Kontrola logu - zavirováno

k.oskar · Příspěvekod **k.oskar** » 07 črc 2012 18:46

Prosím o kontrolu logu:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:45:35, on 7.7.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Users\OEM\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

--
End of file - 7477 bytes

Reklama

Příspěvekod **jaro3** » 07 črc 2012 19:59

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

k.oskar · Příspěvekod **k.oskar** » 07 črc 2012 23:48

Tak Malwarebytes' Anti-Malware nic nenašel, takže asi nemá cenu sem log dávat. PC vypadá už líp, akorát rezidentní ochrana u Avastu stále nejde spustit.

Příspěvekod **jaro3** » 08 črc 2012 00:08

Stáhni si TDSSKiller

Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

k.oskar · Příspěvekod **k.oskar** » 08 črc 2012 18:33

Log z TDSSKilleru:

18:17:01.0993 3940 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
18:17:02.0165 3940 ============================================================
18:17:02.0165 3940 Current date / time: 2012/07/08 18:17:02.0165
18:17:02.0165 3940 SystemInfo:
18:17:02.0165 3940
18:17:02.0165 3940 OS Version: 6.1.7600 ServicePack: 0.0
18:17:02.0165 3940 Product type: Workstation
18:17:02.0165 3940 ComputerName: OEM-PC
18:17:02.0165 3940 UserName: OEM
18:17:02.0165 3940 Windows directory: C:\Windows
18:17:02.0165 3940 System windows directory: C:\Windows
18:17:02.0165 3940 Processor architecture: Intel x86
18:17:02.0165 3940 Number of processors: 3
18:17:02.0165 3940 Page size: 0x1000
18:17:02.0165 3940 Boot type: Normal boot
18:17:02.0165 3940 ============================================================
18:17:03.0413 3940 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
18:17:03.0444 3940 ============================================================
18:17:03.0444 3940 \Device\Harddisk0\DR0:
18:17:03.0444 3940 MBR partitions:
18:17:03.0444 3940 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:17:03.0444 3940 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
18:17:03.0444 3940 ============================================================
18:17:03.0475 3940 C: <-> \Device\Harddisk0\DR0\Partition1
18:17:03.0475 3940 ============================================================
18:17:03.0475 3940 Initialize success
18:17:03.0475 3940 ============================================================
18:17:05.0441 2476 ============================================================
18:17:05.0441 2476 Scan started
18:17:05.0441 2476 Mode: Manual;
18:17:05.0441 2476 ============================================================
18:17:08.0420 2476 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
18:17:08.0436 2476 1394ohci - ok
18:17:08.0514 2476 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
18:17:08.0514 2476 ACPI - ok
18:17:08.0561 2476 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
18:17:08.0561 2476 AcpiPmi - ok
18:17:08.0857 2476 AdobeActiveFileMonitor8.0 (4451cc2275b04043ec2bcc757af97291) C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
18:17:08.0873 2476 AdobeActiveFileMonitor8.0 - ok
18:17:08.0951 2476 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
18:17:08.0966 2476 adp94xx - ok
18:17:09.0060 2476 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
18:17:09.0075 2476 adpahci - ok
18:17:09.0107 2476 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
18:17:09.0107 2476 adpu320 - ok
18:17:09.0185 2476 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
18:17:09.0185 2476 AeLookupSvc - ok
18:17:09.0372 2476 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
18:17:09.0372 2476 AFD - ok
18:17:09.0434 2476 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
18:17:09.0450 2476 agp440 - ok
18:17:09.0481 2476 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
18:17:09.0481 2476 aic78xx - ok
18:17:09.0512 2476 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
18:17:09.0512 2476 ALG - ok
18:17:09.0528 2476 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
18:17:09.0528 2476 aliide - ok
18:17:09.0575 2476 AMD External Events Utility (b19505648f033393e907e2e419fde8b3) C:\Windows\system32\atiesrxx.exe
18:17:09.0575 2476 AMD External Events Utility - ok
18:17:09.0621 2476 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
18:17:09.0637 2476 amdagp - ok
18:17:09.0637 2476 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
18:17:09.0637 2476 amdide - ok
18:17:09.0668 2476 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
18:17:09.0668 2476 AmdK8 - ok
18:17:09.0684 2476 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
18:17:09.0684 2476 AmdPPM - ok
18:17:09.0746 2476 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
18:17:09.0746 2476 amdsata - ok
18:17:09.0762 2476 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
18:17:09.0777 2476 amdsbs - ok
18:17:09.0793 2476 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
18:17:09.0793 2476 amdxata - ok
18:17:09.0809 2476 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
18:17:09.0809 2476 AppID - ok
18:17:09.0824 2476 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
18:17:09.0824 2476 AppIDSvc - ok
18:17:09.0840 2476 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
18:17:09.0840 2476 Appinfo - ok
18:17:09.0855 2476 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
18:17:09.0855 2476 arc - ok
18:17:09.0871 2476 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
18:17:09.0871 2476 arcsas - ok
18:17:09.0887 2476 aswFsBlk - ok
18:17:09.0918 2476 aswRdr (4a951beba9e49410cde478b6f6abb252) C:\Windows\System32\Drivers\aswrdr2.sys
18:17:09.0918 2476 aswRdr - ok
18:17:09.0918 2476 aswSP - ok
18:17:09.0933 2476 aswTdi - ok
18:17:09.0933 2476 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:17:09.0949 2476 AsyncMac - ok
18:17:09.0949 2476 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
18:17:09.0949 2476 atapi - ok
18:17:10.0183 2476 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
18:17:10.0245 2476 atikmdag - ok
18:17:10.0433 2476 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
18:17:10.0433 2476 AudioEndpointBuilder - ok
18:17:10.0433 2476 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
18:17:10.0433 2476 Audiosrv - ok
18:17:10.0464 2476 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
18:17:10.0464 2476 AxInstSV - ok
18:17:10.0511 2476 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
18:17:10.0526 2476 b06bdrv - ok
18:17:10.0557 2476 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:17:10.0557 2476 b57nd60x - ok
18:17:10.0589 2476 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
18:17:10.0589 2476 BDESVC - ok
18:17:10.0604 2476 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:17:10.0604 2476 Beep - ok
18:17:10.0651 2476 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
18:17:10.0651 2476 BFE - ok
18:17:10.0760 2476 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\System32\qmgr.dll
18:17:10.0791 2476 BITS - ok
18:17:10.0823 2476 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
18:17:10.0823 2476 blbdrive - ok
18:17:10.0854 2476 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
18:17:10.0869 2476 bowser - ok
18:17:10.0869 2476 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:17:10.0869 2476 BrFiltLo - ok
18:17:10.0885 2476 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:17:10.0885 2476 BrFiltUp - ok
18:17:10.0916 2476 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
18:17:10.0916 2476 Browser - ok
18:17:10.0932 2476 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:17:10.0932 2476 Brserid - ok
18:17:10.0947 2476 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:17:10.0947 2476 BrSerWdm - ok
18:17:10.0963 2476 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:17:10.0963 2476 BrUsbMdm - ok
18:17:10.0963 2476 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:17:10.0963 2476 BrUsbSer - ok
18:17:10.0979 2476 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
18:17:10.0979 2476 BTHMODEM - ok
18:17:10.0994 2476 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
18:17:10.0994 2476 bthserv - ok
18:17:11.0010 2476 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:17:11.0010 2476 cdfs - ok
18:17:11.0041 2476 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
18:17:11.0041 2476 cdrom - ok
18:17:11.0057 2476 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
18:17:11.0057 2476 CertPropSvc - ok
18:17:11.0072 2476 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
18:17:11.0072 2476 circlass - ok
18:17:11.0135 2476 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:17:11.0135 2476 CLFS - ok
18:17:11.0213 2476 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:17:11.0228 2476 clr_optimization_v2.0.50727_32 - ok
18:17:11.0322 2476 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:17:11.0369 2476 clr_optimization_v4.0.30319_32 - ok
