Kontrola logu, vir www.qvo6.com

Hurvajz84 · Příspěvekod **Hurvajz84** » 30 kvě 2013 10:57

Ahoj, prosim o kontrolu logu. V posledni dobe mi v prohlizeci neustale vyskakuje adresa http://www.qvo6.com. Dočetl jsem se, že jde o nějaký virus a nemůžu se ho stále zbavit. Díky za pomoc.
Zde je log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:18, on 30.5.2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16483)
Boot mode: Normal

Running processes:
C:\Windows\OETRN.EXE
C:\Program Files (x86)\CooL Wallpaper Changer\coolwpc.exe
C:\Program Files (x86)\FeedReader30\feedreader.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files (x86)\Xerox\Xerox WC PE120 Series\RCP\Scan2pc.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files (x86)\Winamp\winamp.exe
C:\TRANSLAT\WDICT32.EXE
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
D:\Instalace\Antiviry\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.v9.com/?utm_source=b&utm_medi ... 1369826517
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.v9.com/?utm_source=b&utm_medi ... 1369826517
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.v9.com/?utm_source=b&utm_medi ... 1369826517
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.v9.com/?utm_source=b&utm_medi ... 1369826517
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\HurvajzPC\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Windows\WebIE.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
O2 - BHO: DealPly Shopping - {4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\HurvajzPC\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Windows\WebIE.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Rocky2Xerox_S2P] C:\Program Files (x86)\Xerox\Xerox WC PE120 Series\RCP\Scan2Pc.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Del553596208] cmd.exe /Q /D /c del "C:\Users\HURVAJ~1\AppData\Local\Temp\0.del"
O4 - HKCU\..\Run: [OEXPRESS] C:\Windows\OETRN.EXE
O4 - HKCU\..\Run: [CooLWPC3] C:\Program Files (x86)\CooL Wallpaper Changer\coolwpc.exe /boot
O4 - HKCU\..\Run: [Google Update] "C:\Users\HurvajzPC\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
O4 - HKCU\..\Run: [feedreader.exe] "C:\Program Files (x86)\FeedReader30\feedreader.exe"
O4 - HKCU\..\RunOnce: [Del553596208] cmd.exe /Q /D /c del "C:\Users\HURVAJ~1\AppData\Local\Temp\0.del"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Windows\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Windows\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Windows\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Windows\WebIE.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: c:\progra~2\browse~1\sprote~1.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: eSafe Service (eSafeSvc) - eSafe Security Co., Ltd. - C:\ProgramData\eSafe\eGdpSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\AMT\LMS.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Sentinel Security Runtime (SentinelSecurityRuntime) - SafeNet, Inc. - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WD SmartWare Drive Manager Service (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 18134 bytes

Reklama

Příspěvekod **memphisto** » 30 kvě 2013 12:08

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.

Stáhni AdwCleaner

Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Hurvajz84 · Příspěvekod **Hurvajz84** » 30 kvě 2013 12:49

Podařilo se mi to projet pouze tim Anti-Malwarem. Adw Cleaner mi po chvilce scanovani napise "Error: Variable used without being declared".

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2013.05.30.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
HurvajzPC :: HURVAJZPC-HP [administrátor]

Ochrana: Povolena

30.5.2013 12:16:29
mbam-log-2013-05-30 (12-16-29).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 219642
Uplynulý čas: 4 minut, 15 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

Příspěvekod **memphisto** » 30 kvě 2013 12:49

Zkus znovu případně v nouzovém režimu

Hurvajz84 · Příspěvekod **Hurvajz84** » 30 kvě 2013 13:57

Zkusil jsem a nepomohlo, stale se nedari ten adwcleaner rozjet..Zkousel jsem i spustit ho jako spravce a odstranit problemy s kompatibilitou, taky nic..:/

Příspěvekod **memphisto** » 30 kvě 2013 14:21

Zkus stáhnout starší verzi odněkud jinud

Hurvajz84 · Příspěvekod **Hurvajz84** » 30 kvě 2013 15:30

Tak bohuzel ani stara verze adwcleaneru to neprolomila..

Příspěvekod **memphisto** » 30 kvě 2013 16:22

Tak na to vezmem hrubší nástroj

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je oznaèen ke smazání

Hurvajz84 · Příspěvekod **Hurvajz84** » 31 kvě 2013 09:14

1. část logu (byl příliš dlouhý):

