Prosím o kontrolu logu

phanst33l · Příspěvekod **phanst33l** » 05 zář 2012 16:00

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:55:56, on 5. 9. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
C:\ProgramData\Battle.net\Client\Blizzard Launcher.1845\Blizzard Launcher.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
D:\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:splashtopconnect
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Splashtop Connect SearchHook - {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll
R3 - URLSearchHook: (no name) - {f999a48b-1950-4d81-9971-79018f807b4b} - (no file)
R3 - URLSearchHook: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Splashtop Connect VisualBookmark - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: uTorrentControl2 - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Pomocník pri prihlasovaní v konte Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
O4 - HKLM\..\Run: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
O4 - HKLM\..\Run: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [RGSC] E:\Hry\RSG\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Intel\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Free YouTube Download - C:\Users\Intel\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Intel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {4F9FD89A-24F0-4fb7-9635-D54B3593B85B} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra 'Tools' menuitem: @"C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCHelper.exe",-101 - {4F9FD89A-24F0-4fb7-9635-D54B3593B85B} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra button: @"C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCHelper.exe",-103 - {9E508DD9-844C-4985-AC11-AFE5DD71E0BF} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra button: (no name) - {B771147A-4CC8-450e-8AB1-7D47821751B1} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra 'Tools' menuitem: @"C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCHelper.exe",-102 - {B771147A-4CC8-450e-8AB1-7D47821751B1} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra button: @"C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCHelper.exe",-104 - {EB89B163-2474-4734-9E93-68B61BC5BED5} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Splashtop Connect Service (SCBackService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Splashtop Connect Firefox Software Updater Service (WCUService_STC_FF) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
O23 - Service: Splashtop Connect IE Software Updater Service (WCUService_STC_IE) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11736 bytes

Ďakujem.

Reklama

Příspěvekod **jaro3** » 05 zář 2012 22:25

Odinstaluj:
uTorrentControl2 Toolbar
Skype\Toolbars

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:splashtopconnect
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Splashtop Connect SearchHook - {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll
R3 - URLSearchHook: (no name) - {f999a48b-1950-4d81-9971-79018f807b4b} - (no file)
R3 - URLSearchHook: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: uTorrentControl2 - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O3 - Toolbar: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Intel\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

Problémy? Jaké?

phanst33l · Příspěvekod **phanst33l** » 05 zář 2012 23:32

Malwarebytes Anti-Malware (Skúšobná verzia) 1.62.0.1300
www.malwarebytes.org

Verzia databázy: v2012.09.05.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Intel :: INTEL-PC [administrátor]

Ochrana: Zapnuté

5. 9. 2012 23:28:59
mbam-log-2012-09-05 (23-31-25).txt

Typ kontroly: Rýchla kontrola
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 208035
Uplynutý čas: 2 min, 9 sek

Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)

Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)

Detegované registračné kľúče: 1
HKCU\Software\ErrorRepairPro (Rogue.ErrorRepairProfessional) -> Žiadna úloha nevykonaná.

Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)

Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)

Detegované priečinky: 3
C:\Program Files (x86)\Error Repair Professional (Rogue.ErrorRepairProfessional) -> Žiadna úloha nevykonaná.
C:\Program Files (x86)\Error Repair Professional\Backups (Rogue.ErrorRepairProfessional) -> Žiadna úloha nevykonaná.
C:\Program Files (x86)\Error Repair Professional\startbug (Rogue.ErrorRepairProfessional) -> Žiadna úloha nevykonaná.

Detegované súbory: 1
C:\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Žiadna úloha nevykonaná.

(koniec)

Příspěvekod **Žbeky** » 06 zář 2012 05:09

Znovu spusť MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

phanst33l · Příspěvekod **phanst33l** » 06 zář 2012 18:30

Malwarebytes Anti-Malware (Skúšobná verzia) 1.62.0.1300
www.malwarebytes.org

Verzia databázy: v2012.09.05.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Intel :: INTEL-PC [administrátor]

Ochrana: Zapnuté

6. 9. 2012 17:24:10
mbam-log-2012-09-06 (17-24-10).txt

Typ kontroly: Úplná kontrola (C:\|D:\|E:\|)
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 504891
Uplynutý čas: 1 hod, 37 sek

Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)

Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)

Detegované registračné kľúče: 1
HKCU\Software\ErrorRepairPro (Rogue.ErrorRepairProfessional) -> Pridanie do karantény a zmazanie úspešné.

Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)

Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)

Detegované priečinky: 3
C:\Program Files (x86)\Error Repair Professional (Rogue.ErrorRepairProfessional) -> Pridanie do karantény a zmazanie úspešné.
C:\Program Files (x86)\Error Repair Professional\Backups (Rogue.ErrorRepairProfessional) -> Pridanie do karantény a zmazanie úspešné.
C:\Program Files (x86)\Error Repair Professional\startbug (Rogue.ErrorRepairProfessional) -> Pridanie do karantény a zmazanie úspešné.

Detegované súbory: 2
D:\Downloads\OGGPlayerSetup.exe (PUP.BundleInstaller.RKN) -> Pridanie do karantény a zmazanie úspešné.
C:\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Pridanie do karantény a zmazanie úspešné.

(koniec)

