Nevím, jak se to stalo, ale celkem znenadání se mi zpomalyl výkon počítače na nulu. Když ale pustím procesy, tak ani jedno jádro neběží víc než na 10%. Prosím o kontrolu logu.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:10:53, on 23.4.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE
C:\Users\Jirka.Jirka-PC\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Jirka.Jirka-PC\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Contour Shuttle\ShuttleHelper.exe
C:\Users\Jirka.Jirka-PC\AppData\Local\Akamai\netsession_win.exe
C:\Users\Jirka.Jirka-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka.Jirka-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka.Jirka-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka.Jirka-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Jirka.Jirka-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka.Jirka-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka.Jirka-PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jirka.Jirka-PC\Downloads\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://companyweb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost127.0.0.1 artisteer.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Contour Shuttle Device Helper] C:\Program Files (x86)\Contour Shuttle\ShuttleHelper.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Jirka.Jirka-PC\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jirka.Jirka-PC\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Canon LBP2900 Status Window.lnk = C:\Windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fibox.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fibox.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fibox.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = fibox.local
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - H:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit (mi-raysat_3dsmax2010_64) - Unknown owner - D:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Contour Shuttle Device Engine (ShuttleEngine) - Contour Design, Inc. - C:\Program Files (x86)\Contour Shuttle\ShuttleEngine.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SQL Server VSS Writer (SQLWriter) - Unknown owner - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\wdm\STacSV64.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12413 bytes
Prosím o pomoc
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o pomoc
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fibox.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fibox.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fibox.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = fibox.local
Pokud to neznáš ,. taky fix.
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Pokud budou problémy , spusť v nouz. režimu.
Návod
Kód: Vybrat vše
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://companyweb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost127.0.0.1 artisteer.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jirka.Jirka-PC\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fibox.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fibox.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fibox.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = fibox.local
Pokud to neznáš ,. taky fix.
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Pokud budou problémy , spusť v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
screenname
- nováček
- Příspěvky: 22
- Registrován: duben 12
- Pohlaví:
- Stav:
Offline
Re: Prosím o pomoc
Díky. V Jackovi jsem smazal všechny věci, kromě prvních dvou, protože to je místní nástěnka ve firemní síti.
A tady je log z Malwarebytes:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Verze databáze: v2012.04.23.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Jirka :: JIRKA-PC [administrátor]
23.4.2012 20:52:08
mbam-log-2012-04-23 (21-03-43).txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 327950
Uplynulý čas: 11 minut, 13 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 2
c:\windows\system32\drivers\etc\keygen.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\Users\Jirka.Jirka-PC\Downloads\GotClip_Setup.exe (PUP.Adware.Gotclip.ScamLotto) -> Žádná instrukce nebyla provedena.
A tady je log z Malwarebytes:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Verze databáze: v2012.04.23.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Jirka :: JIRKA-PC [administrátor]
23.4.2012 20:52:08
mbam-log-2012-04-23 (21-03-43).txt
Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 327950
Uplynulý čas: 11 minut, 13 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 2
c:\windows\system32\drivers\etc\keygen.exe (Malware.Packer.Gen) -> Žádná instrukce nebyla provedena.
C:\Users\Jirka.Jirka-PC\Downloads\GotClip_Setup.exe (PUP.Adware.Gotclip.ScamLotto) -> Žádná instrukce nebyla provedena.
-
screenname
- nováček
- Příspěvky: 22
- Registrován: duben 12
- Pohlaví:
- Stav:
Offline
Re: Prosím o pomoc
Ještě bych se chtěl prosím zeptat jestli jde nějak vrátit (povolit) zpátky smazání O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" v hijackthis? nejde spustit aplikace Adobe Premiere. Nebo je nutný reinstall?
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: Prosím o pomoc
Toto spolu nijak nesouvisí. Zkus jen restartovat pc
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
-
screenname
- nováček
- Příspěvky: 22
- Registrován: duben 12
- Pohlaví:
- Stav:
Offline
Re: Prosím o pomoc
Děkuji moc! Vypadá to, že je to rychlejší, ale pořád se to trochu zasekává.. A procesor i paměť se pořád tváří jako nevytížené při těch zásecích
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: Prosím o pomoc
Znovu spusť MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
-
screenname
- nováček
- Příspěvky: 22
- Registrován: duben 12
- Pohlaví:
- Stav:
Offline
Re: Prosím o pomoc
V MbAMu jsem to bohužel už smazal ale log jsem zapoměl zkopírovat, snad to moc nevadí.. Tady je log z ComboFixu:
ComboFix 12-04-23.02 - Jirka 23.04.2012 22:29:10.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4085.2545 [GMT 2:00]
Spuštěný z: c:\users\Jirka.Jirka-PC\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jirka.Jirka-PC\Documents\~WRL0003.tmp
c:\users\Jirka\AppData\Local\assembly\tmp
c:\users\Jirka\AppData\Local\lame_enc.dll
c:\users\Jirka\AppData\Local\no23xwrapper.dll
c:\users\Jirka\AppData\Local\ogg.dll
c:\users\Jirka\AppData\Local\vorbis.dll
c:\users\Jirka\AppData\Local\vorbisenc.dll
c:\users\Jirka\AppData\Local\vorbisfile.dll
G:\install.exe
H:\install.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-23 do 2012-04-23 )))))))))))))))))))))))))))))))
.
.
2012-04-23 20:43 . 2012-04-23 20:43 -------- d-----w- c:\users\Jirka\AppData\Local\temp
2012-04-23 20:43 . 2012-04-23 20:43 -------- d-----w- c:\users\Jirka.000\AppData\Local\temp
2012-04-23 20:43 . 2012-04-23 20:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-23 20:42 . 2012-04-23 20:42 -------- d-----w- c:\users\Hana\AppData\Local\temp
2012-04-23 20:42 . 2012-04-23 20:42 -------- d-----w- c:\users\Franta\AppData\Local\temp
2012-04-23 20:42 . 2012-04-23 20:42 -------- d-----w- c:\users\Bara\AppData\Local\temp
2012-04-23 20:42 . 2012-04-23 20:42 -------- d-----w- c:\users\Bara.FIBOX\AppData\Local\temp
2012-04-23 14:57 . 2012-04-23 14:57 -------- d-----w- c:\program files (x86)\ESET
2012-04-23 14:56 . 2012-04-23 14:56 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-23 14:45 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B50419F0-D9B2-4B58-9E47-87B18F2D6062}\mpengine.dll
2012-04-22 14:37 . 2012-04-22 14:41 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-04-22 14:37 . 2012-04-22 14:37 -------- d-----w- c:\windows\SysWow64\xlive
2012-04-22 11:20 . 2012-04-22 11:20 -------- d-----w- c:\users\Jirka.Jirka-PC\AppData\Roaming\HDRsoft
2012-04-16 11:29 . 2012-04-16 11:29 -------- d-----w- c:\programdata\BioWare
2012-04-16 11:08 . 2012-04-16 11:08 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2012-04-16 11:08 . 2012-04-16 11:08 -------- d-----w- c:\programdata\Media Center Programs
2012-04-16 10:55 . 2012-04-16 11:08 -------- d-----w- c:\program files (x86)\Common Files\BioWare
2012-04-10 19:39 . 2012-04-10 19:39 -------- d-----w- c:\users\Jirka.Jirka-PC\AppData\Local\Windows Live
2012-04-10 19:39 . 2012-04-10 19:39 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2012-04-10 18:26 . 2012-04-10 20:14 -------- d-----w- c:\users\Jirka.Jirka-PC\AppData\Local\WMTools Downloaded Files
2012-04-10 06:19 . 2012-04-23 14:58 -------- d-----w- c:\programdata\RegCure
2012-04-07 14:33 . 2012-04-07 14:33 -------- d-----w- c:\programdata\EA Core
2012-04-07 14:33 . 2012-04-07 14:33 -------- d-----w- c:\programdata\Electronic Arts
2012-04-07 14:33 . 2012-04-07 14:33 -------- d-----w- c:\programdata\EA Logs
2012-04-06 09:08 . 2006-11-01 10:05 154424 ----a-w- C:\ChVID.exe
2012-04-04 21:57 . 2012-04-04 21:59 -------- d-----w- c:\users\Jirka.Jirka-PC\AppData\Roaming\GetRightToGo
2012-03-26 13:17 . 2012-03-26 13:16 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-03-26 13:17 . 2012-03-26 13:16 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-26 13:16 . 2012-03-26 13:16 -------- d-----w- c:\program files\Java
2012-03-26 13:13 . 2012-03-26 13:13 -------- d-----w- c:\users\Jirka.Jirka-PC\AppData\Roaming\.minecraft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-23 14:50 . 2011-01-16 11:34 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-13 08:46 . 2011-06-30 07:12 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-04 13:56 . 2011-06-05 11:32 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-14 06:12 . 2010-09-08 16:07 2379552 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-03-12 21:25 . 2011-08-14 10:06 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 04:46 . 2012-03-15 13:34 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 13:42 . 2012-02-10 13:42 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{82BA21DF-58C5-4F17-A46D-52CEA483E1D0}\gapaengine.dll
2012-01-31 12:44 . 2010-09-06 14:53 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-25 06:27 . 2012-03-15 13:35 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:27 . 2012-03-15 13:35 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Jirka.Jirka-PC\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"Contour Shuttle Device Helper"="c:\program files (x86)\Contour Shuttle\ShuttleHelper.exe" [2009-07-23 118784]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="d:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LBP2900 Status Window.lnk - c:\windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE [2010-9-23 60384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-28 136176]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;h:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-09-29 1038088]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-28 136176]
R3 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;d:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]
R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-09-15 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-09-15 119632]
S2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-09-15 20552]
S3 e1yexpress;Ovladač gigabitových síťových připojení Intel(R);c:\windows\system32\DRIVERS\e1y60x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 wbondir;Winbond CIR Transceiver;c:\windows\system32\DRIVERS\wbondir.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-28 12:11]
.
2012-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-28 12:11]
.
2010-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3351475916-1720942700-161379336-1148Core.job
- c:\users\Jirka\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-06 14:41]
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3545919743-1017386175-2234930996-1157Core1cd09cce3064402.job
- c:\users\Jirka.Jirka-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-29 12:11]
.
2012-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448369136-326095957-3992491985-1000Core.job
- c:\users\Jirka\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-06 14:41]
.
2012-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448369136-326095957-3992491985-1000UA.job
- c:\users\Jirka\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-06 14:41]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE" [2007-09-05 406944]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://companyweb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.100
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
AddRemove-Mafia Game - c:\windows\system32\MafiaSetup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3545919743-1017386175-2234930996-1157\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1522A09C-7AEA-18AD-7205-E9B69E750664}*]
"dalhkbel"=hex:64,62,67,69,64,68,6e,6e,68,67,61,70,70,69,67,63,6b,6f,66,68,66,
6e,69,6d,70,64,6f,6f,69,6f,67,63,61,6b,70,67,65,66,70,6e,00,3c
.
[HKEY_USERS\S-1-5-21-3545919743-1017386175-2234930996-1157\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{405F331F-14B6-541B-9195-D64EA2C8689B}*]
@Allowed: (Read) (RestrictedCode)
"ialfalfdcdobpmmefb"=hex:6a,61,6c,69,67,70,6f,62,6d,6c,67,65,64,6b,70,66,67,62,
68,6f,00,f7
"habggmoibpinlflp"=hex:6a,61,6c,69,67,70,6f,62,6d,6c,67,65,64,6b,70,66,67,62,
68,6f,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Contour Shuttle\ShuttleEngine.exe
c:\program files (x86)\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
.
Celkový čas: 2012-04-23 23:06:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-23 21:06
.
Před spuštěním: Volných bajtů: 26 973 638 656
Po spuštění: Volných bajtů: 36 751 765 504
.
- - End Of File - - 48BDAF0253573BF4EE449827DE756A17
ComboFix 12-04-23.02 - Jirka 23.04.2012 22:29:10.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4085.2545 [GMT 2:00]
Spuštěný z: c:\users\Jirka.Jirka-PC\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jirka.Jirka-PC\Documents\~WRL0003.tmp
c:\users\Jirka\AppData\Local\assembly\tmp
c:\users\Jirka\AppData\Local\lame_enc.dll
c:\users\Jirka\AppData\Local\no23xwrapper.dll
c:\users\Jirka\AppData\Local\ogg.dll
c:\users\Jirka\AppData\Local\vorbis.dll
c:\users\Jirka\AppData\Local\vorbisenc.dll
c:\users\Jirka\AppData\Local\vorbisfile.dll
G:\install.exe
H:\install.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-23 do 2012-04-23 )))))))))))))))))))))))))))))))
.
.
2012-04-23 20:43 . 2012-04-23 20:43 -------- d-----w- c:\users\Jirka\AppData\Local\temp
2012-04-23 20:43 . 2012-04-23 20:43 -------- d-----w- c:\users\Jirka.000\AppData\Local\temp
2012-04-23 20:43 . 2012-04-23 20:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-23 20:42 . 2012-04-23 20:42 -------- d-----w- c:\users\Hana\AppData\Local\temp
2012-04-23 20:42 . 2012-04-23 20:42 -------- d-----w- c:\users\Franta\AppData\Local\temp
2012-04-23 20:42 . 2012-04-23 20:42 -------- d-----w- c:\users\Bara\AppData\Local\temp
2012-04-23 20:42 . 2012-04-23 20:42 -------- d-----w- c:\users\Bara.FIBOX\AppData\Local\temp
2012-04-23 14:57 . 2012-04-23 14:57 -------- d-----w- c:\program files (x86)\ESET
2012-04-23 14:56 . 2012-04-23 14:56 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-23 14:45 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B50419F0-D9B2-4B58-9E47-87B18F2D6062}\mpengine.dll
2012-04-22 14:37 . 2012-04-22 14:41 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-04-22 14:37 . 2012-04-22 14:37 -------- d-----w- c:\windows\SysWow64\xlive
2012-04-22 11:20 . 2012-04-22 11:20 -------- d-----w- c:\users\Jirka.Jirka-PC\AppData\Roaming\HDRsoft
2012-04-16 11:29 . 2012-04-16 11:29 -------- d-----w- c:\programdata\BioWare
2012-04-16 11:08 . 2012-04-16 11:08 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2012-04-16 11:08 . 2012-04-16 11:08 -------- d-----w- c:\programdata\Media Center Programs
2012-04-16 10:55 . 2012-04-16 11:08 -------- d-----w- c:\program files (x86)\Common Files\BioWare
2012-04-10 19:39 . 2012-04-10 19:39 -------- d-----w- c:\users\Jirka.Jirka-PC\AppData\Local\Windows Live
2012-04-10 19:39 . 2012-04-10 19:39 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2012-04-10 18:26 . 2012-04-10 20:14 -------- d-----w- c:\users\Jirka.Jirka-PC\AppData\Local\WMTools Downloaded Files
2012-04-10 06:19 . 2012-04-23 14:58 -------- d-----w- c:\programdata\RegCure
2012-04-07 14:33 . 2012-04-07 14:33 -------- d-----w- c:\programdata\EA Core
2012-04-07 14:33 . 2012-04-07 14:33 -------- d-----w- c:\programdata\Electronic Arts
2012-04-07 14:33 . 2012-04-07 14:33 -------- d-----w- c:\programdata\EA Logs
2012-04-06 09:08 . 2006-11-01 10:05 154424 ----a-w- C:\ChVID.exe
2012-04-04 21:57 . 2012-04-04 21:59 -------- d-----w- c:\users\Jirka.Jirka-PC\AppData\Roaming\GetRightToGo
2012-03-26 13:17 . 2012-03-26 13:16 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-03-26 13:17 . 2012-03-26 13:16 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-26 13:16 . 2012-03-26 13:16 -------- d-----w- c:\program files\Java
2012-03-26 13:13 . 2012-03-26 13:13 -------- d-----w- c:\users\Jirka.Jirka-PC\AppData\Roaming\.minecraft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-23 14:50 . 2011-01-16 11:34 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-13 08:46 . 2011-06-30 07:12 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-04 13:56 . 2011-06-05 11:32 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-14 06:12 . 2010-09-08 16:07 2379552 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-03-12 21:25 . 2011-08-14 10:06 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 04:46 . 2012-03-15 13:34 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 13:42 . 2012-02-10 13:42 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{82BA21DF-58C5-4F17-A46D-52CEA483E1D0}\gapaengine.dll
2012-01-31 12:44 . 2010-09-06 14:53 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-25 06:27 . 2012-03-15 13:35 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:27 . 2012-03-15 13:35 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Jirka.Jirka-PC\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"Contour Shuttle Device Helper"="c:\program files (x86)\Contour Shuttle\ShuttleHelper.exe" [2009-07-23 118784]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="d:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LBP2900 Status Window.lnk - c:\windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE [2010-9-23 60384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-28 136176]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;h:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-09-29 1038088]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-28 136176]
R3 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;d:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]
R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-09-15 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-09-15 119632]
S2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-09-15 20552]
S3 e1yexpress;Ovladač gigabitových síťových připojení Intel(R);c:\windows\system32\DRIVERS\e1y60x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 wbondir;Winbond CIR Transceiver;c:\windows\system32\DRIVERS\wbondir.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-28 12:11]
.