18:17:11.0384 2476 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:17:11.0384 2476 CmBatt - ok
18:17:11.0400 2476 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
18:17:11.0400 2476 cmdide - ok
18:17:11.0462 2476 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
18:17:11.0478 2476 CNG - ok
18:17:11.0493 2476 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
18:17:11.0493 2476 Compbatt - ok
18:17:11.0509 2476 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:17:11.0509 2476 CompositeBus - ok
18:17:11.0525 2476 COMSysApp - ok
18:17:11.0540 2476 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
18:17:11.0540 2476 crcdisk - ok
18:17:11.0587 2476 CryptSvc (520a108a2657f4bca7fced9ca7d885de) C:\Windows\system32\cryptsvc.dll
18:17:11.0603 2476 CryptSvc - ok
18:17:11.0649 2476 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
18:17:11.0665 2476 DcomLaunch - ok
18:17:11.0681 2476 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
18:17:11.0696 2476 defragsvc - ok
18:17:11.0727 2476 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
18:17:11.0727 2476 DfsC - ok
18:17:11.0759 2476 DgiVecp (7f19dba1a467b838ccb23124a2c55568) C:\Windows\system32\Drivers\DgiVecp.sys
18:17:11.0759 2476 DgiVecp - ok
18:17:11.0805 2476 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
18:17:11.0821 2476 Dhcp - ok
18:17:11.0837 2476 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:17:11.0837 2476 discache - ok
18:17:11.0883 2476 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
18:17:11.0883 2476 Disk - ok
18:17:11.0930 2476 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
18:17:11.0946 2476 Dnscache - ok
18:17:11.0977 2476 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
18:17:11.0977 2476 dot3svc - ok
18:17:12.0008 2476 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
18:17:12.0008 2476 DPS - ok
18:17:12.0039 2476 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:17:12.0039 2476 drmkaud - ok
18:17:12.0117 2476 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
18:17:12.0149 2476 DXGKrnl - ok
18:17:12.0180 2476 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
18:17:12.0180 2476 EapHost - ok
18:17:12.0398 2476 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
18:17:12.0429 2476 ebdrv - ok
18:17:12.0523 2476 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
18:17:12.0539 2476 EFS - ok
18:17:12.0632 2476 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
18:17:12.0648 2476 ehRecvr - ok
18:17:12.0679 2476 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
18:17:12.0679 2476 ehSched - ok
18:17:12.0757 2476 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
18:17:12.0773 2476 elxstor - ok
18:17:12.0788 2476 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
18:17:12.0788 2476 ErrDev - ok
18:17:12.0835 2476 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
18:17:12.0835 2476 EventSystem - ok
18:17:12.0866 2476 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:17:12.0866 2476 exfat - ok
18:17:12.0897 2476 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:17:12.0913 2476 fastfat - ok
18:17:12.0975 2476 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
18:17:12.0991 2476 Fax - ok
18:17:13.0007 2476 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
18:17:13.0007 2476 fdc - ok
18:17:13.0022 2476 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
18:17:13.0022 2476 fdPHost - ok
18:17:13.0038 2476 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
18:17:13.0038 2476 FDResPub - ok
18:17:13.0053 2476 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:17:13.0053 2476 FileInfo - ok
18:17:13.0069 2476 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:17:13.0069 2476 Filetrace - ok
18:17:13.0225 2476 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:17:13.0241 2476 FLEXnet Licensing Service - ok
18:17:13.0256 2476 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
18:17:13.0256 2476 flpydisk - ok
18:17:13.0287 2476 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:17:13.0287 2476 FltMgr - ok
18:17:13.0365 2476 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll
18:17:13.0381 2476 FontCache - ok
18:17:13.0459 2476 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:17:13.0459 2476 FontCache3.0.0.0 - ok
18:17:13.0475 2476 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:17:13.0475 2476 FsDepends - ok
18:17:13.0521 2476 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\Windows\system32\drivers\Fs_Rec.sys
18:17:13.0521 2476 Fs_Rec - ok
18:17:13.0584 2476 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
18:17:13.0584 2476 fvevol - ok
18:17:13.0615 2476 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:17:13.0615 2476 gagp30kx - ok
18:17:13.0677 2476 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
18:17:13.0677 2476 gpsvc - ok
18:17:13.0833 2476 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:17:13.0833 2476 gupdate - ok
18:17:13.0833 2476 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:17:13.0833 2476 gupdatem - ok
18:17:13.0849 2476 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:17:13.0849 2476 hcw85cir - ok
18:17:13.0911 2476 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
18:17:13.0911 2476 HdAudAddService - ok
18:17:13.0943 2476 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:17:13.0943 2476 HDAudBus - ok
18:17:13.0958 2476 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
18:17:13.0958 2476 HidBatt - ok
18:17:13.0974 2476 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
18:17:13.0974 2476 HidBth - ok
18:17:13.0989 2476 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
18:17:14.0005 2476 HidIr - ok
18:17:14.0005 2476 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
18:17:14.0005 2476 hidserv - ok
18:17:14.0067 2476 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
18:17:14.0067 2476 HidUsb - ok
18:17:14.0083 2476 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
18:17:14.0099 2476 hkmsvc - ok
18:17:14.0130 2476 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
18:17:14.0130 2476 HomeGroupListener - ok
18:17:14.0161 2476 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
18:17:14.0177 2476 HomeGroupProvider - ok
18:17:14.0208 2476 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
18:17:14.0208 2476 HpSAMD - ok
18:17:14.0255 2476 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
18:17:14.0270 2476 HTTP - ok
18:17:14.0270 2476 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
18:17:14.0270 2476 hwpolicy - ok
18:17:14.0286 2476 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
18:17:14.0286 2476 i8042prt - ok
18:17:14.0348 2476 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
18:17:14.0348 2476 iaStorV - ok
18:17:14.0473 2476 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:17:14.0473 2476 idsvc - ok
18:17:14.0504 2476 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
18:17:14.0504 2476 iirsp - ok
18:17:14.0567 2476 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
18:17:14.0582 2476 IKEEXT - ok
18:17:14.0598 2476 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
18:17:14.0598 2476 intelide - ok
18:17:14.0629 2476 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:17:14.0629 2476 intelppm - ok
18:17:14.0645 2476 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
18:17:14.0645 2476 IPBusEnum - ok
18:17:14.0660 2476 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:17:14.0660 2476 IpFilterDriver - ok
18:17:14.0707 2476 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
18:17:14.0723 2476 iphlpsvc - ok
18:17:14.0738 2476 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:17:14.0738 2476 IPMIDRV - ok
18:17:14.0769 2476 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:17:14.0769 2476 IPNAT - ok
18:17:14.0785 2476 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:17:14.0785 2476 IRENUM - ok
18:17:14.0785 2476 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
18:17:14.0785 2476 isapnp - ok
18:17:14.0816 2476 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
18:17:14.0816 2476 iScsiPrt - ok
18:17:14.0863 2476 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:17:14.0863 2476 kbdclass - ok
18:17:14.0879 2476 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
18:17:14.0879 2476 kbdhid - ok
18:17:14.0925 2476 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
18:17:14.0925 2476 KeyIso - ok
18:17:14.0941 2476 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
18:17:14.0941 2476 KSecDD - ok
18:17:14.0972 2476 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
18:17:14.0972 2476 KSecPkg - ok
18:17:15.0003 2476 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
18:17:15.0019 2476 KtmRm - ok
18:17:15.0066 2476 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\system32\srvsvc.dll
18:17:15.0066 2476 LanmanServer - ok
18:17:15.0097 2476 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