phanst33l · Příspěvekod **phanst33l** » 06 zář 2012 18:51

18:41:35.0714 1676 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
18:41:35.0979 1676 ============================================================
18:41:35.0979 1676 Current date / time: 2012/09/06 18:41:35.0979
18:41:35.0979 1676 SystemInfo:
18:41:35.0979 1676
18:41:35.0979 1676 OS Version: 6.1.7601 ServicePack: 1.0
18:41:35.0979 1676 Product type: Workstation
18:41:35.0979 1676 ComputerName: INTEL-PC
18:41:35.0979 1676 UserName: Intel
18:41:35.0979 1676 Windows directory: C:\Windows
18:41:35.0979 1676 System windows directory: C:\Windows
18:41:35.0979 1676 Running under WOW64
18:41:35.0979 1676 Processor architecture: Intel x64
18:41:35.0979 1676 Number of processors: 4
18:41:35.0979 1676 Page size: 0x1000
18:41:35.0979 1676 Boot type: Normal boot
18:41:35.0979 1676 ============================================================
18:41:37.0908 1676 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:41:37.0908 1676 ============================================================
18:41:37.0908 1676 \Device\Harddisk0\DR0:
18:41:37.0908 1676 MBR partitions:
18:41:37.0908 1676 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x88B8000
18:41:37.0908 1676 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x88B8800, BlocksNum 0x35F26800
18:41:37.0908 1676 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3E7DF000, BlocksNum 0x35F27000
18:41:37.0908 1676 ============================================================
18:41:37.0923 1676 C: <-> \Device\Harddisk0\DR0\Partition1
18:41:37.0955 1676 D: <-> \Device\Harddisk0\DR0\Partition2
18:41:37.0986 1676 E: <-> \Device\Harddisk0\DR0\Partition3
18:41:37.0986 1676 ============================================================
18:41:37.0986 1676 Initialize success
18:41:37.0986 1676 ============================================================
18:41:40.0950 2808 ============================================================
18:41:40.0950 2808 Scan started
18:41:40.0950 2808 Mode: Manual;
18:41:40.0950 2808 ============================================================
18:41:42.0666 2808 ================ Scan system memory ========================
18:41:42.0666 2808 System memory - ok
18:41:42.0666 2808 ================ Scan services =============================
18:41:42.0837 2808 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:41:42.0837 2808 1394ohci - ok
18:41:42.0884 2808 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:41:42.0884 2808 ACPI - ok
18:41:42.0900 2808 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:41:42.0900 2808 AcpiPmi - ok
18:41:43.0009 2808 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:41:43.0009 2808 AdobeARMservice - ok
18:41:43.0150 2808 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:41:43.0165 2808 AdobeFlashPlayerUpdateSvc - ok
18:41:43.0196 2808 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:41:43.0212 2808 adp94xx - ok
18:41:43.0228 2808 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:41:43.0243 2808 adpahci - ok
18:41:43.0259 2808 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:41:43.0259 2808 adpu320 - ok
18:41:43.0274 2808 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:41:43.0274 2808 AeLookupSvc - ok
18:41:43.0321 2808 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:41:43.0337 2808 AFD - ok
18:41:43.0352 2808 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:41:43.0352 2808 agp440 - ok
18:41:43.0368 2808 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:41:43.0368 2808 ALG - ok
18:41:43.0384 2808 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:41:43.0384 2808 aliide - ok
18:41:43.0384 2808 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:41:43.0384 2808 amdide - ok
18:41:43.0399 2808 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:41:43.0399 2808 AmdK8 - ok
18:41:43.0415 2808 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
18:41:43.0415 2808 AmdPPM - ok
18:41:43.0446 2808 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:41:43.0446 2808 amdsata - ok
18:41:43.0477 2808 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
18:41:43.0477 2808 amdsbs - ok
18:41:43.0493 2808 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:41:43.0493 2808 amdxata - ok
18:41:43.0524 2808 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:41:43.0524 2808 AppID - ok
18:41:43.0540 2808 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:41:43.0540 2808 AppIDSvc - ok
18:41:43.0571 2808 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:41:43.0571 2808 Appinfo - ok
18:41:43.0586 2808 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
18:41:43.0586 2808 arc - ok
18:41:43.0602 2808 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:41:43.0602 2808 arcsas - ok
18:41:43.0618 2808 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:41:43.0618 2808 AsyncMac - ok
18:41:43.0618 2808 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:41:43.0618 2808 atapi - ok
18:41:43.0649 2808 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:41:43.0649 2808 AudioEndpointBuilder - ok
18:41:43.0664 2808 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:41:43.0664 2808 AudioSrv - ok
18:41:43.0696 2808 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:41:43.0696 2808 AxInstSV - ok
18:41:43.0711 2808 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
18:41:43.0727 2808 b06bdrv - ok
18:41:43.0758 2808 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:41:43.0758 2808 b57nd60a - ok
18:41:43.0789 2808 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:41:43.0789 2808 BDESVC - ok
18:41:43.0789 2808 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:41:43.0789 2808 Beep - ok
18:41:43.0836 2808 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:41:43.0836 2808 BFE - ok
18:41:43.0883 2808 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
18:41:43.0898 2808 BITS - ok
18:41:43.0914 2808 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:41:43.0914 2808 blbdrive - ok
18:41:43.0930 2808 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:41:43.0930 2808 bowser - ok
18:41:43.0945 2808 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
18:41:43.0945 2808 BrFiltLo - ok
18:41:43.0945 2808 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
18:41:43.0945 2808 BrFiltUp - ok
18:41:43.0976 2808 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:41:43.0976 2808 Browser - ok
18:41:44.0008 2808 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:41:44.0008 2808 Brserid - ok
18:41:44.0023 2808 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:41:44.0023 2808 BrSerWdm - ok
18:41:44.0023 2808 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:41:44.0039 2808 BrUsbMdm - ok
18:41:44.0039 2808 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:41:44.0039 2808 BrUsbSer - ok
18:41:44.0054 2808 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:41:44.0054 2808 BTHMODEM - ok
18:41:44.0070 2808 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:41:44.0070 2808 bthserv - ok
18:41:44.0086 2808 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:41:44.0086 2808 cdfs - ok
18:41:44.0101 2808 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:41:44.0101 2808 cdrom - ok
18:41:44.0132 2808 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:41:44.0132 2808 CertPropSvc - ok
18:41:44.0148 2808 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
18:41:44.0148 2808 circlass - ok
18:41:44.0179 2808 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:41:44.0179 2808 CLFS - ok
18:41:44.0226 2808 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:41:44.0242 2808 clr_optimization_v2.0.50727_32 - ok
18:41:44.0273 2808 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:41:44.0273 2808 clr_optimization_v2.0.50727_64 - ok
18:41:44.0366 2808 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:41:44.0382 2808 clr_optimization_v4.0.30319_32 - ok
18:41:44.0413 2808 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:41:44.0413 2808 clr_optimization_v4.0.30319_64 - ok
18:41:44.0429 2808 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
18:41:44.0429 2808 CmBatt - ok
18:41:44.0444 2808 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:41:44.0444 2808 cmdide - ok
18:41:44.0491 2808 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:41:44.0491 2808 CNG - ok
18:41:44.0507 2808 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
18:41:44.0507 2808 Compbatt - ok
18:41:44.0522 2808 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
18:41:44.0522 2808 CompositeBus - ok
18:41:44.0538 2808 COMSysApp - ok
18:41:44.0585 2808 [ 474425A857CD259222F649922DB45870 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
18:41:44.0585 2808 cphs - ok
18:41:44.0632 2808 [ 262969A3FAB32B9E17E63E2D17A57744 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys
18:41:44.0632 2808 cpuz135 - ok
18:41:44.0647 2808 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:41:44.0647 2808 crcdisk - ok
18:41:44.0678 2808 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:41:44.0694 2808 CryptSvc - ok
18:41:44.0710 2808 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:41:44.0710 2808 DcomLaunch - ok
18:41:44.0741 2808 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:41:44.0741 2808 defragsvc - ok
18:41:44.0756 2808 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:41:44.0756 2808 DfsC - ok
18:41:44.0819 2808 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:41:44.0819 2808 Dhcp - ok
18:41:44.0819 2808 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:41:44.0834 2808 discache - ok
18:41:44.0850 2808 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
18:41:44.0850 2808 Disk - ok
18:41:44.0866 2808 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:41:44.0881 2808 Dnscache - ok
18:41:44.0897 2808 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:41:44.0897 2808 dot3svc - ok
18:41:44.0912 2808 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:41:44.0912 2808 DPS - ok