2012-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-28 12:11]
.
2010-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3351475916-1720942700-161379336-1148Core.job
- c:\users\Jirka\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-06 14:41]
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3545919743-1017386175-2234930996-1157Core1cd09cce3064402.job
- c:\users\Jirka.Jirka-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-29 12:11]
.
2012-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448369136-326095957-3992491985-1000Core.job
- c:\users\Jirka\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-06 14:41]
.
2012-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448369136-326095957-3992491985-1000UA.job
- c:\users\Jirka\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-06 14:41]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE" [2007-09-05 406944]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://companyweb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.100
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
AddRemove-Mafia Game - c:\windows\system32\MafiaSetup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3545919743-1017386175-2234930996-1157\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1522A09C-7AEA-18AD-7205-E9B69E750664}*]
"dalhkbel"=hex:64,62,67,69,64,68,6e,6e,68,67,61,70,70,69,67,63,6b,6f,66,68,66,
6e,69,6d,70,64,6f,6f,69,6f,67,63,61,6b,70,67,65,66,70,6e,00,3c
.
[HKEY_USERS\S-1-5-21-3545919743-1017386175-2234930996-1157\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{405F331F-14B6-541B-9195-D64EA2C8689B}*]
@Allowed: (Read) (RestrictedCode)
"ialfalfdcdobpmmefb"=hex:6a,61,6c,69,67,70,6f,62,6d,6c,67,65,64,6b,70,66,67,62,
68,6f,00,f7
"habggmoibpinlflp"=hex:6a,61,6c,69,67,70,6f,62,6d,6c,67,65,64,6b,70,66,67,62,
68,6f,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Contour Shuttle\ShuttleEngine.exe
c:\program files (x86)\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
.
Celkový čas: 2012-04-23 23:06:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-23 21:06
.
Před spuštěním: Volných bajtů: 26 973 638 656
Po spuštění: Volných bajtů: 36 751 765 504
.
- - End Of File - - 48BDAF0253573BF4EE449827DE756A17
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o pomoc
Pokud nepoužíváš , odinstaluj:
Akamai NetSession Interface
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
C:\ChVID.exe--si stahoval? Odkud , z bezpečných stránek?
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Akamai NetSession Interface
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Kód: Vybrat vše
KillAll::
File::
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3351475916-1720942700-161379336-1148Core.job
c:\users\Jirka\AppData\Local\Google\Update\GoogleUpdate.exe
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3545919743-1017386175-2234930996-1157Core1cd09cce3064402.job
c:\users\Jirka.Jirka-PC\AppData\Local\Google\Update\GoogleUpdate.exe
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448369136-326095957-3992491985-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448369136-326095957-3992491985-1000UA.job
Folder::
c:\program files (x86)\ESET
c:\windows\1C4551A64743409391E41477CD655043.TMP
Driver::
gupdate
gupdatem
DDS::
uInternet Settings,ProxyOverride = <local>
RegNull::
[HKEY_USERS\S-1-5-21-3545919743-1017386175-2234930996-1157\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1522A09C-7AEA-18AD-7205-E9B69E750664}*]
[HKEY_USERS\S-1-5-21-3545919743-1017386175-2234930996-1157\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{405F331F-14B6-541B-9195-D64EA2C8689B}*]
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
RegLock::
[HKEY_USERS\S-1-5-21-3545919743-1017386175-2234930996-1157\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1522A09C-7AEA-18AD-7205-E9B69E750664}*]
[HKEY_USERS\S-1-5-21-3545919743-1017386175-2234930996-1157\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{405F331F-14B6-541B-9195-D64EA2C8689B}*]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
C:\ChVID.exe--si stahoval? Odkud , z bezpečných stránek?
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
screenname
- nováček
- Příspěvky: 22
- Registrován: duben 12
- Pohlaví:
- Stav:
Offline
Re: Prosím o pomoc
Provedl jsem. Logy:
ComboFix 12-04-23.02 - Jirka 24.04.2012 12:15:05.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4085.3025 [GMT 2:00]
Spuštěný z: c:\users\Jirka.Jirka-PC\Desktop\Novß slo×ka (3)\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jirka.Jirka-PC\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\Google\Update\GoogleUpdate.exe"
"c:\users\Jirka.Jirka-PC\AppData\Local\Google\Update\GoogleUpdate.exe"
"c:\users\Jirka\AppData\Local\Google\Update\GoogleUpdate.exe"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3351475916-1720942700-161379336-1148Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3545919743-1017386175-2234930996-1157Core1cd09cce3064402.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448369136-326095957-3992491985-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448369136-326095957-3992491985-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\ESET
c:\program files (x86)\ESET\ESET Online Scanner\esets_apiA.dll
c:\program files (x86)\ESET\ESET Online Scanner\esets_apiW.dll
c:\program files (x86)\ESET\ESET Online Scanner\esets_apiW_a.dll
c:\program files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
c:\program files (x86)\ESET\ESET Online Scanner\log.txt
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\http_update.eset.com\update.ver
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\lastupd.ver
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod0105.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod018B.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod0370.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod0AFE.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod1040.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod1721.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod219A.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod2C1F.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod2CD3.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod2E0B.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod3811.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod3910.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod402E.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod4490.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod4BD5.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod5DAC.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod61A2.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod634B.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod7059.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod76C2.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod7786.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod792C.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod7E74.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em000_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em000_64.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em001_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em002_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em003_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em004_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em005_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em006_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em006_64.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em023_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\upd.ver
c:\program files (x86)\ESET\ESET Online Scanner\Modules\em000_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\em000_64.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\em001_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\em002_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\em003_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\em004_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\em005_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\em006_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\em006_64.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\em023_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
c:\program files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe
c:\program files (x86)\ESET\ESET Online Scanner\OnlineScanner.cab
c:\program files (x86)\ESET\ESET Online Scanner\OnlineScanner.inf
c:\program files (x86)\ESET\ESET Online Scanner\OnlineScanner.ocx
c:\program files (x86)\ESET\ESET Online Scanner\OnlineScanner64.ocx
c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerLang.dll
c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
c:\program files (x86)\ESET\ESET Online Scanner\unicows.dll
c:\windows\1C4551A64743409391E41477CD655043.TMP
c:\windows\1C4551A64743409391E41477CD655043.TMP\WiseCustomCalla.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-24 do 2012-04-24 )))))))))))))))))))))))))))))))
.
.
2012-04-24 10:30 . 2012-04-24 10:30 -------- d-----w- c:\users\Jirka\AppData\Local\temp
2012-04-24 10:30 . 2012-04-24 10:30 -------- d-----w- c:\users\Jirka.000\AppData\Local\temp
2012-04-24 10:30 . 2012-04-24 10:30 -------- d-----w- c:\users\Hana\AppData\Local\temp
2012-04-24 10:30 . 2012-04-24 10:30 -------- d-----w- c:\users\Franta\AppData\Local\temp
2012-04-24 10:30 . 2012-04-24 10:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-24 10:30 . 2012-04-24 10:30 -------- d-----w- c:\users\Bara\AppData\Local\temp
2012-04-24 10:30 . 2012-04-24 10:30 -------- d-----w- c:\users\Bara.FIBOX\AppData\Local\temp
2012-04-23 21:17 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AD1D7244-AFA1-421F-86CB-11C3BE51BB48}\mpengine.dll
2012-04-23 14:56 . 2012-04-23 14:56 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-22 14:37 . 2012-04-22 14:41 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-04-22 14:37 . 2012-04-22 14:37 -------- d-----w- c:\windows\SysWow64\xlive
2012-04-22 11:20 . 2012-04-22 11:20 -------- d-----w- c:\users\Jirka.Jirka-PC\AppData\Roaming\HDRsoft
2012-04-16 11:29 . 2012-04-16 11:29 -------- d-----w- c:\programdata\BioWare
2012-04-16 11:08 . 2012-04-16 11:08 -------- d-----w- c:\programdata\Media Center Programs
2012-04-16 10:55 . 2012-04-16 11:08 -------- d-----w- c:\program files (x86)\Common Files\BioWare
2012-04-10 19:39 . 2012-04-10 19:39 -------- d-----w- c:\users\Jirka.Jirka-PC\AppData\Local\Windows Live
2012-04-10 19:39 . 2012-04-10 19:39 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2012-04-10 18:26 . 2012-04-10 20:14 -------- d-----w- c:\users\Jirka.Jirka-PC\AppData\Local\WMTools Downloaded Files
2012-04-10 06:19 . 2012-04-23 14:58 -------- d-----w- c:\programdata\RegCure
2012-04-07 14:33 . 2012-04-07 14:33 -------- d-----w- c:\programdata\EA Core
2012-04-07 14:33 . 2012-04-07 14:33 -------- d-----w- c:\programdata\Electronic Arts
2012-04-07 14:33 . 2012-04-07 14:33 -------- d-----w- c:\programdata\EA Logs
2012-04-06 09:08 . 2006-11-01 10:05 154424 ----a-w- C:\ChVID.exe
2012-04-04 21:57 . 2012-04-04 21:59 -------- d-----w- c:\users\Jirka.Jirka-PC\AppData\Roaming\GetRightToGo
2012-03-26 13:17 . 2012-03-26 13:16 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-03-26 13:17 . 2012-03-26 13:16 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-26 13:16 . 2012-03-26 13:16 -------- d-----w- c:\program files\Java
2012-03-26 13:13 . 2012-03-26 13:13 -------- d-----w- c:\users\Jirka.Jirka-PC\AppData\Roaming\.minecraft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-23 14:50 . 2011-01-16 11:34 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-13 08:46 . 2011-06-30 07:12 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-04 13:56 . 2011-06-05 11:32 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-14 06:12 . 2010-09-08 16:07 2379552 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-03-12 21:25 . 2011-08-14 10:06 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 04:46 . 2012-03-15 13:34 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 13:42 . 2012-02-10 13:42 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{82BA21DF-58C5-4F17-A46D-52CEA483E1D0}\gapaengine.dll
2012-01-31 12:44 . 2010-09-06 14:53 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-23_20.49.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-06 18:06 . 2012-04-23 21:13 59720 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-24 10:50 31398 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-11-29 15:41 . 2012-04-24 05:09 17570 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3545919743-1017386175-2234930996-1157_UserData.bin
+ 2010-09-06 14:34 . 2012-04-24 10:00 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-06 14:34 . 2012-04-23 20:32 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-06 14:34 . 2012-04-23 20:32 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-06 14:34 . 2012-04-24 10:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-24 10:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-23 20:32 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-06 19:03 . 2012-04-23 20:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-06 19:03 . 2012-04-24 10:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-06 19:03 . 2012-04-23 20:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-06 19:03 . 2012-04-24 10:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-07 12:39 . 2012-03-15 13:35 34144 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\oisicon.exe
+ 2010-09-07 12:39 . 2012-04-24 05:07 34144 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\oisicon.exe
- 2010-09-07 12:39 . 2012-03-15 13:35 42848 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\msouc.exe
+ 2010-09-07 12:39 . 2012-04-24 05:07 42848 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\msouc.exe
+ 2010-09-07 12:39 . 2012-04-24 05:07 19296 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\cagicon.exe
- 2010-09-07 12:39 . 2012-03-15 13:35 19296 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\cagicon.exe
- 2010-11-15 15:23 . 2012-04-23 20:44 4378 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2010-11-15 15:23 . 2012-04-24 10:46 4378 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-04-23 20:45 . 2012-04-23 20:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-24 10:47 . 2012-04-24 10:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-23 20:45 . 2012-04-23 20:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-24 10:47 . 2012-04-24 10:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-15 21:28 . 2011-12-16 08:02 132096 c:\windows\SysWOW64\url.dll
+ 2012-04-23 21:24 . 2012-02-28 05:40 132096 c:\windows\SysWOW64\url.dll
+ 2010-10-05 14:16 . 2012-04-24 09:50 448972 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2012-02-15 21:28 . 2011-12-16 08:45 134144 c:\windows\system32\url.dll
+ 2012-04-23 21:24 . 2012-02-28 06:35 134144 c:\windows\system32\url.dll
+ 2009-07-14 02:36 . 2012-04-24 10:02 686004 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-23 20:12 686004 c:\windows\system32\perfh009.dat
+ 2009-07-14 15:18 . 2012-04-24 10:02 702862 c:\windows\system32\perfh005.dat
- 2009-07-14 15:18 . 2012-04-23 20:12 702862 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2012-04-24 10:02 130790 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-23 20:12 130790 c:\windows\system32\perfc009.dat
+ 2009-07-14 15:18 . 2012-04-24 10:02 152266 c:\windows\system32\perfc005.dat
- 2009-07-14 15:18 . 2012-04-23 20:12 152266 c:\windows\system32\perfc005.dat
+ 2009-07-14 05:12 . 2012-04-24 09:58 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2012-03-25 14:32 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:46 . 2012-04-24 05:01 104488 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 05:01 . 2012-04-23 20:44 496792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-24 10:46 496792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-21 03:30 . 2012-03-21 03:30 138240 c:\windows\Installer\1829e2.msp
+ 2012-02-09 05:27 . 2012-02-09 05:27 231424 c:\windows\Installer\1829b9.msp
+ 2010-09-07 12:39 . 2012-04-24 05:07 415584 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\pubs.exe
- 2010-09-07 12:39 . 2012-03-15 13:35 415584 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\pubs.exe
+ 2010-09-07 12:39 . 2012-04-24 05:07 303456 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\outicon.exe
- 2010-09-07 12:39 . 2012-03-15 13:35 303456 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\outicon.exe
- 2010-09-07 12:39 . 2012-03-15 13:35 571232 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\misc.exe
+ 2010-09-07 12:39 . 2012-04-24 05:07 571232 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\misc.exe
- 2010-09-07 12:39 . 2012-03-15 13:35 326496 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\joticon.exe
+ 2010-09-07 12:39 . 2012-04-24 05:07 326496 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\joticon.exe
- 2010-09-07 12:39 . 2012-03-15 13:35 469856 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\inficon.exe
+ 2010-09-07 12:39 . 2012-04-24 05:07 469856 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\inficon.exe
- 2010-09-07 12:39 . 2012-03-15 13:35 178528 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\grvicons.exe
+ 2010-09-07 12:39 . 2012-04-24 05:07 178528 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\grvicons.exe
- 2009-07-14 04:45 . 2012-04-23 14:29 7384311 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-04-24 05:01 7384311 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-03-07 13:02 . 2012-03-07 13:02 1940480 c:\windows\Installer\5d2c8.msp
+ 2012-03-21 03:30 . 2012-03-21 03:30 1868288 c:\windows\Installer\1829d6.msp
+ 2010-09-07 12:39 . 2012-04-24 05:07 1479520 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\xlicons.exe
- 2010-09-07 12:39 . 2012-03-15 13:35 1479520 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\xlicons.exe
+ 2010-09-07 12:39 . 2012-04-24 05:07 1858400 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\wordicon.exe
- 2010-09-07 12:39 . 2012-03-15 13:35 1858400 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\wordicon.exe
+ 2010-09-07 12:39 . 2012-04-24 05:07 3792736 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\pptico.exe
- 2010-09-07 12:39 . 2012-03-15 13:35 3792736 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\pptico.exe
- 2010-09-07 12:39 . 2012-03-15 13:35 1449312 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\accicons.exe
+ 2010-09-07 12:39 . 2012-04-24 05:07 1449312 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\accicons.exe
+ 2012-03-07 13:03 . 2012-03-07 13:03 26386944 c:\windows\Installer\5d2ba.msp
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Jirka.Jirka-PC\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"Contour Shuttle Device Helper"="c:\program files (x86)\Contour Shuttle\ShuttleHelper.exe" [2009-07-23 118784]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="d:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LBP2900 Status Window.lnk - c:\windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE [2010-9-23 60384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;h:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-09-29 1038088]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;d:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]
R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-09-15 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-09-15 119632]
S2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-09-15 20552]
S3 e1yexpress;Ovladač gigabitových síťových připojení Intel(R);c:\windows\system32\DRIVERS\e1y60x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 wbondir;Winbond CIR Transceiver;c:\windows\system32\DRIVERS\wbondir.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-28 12:11]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-28 12:11]
.