18:17:15.0097 2476 LanmanWorkstation - ok
18:17:15.0128 2476 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:17:15.0128 2476 lltdio - ok
18:17:15.0159 2476 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
18:17:15.0175 2476 lltdsvc - ok
18:17:15.0191 2476 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
18:17:15.0191 2476 lmhosts - ok
18:17:15.0237 2476 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:17:15.0237 2476 LSI_FC - ok
18:17:15.0269 2476 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:17:15.0269 2476 LSI_SAS - ok
18:17:15.0284 2476 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:17:15.0284 2476 LSI_SAS2 - ok
18:17:15.0300 2476 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:17:15.0315 2476 LSI_SCSI - ok
18:17:15.0331 2476 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:17:15.0331 2476 luafv - ok
18:17:15.0425 2476 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
18:17:15.0425 2476 MBAMProtector - ok
18:17:15.0565 2476 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:17:15.0581 2476 MBAMService - ok
18:17:15.0659 2476 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
18:17:15.0659 2476 McComponentHostService - ok
18:17:15.0690 2476 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
18:17:15.0705 2476 Mcx2Svc - ok
18:17:15.0721 2476 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
18:17:15.0721 2476 megasas - ok
18:17:15.0752 2476 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
18:17:15.0752 2476 MegaSR - ok
18:17:15.0768 2476 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
18:17:15.0783 2476 MMCSS - ok
18:17:15.0799 2476 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:17:15.0799 2476 Modem - ok
18:17:15.0815 2476 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:17:15.0815 2476 monitor - ok
18:17:15.0861 2476 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
18:17:15.0861 2476 mouclass - ok
18:17:15.0893 2476 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
18:17:15.0893 2476 mouhid - ok
18:17:15.0908 2476 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
18:17:15.0908 2476 mountmgr - ok
18:17:15.0924 2476 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
18:17:15.0939 2476 mpio - ok
18:17:15.0955 2476 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:17:15.0955 2476 mpsdrv - ok
18:17:16.0002 2476 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
18:17:16.0033 2476 MpsSvc - ok
18:17:16.0064 2476 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
18:17:16.0064 2476 MRxDAV - ok
18:17:16.0111 2476 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:17:16.0127 2476 mrxsmb - ok
18:17:16.0173 2476 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:17:16.0189 2476 mrxsmb10 - ok
18:17:16.0189 2476 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:17:16.0205 2476 mrxsmb20 - ok
18:17:16.0205 2476 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
18:17:16.0205 2476 msahci - ok
18:17:16.0236 2476 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
18:17:16.0236 2476 msdsm - ok
18:17:16.0251 2476 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
18:17:16.0251 2476 MSDTC - ok
18:17:16.0283 2476 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:17:16.0283 2476 Msfs - ok
18:17:16.0298 2476 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:17:16.0298 2476 mshidkmdf - ok
18:17:16.0329 2476 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
18:17:16.0329 2476 msisadrv - ok
18:17:16.0361 2476 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
18:17:16.0361 2476 MSiSCSI - ok
18:17:16.0376 2476 msiserver - ok
18:17:16.0407 2476 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:17:16.0407 2476 MSKSSRV - ok
18:17:16.0423 2476 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:17:16.0423 2476 MSPCLOCK - ok
18:17:16.0439 2476 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:17:16.0439 2476 MSPQM - ok
18:17:16.0454 2476 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:17:16.0454 2476 MsRPC - ok
18:17:16.0470 2476 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
18:17:16.0470 2476 mssmbios - ok
18:17:16.0485 2476 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:17:16.0485 2476 MSTEE - ok
18:17:16.0501 2476 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
18:17:16.0501 2476 MTConfig - ok
18:17:16.0517 2476 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:17:16.0517 2476 Mup - ok
18:17:16.0563 2476 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
18:17:16.0579 2476 napagent - ok
18:17:16.0626 2476 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:17:16.0626 2476 NativeWifiP - ok
18:17:16.0673 2476 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
18:17:16.0688 2476 NDIS - ok
18:17:16.0704 2476 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:17:16.0704 2476 NdisCap - ok
18:17:16.0719 2476 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:17:16.0719 2476 NdisTapi - ok
18:17:16.0735 2476 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
18:17:16.0751 2476 Ndisuio - ok
18:17:16.0766 2476 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
18:17:16.0766 2476 NdisWan - ok
18:17:16.0782 2476 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
18:17:16.0782 2476 NDProxy - ok
18:17:16.0797 2476 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:17:16.0797 2476 NetBIOS - ok
18:17:16.0813 2476 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
18:17:16.0813 2476 NetBT - ok
18:17:16.0844 2476 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
18:17:16.0844 2476 Netlogon - ok
18:17:16.0891 2476 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
18:17:16.0907 2476 Netman - ok
18:17:16.0922 2476 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
18:17:16.0938 2476 netprofm - ok
18:17:17.0000 2476 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:17:17.0000 2476 NetTcpPortSharing - ok
18:17:17.0031 2476 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
18:17:17.0031 2476 nfrd960 - ok
18:17:17.0063 2476 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
18:17:17.0063 2476 NlaSvc - ok
18:17:17.0078 2476 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:17:17.0078 2476 Npfs - ok
18:17:17.0078 2476 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
18:17:17.0094 2476 nsi - ok
18:17:17.0094 2476 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:17:17.0094 2476 nsiproxy - ok
18:17:17.0187 2476 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
18:17:17.0219 2476 Ntfs - ok
18:17:17.0219 2476 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:17:17.0219 2476 Null - ok
18:17:17.0281 2476 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
18:17:17.0281 2476 nvraid - ok
18:17:17.0297 2476 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
18:17:17.0312 2476 nvstor - ok
18:17:17.0328 2476 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
18:17:17.0328 2476 nv_agp - ok
18:17:17.0343 2476 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
18:17:17.0343 2476 ohci1394 - ok
18:17:17.0375 2476 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
18:17:17.0390 2476 p2pimsvc - ok
18:17:17.0421 2476 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
18:17:17.0421 2476 p2psvc - ok
18:17:17.0437 2476 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
18:17:17.0437 2476 Parport - ok
18:17:17.0484 2476 partmgr (66d3415c159741ade7038a277efff99f) C:\Windows\system32\drivers\partmgr.sys
18:17:17.0484 2476 partmgr - ok
18:17:17.0499 2476 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
18:17:17.0515 2476 Parvdm - ok
18:17:17.0531 2476 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
18:17:17.0531 2476 PcaSvc - ok
18:17:17.0546 2476 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
18:17:17.0562 2476 pci - ok
18:17:17.0562 2476 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
18:17:17.0562 2476 pciide - ok
18:17:17.0593 2476 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
18:17:17.0593 2476 pcmcia - ok
18:17:17.0624 2476 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:17:17.0624 2476 pcw - ok
18:17:17.0655 2476 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:17:17.0671 2476 PEAUTH - ok
18:17:17.0765 2476 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
18:17:17.0780 2476 pla - ok
18:17:17.0889 2476 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
18:17:17.0905 2476 PlugPlay - ok
18:17:17.0936 2476 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
18:17:17.0936 2476 PNRPAutoReg - ok
18:17:17.0952 2476 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
18:17:17.0967 2476 PNRPsvc - ok
18:17:17.0999 2476 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
18:17:18.0014 2476 PolicyAgent - ok
18:17:18.0030 2476 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
18:17:18.0045 2476 Power - ok
18:17:18.0077 2476 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:17:18.0092 2476 PptpMiniport - ok