18:41:44.0928 2808 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:41:44.0944 2808 drmkaud - ok
18:41:44.0959 2808 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:41:44.0959 2808 dtsoftbus01 - ok
18:41:45.0006 2808 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:41:45.0022 2808 DXGKrnl - ok
18:41:45.0037 2808 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:41:45.0037 2808 EapHost - ok
18:41:45.0100 2808 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
18:41:45.0178 2808 ebdrv - ok
18:41:45.0209 2808 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:41:45.0209 2808 EFS - ok
18:41:45.0271 2808 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:41:45.0271 2808 ehRecvr - ok
18:41:45.0287 2808 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:41:45.0287 2808 ehSched - ok
18:41:45.0302 2808 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:41:45.0318 2808 elxstor - ok
18:41:45.0318 2808 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:41:45.0334 2808 ErrDev - ok
18:41:45.0349 2808 [ 6C17A702399B0205AB7836C2B45CD806 ] EtronHub3 C:\Windows\system32\Drivers\EtronHub3.sys
18:41:45.0365 2808 EtronHub3 - ok
18:41:45.0380 2808 [ B5348A55CC9541FFA930E30BB0CC8EF6 ] EtronXHCI C:\Windows\system32\Drivers\EtronXHCI.sys
18:41:45.0396 2808 EtronXHCI - ok
18:41:45.0412 2808 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:41:45.0427 2808 EventSystem - ok
18:41:45.0443 2808 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:41:45.0443 2808 exfat - ok
18:41:45.0458 2808 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:41:45.0458 2808 fastfat - ok
18:41:45.0490 2808 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:41:45.0490 2808 Fax - ok
18:41:45.0521 2808 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
18:41:45.0521 2808 fdc - ok
18:41:45.0521 2808 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:41:45.0521 2808 fdPHost - ok
18:41:45.0536 2808 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:41:45.0536 2808 FDResPub - ok
18:41:45.0552 2808 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:41:45.0552 2808 FileInfo - ok
18:41:45.0568 2808 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:41:45.0568 2808 Filetrace - ok
18:41:45.0583 2808 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
18:41:45.0583 2808 flpydisk - ok
18:41:45.0599 2808 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:41:45.0599 2808 FltMgr - ok
18:41:45.0646 2808 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:41:45.0661 2808 FontCache - ok
18:41:45.0692 2808 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:41:45.0692 2808 FontCache3.0.0.0 - ok
18:41:45.0708 2808 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:41:45.0708 2808 FsDepends - ok
18:41:45.0724 2808 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:41:45.0724 2808 Fs_Rec - ok
18:41:45.0755 2808 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:41:45.0755 2808 fvevol - ok
18:41:45.0770 2808 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:41:45.0770 2808 gagp30kx - ok
18:41:45.0786 2808 gdrv - ok
18:41:45.0817 2808 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:41:45.0817 2808 gpsvc - ok
18:41:45.0911 2808 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:41:45.0911 2808 gupdate - ok
18:41:45.0911 2808 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:41:45.0926 2808 gupdatem - ok
18:41:45.0958 2808 [ F8F0851D336C3B88DBD7232B6348E09A ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
18:41:45.0958 2808 hamachi - ok
18:41:45.0973 2808 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:41:45.0973 2808 hcw85cir - ok
18:41:45.0989 2808 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:41:46.0004 2808 HdAudAddService - ok
18:41:46.0036 2808 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:41:46.0036 2808 HDAudBus - ok
18:41:46.0051 2808 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
18:41:46.0051 2808 HidBatt - ok
18:41:46.0067 2808 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:41:46.0067 2808 HidBth - ok
18:41:46.0082 2808 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
18:41:46.0082 2808 HidIr - ok
18:41:46.0098 2808 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:41:46.0098 2808 hidserv - ok
18:41:46.0114 2808 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:41:46.0129 2808 HidUsb - ok
18:41:46.0145 2808 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:41:46.0145 2808 hkmsvc - ok
18:41:46.0176 2808 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:41:46.0176 2808 HomeGroupListener - ok
18:41:46.0207 2808 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:41:46.0207 2808 HomeGroupProvider - ok
18:41:46.0223 2808 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:41:46.0223 2808 HpSAMD - ok
18:41:46.0254 2808 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:41:46.0254 2808 HTTP - ok
18:41:46.0254 2808 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:41:46.0270 2808 hwpolicy - ok
18:41:46.0285 2808 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:41:46.0285 2808 i8042prt - ok
18:41:46.0316 2808 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:41:46.0332 2808 iaStorV - ok
18:41:46.0363 2808 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:41:46.0363 2808 idsvc - ok
18:41:46.0644 2808 [ 72A89FFAB63239771DEE03C15AE7CAFD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
18:41:46.0987 2808 igfx - ok
18:41:46.0987 2808 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:41:46.0987 2808 iirsp - ok
18:41:47.0018 2808 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:41:47.0034 2808 IKEEXT - ok
18:41:47.0096 2808 [ 03076F51AF9F78A272CCCDE03E9340CE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:41:47.0112 2808 IntcAzAudAddService - ok
18:41:47.0128 2808 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:41:47.0128 2808 intelide - ok
18:41:47.0143 2808 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:41:47.0143 2808 intelppm - ok
18:41:47.0143 2808 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:41:47.0143 2808 IPBusEnum - ok
18:41:47.0159 2808 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:41:47.0159 2808 IpFilterDriver - ok
18:41:47.0174 2808 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:41:47.0174 2808 iphlpsvc - ok
18:41:47.0190 2808 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:41:47.0190 2808 IPMIDRV - ok
18:41:47.0206 2808 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:41:47.0206 2808 IPNAT - ok
18:41:47.0221 2808 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:41:47.0221 2808 IRENUM - ok
18:41:47.0237 2808 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:41:47.0237 2808 isapnp - ok
18:41:47.0252 2808 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:41:47.0252 2808 iScsiPrt - ok
18:41:47.0268 2808 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:41:47.0268 2808 kbdclass - ok
18:41:47.0284 2808 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:41:47.0284 2808 kbdhid - ok
18:41:47.0299 2808 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:41:47.0299 2808 KeyIso - ok
18:41:47.0330 2808 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:41:47.0346 2808 KSecDD - ok
18:41:47.0346 2808 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:41:47.0346 2808 KSecPkg - ok
18:41:47.0362 2808 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:41:47.0362 2808 ksthunk - ok
18:41:47.0377 2808 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:41:47.0377 2808 KtmRm - ok
18:41:47.0408 2808 [ 32980B4E711D2EF7128C44DC2CF85706 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
18:41:47.0408 2808 L1C - ok
18:41:47.0424 2808 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:41:47.0440 2808 LanmanServer - ok
18:41:47.0455 2808 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:41:47.0455 2808 LanmanWorkstation - ok
18:41:47.0486 2808 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:41:47.0486 2808 lltdio - ok
18:41:47.0502 2808 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:41:47.0502 2808 lltdsvc - ok
18:41:47.0533 2808 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:41:47.0533 2808 lmhosts - ok
18:41:47.0580 2808 [ 0803906D607A9B83184447B75B60ECC2 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:41:47.0580 2808 LMS - ok
18:41:47.0611 2808 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:41:47.0611 2808 LSI_FC - ok
18:41:47.0642 2808 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:41:47.0642 2808 LSI_SAS - ok
18:41:47.0658 2808 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
18:41:47.0658 2808 LSI_SAS2 - ok
18:41:47.0674 2808 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:41:47.0689 2808 LSI_SCSI - ok
18:41:47.0705 2808 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:41:47.0705 2808 luafv - ok
18:41:47.0767 2808 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:41:47.0767 2808 MBAMProtector - ok
18:41:47.0845 2808 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:41:47.0845 2808 MBAMService - ok
18:41:47.0876 2808 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:41:47.0876 2808 Mcx2Svc - ok
18:41:47.0892 2808 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
18:41:47.0892 2808 megasas - ok
18:41:47.0908 2808 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
18:41:47.0908 2808 MegaSR - ok
18:41:47.0939 2808 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
18:41:47.0939 2808 MEIx64 - ok
18:41:47.0939 2808 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:41:47.0954 2808 MMCSS - ok
18:41:47.0970 2808 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:41:47.0986 2808 Modem - ok
18:41:48.0001 2808 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:41:48.0001 2808 monitor - ok
18:41:48.0017 2808 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:41:48.0017 2808 mouclass - ok
18:41:48.0048 2808 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:41:48.0064 2808 mouhid - ok
18:41:48.0064 2808 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:41:48.0064 2808 mountmgr - ok