08:48:20.0889 4800 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
08:48:21.0204 4800 ============================================================
08:48:21.0204 4800 Current date / time: 2013/05/31 08:48:21.0204
08:48:21.0204 4800 SystemInfo:
08:48:21.0204 4800
08:48:21.0204 4800 OS Version: 6.1.7601 ServicePack: 1.0
08:48:21.0204 4800 Product type: Workstation
08:48:21.0204 4800 ComputerName: HURVAJZPC-HP
08:48:21.0205 4800 UserName: HurvajzPC
08:48:21.0205 4800 Windows directory: C:\Windows
08:48:21.0205 4800 System windows directory: C:\Windows
08:48:21.0205 4800 Running under WOW64
08:48:21.0205 4800 Processor architecture: Intel x64
08:48:21.0205 4800 Number of processors: 2
08:48:21.0205 4800 Page size: 0x1000
08:48:21.0205 4800 Boot type: Normal boot
08:48:21.0205 4800 ============================================================
08:48:21.0671 4800 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:48:21.0680 4800 Drive \Device\Harddisk1\DR1 - Size: 0x1EBFFC00 (0.48 Gb), SectorSize: 0x200, Cylinders: 0x3E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:48:21.0684 4800 ============================================================
08:48:21.0684 4800 \Device\Harddisk0\DR0:
08:48:21.0684 4800 MBR partitions:
08:48:21.0684 4800 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3FF800
08:48:21.0684 4800 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x400030, BlocksNum 0x79B8E5E
08:48:21.0693 4800 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x7DB8ED0, BlocksNum 0x315F84A8
08:48:21.0693 4800 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x393B1800, BlocksNum 0xFD3441
08:48:21.0693 4800 \Device\Harddisk1\DR1:
08:48:21.0693 4800 MBR partitions:
08:48:21.0693 4800 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xF5FDE
08:48:21.0694 4800 ============================================================
08:48:21.0814 4800 C: <-> \Device\Harddisk0\DR0\Partition2
08:48:22.0038 4800 D: <-> \Device\Harddisk0\DR0\Partition3
08:48:22.0039 4800 ============================================================
08:48:22.0039 4800 Initialize success
08:48:22.0039 4800 ============================================================
08:49:07.0721 4248 ============================================================
08:49:07.0721 4248 Scan started
08:49:07.0721 4248 Mode: Manual;
08:49:07.0721 4248 ============================================================
08:49:08.0325 4248 ================ Scan system memory ========================
08:49:08.0325 4248 System memory - ok
08:49:08.0326 4248 ================ Scan services =============================
08:49:08.0498 4248 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
08:49:08.0503 4248 1394ohci - ok
08:49:08.0620 4248 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
08:49:08.0622 4248 ACDaemon - ok
08:49:08.0662 4248 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
08:49:08.0677 4248 ACPI - ok
08:49:08.0707 4248 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
08:49:08.0710 4248 AcpiPmi - ok
08:49:08.0778 4248 [ E2769E2699AF88CA3C57289A8A32ED19 ] AcronisOSSReinstallSvc C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
08:49:08.0968 4248 AcronisOSSReinstallSvc - ok
08:49:09.0052 4248 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:49:09.0054 4248 AdobeARMservice - ok
08:49:09.0257 4248 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:49:09.0264 4248 AdobeFlashPlayerUpdateSvc - ok
08:49:09.0295 4248 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
08:49:09.0304 4248 adp94xx - ok
08:49:09.0322 4248 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
08:49:09.0328 4248 adpahci - ok
08:49:09.0343 4248 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
08:49:09.0346 4248 adpu320 - ok
08:49:09.0372 4248 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:49:09.0373 4248 AeLookupSvc - ok
08:49:09.0422 4248 [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc C:\Windows\syswow64\drivers\Afc.sys
08:49:09.0424 4248 Afc - ok
08:49:09.0473 4248 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
08:49:09.0481 4248 AFD - ok
08:49:09.0531 4248 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
08:49:09.0533 4248 agp440 - ok
08:49:09.0552 4248 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
08:49:09.0555 4248 ALG - ok
08:49:09.0583 4248 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
08:49:09.0585 4248 aliide - ok
08:49:09.0595 4248 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
08:49:09.0598 4248 amdide - ok
08:49:09.0615 4248 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
08:49:09.0617 4248 AmdK8 - ok
08:49:09.0623 4248 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
08:49:09.0625 4248 AmdPPM - ok
08:49:09.0650 4248 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
08:49:09.0652 4248 amdsata - ok
08:49:09.0667 4248 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
08:49:09.0670 4248 amdsbs - ok
08:49:09.0683 4248 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
08:49:09.0685 4248 amdxata - ok
08:49:09.0719 4248 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
08:49:09.0721 4248 AppID - ok
08:49:09.0735 4248 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
08:49:09.0737 4248 AppIDSvc - ok
08:49:09.0767 4248 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
08:49:09.0768 4248 Appinfo - ok
08:49:09.0803 4248 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
08:49:09.0807 4248 AppMgmt - ok
08:49:09.0837 4248 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
08:49:09.0839 4248 arc - ok
08:49:09.0845 4248 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
08:49:09.0848 4248 arcsas - ok
08:49:09.0865 4248 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:49:09.0867 4248 AsyncMac - ok
08:49:09.0893 4248 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
08:49:09.0894 4248 atapi - ok
08:49:09.0934 4248 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:49:09.0941 4248 AudioEndpointBuilder - ok
08:49:09.0952 4248 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
08:49:09.0956 4248 AudioSrv - ok
08:49:10.0014 4248 [ C4D15594DB5BE042D3346EA58DF87D89 ] avg9wd C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
08:49:10.0018 4248 avg9wd - ok
08:49:10.0058 4248 [ C7D7733C4745E356CEB61DE0CD32896D ] AvgLdx64 C:\Windows\System32\Drivers\avgldx64.sys
08:49:10.0063 4248 AvgLdx64 - ok
08:49:10.0095 4248 [ 0DB5A749ACD8E66091736F88C40207BD ] AvgMfx64 C:\Windows\System32\Drivers\avgmfx64.sys
08:49:10.0097 4248 AvgMfx64 - ok
08:49:10.0120 4248 [ 5E7F0F9CBE0F7823371A4D51DF29F7FF ] AvgRkx64 C:\Windows\system32\Drivers\avgrkx64.sys
08:49:10.0123 4248 AvgRkx64 - ok
08:49:10.0205 4248 [ 8AA68C0BA2B84FD7EB3E1F10BBFC825B ] AvgTdiA C:\Windows\System32\Drivers\avgtdia.sys
08:49:10.0211 4248 AvgTdiA - ok
08:49:10.0246 4248 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
08:49:10.0250 4248 AxInstSV - ok
08:49:10.0288 4248 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
08:49:10.0296 4248 b06bdrv - ok
08:49:10.0330 4248 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
08:49:10.0335 4248 b57nd60a - ok
08:49:10.0421 4248 [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
08:49:10.0425 4248 BBSvc - ok
08:49:10.0450 4248 [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
08:49:10.0452 4248 BBUpdate - ok
08:49:10.0469 4248 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
08:49:10.0473 4248 BDESVC - ok
08:49:10.0489 4248 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
08:49:10.0491 4248 Beep - ok
08:49:10.0539 4248 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
08:49:10.0549 4248 BFE - ok
08:49:10.0599 4248 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
08:49:10.0611 4248 BITS - ok
08:49:10.0632 4248 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
08:49:10.0634 4248 blbdrive - ok
08:49:10.0674 4248 [ 73686FE0B2E0469F89FD2075BE724704 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
08:49:10.0708 4248 Bonjour Service - ok
08:49:10.0741 4248 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:49:10.0744 4248 bowser - ok
08:49:10.0755 4248 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:49:10.0757 4248 BrFiltLo - ok
08:49:10.0762 4248 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:49:10.0766 4248 BrFiltUp - ok
08:49:10.0793 4248 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
08:49:10.0795 4248 Browser - ok
08:49:10.0802 4248 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
08:49:10.0807 4248 Brserid - ok
08:49:10.0812 4248 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
08:49:10.0816 4248 BrSerWdm - ok
08:49:10.0821 4248 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
08:49:10.0823 4248 BrUsbMdm - ok
08:49:10.0828 4248 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
08:49:10.0831 4248 BrUsbSer - ok
08:49:10.0840 4248 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
08:49:10.0843 4248 BTHMODEM - ok
08:49:10.0870 4248 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
08:49:10.0872 4248 bthserv - ok
08:49:10.0890 4248 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:49:10.0892 4248 cdfs - ok
08:49:10.0931 4248 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
08:49:10.0933 4248 cdrom - ok
08:49:10.0974 4248 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
08:49:10.0976 4248 CertPropSvc - ok
08:49:10.0990 4248 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
08:49:10.0993 4248 circlass - ok
08:49:11.0009 4248 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
08:49:11.0013 4248 CLFS - ok
08:49:11.0065 4248 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:49:11.0068 4248 clr_optimization_v2.0.50727_32 - ok
08:49:11.0107 4248 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:49:11.0110 4248 clr_optimization_v2.0.50727_64 - ok
08:49:11.0194 4248 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:49:11.0231 4248 clr_optimization_v4.0.30319_32 - ok
08:49:11.0262 4248 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:49:11.0265 4248 clr_optimization_v4.0.30319_64 - ok
08:49:11.0282 4248 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
08:49:11.0285 4248 CmBatt - ok
08:49:11.0304 4248 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:49:11.0307 4248 cmdide - ok
08:49:11.0349 4248 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
08:49:11.0357 4248 CNG - ok
08:49:11.0374 4248 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
08:49:11.0377 4248 Compbatt - ok
08:49:11.0414 4248 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