18:17:18.0108 2476 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
18:17:18.0108 2476 Processor - ok
18:17:18.0155 2476 ProfSvc (aea3bdbdba667aa6f678cb38907e4f5e) C:\Windows\system32\profsvc.dll
18:17:18.0170 2476 ProfSvc - ok
18:17:18.0201 2476 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
18:17:18.0201 2476 ProtectedStorage - ok
18:17:18.0217 2476 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:17:18.0217 2476 Psched - ok
18:17:18.0295 2476 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
18:17:18.0295 2476 PxHelp20 - ok
18:17:18.0389 2476 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
18:17:18.0420 2476 ql2300 - ok
18:17:18.0498 2476 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
18:17:18.0498 2476 ql40xx - ok
18:17:18.0545 2476 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
18:17:18.0545 2476 QWAVE - ok
18:17:18.0576 2476 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:17:18.0576 2476 QWAVEdrv - ok
18:17:18.0607 2476 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:17:18.0607 2476 RasAcd - ok
18:17:18.0638 2476 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:17:18.0638 2476 RasAgileVpn - ok
18:17:18.0654 2476 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
18:17:18.0669 2476 RasAuto - ok
18:17:18.0685 2476 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:17:18.0685 2476 Rasl2tp - ok
18:17:18.0732 2476 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
18:17:18.0747 2476 RasMan - ok
18:17:18.0763 2476 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:17:18.0763 2476 RasPppoe - ok
18:17:18.0779 2476 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:17:18.0779 2476 RasSstp - ok
18:17:18.0810 2476 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
18:17:18.0825 2476 rdbss - ok
18:17:18.0841 2476 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
18:17:18.0841 2476 rdpbus - ok
18:17:18.0857 2476 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:17:18.0857 2476 RDPCDD - ok
18:17:18.0872 2476 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:17:18.0872 2476 RDPENCDD - ok
18:17:18.0888 2476 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:17:18.0888 2476 RDPREFMP - ok
18:17:18.0935 2476 RDPWD (c5b8d47a4688de9d335204ea757c2240) C:\Windows\system32\drivers\RDPWD.sys
18:17:18.0935 2476 RDPWD - ok
18:17:18.0966 2476 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
18:17:18.0981 2476 rdyboost - ok
18:17:18.0997 2476 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
18:17:19.0013 2476 RemoteAccess - ok
18:17:19.0028 2476 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
18:17:19.0028 2476 RemoteRegistry - ok
18:17:19.0059 2476 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
18:17:19.0059 2476 RpcEptMapper - ok
18:17:19.0075 2476 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
18:17:19.0075 2476 RpcLocator - ok
18:17:19.0122 2476 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
18:17:19.0122 2476 RpcSs - ok
18:17:19.0137 2476 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:17:19.0137 2476 rspndr - ok
18:17:19.0184 2476 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
18:17:19.0184 2476 RTL8167 - ok
18:17:19.0215 2476 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
18:17:19.0231 2476 SamSs - ok
18:17:19.0262 2476 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
18:17:19.0262 2476 sbp2port - ok
18:17:19.0278 2476 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
18:17:19.0293 2476 SCardSvr - ok
18:17:19.0309 2476 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
18:17:19.0309 2476 scfilter - ok
18:17:19.0403 2476 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
18:17:19.0403 2476 Schedule - ok
18:17:19.0434 2476 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
18:17:19.0434 2476 SCPolicySvc - ok
18:17:19.0449 2476 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
18:17:19.0465 2476 SDRSVC - ok
18:17:19.0481 2476 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:17:19.0481 2476 secdrv - ok
18:17:19.0481 2476 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
18:17:19.0481 2476 seclogon - ok
18:17:19.0496 2476 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
18:17:19.0496 2476 SENS - ok
18:17:19.0512 2476 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
18:17:19.0527 2476 SensrSvc - ok
18:17:19.0527 2476 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
18:17:19.0527 2476 Serenum - ok
18:17:19.0543 2476 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
18:17:19.0543 2476 Serial - ok
18:17:19.0559 2476 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
18:17:19.0559 2476 sermouse - ok
18:17:19.0574 2476 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
18:17:19.0574 2476 SessionEnv - ok
18:17:19.0590 2476 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
18:17:19.0590 2476 sffdisk - ok
18:17:19.0605 2476 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:17:19.0605 2476 sffp_mmc - ok
18:17:19.0621 2476 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
18:17:19.0621 2476 sffp_sd - ok
18:17:19.0637 2476 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
18:17:19.0637 2476 sfloppy - ok
18:17:19.0683 2476 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
18:17:19.0683 2476 SharedAccess - ok
18:17:19.0730 2476 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
18:17:19.0746 2476 ShellHWDetection - ok
18:17:19.0761 2476 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
18:17:19.0761 2476 sisagp - ok
18:17:19.0793 2476 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:17:19.0793 2476 SiSRaid2 - ok
18:17:19.0808 2476 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
18:17:19.0808 2476 SiSRaid4 - ok
18:17:19.0824 2476 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:17:19.0839 2476 Smb - ok
18:17:19.0855 2476 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
18:17:19.0855 2476 SNMPTRAP - ok
18:17:19.0871 2476 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:17:19.0871 2476 spldr - ok
18:17:19.0933 2476 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
18:17:19.0933 2476 Spooler - ok
18:17:20.0089 2476 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
18:17:20.0105 2476 sppsvc - ok
18:17:20.0183 2476 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
18:17:20.0198 2476 sppuinotify - ok
18:17:20.0307 2476 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
18:17:20.0307 2476 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
18:17:20.0323 2476 sptd ( LockedFile.Multi.Generic ) - warning
18:17:20.0323 2476 sptd - detected LockedFile.Multi.Generic (1)
18:17:20.0370 2476 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
18:17:20.0370 2476 srv - ok
18:17:20.0401 2476 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
18:17:20.0401 2476 srv2 - ok
18:17:20.0448 2476 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
18:17:20.0463 2476 srvnet - ok
18:17:20.0479 2476 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
18:17:20.0479 2476 SSDPSRV - ok
18:17:20.0510 2476 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
18:17:20.0510 2476 SSPORT - ok
18:17:20.0526 2476 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
18:17:20.0541 2476 SstpSvc - ok
18:17:20.0557 2476 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
18:17:20.0557 2476 stexstor - ok
18:17:20.0604 2476 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
18:17:20.0619 2476 StiSvc - ok
18:17:20.0635 2476 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
18:17:20.0635 2476 swenum - ok
18:17:20.0666 2476 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
18:17:20.0666 2476 swprv - ok
18:17:20.0729 2476 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
18:17:20.0760 2476 SysMain - ok
18:17:20.0775 2476 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
18:17:20.0775 2476 TabletInputService - ok
18:17:20.0791 2476 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
18:17:20.0807 2476 TapiSrv - ok
18:17:20.0807 2476 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
18:17:20.0822 2476 TBS - ok
18:17:20.0931 2476 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
18:17:20.0963 2476 Tcpip - ok
18:17:20.0994 2476 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
18:17:20.0994 2476 TCPIP6 - ok
18:17:21.0009 2476 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
18:17:21.0009 2476 tcpipreg - ok
18:17:21.0025 2476 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
18:17:21.0025 2476 TDPIPE - ok
18:17:21.0056 2476 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
18:17:21.0056 2476 TDTCP - ok
18:17:21.0072 2476 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
18:17:21.0087 2476 tdx - ok
18:17:21.0103 2476 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
18:17:21.0103 2476 TermDD - ok
