Nelze se připojit přes wifi

Akt. články a návody

Jak zachránit data z harddisku? [PR článek]

od **asphyxia** » 23 Črc 2012 17:02

Prosím o kontrolu logu:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:01:06, on 23.7.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Users\Aduš\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_P.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
O2 - BHO: BS Player - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_P.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_P.dll
O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_Plugin.exe -update plugin
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: DisplayLinkManager (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8576 bytes

Díky moc!

od **memphisto** » 23 Črc 2012 18:18

Odinstaluj:
uTorrent Toolbar
BS Player Toolbar
Deamon Tools Toolbar

v logu fixni:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_P.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
O2 - BHO: BS Player - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_P.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\prxtbBS_P.dll
O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab

táhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranìní historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit doèasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po probìhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

od **asphyxia** » 23 Črc 2012 21:07

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.62.0.1300
www.malwarebytes.org

Verze databáze: v2012.07.23.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Aduš :: ADUŠ-PC [administrátor]

Ochrana: Povolena

23.7.2012 21:00:43
mbam-log-2012-07-23 (21-00-43).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 191485
Uplynulý čas: 2 minut, 4 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

Díky moc, jsi opravdu mág! :) Jinak já už mám nainstalovaný CCCleaner, asi to bude podobné jako ten ATP, ale radši jsem ho nainstalovala.

od **Žbeky** » 23 Črc 2012 22:34

Už to funguje?

od **asphyxia** » 24 Črc 2012 14:35

Včera to fungovalo bez problémů, dneska taky, až do teď, kdy to zničehonic vypadlo a připojit se nejde. Navíc nevidím ani domácí síť, a to je modem zapnutý a na jiném notebooku jde. Vždy na chvíli zmizí a pak se stejně nepochopitelně znovu objeví. Někdy třeba pětkrát restartuju PC, aby se mi síť zobrazila, a já se tak mohla připojit.
Mám ještě něco provést? Díky.. :)

od **jaro3** » 24 Črc 2012 20:39

Stáhni si TDSSKiller

Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

od **asphyxia** » 25 Črc 2012 03:16

Název toho killeru je (jen pro info) TDSSKiller.2.7.48.0_25.07.2012_01.38.27_log2012. Vytvořil se mi ve 2 souborech:

01:38:27.0258 1472 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
01:38:27.0383 1472 ============================================================
01:38:27.0383 1472 Current date / time: 2012/07/25 01:38:27.0383
01:38:27.0383 1472 SystemInfo:
01:38:27.0383 1472
01:38:27.0383 1472 OS Version: 6.1.7601 ServicePack: 1.0
01:38:27.0383 1472 Product type: Workstation
01:38:27.0383 1472 ComputerName: ADUŠ-PC
01:38:27.0383 1472 UserName: Aduš
01:38:27.0383 1472 Windows directory: C:\Windows
01:38:27.0383 1472 System windows directory: C:\Windows
01:38:27.0383 1472 Running under WOW64
01:38:27.0383 1472 Processor architecture: Intel x64
01:38:27.0383 1472 Number of processors: 2
01:38:27.0383 1472 Page size: 0x1000
01:38:27.0383 1472 Boot type: Normal boot
01:38:27.0383 1472 ============================================================
01:38:28.0646 1472 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:38:28.0662 1472 ============================================================
01:38:28.0662 1472 \Device\Harddisk0\DR0:
01:38:28.0662 1472 MBR partitions:
01:38:28.0662 1472 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
01:38:28.0662 1472 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31E000
01:38:28.0662 1472 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x3E506800
01:38:28.0662 1472 ============================================================
01:38:28.0693 1472 C: <-> \Device\Harddisk0\DR0\Partition1
01:38:28.0724 1472 F: <-> \Device\Harddisk0\DR0\Partition2
01:38:28.0724 1472 ============================================================
01:38:28.0724 1472 Initialize success
01:38:28.0724 1472 ============================================================
01:39:08.0005 3316 Deinitialize success