08:49:11.0418 4248 CompositeBus - ok
08:49:11.0427 4248 COMSysApp - ok
08:49:11.0437 4248 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
08:49:11.0440 4248 crcdisk - ok
08:49:11.0472 4248 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:49:11.0476 4248 CryptSvc - ok
08:49:11.0519 4248 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
08:49:11.0525 4248 CSC - ok
08:49:11.0578 4248 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
08:49:11.0588 4248 CscService - ok
08:49:11.0615 4248 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
08:49:11.0624 4248 DcomLaunch - ok
08:49:11.0728 4248 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
08:49:11.0759 4248 defragsvc - ok
08:49:11.0815 4248 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:49:11.0818 4248 DfsC - ok
08:49:11.0831 4248 DgiVecp - ok
08:49:11.0855 4248 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
08:49:11.0860 4248 Dhcp - ok
08:49:11.0889 4248 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
08:49:11.0889 4248 discache - ok
08:49:11.0917 4248 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
08:49:11.0919 4248 Disk - ok
08:49:11.0950 4248 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:49:11.0953 4248 Dnscache - ok
08:49:11.0985 4248 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
08:49:11.0989 4248 dot3svc - ok
08:49:12.0019 4248 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
08:49:12.0021 4248 DPS - ok
08:49:12.0046 4248 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:49:12.0049 4248 drmkaud - ok
08:49:12.0093 4248 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:49:12.0103 4248 DXGKrnl - ok
08:49:12.0136 4248 [ B3A0FC509773CB9F32571F8B2CC32E13 ] e1kexpress C:\Windows\system32\DRIVERS\e1k62x64.sys
08:49:12.0140 4248 e1kexpress - ok
08:49:12.0159 4248 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
08:49:12.0161 4248 EapHost - ok
08:49:12.0218 4248 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
08:49:12.0261 4248 ebdrv - ok
08:49:12.0294 4248 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
08:49:12.0295 4248 EFS - ok
08:49:12.0340 4248 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:49:12.0348 4248 ehRecvr - ok
08:49:12.0372 4248 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
08:49:12.0375 4248 ehSched - ok
08:49:12.0401 4248 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
08:49:12.0407 4248 elxstor - ok
08:49:12.0438 4248 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
08:49:12.0440 4248 ErrDev - ok
08:49:12.0518 4248 esgiguard - ok
08:49:12.0553 4248 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
08:49:12.0560 4248 EventSystem - ok
08:49:12.0579 4248 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
08:49:12.0583 4248 exfat - ok
08:49:12.0601 4248 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:49:12.0605 4248 fastfat - ok
08:49:12.0644 4248 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
08:49:12.0652 4248 Fax - ok
08:49:12.0676 4248 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
08:49:12.0678 4248 fdc - ok
08:49:12.0695 4248 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
08:49:12.0698 4248 fdPHost - ok
08:49:12.0714 4248 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
08:49:12.0716 4248 FDResPub - ok
08:49:12.0731 4248 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:49:12.0733 4248 FileInfo - ok
08:49:12.0738 4248 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:49:12.0741 4248 Filetrace - ok
08:49:12.0791 4248 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:49:12.0870 4248 FLEXnet Licensing Service - ok
08:49:12.0894 4248 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
08:49:12.0897 4248 flpydisk - ok
08:49:12.0940 4248 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:49:12.0945 4248 FltMgr - ok
08:49:13.0003 4248 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
08:49:13.0023 4248 FontCache - ok
08:49:13.0065 4248 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:49:13.0068 4248 FontCache3.0.0.0 - ok
08:49:13.0084 4248 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
08:49:13.0087 4248 FsDepends - ok
08:49:13.0138 4248 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
08:49:13.0141 4248 fssfltr - ok
08:49:13.0168 4248 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:49:13.0171 4248 Fs_Rec - ok
08:49:13.0212 4248 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
08:49:13.0216 4248 fvevol - ok
08:49:13.0240 4248 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
08:49:13.0244 4248 gagp30kx - ok
08:49:13.0280 4248 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
08:49:13.0289 4248 gpsvc - ok
08:49:13.0352 4248 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:49:13.0355 4248 gupdate - ok
08:49:13.0369 4248 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:49:13.0371 4248 gupdatem - ok
08:49:13.0389 4248 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
08:49:13.0392 4248 hcw85cir - ok
08:49:13.0422 4248 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:49:13.0428 4248 HdAudAddService - ok
08:49:13.0449 4248 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
08:49:13.0451 4248 HDAudBus - ok
08:49:13.0473 4248 [ E91AFF2610114CCAEBB90D4D991BB6B2 ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
08:49:13.0476 4248 HECIx64 - ok
08:49:13.0483 4248 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
08:49:13.0485 4248 HidBatt - ok
08:49:13.0491 4248 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
08:49:13.0494 4248 HidBth - ok
08:49:13.0516 4248 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
08:49:13.0518 4248 HidIr - ok
08:49:13.0546 4248 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
08:49:13.0548 4248 hidserv - ok
08:49:13.0573 4248 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
08:49:13.0575 4248 HidUsb - ok
08:49:13.0606 4248 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
08:49:13.0608 4248 hkmsvc - ok
08:49:13.0638 4248 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:49:13.0642 4248 HomeGroupListener - ok
08:49:13.0671 4248 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:49:13.0675 4248 HomeGroupProvider - ok
08:49:13.0688 4248 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
08:49:13.0691 4248 HpSAMD - ok
08:49:13.0738 4248 [ 34E9BF9CAEBF49B8AAF1FF45AB5AE577 ] HPSIService C:\Windows\system32\HPSIsvc.exe
08:49:13.0741 4248 HPSIService - ok
08:49:13.0791 4248 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:49:13.0802 4248 HTTP - ok
08:49:13.0841 4248 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
08:49:13.0844 4248 hwpolicy - ok
08:49:13.0884 4248 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
08:49:13.0888 4248 i8042prt - ok
08:49:13.0920 4248 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\drivers\iastor.sys
08:49:13.0924 4248 iaStor - ok
08:49:13.0945 4248 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
08:49:13.0954 4248 iaStorV - ok
08:49:13.0993 4248 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:49:14.0002 4248 idsvc - ok
08:49:14.0198 4248 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
08:49:14.0379 4248 igfx - ok
08:49:14.0423 4248 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
08:49:14.0425 4248 iirsp - ok
08:49:14.0460 4248 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
08:49:14.0469 4248 IKEEXT - ok
08:49:14.0518 4248 [ B16FC828CE7A76A8F1CE682E6EAD2627 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
08:49:14.0556 4248 IntcAzAudAddService - ok
08:49:14.0582 4248 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
08:49:14.0584 4248 intelide - ok
08:49:14.0602 4248 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:49:14.0602 4248 intelppm - ok
08:49:14.0629 4248 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:49:14.0632 4248 IPBusEnum - ok
08:49:14.0663 4248 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:49:14.0666 4248 IpFilterDriver - ok
08:49:14.0699 4248 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:49:14.0704 4248 iphlpsvc - ok
08:49:14.0746 4248 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
08:49:14.0749 4248 IPMIDRV - ok
08:49:14.0758 4248 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
08:49:14.0763 4248 IPNAT - ok
08:49:14.0793 4248 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:49:14.0795 4248 IRENUM - ok
08:49:14.0810 4248 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:49:14.0812 4248 isapnp - ok
08:49:14.0845 4248 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
08:49:14.0849 4248 iScsiPrt - ok
08:49:14.0873 4248 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
08:49:14.0875 4248 kbdclass - ok
08:49:14.0901 4248 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
08:49:14.0903 4248 kbdhid - ok
08:49:14.0927 4248 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
08:49:14.0928 4248 KeyIso - ok
08:49:14.0952 4248 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:49:14.0955 4248 KSecDD - ok
08:49:14.0981 4248 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
08:49:14.0984 4248 KSecPkg - ok
08:49:15.0003 4248 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
08:49:15.0004 4248 ksthunk - ok
08:49:15.0024 4248 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
08:49:15.0030 4248 KtmRm - ok
08:49:15.0062 4248 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
08:49:15.0066 4248 LanmanServer - ok
08:49:15.0097 4248 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:49:15.0100 4248 LanmanWorkstation - ok
08:49:15.0122 4248 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:49:15.0124 4248 lltdio - ok
08:49:15.0140 4248 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:49:15.0145 4248 lltdsvc - ok
08:49:15.0151 4248 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:49:15.0154 4248 lmhosts - ok
08:49:15.0189 4248 [ 2763A02188FFB04287F5034EC5B6B451 ] LMS C:\Program Files (x86)\Intel\AMT\LMS.exe
08:49:15.0191 4248 LMS - ok
08:49:15.0215 4248 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
08:49:15.0218 4248 LSI_FC - ok
08:49:15.0224 4248 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
08:49:15.0227 4248 LSI_SAS - ok
08:49:15.0233 4248 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:49:15.0242 4248 LSI_SAS2 - ok
08:49:15.0250 4248 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:49:15.0253 4248 LSI_SCSI - ok
08:49:15.0278 4248 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
08:49:15.0281 4248 luafv - ok
08:49:15.0318 4248 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