18:17:21.0134 2476 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
18:17:21.0150 2476 TermService - ok
18:17:21.0181 2476 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
18:17:21.0181 2476 Themes - ok
18:17:21.0197 2476 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
18:17:21.0197 2476 THREADORDER - ok
18:17:21.0212 2476 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
18:17:21.0212 2476 TrkWks - ok
18:17:21.0259 2476 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
18:17:21.0275 2476 TrustedInstaller - ok
18:17:21.0290 2476 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:17:21.0290 2476 tssecsrv - ok
18:17:21.0321 2476 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
18:17:21.0321 2476 tunnel - ok
18:17:21.0337 2476 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
18:17:21.0337 2476 uagp35 - ok
18:17:21.0368 2476 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
18:17:21.0384 2476 udfs - ok
18:17:21.0399 2476 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
18:17:21.0415 2476 UI0Detect - ok
18:17:21.0446 2476 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
18:17:21.0446 2476 uliagpkx - ok
18:17:21.0477 2476 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
18:17:21.0477 2476 umbus - ok
18:17:21.0493 2476 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
18:17:21.0493 2476 UmPass - ok
18:17:21.0524 2476 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
18:17:21.0540 2476 upnphost - ok
18:17:21.0587 2476 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
18:17:21.0587 2476 usbccgp - ok
18:17:21.0618 2476 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
18:17:21.0618 2476 usbcir - ok
18:17:21.0665 2476 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
18:17:21.0665 2476 usbehci - ok
18:17:21.0680 2476 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
18:17:21.0696 2476 usbhub - ok
18:17:21.0743 2476 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\DRIVERS\usbohci.sys
18:17:21.0743 2476 usbohci - ok
18:17:21.0758 2476 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
18:17:21.0758 2476 usbprint - ok
18:17:21.0805 2476 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
18:17:21.0821 2476 usbscan - ok
18:17:21.0852 2476 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:17:21.0867 2476 USBSTOR - ok
18:17:21.0867 2476 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
18:17:21.0867 2476 usbuhci - ok
18:17:21.0899 2476 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
18:17:21.0899 2476 UxSms - ok
18:17:21.0945 2476 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
18:17:21.0945 2476 VaultSvc - ok
18:17:21.0961 2476 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
18:17:21.0961 2476 vdrvroot - ok
18:17:21.0992 2476 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
18:17:22.0008 2476 vds - ok
18:17:22.0023 2476 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:17:22.0023 2476 vga - ok
18:17:22.0039 2476 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:17:22.0039 2476 VgaSave - ok
18:17:22.0055 2476 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
18:17:22.0070 2476 vhdmp - ok
18:17:22.0101 2476 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
18:17:22.0101 2476 viaagp - ok
18:17:22.0117 2476 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
18:17:22.0117 2476 ViaC7 - ok
18:17:22.0133 2476 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
18:17:22.0133 2476 viaide - ok
18:17:22.0148 2476 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
18:17:22.0148 2476 volmgr - ok
18:17:22.0164 2476 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:17:22.0179 2476 volmgrx - ok
18:17:22.0195 2476 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
18:17:22.0195 2476 volsnap - ok
18:17:22.0226 2476 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
18:17:22.0226 2476 vsmraid - ok
18:17:22.0289 2476 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
18:17:22.0304 2476 VSS - ok
18:17:22.0320 2476 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
18:17:22.0320 2476 vwifibus - ok
18:17:22.0351 2476 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
18:17:22.0351 2476 W32Time - ok
18:17:22.0367 2476 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
18:17:22.0367 2476 WacomPen - ok
18:17:22.0398 2476 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
18:17:22.0398 2476 WANARP - ok
18:17:22.0398 2476 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
18:17:22.0398 2476 Wanarpv6 - ok
18:17:22.0569 2476 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
18:17:22.0601 2476 WatAdminSvc - ok
18:17:22.0725 2476 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
18:17:22.0788 2476 wbengine - ok
18:17:22.0803 2476 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
18:17:22.0819 2476 WbioSrvc - ok
18:17:22.0866 2476 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
18:17:22.0881 2476 wcncsvc - ok
18:17:22.0913 2476 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
18:17:22.0913 2476 WcsPlugInService - ok
18:17:22.0944 2476 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
18:17:22.0944 2476 Wd - ok
18:17:22.0975 2476 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:17:22.0991 2476 Wdf01000 - ok
18:17:23.0006 2476 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
18:17:23.0006 2476 WdiServiceHost - ok
18:17:23.0006 2476 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
18:17:23.0006 2476 WdiSystemHost - ok
18:17:23.0069 2476 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
18:17:23.0069 2476 WebClient - ok
18:17:23.0100 2476 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
18:17:23.0100 2476 Wecsvc - ok
18:17:23.0115 2476 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
18:17:23.0131 2476 wercplsupport - ok
18:17:23.0147 2476 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
18:17:23.0147 2476 WerSvc - ok
18:17:23.0193 2476 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:17:23.0193 2476 WfpLwf - ok
18:17:23.0209 2476 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:17:23.0209 2476 WIMMount - ok
18:17:23.0334 2476 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
18:17:23.0334 2476 WinDefend - ok
18:17:23.0349 2476 WinHttpAutoProxySvc - ok
18:17:23.0396 2476 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
18:17:23.0396 2476 Winmgmt - ok
18:17:23.0459 2476 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
18:17:23.0490 2476 WinRM - ok
18:17:23.0568 2476 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
18:17:23.0568 2476 WinUsb - ok
18:17:23.0630 2476 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
18:17:23.0646 2476 Wlansvc - ok
18:17:23.0661 2476 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:17:23.0661 2476 WmiAcpi - ok
18:17:23.0693 2476 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
18:17:23.0693 2476 wmiApSrv - ok
18:17:23.0771 2476 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:17:23.0771 2476 WMPNetworkSvc - ok
18:17:23.0786 2476 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
18:17:23.0786 2476 WPCSvc - ok
18:17:23.0802 2476 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
18:17:23.0802 2476 WPDBusEnum - ok
18:17:23.0817 2476 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:17:23.0817 2476 ws2ifsl - ok
18:17:23.0864 2476 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\System32\wscsvc.dll
18:17:23.0880 2476 wscsvc - ok
18:17:23.0880 2476 WSearch - ok
18:17:23.0989 2476 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll
18:17:24.0020 2476 wuauserv - ok
18:17:24.0098 2476 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
18:17:24.0098 2476 WudfPf - ok
18:17:24.0114 2476 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:17:24.0114 2476 WUDFRd - ok
18:17:24.0129 2476 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
18:17:24.0129 2476 wudfsvc - ok
18:17:24.0161 2476 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
18:17:24.0161 2476 WwanSvc - ok
18:17:24.0192 2476 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:17:24.0395 2476 \Device\Harddisk0\DR0 - ok
18:17:24.0410 2476 Boot (0x1200) (f82303b22a96980b893972cf9e9544fc) \Device\Harddisk0\DR0\Partition0
18:17:24.0410 2476 \Device\Harddisk0\DR0\Partition0 - ok
18:17:24.0426 2476 Boot (0x1200) (86932441c2edd98ef2f4803f53d68a55) \Device\Harddisk0\DR0\Partition1
18:17:24.0426 2476 \Device\Harddisk0\DR0\Partition1 - ok
18:17:24.0426 2476 ============================================================
18:17:24.0426 2476 Scan finished
18:17:24.0426 2476 ============================================================
18:17:24.0426 1460 Detected object count: 1
18:17:24.0426 1460 Actual detected object count: 1
18:17:32.0101 1460 sptd ( LockedFile.Multi.Generic ) - skipped by user
18:17:32.0101 1460 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
18:17:42.0134 2372 Deinitialize success