2010-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3351475916-1720942700-161379336-1148Core.job
- c:\users\Jirka\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-06 14:41]
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3545919743-1017386175-2234930996-1157Core1cd09cce3064402.job
- c:\users\Jirka.Jirka-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-29 12:11]
.
2012-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448369136-326095957-3992491985-1000Core.job
- c:\users\Jirka\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-06 14:41]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448369136-326095957-3992491985-1000UA.job
- c:\users\Jirka\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-06 14:41]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE" [2007-09-05 406944]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU]
"combofix"="c:\combofix\CF30885.3XE" [2010-11-20 345088]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://companyweb
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-ESET Online Scanner - c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
AddRemove-Čeština Dragon Age Origins 1.00 - c:\users\Jirka.Jirka-PC\Desktop\Nová složka\Dragon Age\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Contour Shuttle\ShuttleEngine.exe
.
**************************************************************************
.
Celkový čas: 2012-04-24 13:06:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-24 11:06
ComboFix2.txt 2012-04-23 21:06
.
Před spuštěním: Volných bajtů: 35 825 786 880
Po spuštění: Volných bajtů: 35 028 717 568
.
- - End Of File - - 5A855197D20870DD5E8CD187BF290256
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:12:55, on 24.4.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE
C:\Users\Jirka.Jirka-PC\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2RPK.EXE
C:\Windows\system32\spool\DRIVERS\x64\3\CNAC8SWK.EXE
C:\Users\Jirka.Jirka-PC\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Contour Shuttle\ShuttleHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Jirka.Jirka-PC\Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://companyweb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Contour Shuttle Device Helper] C:\Program Files (x86)\Contour Shuttle\ShuttleHelper.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Jirka.Jirka-PC\AppData\Local\Akamai\netsession_win.exe"
O4 - Global Startup: Canon LBP2900 Status Window.lnk = C:\Windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fibox.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fibox.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fibox.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = fibox.local
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - H:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit (mi-raysat_3dsmax2010_64) - Unknown owner - D:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Contour Shuttle Device Engine (ShuttleEngine) - Contour Design, Inc. - C:\Program Files (x86)\Contour Shuttle\ShuttleEngine.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SQL Server VSS Writer (SQLWriter) - Unknown owner - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\wdm\STacSV64.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10821 bytes
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-24 13:13:32
-----------------------------
13:13:32.248 OS Version: Windows x64 6.1.7601 Service Pack 1
13:13:32.248 Number of processors: 4 586 0xF0B
13:13:32.249 ComputerName: JIRKA-PC UserName: Jirka
13:13:32.784 Initialize success
13:13:46.092 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:13:46.094 Disk 0 Vendor: WDC_WD2500KS-00MJB0 02.01C03 Size: 238475MB BusType: 3
13:13:46.096 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-2
13:13:46.098 Disk 1 Vendor: Maxtor_6B200M0 BANC1BY0 Size: 194481MB BusType: 3
13:13:46.100 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-4
13:13:46.103 Disk 2 Vendor: ST3320620AS 3.AAE Size: 305245MB BusType: 3
13:13:46.105 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP1T0L0-1
13:13:46.108 Disk 3 Vendor: Maxtor_6L200M0 BANC1G10 Size: 194481MB BusType: 3
13:13:46.164 Disk 0 MBR read successfully
13:13:46.169 Disk 0 MBR scan
13:13:46.174 Disk 0 Windows 7 default MBR code
13:13:46.201 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:13:46.250 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 110840 MB offset 206848
13:13:46.287 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 127531 MB offset 227207295
13:13:46.375 Disk 0 scanning C:\Windows\system32\drivers
13:14:10.844 Service scanning
13:14:30.901 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
13:14:35.778 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
13:14:40.314 Modules scanning
13:14:40.322 Disk 0 trace - called modules:
13:14:40.350 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80046e12c0]<<spls.sys ataport.SYS pciide.sys
13:14:40.357 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004ae3060]
13:14:40.363 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004853060]
13:14:40.369 \Driver\atapi[0xfffffa800483c960] -> IRP_MJ_CREATE -> 0xfffffa80046e12c0
13:14:40.376 Scan finished successfully
13:15:00.271 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
13:15:00.723 The log file has been saved successfully to "C:\aswMBR.txt"
Chvid.exe jsem stahoval. Bohužel nevím přesně odkud, ale je možné že jsem ho používal nedávno a mohl by se na tom sekání podílet. Antivir při stahování ale nic nehlásil.
ComboFix 12-04-23.02 - Jirka 24.04.2012 12:15:05.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4085.3025 [GMT 2:00]
Spuštěný z: c:\users\Jirka.Jirka-PC\Desktop\Novß slo×ka (3)\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jirka.Jirka-PC\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\Google\Update\GoogleUpdate.exe"
"c:\users\Jirka.Jirka-PC\AppData\Local\Google\Update\GoogleUpdate.exe"
"c:\users\Jirka\AppData\Local\Google\Update\GoogleUpdate.exe"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3351475916-1720942700-161379336-1148Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3545919743-1017386175-2234930996-1157Core1cd09cce3064402.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448369136-326095957-3992491985-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448369136-326095957-3992491985-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\ESET
c:\program files (x86)\ESET\ESET Online Scanner\esets_apiA.dll
c:\program files (x86)\ESET\ESET Online Scanner\esets_apiW.dll
c:\program files (x86)\ESET\ESET Online Scanner\esets_apiW_a.dll
c:\program files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
c:\program files (x86)\ESET\ESET Online Scanner\log.txt
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\http_update.eset.com\update.ver
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\lastupd.ver
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod0105.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod018B.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod0370.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod0AFE.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod1040.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod1721.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod219A.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod2C1F.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod2CD3.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod2E0B.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod3811.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod3910.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod402E.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod4490.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod4BD5.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod5DAC.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod61A2.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod634B.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod7059.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod76C2.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod7786.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod792C.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod7E74.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em000_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em000_64.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em001_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em002_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em003_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em004_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em005_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em006_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em006_64.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em023_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\upd.ver
c:\program files (x86)\ESET\ESET Online Scanner\Modules\em000_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\em000_64.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\em001_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\em002_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\em003_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\em004_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\em005_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\em006_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\em006_64.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\em023_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
c:\program files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe
c:\program files (x86)\ESET\ESET Online Scanner\OnlineScanner.cab
c:\program files (x86)\ESET\ESET Online Scanner\OnlineScanner.inf
c:\program files (x86)\ESET\ESET Online Scanner\OnlineScanner.ocx
c:\program files (x86)\ESET\ESET Online Scanner\OnlineScanner64.ocx
c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerLang.dll
c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
c:\program files (x86)\ESET\ESET Online Scanner\unicows.dll
c:\windows\1C4551A64743409391E41477CD655043.TMP
c:\windows\1C4551A64743409391E41477CD655043.TMP\WiseCustomCalla.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-24 do 2012-04-24 )))))))))))))))))))))))))))))))
.
.
2012-04-24 10:30 . 2012-04-24 10:30 -------- d-----w- c:\users\Jirka\AppData\Local\temp
2012-04-24 10:30 . 2012-04-24 10:30 -------- d-----w- c:\users\Jirka.000\AppData\Local\temp
2012-04-24 10:30 . 2012-04-24 10:30 -------- d-----w- c:\users\Hana\AppData\Local\temp
2012-04-24 10:30 . 2012-04-24 10:30 -------- d-----w- c:\users\Franta\AppData\Local\temp
2012-04-24 10:30 . 2012-04-24 10:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-24 10:30 . 2012-04-24 10:30 -------- d-----w- c:\users\Bara\AppData\Local\temp
2012-04-24 10:30 . 2012-04-24 10:30 -------- d-----w- c:\users\Bara.FIBOX\AppData\Local\temp
2012-04-23 21:17 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AD1D7244-AFA1-421F-86CB-11C3BE51BB48}\mpengine.dll
2012-04-23 14:56 . 2012-04-23 14:56 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-04-22 14:37 . 2012-04-22 14:41 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-04-22 14:37 . 2012-04-22 14:37 -------- d-----w- c:\windows\SysWow64\xlive
2012-04-22 11:20 . 2012-04-22 11:20 -------- d-----w- c:\users\Jirka.Jirka-PC\AppData\Roaming\HDRsoft
2012-04-16 11:29 . 2012-04-16 11:29 -------- d-----w- c:\programdata\BioWare
2012-04-16 11:08 . 2012-04-16 11:08 -------- d-----w- c:\programdata\Media Center Programs
2012-04-16 10:55 . 2012-04-16 11:08 -------- d-----w- c:\program files (x86)\Common Files\BioWare
2012-04-10 19:39 . 2012-04-10 19:39 -------- d-----w- c:\users\Jirka.Jirka-PC\AppData\Local\Windows Live
2012-04-10 19:39 . 2012-04-10 19:39 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2012-04-10 18:26 . 2012-04-10 20:14 -------- d-----w- c:\users\Jirka.Jirka-PC\AppData\Local\WMTools Downloaded Files
2012-04-10 06:19 . 2012-04-23 14:58 -------- d-----w- c:\programdata\RegCure
2012-04-07 14:33 . 2012-04-07 14:33 -------- d-----w- c:\programdata\EA Core
2012-04-07 14:33 . 2012-04-07 14:33 -------- d-----w- c:\programdata\Electronic Arts
2012-04-07 14:33 . 2012-04-07 14:33 -------- d-----w- c:\programdata\EA Logs
2012-04-06 09:08 . 2006-11-01 10:05 154424 ----a-w- C:\ChVID.exe
2012-04-04 21:57 . 2012-04-04 21:59 -------- d-----w- c:\users\Jirka.Jirka-PC\AppData\Roaming\GetRightToGo
2012-03-26 13:17 . 2012-03-26 13:16 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-03-26 13:17 . 2012-03-26 13:16 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-26 13:16 . 2012-03-26 13:16 -------- d-----w- c:\program files\Java
2012-03-26 13:13 . 2012-03-26 13:13 -------- d-----w- c:\users\Jirka.Jirka-PC\AppData\Roaming\.minecraft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-23 14:50 . 2011-01-16 11:34 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-13 08:46 . 2011-06-30 07:12 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-04 13:56 . 2011-06-05 11:32 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-14 06:12 . 2010-09-08 16:07 2379552 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-03-12 21:25 . 2011-08-14 10:06 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 04:46 . 2012-03-15 13:34 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 13:42 . 2012-02-10 13:42 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{82BA21DF-58C5-4F17-A46D-52CEA483E1D0}\gapaengine.dll
2012-01-31 12:44 . 2010-09-06 14:53 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-23_20.49.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-06 18:06 . 2012-04-23 21:13 59720 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-24 10:50 31398 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-11-29 15:41 . 2012-04-24 05:09 17570 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3545919743-1017386175-2234930996-1157_UserData.bin
+ 2010-09-06 14:34 . 2012-04-24 10:00 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-06 14:34 . 2012-04-23 20:32 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-06 14:34 . 2012-04-23 20:32 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-06 14:34 . 2012-04-24 10:00 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-24 10:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-23 20:32 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-06 19:03 . 2012-04-23 20:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-06 19:03 . 2012-04-24 10:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-06 19:03 . 2012-04-23 20:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-06 19:03 . 2012-04-24 10:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-07 12:39 . 2012-03-15 13:35 34144 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\oisicon.exe
+ 2010-09-07 12:39 . 2012-04-24 05:07 34144 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\oisicon.exe
- 2010-09-07 12:39 . 2012-03-15 13:35 42848 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\msouc.exe
+ 2010-09-07 12:39 . 2012-04-24 05:07 42848 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\msouc.exe
+ 2010-09-07 12:39 . 2012-04-24 05:07 19296 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\cagicon.exe
- 2010-09-07 12:39 . 2012-03-15 13:35 19296 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\cagicon.exe
- 2010-11-15 15:23 . 2012-04-23 20:44 4378 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2010-11-15 15:23 . 2012-04-24 10:46 4378 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-04-23 20:45 . 2012-04-23 20:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-24 10:47 . 2012-04-24 10:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-23 20:45 . 2012-04-23 20:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-24 10:47 . 2012-04-24 10:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-02-15 21:28 . 2011-12-16 08:02 132096 c:\windows\SysWOW64\url.dll
+ 2012-04-23 21:24 . 2012-02-28 05:40 132096 c:\windows\SysWOW64\url.dll
+ 2010-10-05 14:16 . 2012-04-24 09:50 448972 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2012-02-15 21:28 . 2011-12-16 08:45 134144 c:\windows\system32\url.dll
+ 2012-04-23 21:24 . 2012-02-28 06:35 134144 c:\windows\system32\url.dll
+ 2009-07-14 02:36 . 2012-04-24 10:02 686004 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-23 20:12 686004 c:\windows\system32\perfh009.dat
+ 2009-07-14 15:18 . 2012-04-24 10:02 702862 c:\windows\system32\perfh005.dat
- 2009-07-14 15:18 . 2012-04-23 20:12 702862 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2012-04-24 10:02 130790 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-23 20:12 130790 c:\windows\system32\perfc009.dat
+ 2009-07-14 15:18 . 2012-04-24 10:02 152266 c:\windows\system32\perfc005.dat
- 2009-07-14 15:18 . 2012-04-23 20:12 152266 c:\windows\system32\perfc005.dat
+ 2009-07-14 05:12 . 2012-04-24 09:58 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2012-03-25 14:32 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:46 . 2012-04-24 05:01 104488 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 05:01 . 2012-04-23 20:44 496792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-24 10:46 496792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-21 03:30 . 2012-03-21 03:30 138240 c:\windows\Installer\1829e2.msp
+ 2012-02-09 05:27 . 2012-02-09 05:27 231424 c:\windows\Installer\1829b9.msp
+ 2010-09-07 12:39 . 2012-04-24 05:07 415584 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\pubs.exe
- 2010-09-07 12:39 . 2012-03-15 13:35 415584 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\pubs.exe
+ 2010-09-07 12:39 . 2012-04-24 05:07 303456 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\outicon.exe
- 2010-09-07 12:39 . 2012-03-15 13:35 303456 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\outicon.exe
- 2010-09-07 12:39 . 2012-03-15 13:35 571232 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\misc.exe
+ 2010-09-07 12:39 . 2012-04-24 05:07 571232 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\misc.exe
- 2010-09-07 12:39 . 2012-03-15 13:35 326496 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\joticon.exe
+ 2010-09-07 12:39 . 2012-04-24 05:07 326496 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\joticon.exe
- 2010-09-07 12:39 . 2012-03-15 13:35 469856 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\inficon.exe
+ 2010-09-07 12:39 . 2012-04-24 05:07 469856 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\inficon.exe
- 2010-09-07 12:39 . 2012-03-15 13:35 178528 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\grvicons.exe
+ 2010-09-07 12:39 . 2012-04-24 05:07 178528 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\grvicons.exe
- 2009-07-14 04:45 . 2012-04-23 14:29 7384311 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-04-24 05:01 7384311 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-03-07 13:02 . 2012-03-07 13:02 1940480 c:\windows\Installer\5d2c8.msp
+ 2012-03-21 03:30 . 2012-03-21 03:30 1868288 c:\windows\Installer\1829d6.msp
+ 2010-09-07 12:39 . 2012-04-24 05:07 1479520 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\xlicons.exe
- 2010-09-07 12:39 . 2012-03-15 13:35 1479520 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\xlicons.exe
+ 2010-09-07 12:39 . 2012-04-24 05:07 1858400 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\wordicon.exe
- 2010-09-07 12:39 . 2012-03-15 13:35 1858400 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\wordicon.exe
+ 2010-09-07 12:39 . 2012-04-24 05:07 3792736 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\pptico.exe
- 2010-09-07 12:39 . 2012-03-15 13:35 3792736 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\pptico.exe
- 2010-09-07 12:39 . 2012-03-15 13:35 1449312 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\accicons.exe
+ 2010-09-07 12:39 . 2012-04-24 05:07 1449312 c:\windows\Installer\{91140000-0011-0000-1000-0000000FF1CE}\accicons.exe
+ 2012-03-07 13:03 . 2012-03-07 13:03 26386944 c:\windows\Installer\5d2ba.msp
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Jirka.Jirka-PC\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"Contour Shuttle Device Helper"="c:\program files (x86)\Contour Shuttle\ShuttleHelper.exe" [2009-07-23 118784]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="d:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LBP2900 Status Window.lnk - c:\windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE [2010-9-23 60384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;h:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-09-29 1038088]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;d:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [x]
R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-09-15 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-09-15 119632]
S2 MBAMService;MBAMService;d:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-09-15 20552]
S3 e1yexpress;Ovladač gigabitových síťových připojení Intel(R);c:\windows\system32\DRIVERS\e1y60x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 wbondir;Winbond CIR Transceiver;c:\windows\system32\DRIVERS\wbondir.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-28 12:11]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-28 12:11]
.