18:41:48.0110 2808 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:41:48.0110 2808 MozillaMaintenance - ok
18:41:48.0157 2808 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
18:41:48.0157 2808 MpFilter - ok
18:41:48.0173 2808 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:41:48.0173 2808 mpio - ok
18:41:48.0188 2808 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:41:48.0188 2808 mpsdrv - ok
18:41:48.0220 2808 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:41:48.0235 2808 MpsSvc - ok
18:41:48.0251 2808 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:41:48.0251 2808 MRxDAV - ok
18:41:48.0282 2808 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:41:48.0282 2808 mrxsmb - ok
18:41:48.0298 2808 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:41:48.0313 2808 mrxsmb10 - ok
18:41:48.0329 2808 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:41:48.0329 2808 mrxsmb20 - ok
18:41:48.0329 2808 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:41:48.0329 2808 msahci - ok
18:41:48.0360 2808 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:41:48.0360 2808 msdsm - ok
18:41:48.0360 2808 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:41:48.0360 2808 MSDTC - ok
18:41:48.0391 2808 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:41:48.0391 2808 Msfs - ok
18:41:48.0407 2808 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:41:48.0407 2808 mshidkmdf - ok
18:41:48.0407 2808 MSICDSetup - ok
18:41:48.0422 2808 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:41:48.0422 2808 msisadrv - ok
18:41:48.0438 2808 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:41:48.0454 2808 MSiSCSI - ok
18:41:48.0454 2808 msiserver - ok
18:41:48.0469 2808 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:41:48.0469 2808 MSKSSRV - ok
18:41:48.0532 2808 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
18:41:48.0532 2808 MsMpSvc - ok
18:41:48.0547 2808 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:41:48.0547 2808 MSPCLOCK - ok
18:41:48.0547 2808 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:41:48.0547 2808 MSPQM - ok
18:41:48.0578 2808 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:41:48.0578 2808 MsRPC - ok
18:41:48.0594 2808 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:41:48.0594 2808 mssmbios - ok
18:41:48.0610 2808 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:41:48.0610 2808 MSTEE - ok
18:41:48.0625 2808 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
18:41:48.0625 2808 MTConfig - ok
18:41:48.0625 2808 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:41:48.0625 2808 Mup - ok
18:41:48.0672 2808 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:41:48.0688 2808 napagent - ok
18:41:48.0703 2808 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:41:48.0703 2808 NativeWifiP - ok
18:41:48.0734 2808 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
18:41:48.0750 2808 NDIS - ok
18:41:48.0750 2808 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:41:48.0750 2808 NdisCap - ok
18:41:48.0766 2808 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:41:48.0766 2808 NdisTapi - ok
18:41:48.0781 2808 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:41:48.0781 2808 Ndisuio - ok
18:41:48.0797 2808 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:41:48.0797 2808 NdisWan - ok
18:41:48.0812 2808 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:41:48.0812 2808 NDProxy - ok
18:41:48.0812 2808 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:41:48.0812 2808 NetBIOS - ok
18:41:48.0828 2808 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:41:48.0828 2808 NetBT - ok
18:41:48.0844 2808 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:41:48.0844 2808 Netlogon - ok
18:41:48.0859 2808 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:41:48.0875 2808 Netman - ok
18:41:48.0875 2808 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:41:48.0890 2808 netprofm - ok
18:41:48.0922 2808 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:41:48.0922 2808 NetTcpPortSharing - ok
18:41:48.0953 2808 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:41:48.0953 2808 nfrd960 - ok
18:41:49.0000 2808 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:41:49.0015 2808 NisDrv - ok
18:41:49.0015 2808 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
18:41:49.0031 2808 NisSrv - ok
18:41:49.0046 2808 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:41:49.0062 2808 NlaSvc - ok
18:41:49.0078 2808 [ 907B5E1E4A592E5EDC5E4CCBDE4863C2 ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys
18:41:49.0078 2808 nmwcd - ok
18:41:49.0124 2808 [ 41C1AC1F3613435EB32D67BCB80A5FA5 ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys
18:41:49.0124 2808 nmwcdc - ok
18:41:49.0140 2808 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:41:49.0140 2808 Npfs - ok
18:41:49.0140 2808 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:41:49.0156 2808 nsi - ok
18:41:49.0156 2808 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:41:49.0156 2808 nsiproxy - ok
18:41:49.0218 2808 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:41:49.0249 2808 Ntfs - ok
18:41:49.0265 2808 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:41:49.0265 2808 Null - ok
18:41:49.0296 2808 [ 102806B360D0E6BC6E55BF47EF655D43 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
18:41:49.0296 2808 NVHDA - ok
18:41:49.0296 2808 nvlddmkm - ok
18:41:49.0327 2808 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:41:49.0327 2808 nvraid - ok
18:41:49.0358 2808 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:41:49.0358 2808 nvstor - ok
18:41:49.0374 2808 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:41:49.0374 2808 nv_agp - ok
18:41:49.0390 2808 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:41:49.0390 2808 ohci1394 - ok
18:41:49.0421 2808 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:41:49.0436 2808 p2pimsvc - ok
18:41:49.0452 2808 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:41:49.0468 2808 p2psvc - ok
18:41:49.0468 2808 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:41:49.0483 2808 Parport - ok
18:41:49.0514 2808 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:41:49.0514 2808 partmgr - ok
18:41:49.0530 2808 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:41:49.0530 2808 PcaSvc - ok
18:41:49.0546 2808 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:41:49.0546 2808 pci - ok
18:41:49.0561 2808 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:41:49.0561 2808 pciide - ok
18:41:49.0577 2808 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:41:49.0577 2808 pcmcia - ok
18:41:49.0592 2808 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:41:49.0592 2808 pcw - ok
18:41:49.0624 2808 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:41:49.0624 2808 PEAUTH - ok
18:41:49.0655 2808 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:41:49.0655 2808 PerfHost - ok
18:41:49.0702 2808 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:41:49.0733 2808 pla - ok
18:41:49.0780 2808 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:41:49.0780 2808 PlugPlay - ok
18:41:49.0811 2808 PnkBstrA - ok
18:41:49.0826 2808 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:41:49.0826 2808 PNRPAutoReg - ok
18:41:49.0826 2808 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:41:49.0842 2808 PNRPsvc - ok
18:41:49.0873 2808 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:41:49.0873 2808 PolicyAgent - ok
18:41:49.0920 2808 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:41:49.0920 2808 Power - ok
18:41:49.0936 2808 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:41:49.0951 2808 PptpMiniport - ok
18:41:49.0967 2808 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
18:41:49.0967 2808 Processor - ok
18:41:49.0998 2808 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:41:49.0998 2808 ProfSvc - ok
18:41:50.0014 2808 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:41:50.0014 2808 ProtectedStorage - ok
18:41:50.0029 2808 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:41:50.0029 2808 Psched - ok
18:41:50.0076 2808 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:41:50.0107 2808 ql2300 - ok
18:41:50.0123 2808 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:41:50.0123 2808 ql40xx - ok
18:41:50.0154 2808 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:41:50.0154 2808 QWAVE - ok
18:41:50.0170 2808 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:41:50.0170 2808 QWAVEdrv - ok
18:41:50.0170 2808 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:41:50.0185 2808 RasAcd - ok
18:41:50.0201 2808 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:41:50.0201 2808 RasAgileVpn - ok
18:41:50.0216 2808 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:41:50.0216 2808 RasAuto - ok
18:41:50.0232 2808 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:41:50.0232 2808 Rasl2tp - ok
18:41:50.0263 2808 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:41:50.0263 2808 RasMan - ok
18:41:50.0279 2808 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:41:50.0294 2808 RasPppoe - ok
18:41:50.0294 2808 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:41:50.0310 2808 RasSstp - ok
18:41:50.0310 2808 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:41:50.0326 2808 rdbss - ok
18:41:50.0341 2808 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
18:41:50.0341 2808 rdpbus - ok
18:41:50.0357 2808 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:41:50.0357 2808 RDPCDD - ok
18:41:50.0372 2808 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:41:50.0372 2808 RDPENCDD - ok
18:41:50.0388 2808 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:41:50.0388 2808 RDPREFMP - ok
18:41:50.0404 2808 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:41:50.0419 2808 RDPWD - ok
18:41:50.0435 2808 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:41:50.0435 2808 rdyboost - ok
18:41:50.0450 2808 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:41:50.0450 2808 RemoteAccess - ok