od **asphyxia** » 25 Črc 2012 03:18

01:41:27.0390 3124 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
01:41:27.0515 3124 ============================================================
01:41:27.0515 3124 Current date / time: 2012/07/25 01:41:27.0515
01:41:27.0515 3124 SystemInfo:
01:41:27.0515 3124
01:41:27.0515 3124 OS Version: 6.1.7601 ServicePack: 1.0
01:41:27.0515 3124 Product type: Workstation
01:41:27.0515 3124 ComputerName: ADUŠ-PC
01:41:27.0515 3124 UserName: Aduš
01:41:27.0515 3124 Windows directory: C:\Windows
01:41:27.0515 3124 System windows directory: C:\Windows
01:41:27.0515 3124 Running under WOW64
01:41:27.0515 3124 Processor architecture: Intel x64
01:41:27.0515 3124 Number of processors: 2
01:41:27.0515 3124 Page size: 0x1000
01:41:27.0515 3124 Boot type: Normal boot
01:41:27.0515 3124 ============================================================
01:41:28.0763 3124 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:41:28.0763 3124 ============================================================
01:41:28.0763 3124 \Device\Harddisk0\DR0:
01:41:28.0763 3124 MBR partitions:
01:41:28.0763 3124 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
01:41:28.0763 3124 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31E000
01:41:28.0763 3124 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x3E506800
01:41:28.0763 3124 ============================================================
01:41:28.0794 3124 C: <-> \Device\Harddisk0\DR0\Partition1
01:41:28.0887 3124 F: <-> \Device\Harddisk0\DR0\Partition2
01:41:28.0887 3124 ============================================================
01:41:28.0887 3124 Initialize success
01:41:28.0887 3124 ============================================================
01:41:33.0365 1520 ============================================================
01:41:33.0365 1520 Scan started
01:41:33.0365 1520 Mode: Manual;
01:41:33.0365 1520 ============================================================
01:41:34.0628 1520 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
01:41:34.0628 1520 1394ohci - ok
01:41:34.0675 1520 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
01:41:34.0675 1520 Accelerometer - ok
01:41:34.0753 1520 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
01:41:34.0753 1520 ACPI - ok
01:41:34.0784 1520 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
01:41:34.0784 1520 AcpiPmi - ok
01:41:34.0909 1520 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
01:41:34.0925 1520 AdobeARMservice - ok
01:41:35.0003 1520 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
01:41:35.0018 1520 adp94xx - ok
01:41:35.0081 1520 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
01:41:35.0096 1520 adpahci - ok
01:41:35.0143 1520 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
01:41:35.0143 1520 adpu320 - ok
01:41:35.0174 1520 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
01:41:35.0190 1520 AeLookupSvc - ok
01:41:35.0283 1520 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
01:41:35.0283 1520 AFD - ok
01:41:35.0330 1520 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
01:41:35.0330 1520 agp440 - ok
01:41:35.0393 1520 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
01:41:35.0393 1520 ALG - ok
01:41:35.0439 1520 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
01:41:35.0439 1520 aliide - ok
01:41:35.0486 1520 AMD External Events Utility (833d43cfbac21365d36cf797377457d9) C:\Windows\system32\atiesrxx.exe
01:41:35.0486 1520 AMD External Events Utility - ok
01:41:35.0533 1520 amdhub30 (30bfeee0dffd5bd79d29157cf080deed) C:\Windows\system32\DRIVERS\amdhub30.sys
01:41:35.0533 1520 amdhub30 - ok
01:41:35.0549 1520 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
01:41:35.0564 1520 amdide - ok
01:41:35.0595 1520 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
01:41:35.0595 1520 AmdK8 - ok
01:41:36.0344 1520 amdkmdag (fad670b417adccd9c99bc3aa3d754958) C:\Windows\system32\DRIVERS\atikmdag.sys
01:41:36.0609 1520 amdkmdag - ok
01:41:36.0812 1520 amdkmdap (f0b63dead17f760dbc85ccd7bf978c05) C:\Windows\system32\DRIVERS\atikmpag.sys
01:41:36.0828 1520 amdkmdap - ok
01:41:36.0859 1520 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
01:41:36.0859 1520 AmdPPM - ok
01:41:36.0921 1520 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
01:41:36.0984 1520 amdsata - ok
01:41:37.0046 1520 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
01:41:37.0046 1520 amdsbs - ok
01:41:37.0093 1520 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
01:41:37.0093 1520 amdxata - ok
01:41:37.0155 1520 amdxhc (321533578132c811ec834a1b741c994c) C:\Windows\system32\DRIVERS\amdxhc.sys
01:41:37.0155 1520 amdxhc - ok
01:41:37.0218 1520 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
01:41:37.0218 1520 AppID - ok
01:41:37.0249 1520 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
01:41:37.0265 1520 AppIDSvc - ok
01:41:37.0358 1520 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