2010-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3351475916-1720942700-161379336-1148Core.job
- c:\users\Jirka\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-06 14:41]
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3545919743-1017386175-2234930996-1157Core1cd09cce3064402.job
- c:\users\Jirka.Jirka-PC\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-29 12:11]
.
2012-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448369136-326095957-3992491985-1000Core.job
- c:\users\Jirka\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-06 14:41]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448369136-326095957-3992491985-1000UA.job
- c:\users\Jirka\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-06 14:41]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE" [2007-09-05 406944]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU]
"combofix"="c:\combofix\CF30885.3XE" [2010-11-20 345088]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://companyweb
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-ESET Online Scanner - c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
AddRemove-Čeština Dragon Age Origins 1.00 - c:\users\Jirka.Jirka-PC\Desktop\Nová složka\Dragon Age\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Contour Shuttle\ShuttleEngine.exe
.
**************************************************************************
.
Celkový čas: 2012-04-24 13:06:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-24 11:06
ComboFix2.txt 2012-04-23 21:06
.
Před spuštěním: Volných bajtů: 35 825 786 880
Po spuštění: Volných bajtů: 35 028 717 568
.
- - End Of File - - 5A855197D20870DD5E8CD187BF290256
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:12:55, on 24.4.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE
C:\Users\Jirka.Jirka-PC\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\spool\DRIVERS\x64\3\CNAP2RPK.EXE
C:\Windows\system32\spool\DRIVERS\x64\3\CNAC8SWK.EXE
C:\Users\Jirka.Jirka-PC\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Contour Shuttle\ShuttleHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Jirka.Jirka-PC\Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://companyweb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Contour Shuttle Device Helper] C:\Program Files (x86)\Contour Shuttle\ShuttleHelper.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Jirka.Jirka-PC\AppData\Local\Akamai\netsession_win.exe"
O4 - Global Startup: Canon LBP2900 Status Window.lnk = C:\Windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fibox.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fibox.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fibox.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = fibox.local
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - H:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit (mi-raysat_3dsmax2010_64) - Unknown owner - D:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Contour Shuttle Device Engine (ShuttleEngine) - Contour Design, Inc. - C:\Program Files (x86)\Contour Shuttle\ShuttleEngine.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SQL Server VSS Writer (SQLWriter) - Unknown owner - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\wdm\STacSV64.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10821 bytes
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-24 13:13:32
-----------------------------
13:13:32.248 OS Version: Windows x64 6.1.7601 Service Pack 1
13:13:32.248 Number of processors: 4 586 0xF0B
13:13:32.249 ComputerName: JIRKA-PC UserName: Jirka
13:13:32.784 Initialize success
13:13:46.092 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:13:46.094 Disk 0 Vendor: WDC_WD2500KS-00MJB0 02.01C03 Size: 238475MB BusType: 3
13:13:46.096 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-2
13:13:46.098 Disk 1 Vendor: Maxtor_6B200M0 BANC1BY0 Size: 194481MB BusType: 3
13:13:46.100 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-4
13:13:46.103 Disk 2 Vendor: ST3320620AS 3.AAE Size: 305245MB BusType: 3
13:13:46.105 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP1T0L0-1
13:13:46.108 Disk 3 Vendor: Maxtor_6L200M0 BANC1G10 Size: 194481MB BusType: 3
13:13:46.164 Disk 0 MBR read successfully
13:13:46.169 Disk 0 MBR scan
13:13:46.174 Disk 0 Windows 7 default MBR code
13:13:46.201 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:13:46.250 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 110840 MB offset 206848
13:13:46.287 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 127531 MB offset 227207295
13:13:46.375 Disk 0 scanning C:\Windows\system32\drivers
13:14:10.844 Service scanning
13:14:30.901 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
13:14:35.778 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
13:14:40.314 Modules scanning
13:14:40.322 Disk 0 trace - called modules:
13:14:40.350 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80046e12c0]<<spls.sys ataport.SYS pciide.sys
13:14:40.357 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004ae3060]
13:14:40.363 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004853060]
13:14:40.369 \Driver\atapi[0xfffffa800483c960] -> IRP_MJ_CREATE -> 0xfffffa80046e12c0
13:14:40.376 Scan finished successfully
13:15:00.271 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
13:15:00.723 The log file has been saved successfully to "C:\aswMBR.txt"
Chvid.exe jsem stahoval. Bohužel nevím přesně odkud, ale je možné že jsem ho používal nedávno a mohl by se na tom sekání podílet. Antivir při stahování ale nic nehlásil.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o pomoc
Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.
Stáhni si RootRepeal
Rozbal si archív třeba do C:\RootRepeal
Poklepej na RootRepeal.exe ke startu programu ( ve vistě pravým a vybrat spustit jako administrátor).
Klikni v dolní části na Files a potom na Scan .
Objeví se dialog.okno, dej zatržítko na disk, který chceš skenovat( nejčastěji na C:\) , a potom na OK.
Program začne skenovat zatržený disk. Když sken skončí , budou tam vypsané soubory, ale ne všechny musí být legitimní. Klikni na Save Report a ulož si log do dokumentů. Vlož sem prosím celý jeho obsah.
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.
Stáhni si RootRepeal
Rozbal si archív třeba do C:\RootRepeal
Poklepej na RootRepeal.exe ke startu programu ( ve vistě pravým a vybrat spustit jako administrátor).
Klikni v dolní části na Files a potom na Scan .
Objeví se dialog.okno, dej zatržítko na disk, který chceš skenovat( nejčastěji na C:\) , a potom na OK.
Program začne skenovat zatržený disk. Když sken skončí , budou tam vypsané soubory, ale ne všechny musí být legitimní. Klikni na Save Report a ulož si log do dokumentů. Vlož sem prosím celý jeho obsah.
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fibox.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fibox.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fibox.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = fibox.local
Pokud to neznáš ,. taky fix.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
screenname
- nováček
- Příspěvky: 22
- Registrován: duben 12
- Pohlaví:
- Stav:
Offline
Re: Prosím o pomoc
Log z TDSSKilleru:
15:37:57.0042 3944 TDSS rootkit removing tool 2.7.32.0 Apr 23 2012 19:12:34
15:37:57.0201 3944 ============================================================
15:37:57.0201 3944 Current date / time: 2012/04/24 15:37:57.0201
15:37:57.0201 3944 SystemInfo:
15:37:57.0201 3944
15:37:57.0201 3944 OS Version: 6.1.7601 ServicePack: 1.0
15:37:57.0201 3944 Product type: Workstation
15:37:57.0202 3944 ComputerName: JIRKA-PC
15:37:57.0202 3944 UserName: Jirka
15:37:57.0202 3944 Windows directory: C:\Windows
15:37:57.0202 3944 System windows directory: C:\Windows
15:37:57.0202 3944 Running under WOW64
15:37:57.0202 3944 Processor architecture: Intel x64
15:37:57.0202 3944 Number of processors: 4
15:37:57.0202 3944 Page size: 0x1000
15:37:57.0202 3944 Boot type: Normal boot
15:37:57.0202 3944 ============================================================
15:37:58.0901 3944 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:37:58.0931 3944 Drive \Device\Harddisk1\DR1 - Size: 0x2F7B100000 (189.92 Gb), SectorSize: 0x200, Cylinders: 0x60D8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:37:58.0963 3944 Drive \Device\Harddisk3\DR3 - Size: 0x2F7B100000 (189.92 Gb), SectorSize: 0x200, Cylinders: 0x66E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
15:37:58.0980 3944 Drive \Device\Harddisk2\DR2 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:37:59.0211 3944 ============================================================
15:37:59.0211 3944 \Device\Harddisk0\DR0:
15:37:59.0211 3944 MBR partitions:
15:37:59.0211 3944 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:37:59.0211 3944 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xD87C000
15:37:59.0211 3944 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xD8AE87F, BlocksNum 0xF915D02
15:37:59.0211 3944 \Device\Harddisk1\DR1:
15:37:59.0211 3944 MBR partitions:
15:37:59.0211 3944 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC34F800
15:37:59.0211 3944 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x5C43800
15:37:59.0211 3944 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x11F94000, BlocksNum 0x5C43800
15:37:59.0211 3944 \Device\Harddisk3\DR3:
15:37:59.0212 3944 MBR partitions:
15:37:59.0212 3944 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x17BD7000
15:37:59.0212 3944 \Device\Harddisk2\DR2:
15:37:59.0214 3944 MBR partitions:
15:37:59.0214 3944 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
15:37:59.0214 3944 ============================================================
15:37:59.0215 3944 C: <-> \Device\Harddisk0\DR0\Partition1
15:37:59.0389 3944 D: <-> \Device\Harddisk0\DR0\Partition2
15:37:59.0470 3944 F: <-> \Device\Harddisk1\DR1\Partition0
15:37:59.0489 3944 H: <-> \Device\Harddisk2\DR2\Partition0
15:37:59.0522 3944 G: <-> \Device\Harddisk3\DR3\Partition0
15:38:00.0078 3944 I: <-> \Device\Harddisk1\DR1\Partition1
15:38:00.0151 3944 O: <-> \Device\Harddisk1\DR1\Partition2
15:38:00.0151 3944 ============================================================
15:38:00.0151 3944 Initialize success
15:38:00.0151 3944 ============================================================
15:38:18.0612 1444 ============================================================
15:38:18.0612 1444 Scan started
15:38:18.0612 1444 Mode: Manual;
15:38:18.0612 1444 ============================================================
15:40:32.0925 1444 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:40:32.0963 1444 1394ohci - ok
15:40:33.0029 1444 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
15:40:33.0031 1444 61883 - ok
15:40:33.0090 1444 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:40:33.0102 1444 ACPI - ok
15:40:33.0128 1444 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:40:33.0129 1444 AcpiPmi - ok
15:40:33.0182 1444 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
15:40:33.0183 1444 adfs - ok
15:40:33.0359 1444 Adobe Version Cue CS4 (57a3b9a69f14414ace12afd6ba701773) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
15:40:33.0396 1444 Adobe Version Cue CS4 - ok
15:40:33.0468 1444 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:40:33.0555 1444 adp94xx - ok
15:40:33.0632 1444 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:40:33.0637 1444 adpahci - ok
15:40:33.0647 1444 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:40:33.0655 1444 adpu320 - ok
15:40:33.0726 1444 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:40:33.0727 1444 AeLookupSvc - ok
15:40:33.0890 1444 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
15:40:33.0896 1444 AFD - ok
15:40:34.0162 1444 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:40:34.0174 1444 agp440 - ok
15:40:34.0676 1444 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll
15:40:34.0676 1444 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7
15:40:34.0683 1444 Akamai ( HiddenFile.Multi.Generic ) - warning
15:40:34.0683 1444 Akamai - detected HiddenFile.Multi.Generic (1)
15:40:34.0760 1444 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:40:34.0777 1444 ALG - ok
15:40:34.0827 1444 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:40:34.0828 1444 aliide - ok
15:40:34.0851 1444 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:40:34.0852 1444 amdide - ok
15:40:34.0873 1444 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:40:34.0875 1444 AmdK8 - ok
15:40:34.0893 1444 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:40:34.0895 1444 AmdPPM - ok
15:40:34.0949 1444 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
15:40:34.0960 1444 amdsata - ok
15:40:35.0034 1444 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:40:35.0037 1444 amdsbs - ok
15:40:36.0257 1444 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
15:40:36.0264 1444 amdxata - ok
15:40:36.0376 1444 AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
15:40:36.0378 1444 AppHostSvc - ok
15:40:36.0429 1444 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:40:36.0430 1444 AppID - ok
15:40:36.0486 1444 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:40:36.0487 1444 AppIDSvc - ok
15:40:36.0496 1444 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:40:36.0497 1444 Appinfo - ok
15:40:36.0572 1444 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
15:40:36.0575 1444 AppMgmt - ok
15:40:36.0596 1444 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:40:36.0598 1444 arc - ok
15:40:36.0608 1444 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:40:36.0610 1444 arcsas - ok
15:40:36.0766 1444 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:40:36.0767 1444 aspnet_state - ok
15:40:36.0809 1444 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:40:36.0810 1444 AsyncMac - ok
15:40:36.0829 1444 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:40:36.0829 1444 atapi - ok
15:40:36.0976 1444 Ati External Event Utility (ca4a0176fa380efd45de9d0acb9e1f86) C:\Windows\system32\Ati2evxx.exe
15:40:36.0986 1444 Ati External Event Utility - ok
15:40:39.0422 1444 atikmdag (aeae4abe6419923c037a0b2a157e1fc6) C:\Windows\system32\DRIVERS\atikmdag.sys
15:40:39.0699 1444 atikmdag - ok
15:40:39.0939 1444 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
15:40:39.0944 1444 atksgt - ok
15:40:40.0008 1444 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:40:40.0032 1444 AudioEndpointBuilder - ok
15:40:40.0039 1444 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:40:40.0043 1444 AudioSrv - ok
15:40:40.0091 1444 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
15:40:40.0093 1444 Avc - ok
15:40:40.0154 1444 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:40:40.0157 1444 AxInstSV - ok
15:40:40.0196 1444 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:40:40.0248 1444 b06bdrv - ok
15:40:40.0282 1444 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:40:40.0320 1444 b57nd60a - ok
15:40:40.0355 1444 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:40:40.0357 1444 BDESVC - ok
15:40:40.0409 1444 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:40:40.0409 1444 Beep - ok
15:40:40.0496 1444 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:40:40.0526 1444 BFE - ok
15:40:40.0716 1444 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
15:40:40.0729 1444 BITS - ok
15:40:40.0785 1444 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:40:40.0786 1444 blbdrive - ok
15:40:40.0864 1444 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
15:40:40.0866 1444 bowser - ok
15:40:40.0882 1444 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:40:40.0883 1444 BrFiltLo - ok
15:40:40.0886 1444 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:40:40.0887 1444 BrFiltUp - ok
15:40:40.0918 1444 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:40:40.0919 1444 BridgeMP - ok
15:40:40.0973 1444 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:40:40.0975 1444 Browser - ok
15:40:41.0007 1444 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:40:41.0045 1444 Brserid - ok
15:40:41.0050 1444 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:40:41.0052 1444 BrSerWdm - ok
15:40:41.0055 1444 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:40:41.0056 1444 BrUsbMdm - ok
15:40:41.0060 1444 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:40:41.0061 1444 BrUsbSer - ok
15:40:41.0074 1444 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:40:41.0075 1444 BTHMODEM - ok
15:40:41.0090 1444 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:40:41.0092 1444 bthserv - ok
15:40:41.0124 1444 catchme - ok
15:40:41.0157 1444 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:40:41.0159 1444 cdfs - ok
15:40:41.0207 1444 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:40:41.0213 1444 cdrom - ok
15:40:41.0223 1444 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:40:41.0225 1444 CertPropSvc - ok
15:40:41.0238 1444 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:40:41.0240 1444 circlass - ok
15:40:41.0262 1444 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:40:41.0308 1444 CLFS - ok
15:40:41.0406 1444 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:40:41.0408 1444 clr_optimization_v2.0.50727_32 - ok
15:40:41.0486 1444 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:40:41.0488 1444 clr_optimization_v2.0.50727_64 - ok
15:40:41.0791 1444 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:40:41.0835 1444 clr_optimization_v4.0.30319_32 - ok
15:40:41.0866 1444 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:40:41.0906 1444 clr_optimization_v4.0.30319_64 - ok
15:40:41.0925 1444 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:40:41.0926 1444 CmBatt - ok
15:40:41.0944 1444 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:40:41.0945 1444 cmdide - ok
15:40:42.0016 1444 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
15:40:42.0072 1444 CNG - ok
15:40:42.0132 1444 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:40:42.0133 1444 Compbatt - ok
15:40:42.0181 1444 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:40:42.0182 1444 CompositeBus - ok
15:40:42.0185 1444 COMSysApp - ok
15:40:42.0210 1444 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:40:42.0211 1444 crcdisk - ok
15:40:42.0261 1444 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:40:42.0268 1444 CryptSvc - ok
15:40:42.0350 1444 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:40:42.0376 1444 CSC - ok
