.074 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000073
14:38:21.089 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 11
14:38:21.105 Disk 0 MBR read successfully
14:38:21.121 Disk 0 MBR scan
14:38:21.121 Disk 0 Windows VISTA default MBR code
14:38:21.136 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12000 MB offset 2048
14:38:21.167 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 24578048
14:38:21.199 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 464838 MB offset 24782848
14:38:21.277 Disk 0 scanning C:\Windows\system32\drivers
14:38:35.488 Service scanning
14:38:57.141 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
14:39:04.301 Modules scanning
14:39:04.317 Disk 0 trace - called modules:
14:39:04.348 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8003b292c0]<<spdr.sys amdxata.sys ACPI.sys storport.sys hal.dll amdsata.sys
14:39:04.364 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b74060]
14:39:04.379 3 CLASSPNP.SYS[fffff88001baa43f] -> nt!IofCallDriver -> [0xfffffa8004afb040]
14:39:04.395 \Driver\amdxata[0xfffffa80048f3930] -> IRP_MJ_CREATE -> 0xfffffa8003b292c0
14:39:04.411 5 amdxata.sys[fffff88000ff57a8] -> nt!IofCallDriver -> [0xfffffa8004af9ce0]
14:39:04.411 7 ACPI.sys[fffff880010437a1] -> nt!IofCallDriver -> \Device\00000073[0xfffffa8004af7060]
14:39:04.426 \Driver\amdsata[0xfffffa80048f3060] -> IRP_MJ_CREATE -> 0xfffffa8003b272c0
14:39:09.605 AVAST engine scan C:\Windows
14:39:21.586 AVAST engine scan C:\Windows\system32
14:43:16.148 AVAST engine scan C:\Windows\system32\drivers
14:43:34.416 AVAST engine scan C:\Users\Pavel.Pavel-PC
15:10:43.011 AVAST engine scan C:\ProgramData
15:14:04.033 Scan finished successfully
15:19:45.377 Disk 0 MBR has been saved successfully to "C:\Users\Pavel.Pavel-PC\Desktop\MBR.dat"
15:19:45.377 The log file has been saved successfully to "C:\Users\Pavel.Pavel-PC\Desktop\aswMBR.txt"

Prosím o kontrolu logu, něco není v pořádku Vyřešeno

Prosím o kontrolu logu, něco není v pořádku

Re: Prosím o kontrolu logu, něco není v pořádku

Re: Prosím o kontrolu logu, něco není v pořádku

Re: Prosím o kontrolu logu, něco není v pořádku

Re: Prosím o kontrolu logu, něco není v pořádku

Re: Prosím o kontrolu logu, něco není v pořádku

Re: Prosím o kontrolu logu, něco není v pořádku

Re: Prosím o kontrolu logu, něco není v pořádku

Re: Prosím o kontrolu logu, něco není v pořádku

Re: Prosím o kontrolu logu, něco není v pořádku

Re: Prosím o kontrolu logu, něco není v pořádku

Re: Prosím o kontrolu logu, něco není v pořádku

Kdo je online