18:41:50.0466 2808 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:41:50.0466 2808 RemoteRegistry - ok
18:41:50.0482 2808 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:41:50.0482 2808 RpcEptMapper - ok
18:41:50.0497 2808 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:41:50.0497 2808 RpcLocator - ok
18:41:50.0513 2808 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:41:50.0513 2808 RpcSs - ok
18:41:50.0544 2808 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:41:50.0544 2808 rspndr - ok
18:41:50.0544 2808 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:41:50.0544 2808 SamSs - ok
18:41:50.0560 2808 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:41:50.0560 2808 sbp2port - ok
18:41:50.0575 2808 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:41:50.0575 2808 SCardSvr - ok
18:41:50.0622 2808 [ 8475E746EB72D04F1015E6F091F50E09 ] SCBackService C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
18:41:50.0622 2808 SCBackService - ok
18:41:50.0653 2808 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:41:50.0653 2808 scfilter - ok
18:41:50.0669 2808 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:41:50.0684 2808 Schedule - ok
18:41:50.0716 2808 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:41:50.0716 2808 SCPolicySvc - ok
18:41:50.0778 2808 [ 490B0B68BB938D5C628EC4A67277BE75 ] ScreamBAudioSvc C:\Windows\system32\drivers\ScreamingBAudio64.sys
18:41:50.0778 2808 ScreamBAudioSvc - ok
18:41:50.0809 2808 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:41:50.0809 2808 SDRSVC - ok
18:41:50.0825 2808 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:41:50.0825 2808 secdrv - ok
18:41:50.0840 2808 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:41:50.0840 2808 seclogon - ok
18:41:50.0856 2808 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:41:50.0856 2808 SENS - ok
18:41:50.0872 2808 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:41:50.0872 2808 SensrSvc - ok
18:41:50.0887 2808 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:41:50.0887 2808 Serenum - ok
18:41:50.0903 2808 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:41:50.0903 2808 Serial - ok
18:41:50.0934 2808 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:41:50.0934 2808 sermouse - ok
18:41:50.0996 2808 [ 019AB047B932AD277A4DA2673E5CC19C ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
18:41:50.0996 2808 ServiceLayer - ok
18:41:51.0028 2808 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:41:51.0028 2808 SessionEnv - ok
18:41:51.0043 2808 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:41:51.0043 2808 sffdisk - ok
18:41:51.0059 2808 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:41:51.0059 2808 sffp_mmc - ok
18:41:51.0074 2808 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:41:51.0074 2808 sffp_sd - ok
18:41:51.0090 2808 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:41:51.0090 2808 sfloppy - ok
18:41:51.0106 2808 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:41:51.0121 2808 SharedAccess - ok
18:41:51.0137 2808 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:41:51.0137 2808 ShellHWDetection - ok
18:41:51.0152 2808 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
18:41:51.0152 2808 SiSRaid2 - ok
18:41:51.0184 2808 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:41:51.0184 2808 SiSRaid4 - ok
18:41:51.0230 2808 [ 579BA0A911FF5EA70CB604CD3B744B0A ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:41:51.0230 2808 SkypeUpdate - ok
18:41:51.0262 2808 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:41:51.0262 2808 Smb - ok
18:41:51.0277 2808 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:41:51.0277 2808 SNMPTRAP - ok
18:41:51.0293 2808 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:41:51.0293 2808 spldr - ok
18:41:51.0324 2808 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:41:51.0340 2808 Spooler - ok
18:41:51.0402 2808 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:41:51.0480 2808 sppsvc - ok
18:41:51.0496 2808 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:41:51.0496 2808 sppuinotify - ok
18:41:51.0527 2808 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:41:51.0527 2808 srv - ok
18:41:51.0542 2808 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:41:51.0542 2808 srv2 - ok
18:41:51.0558 2808 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:41:51.0558 2808 srvnet - ok
18:41:51.0589 2808 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:41:51.0589 2808 SSDPSRV - ok
18:41:51.0589 2808 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:41:51.0589 2808 SstpSvc - ok
18:41:51.0605 2808 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
18:41:51.0605 2808 stexstor - ok
18:41:51.0636 2808 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:41:51.0652 2808 stisvc - ok
18:41:51.0667 2808 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:41:51.0667 2808 swenum - ok
18:41:51.0683 2808 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:41:51.0698 2808 swprv - ok
18:41:51.0730 2808 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:41:51.0761 2808 SysMain - ok
18:41:51.0776 2808 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:41:51.0776 2808 TabletInputService - ok
18:41:51.0792 2808 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:41:51.0808 2808 TapiSrv - ok
18:41:51.0823 2808 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:41:51.0823 2808 TBS - ok
18:41:51.0886 2808 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:41:51.0932 2808 Tcpip - ok
18:41:51.0964 2808 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:41:51.0979 2808 TCPIP6 - ok
18:41:51.0995 2808 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:41:51.0995 2808 tcpipreg - ok
18:41:51.0995 2808 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:41:51.0995 2808 TDPIPE - ok
18:41:52.0026 2808 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:41:52.0026 2808 TDTCP - ok
18:41:52.0042 2808 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:41:52.0042 2808 tdx - ok
18:41:52.0057 2808 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:41:52.0057 2808 TermDD - ok
18:41:52.0088 2808 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:41:52.0088 2808 TermService - ok
18:41:52.0120 2808 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:41:52.0120 2808 Themes - ok
18:41:52.0120 2808 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:41:52.0120 2808 THREADORDER - ok
18:41:52.0135 2808 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:41:52.0135 2808 TrkWks - ok
18:41:52.0182 2808 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:41:52.0182 2808 TrustedInstaller - ok
18:41:52.0198 2808 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:41:52.0213 2808 tssecsrv - ok
18:41:52.0213 2808 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:41:52.0213 2808 TsUsbFlt - ok
18:41:52.0229 2808 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
18:41:52.0229 2808 TsUsbGD - ok
18:41:52.0244 2808 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:41:52.0244 2808 tunnel - ok
18:41:52.0260 2808 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:41:52.0276 2808 uagp35 - ok
18:41:52.0291 2808 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:41:52.0291 2808 udfs - ok
18:41:52.0322 2808 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:41:52.0322 2808 UI0Detect - ok
18:41:52.0354 2808 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:41:52.0354 2808 uliagpkx - ok
18:41:52.0369 2808 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:41:52.0369 2808 umbus - ok
18:41:52.0400 2808 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
18:41:52.0400 2808 UmPass - ok
18:41:52.0510 2808 [ EB79C6C91A99930015EF29AE7FA802D1 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:41:52.0525 2808 UNS - ok
18:41:52.0556 2808 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:41:52.0556 2808 upnphost - ok
18:41:52.0588 2808 [ 4E93C8496359E97830C75AC36393654D ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
18:41:52.0588 2808 upperdev - ok
18:41:52.0603 2808 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:41:52.0603 2808 usbccgp - ok
18:41:52.0619 2808 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:41:52.0619 2808 usbcir - ok
18:41:52.0650 2808 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:41:52.0650 2808 usbehci - ok
18:41:52.0666 2808 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:41:52.0666 2808 usbhub - ok
18:41:52.0681 2808 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:41:52.0681 2808 usbohci - ok
18:41:52.0697 2808 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
18:41:52.0697 2808 usbprint - ok
18:41:52.0728 2808 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys
18:41:52.0728 2808 usbser - ok
18:41:52.0744 2808 [ 8844CB19A37B65E27049D4A7786726A9 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
18:41:52.0744 2808 UsbserFilt - ok
18:41:52.0759 2808 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:41:52.0759 2808 USBSTOR - ok
18:41:52.0790 2808 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:41:52.0790 2808 usbuhci - ok
18:41:52.0806 2808 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:41:52.0806 2808 UxSms - ok
18:41:52.0822 2808 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:41:52.0822 2808 VaultSvc - ok
18:41:52.0837 2808 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:41:52.0837 2808 vdrvroot - ok
18:41:52.0868 2808 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:41:52.0868 2808 vds - ok
18:41:52.0884 2808 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:41:52.0884 2808 vga - ok
18:41:52.0900 2808 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:41:52.0900 2808 VgaSave - ok
18:41:52.0915 2808 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:41:52.0915 2808 vhdmp - ok
18:41:52.0946 2808 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:41:52.0946 2808 viaide - ok
18:41:52.0962 2808 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