15:40:42.0493 1444 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
15:40:42.0501 1444 CscService - ok
15:40:42.0585 1444 DAUpdaterSvc (80861969541971176e005d2c09dae851) H:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
15:40:42.0636 1444 DAUpdaterSvc - ok
15:40:42.0736 1444 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:40:42.0745 1444 DcomLaunch - ok
15:40:42.0775 1444 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:40:42.0813 1444 defragsvc - ok
15:40:42.0927 1444 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:40:42.0929 1444 DfsC - ok
15:40:43.0056 1444 dgderdrv (def365f0f6e017888c4b869d3ba4b8e0) C:\Windows\system32\drivers\dgderdrv.sys
15:40:43.0099 1444 dgderdrv - ok
15:40:43.0418 1444 dgdersvc (bc3c53000adcd440f1b23e46dac302ef) C:\Windows\system32\dgdersvc.exe
15:40:43.0420 1444 dgdersvc - ok
15:40:43.0436 1444 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:40:43.0474 1444 Dhcp - ok
15:40:43.0532 1444 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:40:43.0533 1444 discache - ok
15:40:43.0573 1444 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:40:43.0574 1444 Disk - ok
15:40:43.0635 1444 Dnscache (cd55f5355d8f55d44c9f4ed875705bd6) C:\Windows\System32\dnsrslvr.dll
15:40:43.0639 1444 Dnscache - ok
15:40:43.0688 1444 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:40:43.0726 1444 dot3svc - ok
15:40:43.0905 1444 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:40:43.0909 1444 DPS - ok
15:40:43.0956 1444 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:40:43.0957 1444 drmkaud - ok
15:40:44.0058 1444 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:40:44.0085 1444 DXGKrnl - ok
15:40:44.0240 1444 e1yexpress (50ad8fc1dc800ff36087994c8f7fdff2) C:\Windows\system32\DRIVERS\e1y60x64.sys
15:40:44.0277 1444 e1yexpress - ok
15:40:44.0686 1444 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:40:44.0755 1444 EapHost - ok
15:40:45.0067 1444 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:40:45.0162 1444 ebdrv - ok
15:40:45.0267 1444 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
15:40:45.0273 1444 EFS - ok
15:40:45.0447 1444 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:40:45.0497 1444 ehRecvr - ok
15:40:45.0530 1444 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:40:45.0536 1444 ehSched - ok
15:40:45.0623 1444 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:40:45.0630 1444 elxstor - ok
15:40:45.0692 1444 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:40:45.0693 1444 ErrDev - ok
15:40:45.0744 1444 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:40:45.0805 1444 EventSystem - ok
15:40:45.0816 1444 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:40:45.0819 1444 exfat - ok
15:40:45.0908 1444 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:40:45.0922 1444 fastfat - ok
15:40:46.0000 1444 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:40:46.0024 1444 Fax - ok
15:40:46.0086 1444 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:40:46.0087 1444 fdc - ok
15:40:46.0104 1444 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:40:46.0105 1444 fdPHost - ok
15:40:46.0117 1444 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:40:46.0119 1444 FDResPub - ok
15:40:46.0168 1444 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:40:46.0170 1444 FileInfo - ok
15:40:46.0180 1444 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:40:46.0181 1444 Filetrace - ok
15:40:46.0403 1444 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:40:46.0453 1444 FLEXnet Licensing Service - ok
15:40:46.0645 1444 FLEXnet Licensing Service 64 (1c3fb052a0bb72edaed90785c34d6eed) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
15:40:46.0684 1444 FLEXnet Licensing Service 64 - ok
15:40:46.0914 1444 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:40:46.0915 1444 flpydisk - ok
15:40:46.0967 1444 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:40:46.0981 1444 FltMgr - ok
15:40:47.0090 1444 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
15:40:47.0143 1444 FontCache - ok
15:40:47.0322 1444 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:40:47.0329 1444 FontCache3.0.0.0 - ok
15:40:47.0461 1444 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:40:47.0463 1444 FsDepends - ok
15:40:47.0516 1444 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:40:47.0517 1444 Fs_Rec - ok
15:40:47.0557 1444 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:40:47.0563 1444 fvevol - ok
15:40:47.0585 1444 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:40:47.0595 1444 gagp30kx - ok
15:40:47.0760 1444 GGSAFERDriver - ok
15:40:47.0850 1444 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:40:47.0873 1444 gpsvc - ok
15:40:48.0015 1444 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:40:48.0018 1444 gusvc - ok
15:40:48.0073 1444 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
15:40:48.0074 1444 hamachi - ok
15:40:48.0087 1444 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:40:48.0088 1444 hcw85cir - ok
15:40:48.0120 1444 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:40:48.0157 1444 HdAudAddService - ok
15:40:48.0215 1444 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:40:48.0217 1444 HDAudBus - ok
15:40:48.0239 1444 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:40:48.0240 1444 HidBatt - ok
15:40:48.0254 1444 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:40:48.0256 1444 HidBth - ok
15:40:48.0270 1444 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:40:48.0272 1444 HidIr - ok
15:40:48.0293 1444 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
15:40:48.0294 1444 hidserv - ok
15:40:48.0326 1444 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:40:48.0327 1444 HidUsb - ok
15:40:48.0433 1444 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:40:48.0435 1444 hkmsvc - ok
15:40:48.0517 1444 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:40:48.0555 1444 HomeGroupListener - ok
15:40:48.0602 1444 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:40:48.0641 1444 HomeGroupProvider - ok
15:40:48.0665 1444 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:40:48.0666 1444 HpSAMD - ok
15:40:48.0832 1444 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:40:48.0882 1444 HTTP - ok
15:40:48.0954 1444 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:40:48.0955 1444 hwpolicy - ok
15:40:49.0001 1444 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:40:49.0003 1444 i8042prt - ok
15:40:49.0048 1444 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
15:40:49.0100 1444 iaStorV - ok
15:40:49.0403 1444 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:40:49.0432 1444 idsvc - ok
15:40:49.0500 1444 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:40:49.0501 1444 iirsp - ok
15:40:49.0682 1444 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:40:49.0724 1444 IKEEXT - ok
15:40:49.0740 1444 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:40:49.0741 1444 intelide - ok
15:40:49.0758 1444 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:40:49.0759 1444 intelppm - ok
15:40:49.0870 1444 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:40:49.0873 1444 IPBusEnum - ok
15:40:49.0894 1444 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:40:49.0896 1444 IpFilterDriver - ok
15:40:51.0861 1444 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:40:51.0869 1444 iphlpsvc - ok
15:40:51.0898 1444 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:40:51.0900 1444 IPMIDRV - ok
15:40:51.0924 1444 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:40:51.0926 1444 IPNAT - ok
15:40:51.0943 1444 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:40:51.0944 1444 IRENUM - ok
15:40:51.0969 1444 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:40:51.0970 1444 isapnp - ok
15:40:51.0990 1444 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:40:52.0004 1444 iScsiPrt - ok
15:40:52.0023 1444 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:40:52.0024 1444 kbdclass - ok
15:40:52.0045 1444 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:40:52.0047 1444 kbdhid - ok
15:40:52.0074 1444 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:40:52.0076 1444 KeyIso - ok
15:40:52.0131 1444 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
15:40:52.0133 1444 KSecDD - ok
15:40:52.0178 1444 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
15:40:52.0184 1444 KSecPkg - ok
15:40:52.0195 1444 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:40:52.0196 1444 ksthunk - ok
15:40:52.0220 1444 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:40:52.0268 1444 KtmRm - ok
15:40:52.0449 1444 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
15:40:52.0455 1444 LanmanServer - ok
15:40:52.0496 1444 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:40:52.0503 1444 LanmanWorkstation - ok
15:40:52.0551 1444 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
15:40:52.0553 1444 lirsgt - ok
15:40:52.0579 1444 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:40:52.0581 1444 lltdio - ok
15:40:52.0601 1444 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:40:52.0639 1444 lltdsvc - ok
15:40:52.0659 1444 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:40:52.0661 1444 lmhosts - ok
15:40:52.0682 1444 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:40:52.0685 1444 LSI_FC - ok
15:40:52.0704 1444 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:40:52.0706 1444 LSI_SAS - ok
15:40:52.0712 1444 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:40:52.0713 1444 LSI_SAS2 - ok
15:40:52.0727 1444 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:40:52.0734 1444 LSI_SCSI - ok
15:40:52.0749 1444 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:40:52.0756 1444 luafv - ok
15:40:52.0873 1444 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
15:40:52.0882 1444 MBAMProtector - ok
15:40:53.0312 1444 MBAMService (ba400ed640bca1eae5c727ae17c10207) D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:40:53.0410 1444 MBAMService - ok
15:40:54.0596 1444 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:40:54.0599 1444 Mcx2Svc - ok
15:40:54.0632 1444 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:40:54.0633 1444 megasas - ok
15:40:54.0660 1444 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:40:54.0713 1444 MegaSR - ok
15:40:54.0876 1444 mi-raysat_3dsmax2010_64 (0af89452a8ce3928168f4e5b2208c68b) D:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
15:40:54.0907 1444 mi-raysat_3dsmax2010_64 - ok
15:40:55.0029 1444 Microsoft SharePoint Workspace Audit Service - ok
15:40:55.0064 1444 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:40:55.0066 1444 MMCSS - ok
15:40:55.0117 1444 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:40:55.0118 1444 Modem - ok
15:40:55.0159 1444 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:40:55.0160 1444 monitor - ok
15:40:55.0228 1444 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:40:55.0229 1444 mouclass - ok
15:40:55.0278 1444 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:40:55.0280 1444 mouhid - ok
15:40:55.0342 1444 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:40:55.0344 1444 mountmgr - ok
15:40:55.0406 1444 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys
15:40:55.0412 1444 MpFilter - ok
15:40:55.0437 1444 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:40:55.0444 1444 mpio - ok
15:40:55.0462 1444 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys
15:40:55.0463 1444 MpNWMon - ok
15:40:55.0502 1444 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:40:55.0504 1444 mpsdrv - ok
15:40:55.0827 1444 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:40:55.0840 1444 MpsSvc - ok
15:40:56.0115 1444 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:40:56.0124 1444 MRxDAV - ok
15:41:30.0586 1444 mrxsmb (faf015b07e3a2874a790a39b7d2c579f) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:41:30.0611 1444 mrxsmb - ok
15:41:30.0751 1444 mrxsmb10 (08e2345df129082bcdffdc1440f9c00d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:41:30.0756 1444 mrxsmb10 - ok
15:41:30.0936 1444 mrxsmb20 (108d87409c5812ef47d81e22843e8c9d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:41:30.0938 1444 mrxsmb20 - ok
15:41:30.0959 1444 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:41:30.0961 1444 msahci - ok
15:41:30.0994 1444 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:41:30.0996 1444 msdsm - ok
15:41:31.0030 1444 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:41:31.0037 1444 MSDTC - ok
15:41:31.0122 1444 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
15:41:31.0124 1444 MSDV - ok
15:41:31.0174 1444 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:41:31.0175 1444 Msfs - ok
15:41:31.0183 1444 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:41:31.0184 1444 mshidkmdf - ok
15:41:31.0202 1444 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:41:31.0203 1444 msisadrv - ok
15:41:31.0230 1444 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:41:31.0236 1444 MSiSCSI - ok
15:41:31.0239 1444 msiserver - ok
15:41:31.0358 1444 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:41:31.0359 1444 MSKSSRV - ok
15:41:31.0578 1444 MsMpSvc (64e69a217d861776ca848b453fb96d71) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
15:41:31.0579 1444 MsMpSvc - ok
15:41:31.0608 1444 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:41:31.0609 1444 MSPCLOCK - ok
15:41:31.0630 1444 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:41:31.0631 1444 MSPQM - ok
15:41:31.0685 1444 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:41:31.0698 1444 MsRPC - ok
15:41:31.0774 1444 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:41:31.0775 1444 mssmbios - ok
15:41:31.0892 1444 MSSQL$SQLEXPRESS - ok
15:41:31.0972 1444 MSSQLServerADHelper100 - ok
15:41:31.0987 1444 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:41:31.0988 1444 MSTEE - ok
15:41:32.0007 1444 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:41:32.0008 1444 MTConfig - ok
15:41:32.0027 1444 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:41:32.0029 1444 Mup - ok
15:41:32.0049 1444 MySQL - ok
15:41:32.0108 1444 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:41:32.0115 1444 napagent - ok
15:41:32.0200 1444 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:41:32.0204 1444 NativeWifiP - ok
15:41:32.0323 1444 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:41:32.0376 1444 NDIS - ok
15:41:32.0421 1444 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:41:32.0422 1444 NdisCap - ok
15:41:32.0454 1444 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:41:32.0455 1444 NdisTapi - ok
15:41:32.0469 1444 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:41:32.0471 1444 Ndisuio - ok
15:41:32.0504 1444 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:41:32.0510 1444 NdisWan - ok
15:41:32.0566 1444 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:41:32.0567 1444 NDProxy - ok
15:41:32.0616 1444 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:41:32.0617 1444 NetBIOS - ok
15:41:32.0735 1444 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:41:32.0738 1444 NetBT - ok
15:41:32.0836 1444 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:41:32.0837 1444 Netlogon - ok
15:41:32.0873 1444 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:41:32.0935 1444 Netman - ok
15:41:33.0062 1444 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:41:33.0070 1444 NetMsmqActivator - ok
15:41:33.0072 1444 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:41:33.0073 1444 NetPipeActivator - ok
15:41:33.0181 1444 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:41:33.0209 1444 netprofm - ok
15:41:33.0212 1444 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:41:33.0214 1444 NetTcpActivator - ok
15:41:33.0217 1444 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:41:33.0218 1444 NetTcpPortSharing - ok
15:41:33.0293 1444 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:41:33.0294 1444 nfrd960 - ok
15:41:33.0348 1444 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:41:33.0349 1444 NisDrv - ok
15:41:33.0571 1444 NisSrv (c67e39d2968400b38f54a10822e6eacf) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
15:41:33.0574 1444 NisSrv - ok
15:41:33.0626 1444 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:41:33.0664 1444 NlaSvc - ok
15:41:33.0696 1444 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:41:33.0697 1444 Npfs - ok
15:41:33.0717 1444 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:41:33.0720 1444 nsi - ok
15:41:33.0770 1444 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:41:33.0771 1444 nsiproxy - ok
15:41:33.0914 1444 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
15:41:33.0985 1444 Ntfs - ok
15:41:34.0200 1444 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:41:34.0201 1444 Null - ok
15:41:34.0228 1444 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
15:41:34.0235 1444 nvraid - ok
15:41:34.0257 1444 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
15:41:34.0263 1444 nvstor - ok
15:41:34.0294 1444 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:41:34.0296 1444 nv_agp - ok
15:41:34.0312 1444 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:41:34.0314 1444 ohci1394 - ok
15:41:34.0440 1444 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:41:34.0446 1444 ose64 - ok
15:41:34.0828 1444 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:41:34.0963 1444 osppsvc - ok
15:41:35.0166 1444 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:41:35.0203 1444 p2pimsvc - ok
15:41:35.0237 1444 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:41:35.0298 1444 p2psvc - ok
15:41:35.0339 1444 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:41:35.0341 1444 Parport - ok
15:41:35.0417 1444 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:41:35.0419 1444 partmgr - ok
15:41:35.0442 1444 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:41:35.0455 1444 PcaSvc - ok
15:41:35.0482 1444 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:41:35.0489 1444 pci - ok
15:41:35.0514 1444 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:41:35.0515 1444 pciide - ok
15:41:35.0543 1444 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:41:35.0549 1444 pcmcia - ok
15:41:50.0475 1444 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:41:50.0477 1444 pcw - ok
15:41:50.0758 1444 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:41:50.0766 1444 PEAUTH - ok