08:49:15.0319 4248 MBAMProtector - ok
08:49:15.0382 4248 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
08:49:15.0390 4248 MBAMScheduler - ok
08:49:15.0412 4248 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
08:49:15.0420 4248 MBAMService - ok
08:49:15.0482 4248 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
08:49:15.0487 4248 McComponentHostService - ok
08:49:15.0514 4248 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:49:15.0519 4248 Mcx2Svc - ok
08:49:15.0527 4248 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
08:49:15.0531 4248 megasas - ok
08:49:15.0542 4248 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
08:49:15.0548 4248 MegaSR - ok
08:49:15.0613 4248 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
08:49:15.0617 4248 Microsoft Office Groove Audit Service - ok
08:49:15.0651 4248 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
08:49:15.0654 4248 MMCSS - ok
08:49:15.0669 4248 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
08:49:15.0672 4248 Modem - ok
08:49:15.0681 4248 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:49:15.0682 4248 monitor - ok
08:49:15.0698 4248 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
08:49:15.0703 4248 mouclass - ok
08:49:15.0734 4248 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:49:15.0736 4248 mouhid - ok
08:49:15.0770 4248 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
08:49:15.0771 4248 mountmgr - ok
08:49:15.0845 4248 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:49:15.0849 4248 MozillaMaintenance - ok
08:49:15.0880 4248 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
08:49:15.0884 4248 mpio - ok
08:49:15.0901 4248 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:49:15.0904 4248 mpsdrv - ok
08:49:15.0943 4248 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
08:49:15.0957 4248 MpsSvc - ok
08:49:16.0016 4248 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:49:16.0020 4248 MRxDAV - ok
08:49:16.0054 4248 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:49:16.0059 4248 mrxsmb - ok
08:49:16.0090 4248 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:49:16.0097 4248 mrxsmb10 - ok
08:49:16.0116 4248 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:49:16.0120 4248 mrxsmb20 - ok
08:49:16.0139 4248 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
08:49:16.0142 4248 msahci - ok
08:49:16.0164 4248 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:49:16.0166 4248 msdsm - ok
08:49:16.0180 4248 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
08:49:16.0184 4248 MSDTC - ok
08:49:16.0203 4248 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:49:16.0205 4248 Msfs - ok
08:49:16.0211 4248 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
08:49:16.0213 4248 mshidkmdf - ok
08:49:16.0223 4248 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:49:16.0226 4248 msisadrv - ok
08:49:16.0251 4248 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:49:16.0255 4248 MSiSCSI - ok
08:49:16.0260 4248 msiserver - ok
08:49:16.0287 4248 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:49:16.0296 4248 MSKSSRV - ok
08:49:16.0310 4248 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:49:16.0314 4248 MSPCLOCK - ok
08:49:16.0319 4248 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:49:16.0322 4248 MSPQM - ok
08:49:16.0361 4248 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:49:16.0367 4248 MsRPC - ok
08:49:16.0401 4248 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
08:49:16.0402 4248 mssmbios - ok
08:49:16.0418 4248 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:49:16.0421 4248 MSTEE - ok
08:49:16.0431 4248 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
08:49:16.0435 4248 MTConfig - ok
08:49:16.0452 4248 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
08:49:16.0454 4248 Mup - ok
08:49:16.0488 4248 [ C983834933213967B1F903535F2EA4C9 ] mvusbews C:\Windows\system32\Drivers\mvusbews.sys
08:49:16.0499 4248 mvusbews - ok
08:49:16.0534 4248 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
08:49:16.0540 4248 napagent - ok
08:49:16.0565 4248 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:49:16.0570 4248 NativeWifiP - ok
08:49:16.0607 4248 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
08:49:16.0616 4248 NDIS - ok
08:49:16.0622 4248 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
08:49:16.0625 4248 NdisCap - ok
08:49:16.0650 4248 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:49:16.0651 4248 NdisTapi - ok
08:49:16.0682 4248 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:49:16.0685 4248 Ndisuio - ok
08:49:16.0713 4248 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:49:16.0716 4248 NdisWan - ok
08:49:16.0743 4248 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:49:16.0745 4248 NDProxy - ok
08:49:16.0755 4248 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:49:16.0757 4248 NetBIOS - ok
08:49:16.0793 4248 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
08:49:16.0796 4248 NetBT - ok
08:49:16.0810 4248 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
08:49:16.0811 4248 Netlogon - ok
08:49:16.0837 4248 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
08:49:16.0841 4248 Netman - ok
08:49:16.0869 4248 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
08:49:16.0876 4248 netprofm - ok
08:49:16.0900 4248 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:49:16.0903 4248 NetTcpPortSharing - ok
08:49:16.0923 4248 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
08:49:16.0925 4248 nfrd960 - ok
08:49:16.0959 4248 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
08:49:16.0963 4248 NlaSvc - ok
08:49:17.0000 4248 [ 907B5E1E4A592E5EDC5E4CCBDE4863C2 ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys
08:49:17.0011 4248 nmwcd - ok
08:49:17.0040 4248 [ 41C1AC1F3613435EB32D67BCB80A5FA5 ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys
08:49:17.0043 4248 nmwcdc - ok
08:49:17.0061 4248 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:49:17.0065 4248 Npfs - ok
08:49:17.0080 4248 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
08:49:17.0082 4248 nsi - ok
08:49:17.0091 4248 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:49:17.0095 4248 nsiproxy - ok
08:49:17.0160 4248 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:49:17.0204 4248 Ntfs - ok
08:49:17.0222 4248 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
08:49:17.0225 4248 Null - ok
08:49:17.0248 4248 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:49:17.0250 4248 nvraid - ok
08:49:17.0275 4248 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:49:17.0279 4248 nvstor - ok
08:49:17.0297 4248 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:49:17.0300 4248 nv_agp - ok
08:49:17.0355 4248 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:49:17.0363 4248 odserv - ok
08:49:17.0390 4248 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
08:49:17.0394 4248 ohci1394 - ok
08:49:17.0412 4248 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:49:17.0417 4248 ose - ok
08:49:17.0448 4248 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
08:49:17.0457 4248 p2pimsvc - ok
08:49:17.0478 4248 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
08:49:17.0485 4248 p2psvc - ok
08:49:17.0503 4248 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
08:49:17.0505 4248 Parport - ok
08:49:17.0541 4248 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:49:17.0544 4248 partmgr - ok
08:49:17.0563 4248 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
08:49:17.0566 4248 PcaSvc - ok
08:49:17.0589 4248 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
08:49:17.0599 4248 pccsmcfd - ok
08:49:17.0616 4248 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
08:49:17.0619 4248 pci - ok
08:49:17.0629 4248 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
08:49:17.0631 4248 pciide - ok
08:49:17.0638 4248 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
08:49:17.0641 4248 pcmcia - ok
08:49:17.0656 4248 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
08:49:17.0658 4248 pcw - ok
08:49:17.0686 4248 pdfcDispatcher - ok
08:49:17.0704 4248 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:49:17.0712 4248 PEAUTH - ok
08:49:17.0746 4248 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
08:49:17.0765 4248 PeerDistSvc - ok
08:49:17.0837 4248 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
08:49:17.0841 4248 PerfHost - ok
08:49:17.0906 4248 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
08:49:17.0943 4248 pla - ok
08:49:17.0977 4248 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:49:17.0983 4248 PlugPlay - ok
08:49:18.0004 4248 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
08:49:18.0007 4248 PNRPAutoReg - ok
08:49:18.0030 4248 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
08:49:18.0032 4248 PNRPsvc - ok
08:49:18.0053 4248 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:49:18.0060 4248 PolicyAgent - ok
08:49:18.0091 4248 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
08:49:18.0095 4248 Power - ok
08:49:18.0113 4248 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:49:18.0116 4248 PptpMiniport - ok
08:49:18.0136 4248 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
08:49:18.0138 4248 Processor - ok
08:49:18.0172 4248 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
08:49:18.0175 4248 ProfSvc - ok
08:49:18.0193 4248 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:49:18.0194 4248 ProtectedStorage - ok
08:49:18.0223 4248 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
08:49:18.0225 4248 Psched - ok
08:49:18.0264 4248 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
08:49:18.0289 4248 ql2300 - ok
08:49:18.0302 4248 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
08:49:18.0305 4248 ql40xx - ok
08:49:18.0329 4248 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
08:49:18.0333 4248 QWAVE - ok
08:49:18.0346 4248 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:49:18.0348 4248 QWAVEdrv - ok
08:49:18.0353 4248 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:49:18.0355 4248 RasAcd - ok
08:49:18.0374 4248 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
08:49:18.0377 4248 RasAgileVpn - ok
08:49:18.0393 4248 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
08:49:18.0397 4248 RasAuto - ok
08:49:18.0433 4248 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:49:18.0437 4248 Rasl2tp - ok
08:49:18.0471 4248 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