01:41:37.0358 1520 Appinfo - ok
01:41:37.0467 1520 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
01:41:37.0483 1520 AppMgmt - ok
01:41:37.0561 1520 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
01:41:37.0561 1520 arc - ok
01:41:37.0592 1520 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
01:41:37.0608 1520 arcsas - ok
01:41:37.0639 1520 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
01:41:37.0639 1520 AsyncMac - ok
01:41:37.0670 1520 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
01:41:37.0670 1520 atapi - ok
01:41:38.0013 1520 athr (b4421d8cdadc441f76ba39532a3e3414) C:\Windows\system32\DRIVERS\athrx.sys
01:41:38.0123 1520 athr - ok
01:41:38.0294 1520 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
01:41:38.0294 1520 AtiHDAudioService - ok
01:41:38.0372 1520 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
01:41:38.0388 1520 AudioEndpointBuilder - ok
01:41:38.0403 1520 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
01:41:38.0419 1520 AudioSrv - ok
01:41:38.0466 1520 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
01:41:38.0466 1520 AxInstSV - ok
01:41:38.0544 1520 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
01:41:38.0559 1520 b06bdrv - ok
01:41:38.0637 1520 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
01:41:38.0637 1520 b57nd60a - ok
01:41:38.0684 1520 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
01:41:38.0684 1520 BDESVC - ok
01:41:38.0715 1520 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
01:41:38.0715 1520 Beep - ok
01:41:38.0809 1520 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
01:41:38.0825 1520 BFE - ok
01:41:38.0918 1520 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
01:41:38.0934 1520 BITS - ok
01:41:39.0012 1520 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
01:41:39.0012 1520 blbdrive - ok
01:41:39.0059 1520 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
01:41:39.0059 1520 bowser - ok
01:41:39.0105 1520 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
01:41:39.0105 1520 BrFiltLo - ok
01:41:39.0121 1520 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
01:41:39.0121 1520 BrFiltUp - ok
01:41:39.0152 1520 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
01:41:39.0168 1520 Browser - ok
01:41:39.0215 1520 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
01:41:39.0230 1520 Brserid - ok
01:41:39.0246 1520 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
01:41:39.0246 1520 BrSerWdm - ok
01:41:39.0261 1520 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
01:41:39.0261 1520 BrUsbMdm - ok
01:41:39.0277 1520 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
01:41:39.0277 1520 BrUsbSer - ok
01:41:39.0324 1520 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
01:41:39.0339 1520 BthEnum - ok
01:41:39.0371 1520 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
01:41:39.0371 1520 BTHMODEM - ok
01:41:39.0417 1520 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
01:41:39.0464 1520 BthPan - ok
01:41:39.0745 1520 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
01:41:39.0792 1520 BTHPORT - ok
01:41:39.0823 1520 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
01:41:39.0823 1520 bthserv - ok
01:41:39.0839 1520 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
01:41:39.0839 1520 BTHUSB - ok
01:41:39.0870 1520 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
01:41:39.0885 1520 cdfs - ok
01:41:39.0917 1520 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
01:41:39.0932 1520 cdrom - ok
01:41:39.0979 1520 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
01:41:39.0979 1520 CertPropSvc - ok
01:41:40.0010 1520 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
01:41:40.0026 1520 circlass - ok
01:41:40.0104 1520 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
01:41:40.0104 1520 CLFS - ok
01:41:40.0182 1520 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:41:40.0182 1520 clr_optimization_v2.0.50727_32 - ok
01:41:40.0260 1520 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:41:40.0260 1520 clr_optimization_v2.0.50727_64 - ok
01:41:40.0338 1520 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:41:40.0338 1520 clr_optimization_v4.0.30319_32 - ok
01:41:40.0400 1520 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:41:40.0400 1520 clr_optimization_v4.0.30319_64 - ok
01:41:40.0447 1520 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
01:41:40.0447 1520 CmBatt - ok
01:41:40.0463 1520 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
01:41:40.0463 1520 cmdide - ok
01:41:40.0541 1520 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
01:41:40.0556 1520 CNG - ok
01:41:40.0587 1520 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
01:41:40.0587 1520 Compbatt - ok
01:41:40.0619 1520 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
01:41:40.0619 1520 CompositeBus - ok
01:41:40.0634 1520 COMSysApp - ok