15:41:50.0892 1444 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
15:41:50.0936 1444 PeerDistSvc - ok
15:41:51.0050 1444 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:41:51.0052 1444 PerfHost - ok
15:41:51.0258 1444 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:41:51.0362 1444 pla - ok
15:41:53.0232 1444 PlugPlay (b806e50427511bcf4ad8e8239c3e25fa) C:\Windows\system32\umpnpmgr.dll
15:41:53.0285 1444 PlugPlay - ok
15:41:53.0319 1444 PnkBstrA - ok
15:41:53.0353 1444 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:41:53.0356 1444 PNRPAutoReg - ok
15:41:53.0381 1444 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:41:53.0385 1444 PNRPsvc - ok
15:41:53.0464 1444 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:41:53.0470 1444 PolicyAgent - ok
15:41:53.0636 1444 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:41:53.0640 1444 Power - ok
15:41:53.0704 1444 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:41:53.0706 1444 PptpMiniport - ok
15:41:53.0726 1444 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:41:53.0727 1444 Processor - ok
15:41:53.0795 1444 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:41:53.0799 1444 ProfSvc - ok
15:41:53.0828 1444 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:41:53.0830 1444 ProtectedStorage - ok
15:41:53.0894 1444 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:41:53.0899 1444 Psched - ok
15:41:54.0055 1444 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
15:41:54.0096 1444 PSI_SVC_2 - ok
15:41:57.0247 1444 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
15:41:57.0324 1444 PxHlpa64 - ok
15:41:57.0680 1444 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:41:57.0753 1444 ql2300 - ok
15:41:57.0889 1444 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:41:57.0891 1444 ql40xx - ok
15:41:57.0945 1444 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:41:57.0950 1444 QWAVE - ok
15:41:57.0959 1444 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:41:57.0961 1444 QWAVEdrv - ok
15:41:57.0965 1444 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:41:57.0966 1444 RasAcd - ok
15:41:58.0056 1444 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:41:58.0058 1444 RasAgileVpn - ok
15:41:58.0084 1444 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:41:58.0091 1444 RasAuto - ok
15:41:58.0142 1444 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:41:58.0144 1444 Rasl2tp - ok
15:41:58.0162 1444 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:41:58.0209 1444 RasMan - ok
15:41:58.0239 1444 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:41:58.0241 1444 RasPppoe - ok
15:41:58.0253 1444 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:41:58.0254 1444 RasSstp - ok
15:41:58.0303 1444 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:41:58.0324 1444 rdbss - ok
15:41:58.0365 1444 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:41:58.0367 1444 rdpbus - ok
15:41:58.0380 1444 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:41:58.0381 1444 RDPCDD - ok
15:41:58.0448 1444 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:41:58.0454 1444 RDPDR - ok
15:41:58.0473 1444 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:41:58.0474 1444 RDPENCDD - ok
15:41:58.0486 1444 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:41:58.0487 1444 RDPREFMP - ok
15:41:58.0529 1444 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
15:41:58.0567 1444 RDPWD - ok
15:41:58.0675 1444 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:41:58.0722 1444 rdyboost - ok
15:41:58.0747 1444 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:41:58.0750 1444 RemoteAccess - ok
15:41:58.0764 1444 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:41:58.0779 1444 RemoteRegistry - ok
15:41:58.0937 1444 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:41:58.0940 1444 RpcEptMapper - ok
15:41:58.0969 1444 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:41:58.0971 1444 RpcLocator - ok
15:41:59.0021 1444 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:41:59.0025 1444 RpcSs - ok
15:41:59.0065 1444 RsFx0105 - ok
15:41:59.0085 1444 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:41:59.0087 1444 rspndr - ok
15:41:59.0132 1444 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:41:59.0133 1444 s3cap - ok
15:41:59.0150 1444 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:41:59.0152 1444 SamSs - ok
15:41:59.0222 1444 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:41:59.0224 1444 sbp2port - ok
15:41:59.0248 1444 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:41:59.0288 1444 SCardSvr - ok
15:41:59.0393 1444 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
15:41:59.0433 1444 SCDEmu - ok
15:41:59.0509 1444 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:41:59.0511 1444 scfilter - ok
15:41:59.0670 1444 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:41:59.0829 1444 Schedule - ok
15:42:00.0175 1444 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:42:00.0176 1444 SCPolicySvc - ok
15:42:00.0205 1444 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:42:00.0236 1444 SDRSVC - ok
15:42:01.0222 1444 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:42:01.0223 1444 secdrv - ok
15:42:01.0232 1444 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:42:01.0234 1444 seclogon - ok
15:42:01.0248 1444 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
15:42:01.0250 1444 SENS - ok
15:42:01.0267 1444 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:42:01.0270 1444 SensrSvc - ok
15:42:01.0276 1444 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:42:01.0277 1444 Serenum - ok
15:42:01.0288 1444 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:42:01.0290 1444 Serial - ok
15:42:01.0311 1444 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:42:01.0312 1444 sermouse - ok
15:42:01.0416 1444 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:42:01.0420 1444 SessionEnv - ok
15:42:01.0444 1444 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:42:01.0445 1444 sffdisk - ok
15:42:01.0463 1444 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:42:01.0464 1444 sffp_mmc - ok
15:42:01.0479 1444 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:42:01.0480 1444 sffp_sd - ok
15:42:01.0518 1444 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:42:01.0519 1444 sfloppy - ok
15:42:01.0575 1444 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:42:01.0595 1444 SharedAccess - ok
15:42:01.0713 1444 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:42:01.0721 1444 ShellHWDetection - ok
15:42:01.0907 1444 ShuttleEngine (0711f1b4a078ff2c49b468f1cb126825) C:\Program Files (x86)\Contour Shuttle\ShuttleEngine.exe
15:42:01.0934 1444 ShuttleEngine - ok
15:42:01.0958 1444 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:42:01.0959 1444 SiSRaid2 - ok
15:42:01.0976 1444 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:42:01.0977 1444 SiSRaid4 - ok
15:42:01.0991 1444 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:42:01.0993 1444 Smb - ok
15:42:02.0041 1444 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:42:02.0044 1444 SNMPTRAP - ok
15:42:02.0087 1444 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:42:02.0089 1444 spldr - ok
15:42:02.0148 1444 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:42:02.0175 1444 Spooler - ok
15:42:03.0133 1444 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:42:03.0274 1444 sppsvc - ok
15:42:03.0414 1444 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:42:03.0416 1444 sppuinotify - ok
15:42:03.0571 1444 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
15:42:03.0572 1444 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
15:42:03.0621 1444 sptd ( LockedFile.Multi.Generic ) - warning
15:42:03.0621 1444 sptd - detected LockedFile.Multi.Generic (1)
15:42:03.0731 1444 SQLAgent$SQLEXPRESS - ok
15:42:03.0787 1444 SQLBrowser - ok
15:42:03.0836 1444 SQLWriter - ok
15:42:03.0892 1444 srv (2098b8556d1cec2aca9a29cd479e3692) C:\Windows\system32\DRIVERS\srv.sys
15:42:03.0902 1444 srv - ok
15:42:04.0041 1444 srv2 (d0f73a42040f21f92fd314b42ac5c9e7) C:\Windows\system32\DRIVERS\srv2.sys
15:42:04.0054 1444 srv2 - ok
15:42:04.0167 1444 srvnet (2ba8f3250828ccdb4204ecf2c6f40b6a) C:\Windows\system32\DRIVERS\srvnet.sys
15:42:04.0173 1444 srvnet - ok
15:42:04.0222 1444 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:42:04.0236 1444 SSDPSRV - ok
15:42:04.0296 1444 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:42:04.0299 1444 SstpSvc - ok
15:42:04.0348 1444 ss_bbus (ef806d212d34b0e173baeb3564d53e37) C:\Windows\system32\DRIVERS\ss_bbus.sys
15:42:04.0355 1444 ss_bbus - ok
15:42:04.0399 1444 ss_bmdfl (08b1b34abebeb6ac2dea06900c56411e) C:\Windows\system32\DRIVERS\ss_bmdfl.sys
15:42:04.0400 1444 ss_bmdfl - ok
15:42:04.0435 1444 ss_bmdm (71a9da6beaa4cb54dfb827fb78600a5d) C:\Windows\system32\DRIVERS\ss_bmdm.sys
15:42:04.0441 1444 ss_bmdm - ok
15:42:04.0495 1444 ss_bserd (677cdc98f8363accaae783fde1599c2a) C:\Windows\system32\DRIVERS\ss_bserd.sys
15:42:04.0498 1444 ss_bserd - ok
15:42:04.0633 1444 STacSV (c15e5df1f7f4d0748242c6f2df2915a4) c:\program files\idt\wdm\STacSV64.exe
15:42:04.0648 1444 STacSV - ok
15:42:04.0669 1444 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:42:04.0671 1444 stexstor - ok
15:42:04.0735 1444 STHDA (40226663652a2fdc90652f0173e04d21) C:\Windows\system32\DRIVERS\stwrt64.sys
15:42:04.0754 1444 STHDA - ok
15:42:04.0865 1444 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:42:04.0875 1444 stisvc - ok
15:42:05.0188 1444 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:42:05.0190 1444 storflt - ok
15:42:05.0249 1444 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
15:42:05.0252 1444 StorSvc - ok
15:42:05.0271 1444 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:42:05.0273 1444 storvsc - ok
15:42:05.0324 1444 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:42:05.0326 1444 swenum - ok
15:42:05.0488 1444 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:42:05.0579 1444 SwitchBoard - ok
15:42:05.0627 1444 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:42:05.0645 1444 swprv - ok
15:42:05.0872 1444 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:42:05.0906 1444 SysMain - ok
15:42:06.0116 1444 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:42:06.0119 1444 TabletInputService - ok
15:42:06.0215 1444 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:42:06.0240 1444 TapiSrv - ok
15:42:06.0271 1444 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:42:06.0274 1444 TBS - ok
15:42:06.0457 1444 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
15:42:06.0515 1444 Tcpip - ok
15:42:06.0949 1444 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
15:42:06.0959 1444 TCPIP6 - ok
15:42:07.0182 1444 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:42:07.0183 1444 tcpipreg - ok
15:42:07.0209 1444 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:42:07.0210 1444 TDPIPE - ok
15:42:07.0274 1444 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
15:42:07.0275 1444 TDTCP - ok
15:42:07.0312 1444 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:42:07.0319 1444 tdx - ok
15:42:07.0372 1444 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:42:07.0373 1444 TermDD - ok
15:42:07.0475 1444 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:42:07.0505 1444 TermService - ok
15:42:07.0679 1444 TFsExDisk (ce4b6956e4e12492715a53076e58761f) C:\Windows\System32\Drivers\TFsExDisk.sys
15:42:07.0690 1444 TFsExDisk - ok
15:42:07.0712 1444 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:42:07.0714 1444 Themes - ok
15:42:07.0736 1444 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:42:07.0738 1444 THREADORDER - ok
15:42:07.0754 1444 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:42:07.0761 1444 TrkWks - ok
15:42:07.0794 1444 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:42:07.0801 1444 TrustedInstaller - ok
15:42:07.0879 1444 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:42:07.0880 1444 tssecsrv - ok
15:42:07.0956 1444 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:42:07.0958 1444 TsUsbFlt - ok
15:42:07.0999 1444 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:42:08.0001 1444 tunnel - ok
15:42:08.0021 1444 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:42:08.0023 1444 uagp35 - ok
15:42:08.0130 1444 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:42:08.0135 1444 udfs - ok
15:42:08.0191 1444 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:42:08.0194 1444 UI0Detect - ok
15:42:08.0221 1444 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:42:08.0241 1444 uliagpkx - ok
15:42:08.0294 1444 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:42:08.0296 1444 umbus - ok
15:37:57.0042 3944 TDSS rootkit removing tool 2.7.32.0 Apr 23 2012 19:12:34
15:37:57.0201 3944 ============================================================
15:37:57.0201 3944 Current date / time: 2012/04/24 15:37:57.0201
15:37:57.0201 3944 SystemInfo:
15:37:57.0201 3944
15:37:57.0201 3944 OS Version: 6.1.7601 ServicePack: 1.0
15:37:57.0201 3944 Product type: Workstation
15:37:57.0202 3944 ComputerName: JIRKA-PC
15:37:57.0202 3944 UserName: Jirka
15:37:57.0202 3944 Windows directory: C:\Windows
15:37:57.0202 3944 System windows directory: C:\Windows
15:37:57.0202 3944 Running under WOW64
15:37:57.0202 3944 Processor architecture: Intel x64
15:37:57.0202 3944 Number of processors: 4
15:37:57.0202 3944 Page size: 0x1000
15:37:57.0202 3944 Boot type: Normal boot
15:37:57.0202 3944 ============================================================
15:37:58.0901 3944 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:37:58.0931 3944 Drive \Device\Harddisk1\DR1 - Size: 0x2F7B100000 (189.92 Gb), SectorSize: 0x200, Cylinders: 0x60D8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:37:58.0963 3944 Drive \Device\Harddisk3\DR3 - Size: 0x2F7B100000 (189.92 Gb), SectorSize: 0x200, Cylinders: 0x66E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
15:37:58.0980 3944 Drive \Device\Harddisk2\DR2 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:37:59.0211 3944 ============================================================
15:37:59.0211 3944 \Device\Harddisk0\DR0:
15:37:59.0211 3944 MBR partitions:
15:37:59.0211 3944 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:37:59.0211 3944 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xD87C000
15:37:59.0211 3944 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xD8AE87F, BlocksNum 0xF915D02
15:37:59.0211 3944 \Device\Harddisk1\DR1:
15:37:59.0211 3944 MBR partitions:
15:37:59.0211 3944 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC34F800
15:37:59.0211 3944 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x5C43800
15:37:59.0211 3944 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x11F94000, BlocksNum 0x5C43800
15:37:59.0211 3944 \Device\Harddisk3\DR3:
15:37:59.0212 3944 MBR partitions:
15:37:59.0212 3944 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x17BD7000
15:37:59.0212 3944 \Device\Harddisk2\DR2:
15:37:59.0214 3944 MBR partitions:
15:37:59.0214 3944 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
15:37:59.0214 3944 ============================================================
15:37:59.0215 3944 C: <-> \Device\Harddisk0\DR0\Partition1
15:37:59.0389 3944 D: <-> \Device\Harddisk0\DR0\Partition2
15:37:59.0470 3944 F: <-> \Device\Harddisk1\DR1\Partition0
15:37:59.0489 3944 H: <-> \Device\Harddisk2\DR2\Partition0
15:37:59.0522 3944 G: <-> \Device\Harddisk3\DR3\Partition0
15:38:00.0078 3944 I: <-> \Device\Harddisk1\DR1\Partition1
15:38:00.0151 3944 O: <-> \Device\Harddisk1\DR1\Partition2
15:38:00.0151 3944 ============================================================
15:38:00.0151 3944 Initialize success
15:38:00.0151 3944 ============================================================
15:38:18.0612 1444 ============================================================
15:38:18.0612 1444 Scan started
15:38:18.0612 1444 Mode: Manual;
15:38:18.0612 1444 ============================================================
15:40:32.0925 1444 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:40:32.0963 1444 1394ohci - ok
15:40:33.0029 1444 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
15:40:33.0031 1444 61883 - ok
15:40:33.0090 1444 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:40:33.0102 1444 ACPI - ok
15:40:33.0128 1444 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:40:33.0129 1444 AcpiPmi - ok
15:40:33.0182 1444 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
15:40:33.0183 1444 adfs - ok
15:40:33.0359 1444 Adobe Version Cue CS4 (57a3b9a69f14414ace12afd6ba701773) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
15:40:33.0396 1444 Adobe Version Cue CS4 - ok
15:40:33.0468 1444 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:40:33.0555 1444 adp94xx - ok
15:40:33.0632 1444 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:40:33.0637 1444 adpahci - ok
15:40:33.0647 1444 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:40:33.0655 1444 adpu320 - ok
15:40:33.0726 1444 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:40:33.0727 1444 AeLookupSvc - ok
15:40:33.0890 1444 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
15:40:33.0896 1444 AFD - ok
15:40:34.0162 1444 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:40:34.0174 1444 agp440 - ok
15:40:34.0676 1444 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll
15:40:34.0676 1444 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7
15:40:34.0683 1444 Akamai ( HiddenFile.Multi.Generic ) - warning
15:40:34.0683 1444 Akamai - detected HiddenFile.Multi.Generic (1)
15:40:34.0760 1444 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:40:34.0777 1444 ALG - ok
15:40:34.0827 1444 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:40:34.0828 1444 aliide - ok
15:40:34.0851 1444 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:40:34.0852 1444 amdide - ok
15:40:34.0873 1444 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:40:34.0875 1444 AmdK8 - ok
15:40:34.0893 1444 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:40:34.0895 1444 AmdPPM - ok
15:40:34.0949 1444 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
15:40:34.0960 1444 amdsata - ok
15:40:35.0034 1444 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:40:35.0037 1444 amdsbs - ok
15:40:36.0257 1444 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