08:49:18.0481 4248 RasMan - ok
08:49:18.0492 4248 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:49:18.0495 4248 RasPppoe - ok
08:49:18.0508 4248 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:49:18.0510 4248 RasSstp - ok
08:49:18.0543 4248 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:49:18.0547 4248 rdbss - ok
08:49:18.0566 4248 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
08:49:18.0568 4248 rdpbus - ok
08:49:18.0581 4248 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:49:18.0583 4248 RDPCDD - ok
08:49:18.0615 4248 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
08:49:18.0618 4248 RDPDR - ok
08:49:18.0632 4248 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:49:18.0634 4248 RDPENCDD - ok
08:49:18.0645 4248 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
08:49:18.0647 4248 RDPREFMP - ok
08:49:18.0678 4248 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:49:18.0682 4248 RDPWD - ok
08:49:18.0719 4248 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
08:49:18.0723 4248 rdyboost - ok
08:49:18.0737 4248 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:49:18.0740 4248 RemoteAccess - ok
08:49:18.0754 4248 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:49:18.0758 4248 RemoteRegistry - ok
08:49:18.0777 4248 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
08:49:18.0780 4248 RpcEptMapper - ok
08:49:18.0798 4248 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
08:49:18.0801 4248 RpcLocator - ok
08:49:18.0830 4248 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
08:49:18.0834 4248 RpcSs - ok
08:49:18.0845 4248 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:49:18.0847 4248 rspndr - ok
08:49:18.0880 4248 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
08:49:18.0882 4248 s3cap - ok
08:49:18.0902 4248 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
08:49:18.0904 4248 SamSs - ok
08:49:18.0932 4248 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:49:18.0935 4248 sbp2port - ok
08:49:18.0949 4248 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:49:18.0953 4248 SCardSvr - ok
08:49:18.0978 4248 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
08:49:18.0981 4248 scfilter - ok
08:49:19.0021 4248 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
08:49:19.0034 4248 Schedule - ok
08:49:19.0074 4248 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
08:49:19.0075 4248 SCPolicySvc - ok
08:49:19.0132 4248 [ 958E956E119EB7B9ABA142AFED1B5FF4 ] ScsiAccess C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe
08:49:19.0137 4248 ScsiAccess - ok
08:49:19.0173 4248 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:49:19.0180 4248 SDRSVC - ok
08:49:19.0192 4248 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:49:19.0195 4248 secdrv - ok
08:49:19.0225 4248 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
08:49:19.0230 4248 seclogon - ok
08:49:19.0239 4248 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
08:49:19.0242 4248 SENS - ok
08:49:19.0249 4248 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
08:49:19.0254 4248 SensrSvc - ok
08:49:19.0285 4248 [ 255476B54C82A89416EFDF09FD62F107 ] Sentinel64 C:\Windows\System32\Drivers\Sentinel64.sys
08:49:19.0288 4248 Sentinel64 - ok
08:49:19.0333 4248 [ 1BA2C677C6146A8B3ADEA7B69D2EED56 ] SentinelKeysServer C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
08:49:19.0339 4248 SentinelKeysServer - ok
08:49:19.0374 4248 [ D1A2BA8BF092DDF18F3D3DB1D5AC7803 ] SentinelProtectionServer C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
08:49:19.0392 4248 SentinelProtectionServer - ok
08:49:19.0428 4248 [ E80B91AEC007711B1EEC9C83487754E2 ] SentinelSecurityRuntime C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
08:49:19.0433 4248 SentinelSecurityRuntime - ok
08:49:19.0456 4248 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
08:49:19.0459 4248 Serenum - ok
08:49:19.0472 4248 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
08:49:19.0475 4248 Serial - ok
08:49:19.0521 4248 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
08:49:19.0523 4248 sermouse - ok
08:49:19.0594 4248 [ 668043F192AB9659761A349A4703600D ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
08:49:19.0599 4248 ServiceLayer - ok
08:49:19.0640 4248 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
08:49:19.0643 4248 SessionEnv - ok
08:49:19.0677 4248 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:49:19.0679 4248 sffdisk - ok
08:49:19.0695 4248 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:49:19.0697 4248 sffp_mmc - ok
08:49:19.0709 4248 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:49:19.0711 4248 sffp_sd - ok
08:49:19.0727 4248 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
08:49:19.0730 4248 sfloppy - ok
08:49:19.0782 4248 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:49:19.0789 4248 SharedAccess - ok
08:49:19.0864 4248 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:49:19.0873 4248 ShellHWDetection - ok
08:49:19.0903 4248 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:49:19.0905 4248 SiSRaid2 - ok
08:49:19.0937 4248 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
08:49:19.0939 4248 SiSRaid4 - ok
08:49:19.0972 4248 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:49:19.0974 4248 Smb - ok
08:49:20.0017 4248 [ B84440E7554FC85E900EEF0A7AABA228 ] snapman C:\Windows\system32\DRIVERS\snapman.sys
08:49:20.0020 4248 snapman - ok
08:49:20.0041 4248 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:49:20.0044 4248 SNMPTRAP - ok
08:49:20.0063 4248 [ 2D5576C01C8A34AA614870E745FE8F19 ] SNTUSB64 C:\Windows\system32\DRIVERS\SNTUSB64.SYS
08:49:20.0065 4248 SNTUSB64 - ok
08:49:20.0078 4248 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
08:49:20.0080 4248 spldr - ok
08:49:20.0116 4248 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
08:49:20.0129 4248 Spooler - ok
08:49:20.0212 4248 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
08:49:20.0300 4248 sppsvc - ok
08:49:20.0326 4248 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
08:49:20.0330 4248 sppuinotify - ok
08:49:20.0380 4248 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
08:49:20.0381 4248 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
08:49:20.0383 4248 sptd ( LockedFile.Multi.Generic ) - warning
08:49:20.0383 4248 sptd - detected LockedFile.Multi.Generic (1)
08:49:20.0416 4248 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
08:49:20.0422 4248 srv - ok
08:49:20.0441 4248 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:49:20.0447 4248 srv2 - ok
08:49:20.0462 4248 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:49:20.0466 4248 srvnet - ok
08:49:20.0492 4248 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:49:20.0496 4248 SSDPSRV - ok
08:49:20.0505 4248 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:49:20.0508 4248 SstpSvc - ok
08:49:20.0527 4248 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
08:49:20.0529 4248 stexstor - ok
08:49:20.0690 4248 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
08:49:20.0702 4248 stisvc - ok
08:49:20.0748 4248 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
08:49:20.0751 4248 storflt - ok
08:49:20.0776 4248 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
08:49:20.0781 4248 StorSvc - ok
08:49:20.0796 4248 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
08:49:20.0799 4248 storvsc - ok
08:49:20.0805 4248 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
08:49:20.0807 4248 swenum - ok
08:49:20.0908 4248 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
08:49:20.0917 4248 SwitchBoard - ok
08:49:20.0945 4248 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
08:49:20.0957 4248 swprv - ok
08:49:21.0015 4248 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
08:49:21.0046 4248 SysMain - ok
08:49:21.0078 4248 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:49:21.0081 4248 TabletInputService - ok
08:49:21.0114 4248 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
08:49:21.0120 4248 TapiSrv - ok
08:49:21.0135 4248 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
08:49:21.0138 4248 TBS - ok
08:49:21.0195 4248 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:49:21.0228 4248 Tcpip - ok
08:49:21.0260 4248 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
08:49:21.0271 4248 TCPIP6 - ok
08:49:21.0306 4248 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:49:21.0316 4248 tcpipreg - ok
08:49:21.0334 4248 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:49:21.0350 4248 TDPIPE - ok
08:49:21.0370 4248 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:49:21.0372 4248 TDTCP - ok
08:49:21.0403 4248 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:49:21.0406 4248 tdx - ok
08:49:21.0434 4248 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
08:49:21.0436 4248 TermDD - ok
08:49:21.0498 4248 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
08:49:21.0510 4248 TermService - ok
08:49:21.0522 4248 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
08:49:21.0525 4248 Themes - ok
08:49:21.0543 4248 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
08:49:21.0544 4248 THREADORDER - ok
08:49:21.0563 4248 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
08:49:21.0565 4248 TPM - ok
08:49:21.0581 4248 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
08:49:21.0583 4248 TrkWks - ok
08:49:21.0632 4248 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:49:21.0635 4248 TrustedInstaller - ok
08:49:21.0651 4248 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:49:21.0654 4248 tssecsrv - ok
08:49:21.0701 4248 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
08:49:21.0703 4248 TsUsbFlt - ok
08:49:21.0770 4248 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:49:21.0773 4248 tunnel - ok
08:49:21.0809 4248 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
08:49:21.0812 4248 uagp35 - ok
08:49:21.0847 4248 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:49:21.0852 4248 udfs - ok
08:49:21.0870 4248 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:49:21.0873 4248 UI0Detect - ok
08:49:21.0889 4248 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:49:21.0891 4248 uliagpkx - ok
08:49:21.0926 4248 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
08:49:21.0928 4248 umbus - ok
08:49:21.0946 4248 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
08:49:21.0948 4248 UmPass - ok
08:49:21.0965 4248 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll

Hurvajz84 · Příspěvekod **Hurvajz84** » 31 kvě 2013 09:15

2. část:

08:49:21.0968 4248 UmRdpService - ok
08:49:22.0044 4248 [ D47E82866A6FF02DAE9CEDF127C4BEE0 ] UNS C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
08:49:22.0087 4248 UNS - ok
08:49:22.0102 4248 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
08:49:22.0107 4248 upnphost - ok
08:49:22.0215 4248 [ 4E93C8496359E97830C75AC36393654D ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
08:49:22.0218 4248 upperdev - ok
08:49:22.0242 4248 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:49:22.0246 4248 usbccgp - ok
08:49:22.0281 4248 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:49:22.0287 4248 usbcir - ok
08:49:22.0311 4248 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
08:49:22.0314 4248 usbehci - ok
08:49:22.0352 4248 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:49:22.0358 4248 usbhub - ok
08:49:22.0380 4248 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
08:49:22.0383 4248 usbohci - ok
08:49:22.0411 4248 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
08:49:22.0414 4248 usbprint - ok
08:49:22.0466 4248 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
08:49:22.0469 4248 usbscan - ok
08:49:22.0508 4248 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys
08:49:22.0512 4248 usbser - ok
08:49:22.0524 4248 [ 8844CB19A37B65E27049D4A7786726A9 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
08:49:22.0527 4248 UsbserFilt - ok
08:49:22.0552 4248 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:49:22.0554 4248 USBSTOR - ok
08:49:22.0582 4248 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
08:49:22.0584 4248 usbuhci - ok
08:49:22.0605 4248 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
08:49:22.0607 4248 UxSms - ok
08:49:22.0619 4248 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
08:49:22.0620 4248 VaultSvc - ok
08:49:22.0638 4248 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
08:49:22.0640 4248 vdrvroot - ok
08:49:22.0678 4248 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
08:49:22.0686 4248 vds - ok
08:49:22.0691 4248 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:49:22.0694 4248 vga - ok
08:49:22.0700 4248 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
08:49:22.0703 4248 VgaSave - ok
08:49:22.0782 4248 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
08:49:22.0787 4248 vhdmp - ok
08:49:22.0802 4248 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
08:49:22.0805 4248 viaide - ok
08:49:22.0837 4248 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
08:49:22.0840 4248 vmbus - ok
08:49:22.0870 4248 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
08:49:22.0872 4248 VMBusHID - ok
08:49:22.0886 4248 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:49:22.0889 4248 volmgr - ok
08:49:22.0918 4248 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:49:22.0922 4248 volmgrx - ok
08:49:22.0938 4248 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:49:22.0943 4248 volsnap - ok
08:49:22.0967 4248 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
08:49:22.0970 4248 vsmraid - ok
08:49:23.0011 4248 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
08:49:23.0037 4248 VSS - ok
08:49:23.0047 4248 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
08:49:23.0049 4248 vwifibus - ok
08:49:23.0075 4248 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
08:49:23.0080 4248 W32Time - ok
08:49:23.0088 4248 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
08:49:23.0091 4248 WacomPen - ok
08:49:23.0116 4248 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
08:49:23.0118 4248 WANARP - ok
08:49:23.0122 4248 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:49:23.0123 4248 Wanarpv6 - ok
08:49:23.0171 4248 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
08:49:23.0188 4248 WatAdminSvc - ok
08:49:23.0234 4248 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
08:49:23.0263 4248 wbengine - ok
08:49:23.0276 4248 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
08:49:23.0281 4248 WbioSrvc - ok
08:49:23.0314 4248 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:49:23.0320 4248 wcncsvc - ok
08:49:23.0334 4248 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:49:23.0337 4248 WcsPlugInService - ok
08:49:23.0342 4248 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
08:49:23.0346 4248 Wd - ok
08:49:23.0376 4248 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
08:49:23.0388 4248 WDC_SAM - ok
08:49:23.0468 4248 [ 334E5ED94D3FAFF3C44F4D36B1FE1C90 ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
08:49:23.0494 4248 WDDMService - ok
08:49:23.0540 4248 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:49:23.0552 4248 Wdf01000 - ok
08:49:23.0576 4248 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:49:23.0581 4248 WdiServiceHost - ok
08:49:23.0586 4248 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:49:23.0588 4248 WdiSystemHost - ok
08:49:23.0648 4248 [ 138AB06ADBBF300AA804D7974A5AEC82 ] WDSmartWareBackgroundService C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
08:49:23.0828 4248 WDSmartWareBackgroundService - ok
08:49:23.0860 4248 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
08:49:23.0866 4248 WebClient - ok
08:49:23.0880 4248 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:49:23.0887 4248 Wecsvc - ok
08:49:23.0906 4248 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:49:23.0908 4248 wercplsupport - ok
08:49:23.0924 4248 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
08:49:23.0928 4248 WerSvc - ok
08:49:23.0956 4248 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
08:49:23.0958 4248 WfpLwf - ok
08:49:23.0975 4248 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
08:49:23.0977 4248 WIMMount - ok
08:49:23.0999 4248 WinDefend - ok
08:49:24.0004 4248 WinHttpAutoProxySvc - ok
08:49:24.0066 4248 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:49:24.0070 4248 Winmgmt - ok
08:49:24.0122 4248 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
08:49:24.0155 4248 WinRM - ok
08:49:24.0212 4248 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
08:49:24.0214 4248 WinUsb - ok
08:49:24.0265 4248 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
08:49:24.0295 4248 Wlansvc - ok
08:49:24.0405 4248 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:49:24.0440 4248 wlidsvc - ok
08:49:24.0462 4248 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
08:49:24.0463 4248 WmiAcpi - ok
08:49:24.0498 4248 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:49:24.0501 4248 wmiApSrv - ok
08:49:24.0515 4248 WMPNetworkSvc - ok
08:49:24.0536 4248 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:49:24.0540 4248 WPCSvc - ok
08:49:24.0568 4248 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:49:24.0572 4248 WPDBusEnum - ok
08:49:24.0598 4248 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:49:24.0600 4248 ws2ifsl - ok
08:49:24.0615 4248 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
08:49:24.0618 4248 wscsvc - ok
08:49:24.0623 4248 WSearch - ok
08:49:24.0698 4248 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
08:49:24.0763 4248 wuauserv - ok
08:49:24.0799 4248 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
08:49:24.0810 4248 WudfPf - ok
08:49:24.0848 4248 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:49:24.0860 4248 WUDFRd - ok
08:49:24.0887 4248 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:49:24.0900 4248 wudfsvc - ok
08:49:24.0928 4248 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
08:49:24.0942 4248 WwanSvc - ok
08:49:24.0948 4248 ================ Scan global ===============================
08:49:24.0977 4248 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
08:49:25.0008 4248 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
08:49:25.0016 4248 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
08:49:25.0065 4248 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
08:49:25.0090 4248 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
08:49:25.0097 4248 [Global] - ok
08:49:25.0098 4248 ================ Scan MBR ==================================
08:49:25.0120 4248 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
08:49:25.0320 4248 \Device\Harddisk0\DR0 - ok
08:49:25.0328 4248 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR1
08:49:25.0336 4248 \Device\Harddisk1\DR1 - ok
08:49:25.0337 4248 ================ Scan VBR ==================================
08:49:25.0341 4248 [ 3C8F20D113BFA813D13D12A469CFE116 ] \Device\Harddisk0\DR0\Partition1
08:49:25.0343 4248 \Device\Harddisk0\DR0\Partition1 - ok
08:49:25.0354 4248 [ D08D7F5FF43EAF4DC46054AF7A534686 ] \Device\Harddisk0\DR0\Partition2
08:49:25.0356 4248 \Device\Harddisk0\DR0\Partition2 - ok
08:49:25.0376 4248 [ 8F338FFA7EDB145E82721C49D0F2AF39 ] \Device\Harddisk0\DR0\Partition3
08:49:25.0378 4248 \Device\Harddisk0\DR0\Partition3 - ok
08:49:25.0403 4248 [ E8479DDFFD40793A65E9D67817FD0EEB ] \Device\Harddisk0\DR0\Partition4
08:49:25.0405 4248 \Device\Harddisk0\DR0\Partition4 - ok
08:49:25.0410 4248 [ ECB3497960DA9F2BD6DC40F261C25AC7 ] \Device\Harddisk1\DR1\Partition1
08:49:25.0411 4248 \Device\Harddisk1\DR1\Partition1 - ok
08:49:25.0412 4248 ============================================================
08:49:25.0412 4248 Scan finished
08:49:25.0412 4248 ============================================================
08:49:25.0423 2656 Detected object count: 1
08:49:25.0423 2656 Actual detected object count: 1
08:49:32.0207 2656 sptd ( LockedFile.Multi.Generic ) - skipped by user
08:49:32.0207 2656 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
08:49:38.0064 3244 Deinitialize success