k.oskar · Příspěvekod **k.oskar** » 08 črc 2012 18:36

Log z ComboFixu:

ComboFix 12-07-08.01 - OEM 08.07.2012 18:20:20.1.3 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.1790.1281 [GMT 2:00]
Spuštěný z: c:\users\OEM\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0405.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-08 do 2012-07-08 )))))))))))))))))))))))))))))))
.
.
2012-07-08 16:25 . 2012-07-08 16:25 -------- d-----w- c:\users\OEM\AppData\Local\temp
2012-07-08 16:25 . 2012-07-08 16:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-08 12:12 . 2012-07-08 12:12 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9752DC10-7DB2-4252-B5AB-2339B1DBF394}\offreg.dll
2012-07-07 21:56 . 2012-07-03 16:21 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-07 21:55 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-07 21:55 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-07 21:55 . 2012-07-07 21:55 -------- d-----w- c:\programdata\AVAST Software
2012-07-07 21:55 . 2012-07-07 21:55 -------- d-----w- c:\program files\AVAST Software
2012-07-07 21:50 . 2012-07-07 22:00 -------- d-----w- c:\users\OEM\AppData\Local\Adobe
2012-07-05 22:42 . 2012-07-07 16:39 -------- d-----w- c:\programdata\36B6A769000022FB0001432BA60145BE
2012-06-26 15:57 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9752DC10-7DB2-4252-B5AB-2339B1DBF394}\mpengine.dll
2012-06-13 10:50 . 2012-05-15 01:12 2342400 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 10:50 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 10:50 . 2012-04-28 03:19 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 10:50 . 2012-04-26 04:48 57856 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 10:50 . 2012-04-26 04:48 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 10:50 . 2012-04-26 04:43 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 10:50 . 2012-05-02 04:52 163328 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 10:50 . 2012-04-24 04:47 139264 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 10:50 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 10:50 . 2012-04-24 04:47 103936 ----a-w- c:\windows\system32\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-16 15:27 . 2011-08-07 19:58 2268 ----a-w- c:\users\OEM\AppData\Roaming\mdbu.bin
2011-10-07 20:17 . 2011-07-17 09:16 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-11-17 . 05F38CB7CAB3CE8E9A1812D517DA93EF . 22528 . . [6.1.7600.21092] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_a69c8e86d7476262\lsass.exe
[-] 2011-11-17 . C2243FF9E9AAD0C30E8B1A0914DA15B6 . 22528 . . [6.1.7600.16915] . . c:\windows\System32\lsass.exe
[-] 2011-11-17 . C2243FF9E9AAD0C30E8B1A0914DA15B6 . 22528 . . [6.1.7600.16915] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_a66c9bbdbde5f8fa\lsass.exe
[7] 2011-11-17 . 81951F51E318AECC2D68559E47485CC4 . 22528 . . [6.1.7601.17725] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_a84828d7bb1480d7\lsass.exe
[7] 2011-11-17 . FBCB2DFA40862DAA7B1534C9538208A5 . 22528 . . [6.1.7601.21861] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_a8a284cad4562b09\lsass.exe
[7] 2009-07-14 . F42309C4191C506B71DB5D1126D26318 . 22528 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe
[7] 2009-07-14 . F42309C4191C506B71DB5D1126D26318 . 22528 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe
[7] 2009-07-14 . F42309C4191C506B71DB5D1126D26318 . 22528 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe
[7] 2009-07-14 . F42309C4191C506B71DB5D1126D26318 . 22528 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_a851f4adbb0d5141\lsass.exe
.
[-] 2009-07-14 . 808AABDF9337312195CAFF76D1804786 . 4608 . . [6.1.7600.16385] . . c:\windows\System32\ws2help.dll
[-] 2009-07-14 . 808AABDF9337312195CAFF76D1804786 . 4608 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\ws2help.dll
.
[-] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] . . c:\windows\System32\cngaudit.dll
[-] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-08-15 614400]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-14 10:12 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R1 aswSP;aswSP; [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - 76456598
*Deregistered* - 76456598
.
Obsah adresáře 'Naplánované úlohy'
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-11 16:49]
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-11 16:49]
.
2012-06-27 c:\windows\Tasks\Norton Security Scan for OEM.job
- c:\progra~1\NORTON~2\Engine\351~1.6\Nss.exe [2011-08-05 22:47]
.
2011-07-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3995974391-2272879295-3798727081-1001.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 01:02]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\1i2sj9sv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.4.7&q=
pref('extensions.shownSelectionUI',true); pref('extensions.autoDisableScopes',0);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-OEXPRESS - (no file)
HKCU-Run-Nektra OEAPI - (no file)
HKCU-Run-WEBTRAN - (no file)
MSConfigStartUp-Badoo Desktop - c:\programdata\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe
MSConfigStartUp-ICQ - ~c:\program files\ICQ7.5\ICQ.exe
MSConfigStartUp-SweetIM - c:\program files\SweetIM\Messenger\SweetIM.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-PC Translator - c:\users\OEM\AppData\Local\Temp\UN32.EXE
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-07-08 18:27:29
ComboFix-quarantined-files.txt 2012-07-08 16:27
.
Před spuštěním: Volných bajtů: 31 219 183 616
Po spuštění: Volných bajtů: 31 114 084 352
.
- - End Of File - - 4ED90BFA48B37331A5AE0F6582FA15B6