phanst33l · Příspěvekod **phanst33l** » 06 zář 2012 18:51

18:41:52.0962 2808 volmgr - ok
18:41:52.0978 2808 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:41:52.0993 2808 volmgrx - ok
18:41:52.0993 2808 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:41:53.0009 2808 volsnap - ok
18:41:53.0024 2808 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:41:53.0024 2808 vsmraid - ok
18:41:53.0056 2808 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:41:53.0087 2808 VSS - ok
18:41:53.0118 2808 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:41:53.0134 2808 vwifibus - ok
18:41:53.0165 2808 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:41:53.0165 2808 W32Time - ok
18:41:53.0180 2808 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:41:53.0180 2808 WacomPen - ok
18:41:53.0196 2808 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:41:53.0196 2808 WANARP - ok
18:41:53.0196 2808 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:41:53.0196 2808 Wanarpv6 - ok
18:41:53.0243 2808 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:41:53.0258 2808 WatAdminSvc - ok
18:41:53.0305 2808 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:41:53.0352 2808 wbengine - ok
18:41:53.0368 2808 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:41:53.0383 2808 WbioSrvc - ok
18:41:53.0399 2808 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:41:53.0399 2808 wcncsvc - ok
18:41:53.0414 2808 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:41:53.0414 2808 WcsPlugInService - ok
18:41:53.0430 2808 [ E47E66538692B1CFD6CC8021546FCC83 ] WCUService_STC_FF C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
18:41:53.0446 2808 WCUService_STC_FF - ok
18:41:53.0477 2808 [ 147C60622CB53E901EFD8BB6D44A4C46 ] WCUService_STC_IE C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
18:41:53.0477 2808 WCUService_STC_IE - ok
18:41:53.0492 2808 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
18:41:53.0492 2808 Wd - ok
18:41:53.0508 2808 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:41:53.0508 2808 Wdf01000 - ok
18:41:53.0524 2808 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:41:53.0524 2808 WdiServiceHost - ok
18:41:53.0539 2808 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:41:53.0539 2808 WdiSystemHost - ok
18:41:53.0555 2808 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:41:53.0555 2808 WebClient - ok
18:41:53.0570 2808 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:41:53.0570 2808 Wecsvc - ok
18:41:53.0586 2808 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:41:53.0586 2808 wercplsupport - ok
18:41:53.0602 2808 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:41:53.0602 2808 WerSvc - ok
18:41:53.0602 2808 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:41:53.0602 2808 WfpLwf - ok
18:41:53.0617 2808 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:41:53.0617 2808 WIMMount - ok
18:41:53.0633 2808 WinDefend - ok
18:41:53.0633 2808 WinHttpAutoProxySvc - ok
18:41:53.0680 2808 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:41:53.0680 2808 Winmgmt - ok
18:41:53.0742 2808 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:41:53.0789 2808 WinRM - ok
18:41:53.0851 2808 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:41:53.0851 2808 WinUsb - ok
18:41:53.0882 2808 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:41:53.0898 2808 Wlansvc - ok
18:41:54.0023 2808 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:41:54.0070 2808 wlidsvc - ok
18:41:54.0085 2808 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:41:54.0085 2808 WmiAcpi - ok
18:41:54.0101 2808 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:41:54.0101 2808 wmiApSrv - ok
18:41:54.0116 2808 WMPNetworkSvc - ok
18:41:54.0132 2808 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:41:54.0132 2808 WPCSvc - ok
18:41:54.0132 2808 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:41:54.0132 2808 WPDBusEnum - ok
18:41:54.0148 2808 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:41:54.0148 2808 ws2ifsl - ok
18:41:54.0163 2808 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
18:41:54.0179 2808 wscsvc - ok
18:41:54.0179 2808 WSearch - ok
18:41:54.0241 2808 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:41:54.0304 2808 wuauserv - ok
18:41:54.0319 2808 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:41:54.0319 2808 WudfPf - ok
18:41:54.0335 2808 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:41:54.0335 2808 WUDFRd - ok
18:41:54.0350 2808 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:41:54.0350 2808 wudfsvc - ok
18:41:54.0382 2808 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:41:54.0382 2808 WwanSvc - ok
18:41:54.0382 2808 ================ Scan global ===============================
18:41:54.0397 2808 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:41:54.0428 2808 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:41:54.0428 2808 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:41:54.0460 2808 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:41:54.0491 2808 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:41:54.0491 2808 [Global] - ok
18:41:54.0491 2808 ================ Scan MBR ==================================
18:41:54.0506 2808 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:41:54.0709 2808 \Device\Harddisk0\DR0 - ok
18:41:54.0709 2808 ================ Scan VBR ==================================
18:41:54.0709 2808 [ F8A2DA1B20F030C9DC921543434CC777 ] \Device\Harddisk0\DR0\Partition1
18:41:54.0709 2808 \Device\Harddisk0\DR0\Partition1 - ok
18:41:54.0725 2808 [ 26912D988C7FE04679D94BB54B086886 ] \Device\Harddisk0\DR0\Partition2
18:41:54.0725 2808 \Device\Harddisk0\DR0\Partition2 - ok
18:41:54.0756 2808 [ 87C37C191B5DCE277DBB7709ECC53562 ] \Device\Harddisk0\DR0\Partition3
18:41:54.0756 2808 \Device\Harddisk0\DR0\Partition3 - ok
18:41:54.0756 2808 ============================================================
18:41:54.0756 2808 Scan finished
18:41:54.0756 2808 ============================================================
18:41:54.0772 2728 Detected object count: 0
18:41:54.0772 2728 Actual detected object count: 0
18:42:18.0842 3908 Deinitialize success

phanst33l · Příspěvekod **phanst33l** » 06 zář 2012 19:34

ComboFix 12-09-06.02 - Intel . 09. 2012 19:00:49.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4013.2693 [GMT 2:00]
Running from: d:\downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Files Created from 2012-08-06 to 2012-09-06 )))))))))))))))))))))))))))))))
.
.
2012-09-05 21:39 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ECB1ACD2-EEB5-4651-8BD7-392C907C3046}\mpengine.dll
2012-09-05 21:16 . 2012-09-05 21:16 -------- d-----w- c:\users\Intel\AppData\Roaming\Malwarebytes
2012-09-05 21:16 . 2012-09-05 21:16 -------- d-----w- c:\programdata\Malwarebytes
2012-09-05 21:16 . 2012-09-05 21:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-05 21:16 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-04 18:29 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-02 10:50 . 2012-09-02 10:50 -------- d-----w- c:\programdata\Intel
2012-09-02 10:50 . 2012-03-21 21:39 121344 ----a-w- c:\windows\system32\IntelOpenCL64.dll
2012-09-02 10:50 . 2012-03-21 21:39 20992 ----a-w- c:\windows\system32\OpenCL.dll
2012-09-02 10:50 . 2012-03-21 21:33 86528 ----a-w- c:\windows\SysWow64\IntelOpenCL32.dll
2012-09-02 10:50 . 2012-03-21 21:32 17920 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-09-02 10:50 . 2012-09-02 10:50 -------- d-----w- c:\program files\Common Files\Intel
2012-09-02 10:50 . 2012-09-02 10:50 -------- d-----w- c:\program files (x86)\Common Files\Intel
2012-08-29 13:56 . 2012-08-29 13:57 -------- d-----w- c:\programdata\Battle.net
2012-08-26 14:44 . 2012-08-26 14:44 -------- d-----w- c:\programdata\Blizzard
2012-08-26 14:13 . 2012-08-26 14:13 -------- d-----w- c:\programdata\McAfee
2012-08-26 14:06 . 2012-08-27 12:10 -------- d-----w- c:\program files (x86)\1ClickDownload
2012-08-13 13:04 . 2012-08-13 13:09 -------- d-----w- C:\instal
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-26 14:13 . 2012-03-31 04:52 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-26 14:13 . 2011-09-16 18:11 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-16 15:22 . 2011-09-16 14:55 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-15 11:40 . 2011-12-25 07:04 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-15 11:40 . 2011-09-30 21:10 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-15 11:40 . 2011-09-30 21:10 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-06-09 05:43 . 2012-07-11 12:06 14172672 ----a-w- c:\windows\system32\shell32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"STCAgent"="c:\program files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [2011-01-21 776064]
"ZyngaGamesAgent"="c:\program files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Intel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-04 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-26 250568]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-05-21 276288]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-04 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-19 129976]
R3 MSICDSetup;MSICDSetup;F:\CDriver64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2009-12-01 38992]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-16 1255736]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-22 283200]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 SCBackService;Splashtop Connect Service;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
S2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2011-03-24 493384]
S2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-01-26 39808]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-01-26 64256]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-06-25 76912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 14:13]
.
2012-09-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2668830353-283010101-3236732648-1000Core.job
- c:\users\Intel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-22 10:56]
.
2012-09-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2668830353-283010101-3236732648-1000UA.job
- c:\users\Intel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-22 10:56]
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-04 22:21]
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-04 22:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-04 11772520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-21 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-21 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-21 440128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: Free YouTube Download - c:\users\Intel\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Intel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 10.10.200.2 10.10.200.6 192.168.9.1
FF - ProfilePath - c:\users\Intel\AppData\Roaming\Mozilla\Firefox\Profiles\m9f0d4vv.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RGSC - e:\hry\RSG\Rockstar Games Social Club\RGSCLauncher.exe
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-09-06 19:08:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-06 17:08
.
Pre-Run: 32 664 182 784 bytes free
Post-Run: 32 135 663 616 bytes free
.
- - End Of File - - 5886E334942121E2D2E2F7EFC1FBA771