Hurvajz84 · Příspěvekod **Hurvajz84** » 31 kvě 2013 09:15

ComboFix 13-05-30.02 - HurvajzPC 31.05.2013 8:58.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3991.2356 [GMT 2:00]
Spuštěný z: c:\users\HurvajzPC\Desktop\ComboFix.exe
AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\DealPly.crx
c:\program files (x86)\DealPly\DealPly.xpi
c:\program files (x86)\DealPly\DealPlyIE.dll
c:\program files (x86)\DealPly\DealPlyIE64.dll
c:\program files (x86)\DealPly\DealPlyUpdate.exe
c:\program files (x86)\DealPly\DealPlyUpdateRun.exe
c:\program files (x86)\DealPly\DealPlyUpdateVer.exe
c:\program files (x86)\DealPly\icon.ico
c:\program files (x86)\DealPly\uninst.exe
c:\programdata\Browase2ssAAve
c:\programdata\Browase2ssAAve\5142dff232da5.tlb
c:\programdata\Browase2ssAAve\settings.ini
c:\programdata\Browase2ssAAve\uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Browase2ssAAve
c:\programdata\Microsoft\Windows\Start Menu\Programs\Browase2ssAAve\Browase2ssAAve.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Browase2ssAAve\Uninstall.lnk
c:\users\HurvajzPC\AppData\Roaming\337
c:\users\HurvajzPC\AppData\Roaming\337\Gmail\gamelogin.exe
c:\users\HurvajzPC\AppData\Roaming\337\Gmail\gl.db
c:\users\HurvajzPC\AppData\Roaming\337\Gmail\image\default\cmn\game_bk_wnd.png
c:\users\HurvajzPC\AppData\Roaming\337\Gmail\image\default\cmn\game_close.png
c:\users\HurvajzPC\AppData\Roaming\337\Gmail\image\default\cmn\game_hide.png
c:\users\HurvajzPC\AppData\Roaming\337\Gmail\image\default\cmn\game_max.png
c:\users\HurvajzPC\AppData\Roaming\337\Gmail\image\default\cmn\game_min.png
c:\users\HurvajzPC\AppData\Roaming\337\Gmail\image\default\cmn\game_restore.png
c:\users\HurvajzPC\AppData\Roaming\337\Gmail\image\default\cmn\game_system.png
c:\users\HurvajzPC\AppData\Roaming\337\Gmail\image\default\cmn\menu_bg.png
c:\users\HurvajzPC\AppData\Roaming\337\Gmail\image\default\cmn\menu_item_over.png
c:\users\HurvajzPC\AppData\Roaming\337\Gmail\image\default\cmn\pic-error.png
c:\users\HurvajzPC\AppData\Roaming\337\Gmail\image\default\cmn\pic-info.png
c:\users\HurvajzPC\AppData\Roaming\337\Gmail\image\default\cmn\pic-question.png
c:\users\HurvajzPC\AppData\Roaming\337\Gmail\image\default\cmn\pic-warning.png
c:\users\HurvajzPC\AppData\Roaming\337\Gmail\image\default\cmn\popup_dialog_bk.bmp
c:\users\HurvajzPC\AppData\Roaming\337\Gmail\image\default\cmn\prepare.png
c:\users\HurvajzPC\AppData\Roaming\337\Gmail\image\default\gmail\app_icon_en_us.png
c:\users\HurvajzPC\AppData\Roaming\337\Gmail\image\default\resource.xml
c:\users\HurvajzPC\AppData\Roaming\337\Gmail\language\en_us\game_login.ini
c:\users\HurvajzPC\AppData\Roaming\337\Gmail\language\es_es\game_login.ini
c:\users\HurvajzPC\AppData\Roaming\337\Gmail\language\protocol.txt
c:\users\HurvajzPC\AppData\Roaming\337\Gmail\language\pt_br\game_login.ini
c:\users\HurvajzPC\AppData\Roaming\337\Gmail\language\tr_tr\game_login.ini
c:\users\HurvajzPC\AppData\Roaming\337\Gmail\language\zh_tw\game_login.ini
c:\users\HurvajzPC\AppData\Roaming\337\Gmail\layout\default\game.xml
c:\users\HurvajzPC\AppData\Roaming\337\Gmail\layout\default\game_login_gmail_all.xml
c:\users\HurvajzPC\AppData\Roaming\337\Gmail\layout\default\msgbox.xml
c:\users\HurvajzPC\AppData\Roaming\337\Gmail\layout\default\newwindow.xml
c:\users\HurvajzPC\AppData\Roaming\337\Gmail\main
c:\users\HurvajzPC\AppData\Roaming\337\Gmail\style\style.xml
c:\users\HurvajzPC\AppData\Roaming\337\Gmail\TrayDownloader.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\drivers\hosts
c:\windows\SysWow64\is-B04GE.tmp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-04-28 do 2013-05-31 )))))))))))))))))))))))))))))))
.
.
2013-05-31 07:07 . 2013-05-31 07:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-30 10:14 . 2013-05-30 10:14 -------- d-----w- c:\users\HurvajzPC\AppData\Roaming\Malwarebytes
2013-05-30 10:14 . 2013-05-30 10:14 -------- d-----w- c:\programdata\Malwarebytes
2013-05-30 10:14 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-30 10:14 . 2013-05-30 10:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-29 11:22 . 2013-05-29 11:22 -------- d-----w- c:\users\HurvajzPC\AppData\Roaming\DealPly
2013-05-23 07:30 . 2013-05-23 07:30 834544 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-05-23 07:30 . 2013-05-23 07:30 -------- d-----w- c:\program files (x86)\LSoft Technologies
2013-05-23 01:01 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll
2013-05-23 01:01 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-23 01:01 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-05-22 11:40 . 2013-05-22 11:40 -------- d-----w- c:\program files (x86)\Enigma Software Group
2013-05-22 08:31 . 2013-05-22 08:31 -------- d-----w- c:\program files\Enigma Software Group
2013-05-22 08:31 . 2013-05-22 11:49 -------- d-----w- c:\windows\BCD5545077AC4347B24F654B1189F8D4.TMP
2013-05-22 08:31 . 2013-05-22 08:31 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-05-22 08:30 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-22 08:30 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-22 08:30 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-22 08:30 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-22 08:30 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-22 08:30 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-22 08:30 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-22 08:30 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-22 08:30 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-22 08:29 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-05-22 08:29 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-22 08:29 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-22 07:58 . 2013-05-22 07:58 -------- d-----w- c:\users\HurvajzPC\AppData\Roaming\AVG9
2013-05-14 14:17 . 2013-05-14 14:17 -------- d-----w- c:\program files (x86)\PlayMillion
2013-05-14 14:17 . 2013-05-29 11:21 -------- d-----w- c:\programdata\eSafe
2013-05-14 14:17 . 2013-05-22 08:24 -------- d-----w- c:\users\HurvajzPC\AppData\Roaming\Desk 365
2013-05-14 14:16 . 2013-05-29 11:06 -------- d-----w- c:\users\HurvajzPC\AppData\Roaming\eIntaller
2013-05-14 10:14 . 2013-05-14 10:14 -------- d-----w- c:\programdata\deletepart
2013-05-14 10:13 . 2013-05-14 10:13 -------- d-----w- c:\programdata\mergeparts
2013-05-14 10:10 . 2013-05-14 10:10 -------- d-----w- c:\programdata\redistpart
2013-05-14 10:03 . 2013-05-14 10:03 -------- d-----w- c:\programdata\explauncher
2013-05-14 10:03 . 2013-05-14 10:03 -------- d-----w- c:\programdata\launcher
2013-05-14 10:02 . 2013-05-14 10:07 -------- d-----w- c:\program files (x86)\Paragon Software
2013-05-14 10:00 . 2013-05-14 10:00 -------- d-----w- c:\program files (x86)\Paragon Partition Manager 12 P
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-23 01:05 . 2011-07-11 07:13 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-22 08:22 . 2010-06-24 09:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-15 13:37 . 2012-05-01 09:31 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 13:37 . 2011-10-14 05:59 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 08:57 . 2010-10-18 04:15 2099376 ----a-w- c:\windows\system32\AutoPartNt.exe
2013-04-13 05:49 . 2013-05-22 08:30 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-22 08:30 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-22 08:30 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-22 08:30 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-22 08:30 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-22 08:30 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 09:40 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-19 06:04 . 2013-04-10 05:57 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 05:57 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 05:57 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 05:57 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 05:57 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 05:57 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-14 10:50 . 2013-03-14 10:50 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-14 10:50 . 2013-03-14 10:50 310688 ----a-w- c:\windows\system32\javaws.exe
2013-03-14 10:50 . 2013-03-14 10:50 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-14 10:50 . 2013-03-14 10:50 188832 ----a-w- c:\windows\system32\javaw.exe
2013-03-14 10:50 . 2013-03-14 10:50 188320 ----a-w- c:\windows\system32\java.exe
2013-03-14 10:50 . 2013-03-14 10:50 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-12-10 1520840]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-12-10 18:32 1520840 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-12-10 1520840]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"="c:\windows\OETRN.EXE" [2010-10-19 26624]
"CooLWPC3"="c:\program files (x86)\CooL Wallpaper Changer\coolwpc.exe" [2003-04-06 1008128]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2011-11-01 1053056]
"feedreader.exe"="c:\program files (x86)\FeedReader30\feedreader.exe" [2009-03-29 2058240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-06-18 563736]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Rocky2Xerox_S2P"="c:\program files (x86)\Xerox\Xerox WC PE120 Series\RCP\Scan2Pc.exe" [2005-03-24 65536]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2012-01-27 2077536]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2009-07-01 37888]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-05-07 591696]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-12-10 1573576]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2119488]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2012-11-07 19968]
R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;c:\windows\system32\DRIVERS\SNTUSB64.SYS [2009-09-17 58792]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-18 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464]
S0 AvgRkx64;avgrkx64.sys;c:\windows\System32\Drivers\avgrkx64.sys [2010-10-19 56008]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2013-05-23 834544]
S1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\System32\Drivers\avgldx64.sys [2013-01-16 282976]
S1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\System32\Drivers\avgmfx64.sys [2011-09-14 35664]
S1 AvgTdiA;AVG Network Redirector x64;c:\windows\System32\Drivers\avgtdia.sys [2011-05-20 317520]
S2 avg9wd;AVG WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2010-10-19 308136]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2010-11-24 127800]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-06-18 635416]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [2009-09-17 145448]
S2 SentinelKeysServer;Sentinel Keys Server;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2009-09-16 369952]
S2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2009-09-16 292128]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2009-07-24 2066968]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 129536]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-09-02 273584]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-07-24 56344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-05-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 13:37]
.
2013-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-18 10:58]
.
2013-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-18 10:58]
.
2013-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3243620498-2392249021-2529405912-1000Core.job
- c:\users\HurvajzPC\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-21 07:57]
.
2013-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3243620498-2392249021-2529405912-1000UA.job
- c:\users\HurvajzPC\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-21 07:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-03 7938080]
"picon"="c:\program files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-07-24 796696]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\avgrssta.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Doplňkový sken -------
.
uStart Page = hxxp://en.v9.com/?utm_source=b&utm_medi ... 1369826517
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://search.qip.ru
mDefault_Page_URL = hxxp://en.v9.com/?utm_source=b&utm_medi ... 1369826517
mStart Page = hxxp://en.v9.com/?utm_source=b&utm_medi ... 1369826517
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
mSearchAssistant = hxxp://www.google.com/ie
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: DhcpNameServer = 158.194.108.164 158.194.244.2
FF - ProfilePath - c:\users\HurvajzPC\AppData\Roaming\Mozilla\Firefox\Profiles\a163dki8.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - http://www.ursus.cz
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?clien ... 00YYCZ&&q=
FF - prefs.js: network.proxy.type - 2
FF - ExtSQL: 2013-05-29 13:22; addon@dealplyshopping.com; c:\users\HurvajzPC\AppData\Roaming\Mozilla\Firefox\Profiles\a163dki8.default\extensions\addon@dealplyshopping.com
.
.
------- Asociace souborů -------
.
txtfile=c:\windows\notepad.exe %1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe
AddRemove-{C3F3165C-74D3-6FDB-3274-14FDA8698CFA} - c:\programdata\Browase2ssAAve\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-05-31 09:11:03
ComboFix-quarantined-files.txt 2013-05-31 07:11
.
Před spuštěním: 2 137 735 168
Po spuštění: 1 988 231 168
.
- - End Of File - - CB0A80A78DC4885A6A4CD6751FE432EC