Příspěvekod **Žbeky** » 08 črc 2012 19:09

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

DirLook::
c:\programdata\36B6A769000022FB0001432BA60145BE

Folder::
c:\program files\McAfee Security Scan
c:\program files\Google\Update
c:\progra~1\NORTON~2

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\Norton Security Scan for OEM.job
c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3995974391-2272879295-3798727081-1001.job

Driver::
gupdate
gupdatem
McComponentHostService

DDS::
uStart Page = hxxp://start.icq.com/

Firefox::
FF - ProfilePath - c:\users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\1i2sj9sv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.4.7&q=
pref('extensions.shownSelectionUI',true); pref('extensions.autoDisableScopes',0);

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

k.oskar · Příspěvekod **k.oskar** » 08 črc 2012 21:57

ComboFix 12-07-08.01 - OEM 08.07.2012 21:39:43.2.3 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.1790.1187 [GMT 2:00]
Spuštěný z: c:\users\OEM\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\OEM\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\Norton Security Scan for OEM.job"
"c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3995974391-2272879295-3798727081-1001.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~1\NORTON~2
c:\progra~1\NORTON~2\Engine\3.5.1.6\{2A85E335-7417-424d-AD89-31DED1689794}.dat
c:\progra~1\NORTON~2\Engine\3.5.1.6\{71B3DD3A-BC1F-40cc-A74F-C0C30DFCE7D5}.dat
c:\progra~1\NORTON~2\Engine\3.5.1.6\{F8D07955-00ED-4093-88AA-0A0F69AFD83C}.dat
c:\progra~1\NORTON~2\Engine\3.5.1.6\BilBDRes.dll
c:\progra~1\NORTON~2\Engine\3.5.1.6\ccL100U.dll
c:\progra~1\NORTON~2\Engine\3.5.1.6\ccScanw.dll
c:\progra~1\NORTON~2\Engine\3.5.1.6\ccVrTrst.dll
c:\progra~1\NORTON~2\Engine\3.5.1.6\Config.dll
c:\progra~1\NORTON~2\Engine\3.5.1.6\dec_abi.dll
c:\progra~1\NORTON~2\Engine\3.5.1.6\DefUtDCD.dll
c:\progra~1\NORTON~2\Engine\3.5.1.6\diLueCbk.dll
c:\progra~1\NORTON~2\Engine\3.5.1.6\ecmldr32.dll
c:\progra~1\NORTON~2\Engine\3.5.1.6\HeartBt.dll
c:\progra~1\NORTON~2\Engine\3.5.1.6\help.htm
c:\progra~1\NORTON~2\Engine\3.5.1.6\InstWrap.exe
c:\progra~1\NORTON~2\Engine\3.5.1.6\InstWRes.dll
c:\progra~1\NORTON~2\Engine\3.5.1.6\Microsoft.VC90.CRT.manifest
c:\progra~1\NORTON~2\Engine\3.5.1.6\msl.dll
c:\progra~1\NORTON~2\Engine\3.5.1.6\msvcp90.dll
c:\progra~1\NORTON~2\Engine\3.5.1.6\msvcr90.dll
c:\progra~1\NORTON~2\Engine\3.5.1.6\Nss.exe
c:\progra~1\NORTON~2\Engine\3.5.1.6\patch25d.dll
c:\progra~1\NORTON~2\Engine\3.5.1.6\PrdDtRes.dll
c:\progra~1\NORTON~2\Engine\3.5.1.6\ReputationCacheDB.db
c:\progra~1\NORTON~2\Engine\3.5.1.6\RevList.dll
c:\progra~1\NORTON~2\Engine\3.5.1.6\RptCdRes.dll
c:\progra~1\NORTON~2\Engine\3.5.1.6\SAUpdt.dll
c:\progra~1\NORTON~2\Engine\3.5.1.6\ScanCore.dll
c:\progra~1\NORTON~2\Engine\3.5.1.6\ScanRes.dll
c:\progra~1\NORTON~2\Engine\3.5.1.6\ScanText.dll
c:\progra~1\NORTON~2\Engine\3.5.1.6\SKU.dll
c:\progra~1\NORTON~2\Engine\3.5.1.6\SKURes.dll
c:\progra~1\NORTON~2\Engine\3.5.1.6\symbos.exe
c:\progra~1\NORTON~2\Engine\3.5.1.6\SymCCIS.dll
c:\progra~1\NORTON~2\Engine\3.5.1.6\SymCCISE.exe
c:\progra~1\NORTON~2\Engine\3.5.1.6\SymDltCl.dll
c:\progra~1\NORTON~2\Engine\3.5.1.6\SymHTML.dll
c:\progra~1\NORTON~2\Engine\3.5.1.6\SymInstallStub.exe
c:\progra~1\NORTON~2\isolate.ini
c:\program files\Google\Update
c:\program files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.21.111\GoogleUpdate.exe
c:\program files\Google\Update\1.3.21.111\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.21.111\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.21.111\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.21.111\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.21.111\goopdate.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_am.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_ar.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_bg.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_bn.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_ca.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_cs.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_da.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_de.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_el.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_en.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_es.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_et.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_fa.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_fi.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_fil.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_fr.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_gu.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_hi.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_hr.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_hu.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_id.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_is.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_it.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_iw.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_ja.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_kn.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_ko.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_lt.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_lv.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_ml.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_mr.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_ms.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_nl.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_no.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_pl.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_ro.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_ru.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_sk.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_sl.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_sr.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_sv.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_sw.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_ta.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_te.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_th.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_tr.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_uk.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_ur.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_vi.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.21.111\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.21.111\psmachine.dll
c:\program files\Google\Update\1.3.21.111\psuser.dll
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.111\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\20.0.1132.47\20.0.1132.47_19.0.1084.56_chrome_updater.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\McAfee Security Scan
c:\program files\McAfee Security Scan\2.0.181\AVScanComponent.dll
c:\program files\McAfee Security Scan\2.0.181\AVScanner.ini
c:\program files\McAfee Security Scan\2.0.181\avvclean.dat
c:\program files\McAfee Security Scan\2.0.181\avvnames.dat
c:\program files\McAfee Security Scan\2.0.181\avvscan.dat
c:\program files\McAfee Security Scan\2.0.181\config.dat
c:\program files\McAfee Security Scan\2.0.181\ftconfig.ini
c:\program files\McAfee Security Scan\2.0.181\McAfee.ico
c:\program files\McAfee Security Scan\2.0.181\mcbrwsr2.dll
c:\program files\McAfee Security Scan\2.0.181\MCCompHostConfig.ini
c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe
c:\program files\McAfee Security Scan\2.0.181\mcscan32.dll
c:\program files\McAfee Security Scan\2.0.181\mcuicnt.exe
c:\program files\McAfee Security Scan\2.0.181\McUpdater.dll
c:\program files\McAfee Security Scan\2.0.181\sa_cache_sqlite.dll
c:\program files\McAfee Security Scan\2.0.181\sa_http_win32.dll
c:\program files\McAfee Security Scan\2.0.181\sa_mbl.dll
c:\program files\McAfee Security Scan\2.0.181\sa_store_sqlite.dll
c:\program files\McAfee Security Scan\2.0.181\sacore.db
c:\program files\McAfee Security Scan\2.0.181\sacore.dll
c:\program files\McAfee Security Scan\2.0.181\sacoredata\uds_filetypes.txt
c:\program files\McAfee Security Scan\2.0.181\sacoredata\uds_hosting.txt
c:\program files\McAfee Security Scan\2.0.181\sacoredata\uds_tlds.txt
c:\program files\McAfee Security Scan\2.0.181\SecurityScanner.dll
c:\program files\McAfee Security Scan\2.0.181\SecurityScanner_LD.dll
c:\program files\McAfee Security Scan\2.0.181\sqlite3.dll
c:\program files\McAfee Security Scan\2.0.181\SSCustom_LD.dll
c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe
c:\program files\McAfee Security Scan\2.0.181\WebInfoScanner.dll
c:\program files\McAfee Security Scan\2.0.181\WMIScanner.dll
c:\program files\McAfee Security Scan\uninstall.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\Norton Security Scan for OEM.job
c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3995974391-2272879295-3798727081-1001.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_McComponentHostService
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-08 do 2012-07-08 )))))))))))))))))))))))))))))))
.
.
2012-07-08 19:44 . 2012-07-08 19:46 -------- d-----w- c:\users\OEM\AppData\Local\temp
2012-07-08 12:12 . 2012-07-08 12:12 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9752DC10-7DB2-4252-B5AB-2339B1DBF394}\offreg.dll
2012-07-07 21:56 . 2012-07-03 16:21 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-07 21:55 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-07 21:55 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-07 21:55 . 2012-07-07 21:55 -------- d-----w- c:\programdata\AVAST Software
2012-07-07 21:55 . 2012-07-07 21:55 -------- d-----w- c:\program files\AVAST Software
2012-07-07 21:50 . 2012-07-07 22:00 -------- d-----w- c:\users\OEM\AppData\Local\Adobe
2012-07-05 22:42 . 2012-07-07 16:39 -------- d-----w- c:\programdata\36B6A769000022FB0001432BA60145BE
2012-06-26 15:57 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9752DC10-7DB2-4252-B5AB-2339B1DBF394}\mpengine.dll
2012-06-13 10:50 . 2012-05-15 01:12 2342400 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 10:50 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 10:50 . 2012-04-28 03:19 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 10:50 . 2012-04-26 04:48 57856 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 10:50 . 2012-04-26 04:48 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 10:50 . 2012-04-26 04:43 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 10:50 . 2012-05-02 04:52 163328 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 10:50 . 2012-04-24 04:47 139264 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 10:50 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 10:50 . 2012-04-24 04:47 103936 ----a-w- c:\windows\system32\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-16 15:27 . 2011-08-07 19:58 2268 ----a-w- c:\users\OEM\AppData\Roaming\mdbu.bin
2011-10-07 20:17 . 2011-07-17 09:16 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\36B6A769000022FB0001432BA60145BE ----
.
2012-07-05 22:42 . 2012-07-07 16:36 848 ----a-w- c:\programdata\36B6A769000022FB0001432BA60145BE\36B6A769000022FB0001432BA60145BE
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-11-17 . 05F38CB7CAB3CE8E9A1812D517DA93EF . 22528 . . [6.1.7600.21092] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.21092_none_a69c8e86d7476262\lsass.exe
[-] 2011-11-17 . C2243FF9E9AAD0C30E8B1A0914DA15B6 . 22528 . . [6.1.7600.16915] . . c:\windows\System32\lsass.exe
[-] 2011-11-17 . C2243FF9E9AAD0C30E8B1A0914DA15B6 . 22528 . . [6.1.7600.16915] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_a66c9bbdbde5f8fa\lsass.exe
[7] 2011-11-17 . 81951F51E318AECC2D68559E47485CC4 . 22528 . . [6.1.7601.17725] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_a84828d7bb1480d7\lsass.exe
[7] 2011-11-17 . FBCB2DFA40862DAA7B1534C9538208A5 . 22528 . . [6.1.7601.21861] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_a8a284cad4562b09\lsass.exe
[7] 2009-07-14 . F42309C4191C506B71DB5D1126D26318 . 22528 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe
[7] 2009-07-14 . F42309C4191C506B71DB5D1126D26318 . 22528 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe
[7] 2009-07-14 . F42309C4191C506B71DB5D1126D26318 . 22528 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe
[7] 2009-07-14 . F42309C4191C506B71DB5D1126D26318 . 22528 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_a851f4adbb0d5141\lsass.exe
.
[-] 2009-07-14 . 808AABDF9337312195CAFF76D1804786 . 4608 . . [6.1.7600.16385] . . c:\windows\System32\ws2help.dll
[-] 2009-07-14 . 808AABDF9337312195CAFF76D1804786 . 4608 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\ws2help.dll
.
[-] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] . . c:\windows\System32\cngaudit.dll
[-] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-08-15 614400]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-14 10:12 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R1 aswSP;aswSP; [x]
R2 aswFsBlk;aswFsBlk; [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\OEM\AppData\Roaming\Mozilla\Firefox\Profiles\1i2sj9sv.default\
pref('extensions.shownSelectionUI',true); pref('extensions.autoDisableScopes',0);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe
AddRemove-NSS - c:\progra~1\NORTON~2\Engine\351~1.6\InstWrap.exe
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2012-07-08 21:51:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-07-08 19:51
ComboFix2.txt 2012-07-08 16:27
.
Před spuštěním: Volných bajtů: 31 183 884 288
Po spuštění: Volných bajtů: 30 999 408 640
.
- - End Of File - - AE463851E7E78AE6E52476E3D4EDC740