Příspěvekod **Žbeky** » 06 zář 2012 21:10

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

Folder::
c:\programdata\McAfee
c:\program files (x86)\Google\Update

File::
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2668830353-283010101-3236732648-1000Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2668830353-283010101-3236732648-1000UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Driver::
gupdate
gupdatem

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=-

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

phanst33l · Příspěvekod **phanst33l** » 06 zář 2012 23:25

ComboFix 12-09-06.02 - Intel . 09. 2012 23:00:47.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4013.2681 [GMT 2:00]
Running from: d:\programy\Udrzba PC\ComboFix\ComboFix.exe
Command switches used :: d:\programy\Udrzba PC\ComboFix\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2668830353-283010101-3236732648-1000Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2668830353-283010101-3236732648-1000UA.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.21.123\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.21.123\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.21.123\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.21.123\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.21.123\goopdate.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.21.123\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.21.123\psmachine.dll
c:\program files (x86)\Google\Update\1.3.21.123\psuser.dll
c:\program files (x86)\Google\Update\Download\{2BF2CA35-CCAF-4E58-BAB7-4163BFA03B88}\0.0.0.0\GoogleEarth-Win-Plugin-6.2.2.6613.exe
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.123\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\programdata\McAfee
c:\programdata\McAfee\MCLOGS\Common\McUicnt\McUicnt000.log
c:\programdata\McAfee\MCLOGS\McUICnt\McUicnt\McUicnt000.log
c:\programdata\McAfee\MCLOGS\PartnerCustom\McCHSvc\McCHSvc000.log
c:\programdata\McAfee\MCLOGS\PartnerCustom\McUicnt\McUicnt000.log
c:\programdata\McAfee\MCLOGS\PartnerCustom\SecurityScan_Release\SecurityScan_Release000.log
c:\programdata\McAfee\MCLOGS\PartnerCustom\SSScheduler\SSScheduler000.log
c:\programdata\McAfee\MCLOGS\SecurityScanner\McUicnt\McUicnt000.log
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2668830353-283010101-3236732648-1000Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2668830353-283010101-3236732648-1000UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Files Created from 2012-08-06 to 2012-09-06 )))))))))))))))))))))))))))))))
.
.
2012-09-06 21:04 . 2012-09-06 21:04 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-06 21:04 . 2012-09-06 21:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-06 17:27 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD16EBC3-FBAE-4A06-A8F7-BB68055865CB}\mpengine.dll
2012-09-05 21:16 . 2012-09-05 21:16 -------- d-----w- c:\users\Intel\AppData\Roaming\Malwarebytes
2012-09-05 21:16 . 2012-09-05 21:16 -------- d-----w- c:\programdata\Malwarebytes
2012-09-05 21:16 . 2012-09-05 21:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-05 21:16 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-04 18:29 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-02 10:50 . 2012-09-02 10:50 -------- d-----w- c:\programdata\Intel
2012-09-02 10:50 . 2012-03-21 21:39 121344 ----a-w- c:\windows\system32\IntelOpenCL64.dll
2012-09-02 10:50 . 2012-03-21 21:39 20992 ----a-w- c:\windows\system32\OpenCL.dll
2012-09-02 10:50 . 2012-03-21 21:33 86528 ----a-w- c:\windows\SysWow64\IntelOpenCL32.dll
2012-09-02 10:50 . 2012-03-21 21:32 17920 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-09-02 10:50 . 2012-09-02 10:50 -------- d-----w- c:\program files\Common Files\Intel
2012-09-02 10:50 . 2012-09-02 10:50 -------- d-----w- c:\program files (x86)\Common Files\Intel
2012-08-29 13:56 . 2012-08-29 13:57 -------- d-----w- c:\programdata\Battle.net
2012-08-26 14:44 . 2012-08-26 14:44 -------- d-----w- c:\programdata\Blizzard
2012-08-26 14:06 . 2012-08-27 12:10 -------- d-----w- c:\program files (x86)\1ClickDownload
2012-08-13 13:04 . 2012-08-13 13:09 -------- d-----w- C:\instal
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-26 14:13 . 2012-03-31 04:52 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-26 14:13 . 2011-09-16 18:11 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-16 15:22 . 2011-09-16 14:55 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-15 11:40 . 2011-12-25 07:04 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-15 11:40 . 2011-09-30 21:10 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-15 11:40 . 2011-09-30 21:10 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-06-09 05:43 . 2012-07-11 12:06 14172672 ----a-w- c:\windows\system32\shell32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-06_17.05.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-09-06 17:06 43342 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-06 21:07 37928 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-16 09:17 . 2012-09-06 17:28 15618 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2668830353-283010101-3236732648-1000_UserData.bin
- 2011-09-16 14:18 . 2012-09-06 16:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-16 14:18 . 2012-09-06 17:27 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-16 14:18 . 2012-09-06 17:27 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-09-16 14:18 . 2012-09-06 16:43 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-16 14:18 . 2012-09-06 17:27 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-09-16 14:18 . 2012-09-06 16:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-09-16 09:13 . 2012-09-06 16:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-16 09:13 . 2012-09-06 20:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-16 09:13 . 2012-09-06 20:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-09-16 09:13 . 2012-09-06 16:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-09-06 17:04 . 2012-09-06 17:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-09-06 21:05 . 2012-09-06 21:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-09-06 17:04 274644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-09-06 21:04 274644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-09-23 20:18 . 2012-09-06 21:04 48849492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2668830353-283010101-3236732648-1000-8192.dat
- 2011-09-23 20:18 . 2012-09-06 17:04 48849492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2668830353-283010101-3236732648-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"STCAgent"="c:\program files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [2011-01-21 776064]
"ZyngaGamesAgent"="c:\program files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Intel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-26 250568]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-05-21 276288]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-19 129976]
R3 MSICDSetup;MSICDSetup;F:\CDriver64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2009-12-01 38992]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-16 1255736]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-22 283200]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 SCBackService;Splashtop Connect Service;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
S2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2011-03-24 493384]
S2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-01-26 39808]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-01-26 64256]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-06-25 76912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 14:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-04 11772520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-21 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-21 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-21 440128]
"combofix"="c:\combofix\CF8889.3XE" [2010-11-21 345088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: Free YouTube Download - c:\users\Intel\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Intel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 10.10.200.2 10.10.200.6 192.168.9.1
FF - ProfilePath - c:\users\Intel\AppData\Roaming\Mozilla\Firefox\Profiles\m9f0d4vv.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2668830353-283010101-3236732648-1000\Software\SecuROM\License information*]
"datasecu"=hex:2f,8b,ef,f3,1f,b6,ab,ee,f7,67,a4,6c,aa,ce,20,1c,3f,f7,82,d6,a7,
09,5d,12,7d,4d,6c,6b,b2,1b,58,41,2f,30,7d,89,b9,11,5e,1d,60,4f,1b,27,b9,ac,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-09-06 23:08:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-06 21:08
ComboFix2.txt 2012-09-06 17:08
.
Pre-Run: 32 207 499 264 bytes free
Post-Run: 31 740 284 928 bytes free
.
- - End Of File - - CF55394B8FF993661006577EF4656D10