15:40:36.0264 1444 amdxata - ok
15:40:36.0376 1444 AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
15:40:36.0378 1444 AppHostSvc - ok
15:40:36.0429 1444 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:40:36.0430 1444 AppID - ok
15:40:36.0486 1444 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:40:36.0487 1444 AppIDSvc - ok
15:40:36.0496 1444 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:40:36.0497 1444 Appinfo - ok
15:40:36.0572 1444 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
15:40:36.0575 1444 AppMgmt - ok
15:40:36.0596 1444 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:40:36.0598 1444 arc - ok
15:40:36.0608 1444 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:40:36.0610 1444 arcsas - ok
15:40:36.0766 1444 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:40:36.0767 1444 aspnet_state - ok
15:40:36.0809 1444 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:40:36.0810 1444 AsyncMac - ok
15:40:36.0829 1444 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:40:36.0829 1444 atapi - ok
15:40:36.0976 1444 Ati External Event Utility (ca4a0176fa380efd45de9d0acb9e1f86) C:\Windows\system32\Ati2evxx.exe
15:40:36.0986 1444 Ati External Event Utility - ok
15:40:39.0422 1444 atikmdag (aeae4abe6419923c037a0b2a157e1fc6) C:\Windows\system32\DRIVERS\atikmdag.sys
15:40:39.0699 1444 atikmdag - ok
15:40:39.0939 1444 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
15:40:39.0944 1444 atksgt - ok
15:40:40.0008 1444 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:40:40.0032 1444 AudioEndpointBuilder - ok
15:40:40.0039 1444 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:40:40.0043 1444 AudioSrv - ok
15:40:40.0091 1444 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
15:40:40.0093 1444 Avc - ok
15:40:40.0154 1444 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:40:40.0157 1444 AxInstSV - ok
15:40:40.0196 1444 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:40:40.0248 1444 b06bdrv - ok
15:40:40.0282 1444 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:40:40.0320 1444 b57nd60a - ok
15:40:40.0355 1444 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:40:40.0357 1444 BDESVC - ok
15:40:40.0409 1444 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:40:40.0409 1444 Beep - ok
15:40:40.0496 1444 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:40:40.0526 1444 BFE - ok
15:40:40.0716 1444 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
15:40:40.0729 1444 BITS - ok
15:40:40.0785 1444 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:40:40.0786 1444 blbdrive - ok
15:40:40.0864 1444 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
15:40:40.0866 1444 bowser - ok
15:40:40.0882 1444 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:40:40.0883 1444 BrFiltLo - ok
15:40:40.0886 1444 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:40:40.0887 1444 BrFiltUp - ok
15:40:40.0918 1444 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:40:40.0919 1444 BridgeMP - ok
15:40:40.0973 1444 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:40:40.0975 1444 Browser - ok
15:40:41.0007 1444 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:40:41.0045 1444 Brserid - ok
15:40:41.0050 1444 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:40:41.0052 1444 BrSerWdm - ok
15:40:41.0055 1444 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:40:41.0056 1444 BrUsbMdm - ok
15:40:41.0060 1444 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:40:41.0061 1444 BrUsbSer - ok
15:40:41.0074 1444 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:40:41.0075 1444 BTHMODEM - ok
15:40:41.0090 1444 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:40:41.0092 1444 bthserv - ok
15:40:41.0124 1444 catchme - ok
15:40:41.0157 1444 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:40:41.0159 1444 cdfs - ok
15:40:41.0207 1444 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:40:41.0213 1444 cdrom - ok
15:40:41.0223 1444 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:40:41.0225 1444 CertPropSvc - ok
15:40:41.0238 1444 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:40:41.0240 1444 circlass - ok
15:40:41.0262 1444 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:40:41.0308 1444 CLFS - ok
15:40:41.0406 1444 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:40:41.0408 1444 clr_optimization_v2.0.50727_32 - ok
15:40:41.0486 1444 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:40:41.0488 1444 clr_optimization_v2.0.50727_64 - ok
15:40:41.0791 1444 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:40:41.0835 1444 clr_optimization_v4.0.30319_32 - ok
15:40:41.0866 1444 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:40:41.0906 1444 clr_optimization_v4.0.30319_64 - ok
15:40:41.0925 1444 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:40:41.0926 1444 CmBatt - ok
15:40:41.0944 1444 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:40:41.0945 1444 cmdide - ok
15:40:42.0016 1444 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
15:40:42.0072 1444 CNG - ok
15:40:42.0132 1444 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:40:42.0133 1444 Compbatt - ok
15:40:42.0181 1444 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:40:42.0182 1444 CompositeBus - ok
15:40:42.0185 1444 COMSysApp - ok
15:40:42.0210 1444 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:40:42.0211 1444 crcdisk - ok
15:40:42.0261 1444 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:40:42.0268 1444 CryptSvc - ok
15:40:42.0350 1444 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:40:42.0376 1444 CSC - ok
15:40:42.0493 1444 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
15:40:42.0501 1444 CscService - ok
15:40:42.0585 1444 DAUpdaterSvc (80861969541971176e005d2c09dae851) H:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
15:40:42.0636 1444 DAUpdaterSvc - ok
15:40:42.0736 1444 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:40:42.0745 1444 DcomLaunch - ok
15:40:42.0775 1444 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:40:42.0813 1444 defragsvc - ok
15:40:42.0927 1444 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:40:42.0929 1444 DfsC - ok
15:40:43.0056 1444 dgderdrv (def365f0f6e017888c4b869d3ba4b8e0) C:\Windows\system32\drivers\dgderdrv.sys
15:40:43.0099 1444 dgderdrv - ok
15:40:43.0418 1444 dgdersvc (bc3c53000adcd440f1b23e46dac302ef) C:\Windows\system32\dgdersvc.exe
15:40:43.0420 1444 dgdersvc - ok
15:40:43.0436 1444 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:40:43.0474 1444 Dhcp - ok
15:40:43.0532 1444 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:40:43.0533 1444 discache - ok
15:40:43.0573 1444 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:40:43.0574 1444 Disk - ok
15:40:43.0635 1444 Dnscache (cd55f5355d8f55d44c9f4ed875705bd6) C:\Windows\System32\dnsrslvr.dll
15:40:43.0639 1444 Dnscache - ok
15:40:43.0688 1444 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:40:43.0726 1444 dot3svc - ok
15:40:43.0905 1444 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:40:43.0909 1444 DPS - ok
15:40:43.0956 1444 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:40:43.0957 1444 drmkaud - ok
15:40:44.0058 1444 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:40:44.0085 1444 DXGKrnl - ok
15:40:44.0240 1444 e1yexpress (50ad8fc1dc800ff36087994c8f7fdff2) C:\Windows\system32\DRIVERS\e1y60x64.sys
15:40:44.0277 1444 e1yexpress - ok
15:40:44.0686 1444 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:40:44.0755 1444 EapHost - ok
15:40:45.0067 1444 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:40:45.0162 1444 ebdrv - ok
15:40:45.0267 1444 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
15:40:45.0273 1444 EFS - ok
15:40:45.0447 1444 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:40:45.0497 1444 ehRecvr - ok
15:40:45.0530 1444 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:40:45.0536 1444 ehSched - ok
15:40:45.0623 1444 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:40:45.0630 1444 elxstor - ok
15:40:45.0692 1444 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:40:45.0693 1444 ErrDev - ok
15:40:45.0744 1444 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:40:45.0805 1444 EventSystem - ok
15:40:45.0816 1444 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:40:45.0819 1444 exfat - ok
15:40:45.0908 1444 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:40:45.0922 1444 fastfat - ok
15:40:46.0000 1444 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:40:46.0024 1444 Fax - ok
15:40:46.0086 1444 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:40:46.0087 1444 fdc - ok
15:40:46.0104 1444 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:40:46.0105 1444 fdPHost - ok
15:40:46.0117 1444 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:40:46.0119 1444 FDResPub - ok
15:40:46.0168 1444 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:40:46.0170 1444 FileInfo - ok
15:40:46.0180 1444 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:40:46.0181 1444 Filetrace - ok
15:40:46.0403 1444 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:40:46.0453 1444 FLEXnet Licensing Service - ok
15:40:46.0645 1444 FLEXnet Licensing Service 64 (1c3fb052a0bb72edaed90785c34d6eed) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
15:40:46.0684 1444 FLEXnet Licensing Service 64 - ok
15:40:46.0914 1444 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:40:46.0915 1444 flpydisk - ok
15:40:46.0967 1444 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:40:46.0981 1444 FltMgr - ok
15:40:47.0090 1444 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
15:40:47.0143 1444 FontCache - ok
15:40:47.0322 1444 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:40:47.0329 1444 FontCache3.0.0.0 - ok
15:40:47.0461 1444 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:40:47.0463 1444 FsDepends - ok
15:40:47.0516 1444 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:40:47.0517 1444 Fs_Rec - ok
15:40:47.0557 1444 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:40:47.0563 1444 fvevol - ok
15:40:47.0585 1444 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:40:47.0595 1444 gagp30kx - ok
15:40:47.0760 1444 GGSAFERDriver - ok
15:40:47.0850 1444 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:40:47.0873 1444 gpsvc - ok
15:40:48.0015 1444 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:40:48.0018 1444 gusvc - ok
15:40:48.0073 1444 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
15:40:48.0074 1444 hamachi - ok
15:40:48.0087 1444 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:40:48.0088 1444 hcw85cir - ok
15:40:48.0120 1444 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:40:48.0157 1444 HdAudAddService - ok
15:40:48.0215 1444 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:40:48.0217 1444 HDAudBus - ok
15:40:48.0239 1444 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:40:48.0240 1444 HidBatt - ok
15:40:48.0254 1444 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:40:48.0256 1444 HidBth - ok
15:40:48.0270 1444 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:40:48.0272 1444 HidIr - ok
15:40:48.0293 1444 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
15:40:48.0294 1444 hidserv - ok
15:40:48.0326 1444 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:40:48.0327 1444 HidUsb - ok
15:40:48.0433 1444 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:40:48.0435 1444 hkmsvc - ok
15:40:48.0517 1444 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:40:48.0555 1444 HomeGroupListener - ok
15:40:48.0602 1444 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:40:48.0641 1444 HomeGroupProvider - ok
15:40:48.0665 1444 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:40:48.0666 1444 HpSAMD - ok
15:40:48.0832 1444 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:40:48.0882 1444 HTTP - ok
15:40:48.0954 1444 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:40:48.0955 1444 hwpolicy - ok
15:40:49.0001 1444 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:40:49.0003 1444 i8042prt - ok
15:40:49.0048 1444 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
15:40:49.0100 1444 iaStorV - ok
15:40:49.0403 1444 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:40:49.0432 1444 idsvc - ok
15:40:49.0500 1444 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:40:49.0501 1444 iirsp - ok
15:40:49.0682 1444 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:40:49.0724 1444 IKEEXT - ok
15:40:49.0740 1444 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:40:49.0741 1444 intelide - ok
15:40:49.0758 1444 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:40:49.0759 1444 intelppm - ok
15:40:49.0870 1444 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:40:49.0873 1444 IPBusEnum - ok
15:40:49.0894 1444 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:40:49.0896 1444 IpFilterDriver - ok
15:40:51.0861 1444 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:40:51.0869 1444 iphlpsvc - ok
15:40:51.0898 1444 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:40:51.0900 1444 IPMIDRV - ok
15:40:51.0924 1444 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:40:51.0926 1444 IPNAT - ok
15:40:51.0943 1444 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:40:51.0944 1444 IRENUM - ok
15:40:51.0969 1444 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:40:51.0970 1444 isapnp - ok
15:40:51.0990 1444 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:40:52.0004 1444 iScsiPrt - ok
15:40:52.0023 1444 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:40:52.0024 1444 kbdclass - ok
15:40:52.0045 1444 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:40:52.0047 1444 kbdhid - ok
15:40:52.0074 1444 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:40:52.0076 1444 KeyIso - ok
15:40:52.0131 1444 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
15:40:52.0133 1444 KSecDD - ok
15:40:52.0178 1444 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
15:40:52.0184 1444 KSecPkg - ok
15:40:52.0195 1444 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:40:52.0196 1444 ksthunk - ok
15:40:52.0220 1444 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:40:52.0268 1444 KtmRm - ok
15:40:52.0449 1444 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
15:40:52.0455 1444 LanmanServer - ok
15:40:52.0496 1444 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:40:52.0503 1444 LanmanWorkstation - ok
15:40:52.0551 1444 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
15:40:52.0553 1444 lirsgt - ok
15:40:52.0579 1444 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:40:52.0581 1444 lltdio - ok
15:40:52.0601 1444 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:40:52.0639 1444 lltdsvc - ok
15:40:52.0659 1444 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:40:52.0661 1444 lmhosts - ok
15:40:52.0682 1444 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:40:52.0685 1444 LSI_FC - ok
15:40:52.0704 1444 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:40:52.0706 1444 LSI_SAS - ok
15:40:52.0712 1444 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:40:52.0713 1444 LSI_SAS2 - ok
15:40:52.0727 1444 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:40:52.0734 1444 LSI_SCSI - ok
15:40:52.0749 1444 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:40:52.0756 1444 luafv - ok
15:40:52.0873 1444 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
15:40:52.0882 1444 MBAMProtector - ok
15:40:53.0312 1444 MBAMService (ba400ed640bca1eae5c727ae17c10207) D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:40:53.0410 1444 MBAMService - ok
15:40:54.0596 1444 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:40:54.0599 1444 Mcx2Svc - ok
15:40:54.0632 1444 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:40:54.0633 1444 megasas - ok
15:40:54.0660 1444 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:40:54.0713 1444 MegaSR - ok
15:40:54.0876 1444 mi-raysat_3dsmax2010_64 (0af89452a8ce3928168f4e5b2208c68b) D:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
15:40:54.0907 1444 mi-raysat_3dsmax2010_64 - ok
15:40:55.0029 1444 Microsoft SharePoint Workspace Audit Service - ok
15:40:55.0064 1444 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:40:55.0066 1444 MMCSS - ok
15:40:55.0117 1444 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:40:55.0118 1444 Modem - ok
15:40:55.0159 1444 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:40:55.0160 1444 monitor - ok
15:40:55.0228 1444 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:40:55.0229 1444 mouclass - ok
15:40:55.0278 1444 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:40:55.0280 1444 mouhid - ok
15:40:55.0342 1444 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:40:55.0344 1444 mountmgr - ok
15:40:55.0406 1444 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys
15:40:55.0412 1444 MpFilter - ok
15:40:55.0437 1444 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:40:55.0444 1444 mpio - ok
15:40:55.0462 1444 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys
15:40:55.0463 1444 MpNWMon - ok
15:40:55.0502 1444 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:40:55.0504 1444 mpsdrv - ok
15:40:55.0827 1444 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:40:55.0840 1444 MpsSvc - ok
15:40:56.0115 1444 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:40:56.0124 1444 MRxDAV - ok
15:41:30.0586 1444 mrxsmb (faf015b07e3a2874a790a39b7d2c579f) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:41:30.0611 1444 mrxsmb - ok
15:41:30.0751 1444 mrxsmb10 (08e2345df129082bcdffdc1440f9c00d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:41:30.0756 1444 mrxsmb10 - ok
15:41:30.0936 1444 mrxsmb20 (108d87409c5812ef47d81e22843e8c9d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:41:30.0938 1444 mrxsmb20 - ok
15:41:30.0959 1444 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:41:30.0961 1444 msahci - ok
15:41:30.0994 1444 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:41:30.0996 1444 msdsm - ok
15:41:31.0030 1444 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:41:31.0037 1444 MSDTC - ok
15:41:31.0122 1444 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
15:41:31.0124 1444 MSDV - ok
15:41:31.0174 1444 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:41:31.0175 1444 Msfs - ok
15:41:31.0183 1444 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:41:31.0184 1444 mshidkmdf - ok