Příspěvekod **memphisto** » 31 kvě 2013 10:23

Máš naprosto nedostačující volné místo na systémovém disku! Necelé 2 GB je fakt málo. problémům se vůbec nedivím. Správně má být volno kolem 10-15 % kapacity pro plynulý chod! Budeš něco muset smazat jinak se problémů nezbavíš.

Výsledný log z Combofixu bude hooodně dlouhý, tak jej rozděl na více odpovědí pokud se nevleze do jedné.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
Folder::
c:\users\HurvajzPC\AppData\Roaming\DealPly
c:\program files (x86)\Ask.com
c:\program files (x86)\McAfee Security Scan
c:\program files\Enigma Software Group\SpyHunter
c:\program files (x86)\Microsoft\BingBar

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3243620498-2392249021-2529405912-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3243620498-2392249021-2529405912-1000UA.job

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"=-

Driver::
McComponentHostService
esgiguard
BBSvc
BBUpdate

DDS::
uStart Page = hxxp://en.v9.com/?utm_source=b&utm_medi ... 1369826517
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://search.qip.ru
mDefault_Page_URL = hxxp://en.v9.com/?utm_source=b&utm_medi ... 1369826517
mStart Page = hxxp://en.v9.com/?utm_source=b&utm_medi ... 1369826517
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip

Firefox::
FF - ProfilePath - c:\users\HurvajzPC\AppData\Roaming\Mozilla\Firefox\Profiles\a163dki8.default\
FF - prefs.js: browser.startup.homepage - http://www.ursus.cz
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?clien ... 00YYCZ&&q=
FF - ExtSQL: 2013-05-29 13:22; addon@dealplyshopping.com; c:\users\HurvajzPC\AppData\Roaming\Mozilla\Firefox\Profiles\a163dki8.default\extensions\addon@dealplyshopping.com

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť?.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Kontrola logu, vir www.qvo6.com

Kontrola logu, vir www.qvo6.com

Re: Kontrola logu, vir www.qvo6.com

Re: Kontrola logu, vir www.qvo6.com

Re: Kontrola logu, vir www.qvo6.com

Re: Kontrola logu, vir www.qvo6.com

Re: Kontrola logu, vir www.qvo6.com

Re: Kontrola logu, vir www.qvo6.com

Re: Kontrola logu, vir www.qvo6.com

Re: Kontrola logu, vir www.qvo6.com

Re: Kontrola logu, vir www.qvo6.com

Re: Kontrola logu, vir www.qvo6.com

Re: Kontrola logu, vir www.qvo6.com

Kdo je online