--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2668830353-283010101-3236732648-1000\Software\SecuROM\License information*]
"datasecu"=hex:2f,8b,ef,f3,1f,b6,ab,ee,f7,67,a4,6c,aa,ce,20,1c,3f,f7,82,d6,a7,
09,5d,12,7d,4d,6c,6b,b2,1b,58,41,2f,30,7d,89,b9,11,5e,1d,60,4f,1b,27,b9,ac,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.

Ospravedlnujem sa, ale nastal mensi nedostatok pri kopirovani, tento udaj bol povodne aj v prvom logu ComboFixu - mys mi niekedy pri jednom kliknuti klikne akoby dvakrat, alebo aj trikrat (chyba mysi z hardwarovej stranky)

Příspěvekod **jaro3** » 06 zář 2012 23:35

Pre-Run: 32 207 499 264 bytes free
Post-Run: 31 740 284 928 bytes free
jak máš velký HDD?

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
File::
c:\program files (x86)\Skype\Updater\Updater.exe
c:\combofix\CF8889.3XE

Folder::
c:\program files (x86)\Skype\Updater

Driver::
SkypeUpdate

Rergistry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"=-

Firefox::
FF - ProfilePath - c:\users\Intel\AppData\Roaming\Mozilla\Firefox\Profiles\m9f0d4vv.default\
FF - prefs.js: browser.search.selectedEngine -

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Jsou nějaké problémy?

phanst33l · Příspěvekod **phanst33l** » 06 zář 2012 23:58

ComboFix 12-09-06.02 - Intel . 09. 2012 23:46:48.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4013.2560 [GMT 2:00]
Running from: d:\programy\Udrzba PC\ComboFix\ComboFix.exe
Command switches used :: d:\programy\Udrzba PC\ComboFix\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\combofix\CF8889.3XE"
"c:\program files (x86)\Skype\Updater\Updater.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Skype\Updater\Updater.dll
c:\program files (x86)\Skype\Updater\Updater.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Files Created from 2012-08-06 to 2012-09-06 )))))))))))))))))))))))))))))))
.
.
2012-09-06 21:49 . 2012-09-06 21:49 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-06 21:49 . 2012-09-06 21:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-06 21:14 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E850862B-E13A-4E4E-A493-A63D8C56FC98}\mpengine.dll
2012-09-05 21:16 . 2012-09-05 21:16 -------- d-----w- c:\users\Intel\AppData\Roaming\Malwarebytes
2012-09-05 21:16 . 2012-09-05 21:16 -------- d-----w- c:\programdata\Malwarebytes
2012-09-05 21:16 . 2012-09-05 21:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-05 21:16 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-04 18:29 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-02 10:50 . 2012-09-02 10:50 -------- d-----w- c:\programdata\Intel
2012-09-02 10:50 . 2012-03-21 21:39 121344 ----a-w- c:\windows\system32\IntelOpenCL64.dll
2012-09-02 10:50 . 2012-03-21 21:39 20992 ----a-w- c:\windows\system32\OpenCL.dll
2012-09-02 10:50 . 2012-03-21 21:33 86528 ----a-w- c:\windows\SysWow64\IntelOpenCL32.dll
2012-09-02 10:50 . 2012-03-21 21:32 17920 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-09-02 10:50 . 2012-09-02 10:50 -------- d-----w- c:\program files\Common Files\Intel
2012-09-02 10:50 . 2012-09-02 10:50 -------- d-----w- c:\program files (x86)\Common Files\Intel
2012-08-29 13:56 . 2012-08-29 13:57 -------- d-----w- c:\programdata\Battle.net
2012-08-26 14:44 . 2012-08-26 14:44 -------- d-----w- c:\programdata\Blizzard
2012-08-26 14:06 . 2012-08-27 12:10 -------- d-----w- c:\program files (x86)\1ClickDownload
2012-08-13 13:04 . 2012-08-13 13:09 -------- d-----w- C:\instal
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-26 14:13 . 2012-03-31 04:52 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-26 14:13 . 2011-09-16 18:11 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-16 15:22 . 2011-09-16 14:55 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-15 11:40 . 2011-12-25 07:04 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-15 11:40 . 2011-09-30 21:10 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-15 11:40 . 2011-09-30 21:10 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-06-09 05:43 . 2012-07-11 12:06 14172672 ----a-w- c:\windows\system32\shell32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-06_17.05.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-09-06 21:15 43460 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-06 21:52 38008 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-16 09:17 . 2012-09-06 21:52 15650 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2668830353-283010101-3236732648-1000_UserData.bin
- 2011-09-16 14:18 . 2012-09-06 16:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-16 14:18 . 2012-09-06 21:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-16 14:18 . 2012-09-06 21:14 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-09-16 14:18 . 2012-09-06 16:43 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-16 14:18 . 2012-09-06 21:14 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-09-16 14:18 . 2012-09-06 16:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-09-16 09:13 . 2012-09-06 16:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-16 09:13 . 2012-09-06 21:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-16 09:13 . 2012-09-06 21:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-09-16 09:13 . 2012-09-06 16:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-09-06 17:04 . 2012-09-06 17:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-09-06 21:50 . 2012-09-06 21:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-09-06 17:04 274644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-09-06 21:50 274644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-09-23 20:18 . 2012-09-06 21:50 48849492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2668830353-283010101-3236732648-1000-8192.dat
- 2011-09-23 20:18 . 2012-09-06 17:04 48849492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2668830353-283010101-3236732648-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"STCAgent"="c:\program files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [2011-01-21 776064]
"ZyngaGamesAgent"="c:\program files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Intel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-26 250568]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-05-21 276288]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-19 129976]
R3 MSICDSetup;MSICDSetup;F:\CDriver64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2009-12-01 38992]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-16 1255736]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-22 283200]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 SCBackService;Splashtop Connect Service;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
S2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2011-03-24 493384]
S2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-01-26 39808]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-01-26 64256]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-06-25 76912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 14:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-04 11772520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-21 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-21 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-21 440128]
"combofix"="c:\combofix\CF17951.3XE" [2010-11-21 345088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: Free YouTube Download - c:\users\Intel\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Intel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 10.10.200.2 10.10.200.6 192.168.9.1
FF - ProfilePath - c:\users\Intel\AppData\Roaming\Mozilla\Firefox\Profiles\m9f0d4vv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2668830353-283010101-3236732648-1000\Software\SecuROM\License information*]
"datasecu"=hex:2f,8b,ef,f3,1f,b6,ab,ee,f7,67,a4,6c,aa,ce,20,1c,3f,f7,82,d6,a7,
09,5d,12,7d,4d,6c,6b,b2,1b,58,41,2f,30,7d,89,b9,11,5e,1d,60,4f,1b,27,b9,ac,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-09-06 23:53:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-06 21:53
ComboFix2.txt 2012-09-06 21:08
ComboFix3.txt 2012-09-06 17:08
.
Pre-Run: 31 993 692 160 bytes free
Post-Run: 31 908 945 920 bytes free
.
- - End Of File - - 5C39B46556B7D7F3B3904859AECBF4F1

Prosím o kontrolu logu Vyřešeno

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Kdo je online