15:41:31.0202 1444 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:41:31.0203 1444 msisadrv - ok
15:41:31.0230 1444 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:41:31.0236 1444 MSiSCSI - ok
15:41:31.0239 1444 msiserver - ok
15:41:31.0358 1444 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:41:31.0359 1444 MSKSSRV - ok
15:41:31.0578 1444 MsMpSvc (64e69a217d861776ca848b453fb96d71) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
15:41:31.0579 1444 MsMpSvc - ok
15:41:31.0608 1444 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:41:31.0609 1444 MSPCLOCK - ok
15:41:31.0630 1444 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:41:31.0631 1444 MSPQM - ok
15:41:31.0685 1444 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:41:31.0698 1444 MsRPC - ok
15:41:31.0774 1444 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:41:31.0775 1444 mssmbios - ok
15:41:31.0892 1444 MSSQL$SQLEXPRESS - ok
15:41:31.0972 1444 MSSQLServerADHelper100 - ok
15:41:31.0987 1444 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:41:31.0988 1444 MSTEE - ok
15:41:32.0007 1444 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:41:32.0008 1444 MTConfig - ok
15:41:32.0027 1444 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:41:32.0029 1444 Mup - ok
15:41:32.0049 1444 MySQL - ok
15:41:32.0108 1444 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:41:32.0115 1444 napagent - ok
15:41:32.0200 1444 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:41:32.0204 1444 NativeWifiP - ok
15:41:32.0323 1444 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:41:32.0376 1444 NDIS - ok
15:41:32.0421 1444 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:41:32.0422 1444 NdisCap - ok
15:41:32.0454 1444 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:41:32.0455 1444 NdisTapi - ok
15:41:32.0469 1444 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:41:32.0471 1444 Ndisuio - ok
15:41:32.0504 1444 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:41:32.0510 1444 NdisWan - ok
15:41:32.0566 1444 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:41:32.0567 1444 NDProxy - ok
15:41:32.0616 1444 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:41:32.0617 1444 NetBIOS - ok
15:41:32.0735 1444 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:41:32.0738 1444 NetBT - ok
15:41:32.0836 1444 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:41:32.0837 1444 Netlogon - ok
15:41:32.0873 1444 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:41:32.0935 1444 Netman - ok
15:41:33.0062 1444 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:41:33.0070 1444 NetMsmqActivator - ok
15:41:33.0072 1444 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:41:33.0073 1444 NetPipeActivator - ok
15:41:33.0181 1444 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:41:33.0209 1444 netprofm - ok
15:41:33.0212 1444 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:41:33.0214 1444 NetTcpActivator - ok
15:41:33.0217 1444 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:41:33.0218 1444 NetTcpPortSharing - ok
15:41:33.0293 1444 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:41:33.0294 1444 nfrd960 - ok
15:41:33.0348 1444 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:41:33.0349 1444 NisDrv - ok
15:41:33.0571 1444 NisSrv (c67e39d2968400b38f54a10822e6eacf) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
15:41:33.0574 1444 NisSrv - ok
15:41:33.0626 1444 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:41:33.0664 1444 NlaSvc - ok
15:41:33.0696 1444 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:41:33.0697 1444 Npfs - ok
15:41:33.0717 1444 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:41:33.0720 1444 nsi - ok
15:41:33.0770 1444 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:41:33.0771 1444 nsiproxy - ok
15:41:33.0914 1444 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
15:41:33.0985 1444 Ntfs - ok
15:41:34.0200 1444 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:41:34.0201 1444 Null - ok
15:41:34.0228 1444 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
15:41:34.0235 1444 nvraid - ok
15:41:34.0257 1444 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
15:41:34.0263 1444 nvstor - ok
15:41:34.0294 1444 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:41:34.0296 1444 nv_agp - ok
15:41:34.0312 1444 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:41:34.0314 1444 ohci1394 - ok
15:41:34.0440 1444 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:41:34.0446 1444 ose64 - ok
15:41:34.0828 1444 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:41:34.0963 1444 osppsvc - ok
15:41:35.0166 1444 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:41:35.0203 1444 p2pimsvc - ok
15:41:35.0237 1444 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:41:35.0298 1444 p2psvc - ok
15:41:35.0339 1444 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:41:35.0341 1444 Parport - ok
15:41:35.0417 1444 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:41:35.0419 1444 partmgr - ok
15:41:35.0442 1444 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:41:35.0455 1444 PcaSvc - ok
15:41:35.0482 1444 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:41:35.0489 1444 pci - ok
15:41:35.0514 1444 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:41:35.0515 1444 pciide - ok
15:41:35.0543 1444 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:41:35.0549 1444 pcmcia - ok
15:41:50.0475 1444 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:41:50.0477 1444 pcw - ok
15:41:50.0758 1444 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:41:50.0766 1444 PEAUTH - ok
15:41:50.0892 1444 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
15:41:50.0936 1444 PeerDistSvc - ok
15:41:51.0050 1444 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:41:51.0052 1444 PerfHost - ok
15:41:51.0258 1444 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:41:51.0362 1444 pla - ok
15:41:53.0232 1444 PlugPlay (b806e50427511bcf4ad8e8239c3e25fa) C:\Windows\system32\umpnpmgr.dll
15:41:53.0285 1444 PlugPlay - ok
15:41:53.0319 1444 PnkBstrA - ok
15:41:53.0353 1444 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:41:53.0356 1444 PNRPAutoReg - ok
15:41:53.0381 1444 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:41:53.0385 1444 PNRPsvc - ok
15:41:53.0464 1444 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:41:53.0470 1444 PolicyAgent - ok
15:41:53.0636 1444 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:41:53.0640 1444 Power - ok
15:41:53.0704 1444 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:41:53.0706 1444 PptpMiniport - ok
15:41:53.0726 1444 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:41:53.0727 1444 Processor - ok
15:41:53.0795 1444 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:41:53.0799 1444 ProfSvc - ok
15:41:53.0828 1444 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:41:53.0830 1444 ProtectedStorage - ok
15:41:53.0894 1444 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:41:53.0899 1444 Psched - ok
15:41:54.0055 1444 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
15:41:54.0096 1444 PSI_SVC_2 - ok
15:41:57.0247 1444 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
15:41:57.0324 1444 PxHlpa64 - ok
15:41:57.0680 1444 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:41:57.0753 1444 ql2300 - ok
15:41:57.0889 1444 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:41:57.0891 1444 ql40xx - ok
15:41:57.0945 1444 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:41:57.0950 1444 QWAVE - ok
15:41:57.0959 1444 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:41:57.0961 1444 QWAVEdrv - ok
15:41:57.0965 1444 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:41:57.0966 1444 RasAcd - ok
15:41:58.0056 1444 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:41:58.0058 1444 RasAgileVpn - ok
15:41:58.0084 1444 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:41:58.0091 1444 RasAuto - ok
15:41:58.0142 1444 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:41:58.0144 1444 Rasl2tp - ok
15:41:58.0162 1444 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:41:58.0209 1444 RasMan - ok
15:41:58.0239 1444 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:41:58.0241 1444 RasPppoe - ok
15:41:58.0253 1444 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:41:58.0254 1444 RasSstp - ok
15:41:58.0303 1444 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:41:58.0324 1444 rdbss - ok
15:41:58.0365 1444 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:41:58.0367 1444 rdpbus - ok
15:41:58.0380 1444 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:41:58.0381 1444 RDPCDD - ok
15:41:58.0448 1444 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:41:58.0454 1444 RDPDR - ok
15:41:58.0473 1444 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:41:58.0474 1444 RDPENCDD - ok
15:41:58.0486 1444 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:41:58.0487 1444 RDPREFMP - ok
15:41:58.0529 1444 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
15:41:58.0567 1444 RDPWD - ok
15:41:58.0675 1444 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:41:58.0722 1444 rdyboost - ok
15:41:58.0747 1444 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:41:58.0750 1444 RemoteAccess - ok
15:41:58.0764 1444 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:41:58.0779 1444 RemoteRegistry - ok
15:41:58.0937 1444 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:41:58.0940 1444 RpcEptMapper - ok
15:41:58.0969 1444 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:41:58.0971 1444 RpcLocator - ok
15:41:59.0021 1444 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:41:59.0025 1444 RpcSs - ok
15:41:59.0065 1444 RsFx0105 - ok
15:41:59.0085 1444 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:41:59.0087 1444 rspndr - ok
15:41:59.0132 1444 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:41:59.0133 1444 s3cap - ok
15:41:59.0150 1444 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:41:59.0152 1444 SamSs - ok
15:41:59.0222 1444 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:41:59.0224 1444 sbp2port - ok
15:41:59.0248 1444 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:41:59.0288 1444 SCardSvr - ok
15:41:59.0393 1444 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
15:41:59.0433 1444 SCDEmu - ok
15:41:59.0509 1444 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:41:59.0511 1444 scfilter - ok
15:41:59.0670 1444 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:41:59.0829 1444 Schedule - ok
15:42:00.0175 1444 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:42:00.0176 1444 SCPolicySvc - ok
15:42:00.0205 1444 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:42:00.0236 1444 SDRSVC - ok
15:42:01.0222 1444 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:42:01.0223 1444 secdrv - ok
15:42:01.0232 1444 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:42:01.0234 1444 seclogon - ok
15:42:01.0248 1444 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
15:42:01.0250 1444 SENS - ok
15:42:01.0267 1444 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:42:01.0270 1444 SensrSvc - ok
15:42:01.0276 1444 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:42:01.0277 1444 Serenum - ok
15:42:01.0288 1444 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:42:01.0290 1444 Serial - ok
15:42:01.0311 1444 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:42:01.0312 1444 sermouse - ok
15:42:01.0416 1444 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:42:01.0420 1444 SessionEnv - ok
15:42:01.0444 1444 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:42:01.0445 1444 sffdisk - ok
15:42:01.0463 1444 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:42:01.0464 1444 sffp_mmc - ok
15:42:01.0479 1444 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:42:01.0480 1444 sffp_sd - ok
15:42:01.0518 1444 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:42:01.0519 1444 sfloppy - ok
15:42:01.0575 1444 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:42:01.0595 1444 SharedAccess - ok
15:42:01.0713 1444 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:42:01.0721 1444 ShellHWDetection - ok
15:42:01.0907 1444 ShuttleEngine (0711f1b4a078ff2c49b468f1cb126825) C:\Program Files (x86)\Contour Shuttle\ShuttleEngine.exe
15:42:01.0934 1444 ShuttleEngine - ok
15:42:01.0958 1444 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:42:01.0959 1444 SiSRaid2 - ok
15:42:01.0976 1444 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:42:01.0977 1444 SiSRaid4 - ok
15:42:01.0991 1444 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:42:01.0993 1444 Smb - ok
15:42:02.0041 1444 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:42:02.0044 1444 SNMPTRAP - ok
15:42:02.0087 1444 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:42:02.0089 1444 spldr - ok
15:42:02.0148 1444 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:42:02.0175 1444 Spooler - ok
15:42:03.0133 1444 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:42:03.0274 1444 sppsvc - ok
15:42:03.0414 1444 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:42:03.0416 1444 sppuinotify - ok
15:42:03.0571 1444 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
15:42:03.0572 1444 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
15:42:03.0621 1444 sptd ( LockedFile.Multi.Generic ) - warning
15:42:03.0621 1444 sptd - detected LockedFile.Multi.Generic (1)
15:42:03.0731 1444 SQLAgent$SQLEXPRESS - ok
15:42:03.0787 1444 SQLBrowser - ok
15:42:03.0836 1444 SQLWriter - ok
15:42:03.0892 1444 srv (2098b8556d1cec2aca9a29cd479e3692) C:\Windows\system32\DRIVERS\srv.sys
15:42:03.0902 1444 srv - ok
15:42:04.0041 1444 srv2 (d0f73a42040f21f92fd314b42ac5c9e7) C:\Windows\system32\DRIVERS\srv2.sys
15:42:04.0054 1444 srv2 - ok
15:42:04.0167 1444 srvnet (2ba8f3250828ccdb4204ecf2c6f40b6a) C:\Windows\system32\DRIVERS\srvnet.sys
15:42:04.0173 1444 srvnet - ok
15:42:04.0222 1444 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:42:04.0236 1444 SSDPSRV - ok
15:42:04.0296 1444 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:42:04.0299 1444 SstpSvc - ok
15:42:04.0348 1444 ss_bbus (ef806d212d34b0e173baeb3564d53e37) C:\Windows\system32\DRIVERS\ss_bbus.sys
15:42:04.0355 1444 ss_bbus - ok
15:42:04.0399 1444 ss_bmdfl (08b1b34abebeb6ac2dea06900c56411e) C:\Windows\system32\DRIVERS\ss_bmdfl.sys
15:42:04.0400 1444 ss_bmdfl - ok
15:42:04.0435 1444 ss_bmdm (71a9da6beaa4cb54dfb827fb78600a5d) C:\Windows\system32\DRIVERS\ss_bmdm.sys
15:42:04.0441 1444 ss_bmdm - ok
15:42:04.0495 1444 ss_bserd (677cdc98f8363accaae783fde1599c2a) C:\Windows\system32\DRIVERS\ss_bserd.sys
15:42:04.0498 1444 ss_bserd - ok
15:42:04.0633 1444 STacSV (c15e5df1f7f4d0748242c6f2df2915a4) c:\program files\idt\wdm\STacSV64.exe
15:42:04.0648 1444 STacSV - ok
15:42:04.0669 1444 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:42:04.0671 1444 stexstor - ok
15:42:04.0735 1444 STHDA (40226663652a2fdc90652f0173e04d21) C:\Windows\system32\DRIVERS\stwrt64.sys
15:42:04.0754 1444 STHDA - ok
15:42:04.0865 1444 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:42:04.0875 1444 stisvc - ok
15:42:05.0188 1444 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:42:05.0190 1444 storflt - ok
15:42:05.0249 1444 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
15:42:05.0252 1444 StorSvc - ok
15:42:05.0271 1444 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:42:05.0273 1444 storvsc - ok
15:42:05.0324 1444 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:42:05.0326 1444 swenum - ok
15:42:05.0488 1444 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:42:05.0579 1444 SwitchBoard - ok
15:42:05.0627 1444 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:42:05.0645 1444 swprv - ok
15:42:05.0872 1444 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:42:05.0906 1444 SysMain - ok
15:42:06.0116 1444 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:42:06.0119 1444 TabletInputService - ok
15:42:06.0215 1444 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:42:06.0240 1444 TapiSrv - ok
15:42:06.0271 1444 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:42:06.0274 1444 TBS - ok
15:42:06.0457 1444 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
15:42:06.0515 1444 Tcpip - ok
15:42:06.0949 1444 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
15:42:06.0959 1444 TCPIP6 - ok
15:42:07.0182 1444 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:42:07.0183 1444 tcpipreg - ok
15:42:07.0209 1444 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:42:07.0210 1444 TDPIPE - ok
15:42:07.0274 1444 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
15:42:07.0275 1444 TDTCP - ok
15:42:07.0312 1444 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:42:07.0319 1444 tdx - ok
15:42:07.0372 1444 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:42:07.0373 1444 TermDD - ok
15:42:07.0475 1444 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:42:07.0505 1444 TermService - ok
15:42:07.0679 1444 TFsExDisk (ce4b6956e4e12492715a53076e58761f) C:\Windows\System32\Drivers\TFsExDisk.sys
15:42:07.0690 1444 TFsExDisk - ok
15:42:07.0712 1444 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:42:07.0714 1444 Themes - ok
15:42:07.0736 1444 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:42:07.0738 1444 THREADORDER - ok
15:42:07.0754 1444 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:42:07.0761 1444 TrkWks - ok
15:42:07.0794 1444 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:42:07.0801 1444 TrustedInstaller - ok
15:42:07.0879 1444 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:42:07.0880 1444 tssecsrv - ok
15:42:07.0956 1444 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:42:07.0958 1444 TsUsbFlt - ok
15:42:07.0999 1444 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:42:08.0001 1444 tunnel - ok
15:42:08.0021 1444 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:42:08.0023 1444 uagp35 - ok
15:42:08.0130 1444 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:42:08.0135 1444 udfs - ok
15:42:08.0191 1444 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:42:08.0194 1444 UI0Detect - ok
15:42:08.0221 1444 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:42:08.0241 1444 uliagpkx - ok
15:42:08.0294 1444 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:42:08.0296 1444 umbus - ok
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 109 hostů