Příspěvekod **Žbeky** » 08 črc 2012 22:12

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials

+ Nový log z HJT

Jak se chová PC?

k.oskar · Příspěvekod **k.oskar** » 08 črc 2012 23:46

Stále je tu problém s tím, že nejde spustit rezidentní ochrana u Avastu + Windows občas hlásí, že nejsou legální (jsou) a PC ukazuje,že serial number je neznámý.

Zde je log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:43:50, on 8.7.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Users\OEM\Desktop\OV\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

--
End of file - 6075 bytes

Příspěvekod **Žbeky** » 09 črc 2012 07:50

Fixni:

Kód: Vybrat vše

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)

Avast přeinstaluj. S nelegálním WIN tu pomoc nehledej, jdi si tam, odkud je máš

k.oskar · Příspěvekod **k.oskar** » 10 črc 2012 01:15

1. Nehledal jsem zde pomoc s nelegálním WIN, ale s tím, co způsobuje, že se Windows hlásili jako nelegální. Momentálně se již Windows co se týče tohoto problému tváří OK. Vaše pirátská paranoia se mi jeví jako docela přehnaná...
2. Avast přeinstalován, ale rezidentní ochrana stále nefunguje, štíty nejdou zapnout ani jednotlivě, hlásí to, že štít nebyl nalezen

Kontrola logu - zavirováno

Kontrola logu - zavirováno

Re: Kontrola logu - zavirováno

Re: Kontrola logu - zavirováno

Re: Kontrola logu - zavirováno

Re: Kontrola logu - zavirováno

Re: Kontrola logu - zavirováno

Re: Kontrola logu - zavirováno

Re: Kontrola logu - zavirováno

Re: Kontrola logu - zavirováno

Re: Kontrola logu - zavirováno

Re: Kontrola logu - zavirováno

Re: Kontrola logu - zavirováno

Kdo je online