01:41:40.0650 1520 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
01:41:40.0665 1520 crcdisk - ok
01:41:40.0712 1520 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
01:41:40.0728 1520 CryptSvc - ok
01:41:40.0790 1520 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
01:41:40.0806 1520 CSC - ok
01:41:40.0899 1520 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
01:41:40.0915 1520 CscService - ok
01:41:40.0977 1520 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
01:41:40.0993 1520 DcomLaunch - ok
01:41:41.0040 1520 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
01:41:41.0055 1520 defragsvc - ok
01:41:41.0118 1520 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
01:41:41.0133 1520 DfsC - ok
01:41:41.0196 1520 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
01:41:41.0211 1520 Dhcp - ok
01:41:41.0243 1520 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
01:41:41.0243 1520 discache - ok
01:41:41.0289 1520 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
01:41:41.0289 1520 Disk - ok
01:41:42.0007 1520 DisplayLinkService (acd40e435b006c2c966b3b51d9d6d2f3) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
01:41:42.0069 1520 DisplayLinkService - ok
01:41:42.0241 1520 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
01:41:42.0241 1520 dmvsc - ok
01:41:42.0272 1520 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
01:41:42.0288 1520 Dnscache - ok
01:41:42.0335 1520 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
01:41:42.0350 1520 dot3svc - ok
01:41:42.0366 1520 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
01:41:42.0366 1520 DPS - ok
01:41:42.0413 1520 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
01:41:42.0413 1520 drmkaud - ok
01:41:42.0537 1520 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
01:41:42.0553 1520 DXGKrnl - ok
01:41:42.0600 1520 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys
01:41:42.0615 1520 eamonm - ok
01:41:42.0662 1520 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
01:41:42.0662 1520 EapHost - ok
01:41:42.0959 1520 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
01:41:43.0068 1520 ebdrv - ok
01:41:43.0193 1520 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
01:41:43.0193 1520 EFS - ok
01:41:43.0271 1520 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys
01:41:43.0286 1520 ehdrv - ok
01:41:43.0380 1520 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
01:41:43.0395 1520 ehRecvr - ok
01:41:43.0427 1520 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
01:41:43.0427 1520 ehSched - ok
01:41:43.0645 1520 ekrn (3b944199f8edd76be94460c0361409ab) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
01:41:43.0661 1520 ekrn - ok
01:41:43.0817 1520 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
01:41:43.0832 1520 elxstor - ok
01:41:43.0879 1520 epfwwfpr (2380976cf8a4a56611f35633acd2a74f) C:\Windows\system32\DRIVERS\epfwwfpr.sys
01:41:43.0879 1520 epfwwfpr - ok
01:41:43.0910 1520 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
01:41:43.0926 1520 ErrDev - ok
01:41:44.0004 1520 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
01:41:44.0019 1520 EventSystem - ok
01:41:44.0082 1520 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
01:41:44.0082 1520 exfat - ok
01:41:44.0113 1520 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
01:41:44.0129 1520 fastfat - ok
01:41:44.0207 1520 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
01:41:44.0238 1520 Fax - ok
01:41:44.0253 1520 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
01:41:44.0269 1520 fdc - ok
01:41:44.0285 1520 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
01:41:44.0285 1520 fdPHost - ok
01:41:44.0300 1520 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
01:41:44.0316 1520 FDResPub - ok
01:41:44.0347 1520 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
01:41:44.0347 1520 FileInfo - ok
01:41:44.0378 1520 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
01:41:44.0378 1520 Filetrace - ok
01:41:44.0409 1520 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
01:41:44.0409 1520 flpydisk - ok
01:41:44.0456 1520 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
01:41:44.0472 1520 FltMgr - ok
01:41:44.0581 1520 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
01:41:44.0612 1520 FontCache - ok
01:41:44.0690 1520 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:41:44.0690 1520 FontCache3.0.0.0 - ok
01:41:44.0877 1520 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
01:41:44.0909 1520 FsDepends - ok
01:41:44.0940 1520 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
01:41:44.0940 1520 Fs_Rec - ok
01:41:44.0987 1520 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
01:41:44.0987 1520 fvevol - ok
01:41:45.0033 1520 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
01:41:45.0033 1520 gagp30kx - ok
01:41:45.0111 1520 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
01:41:45.0127 1520 gpsvc - ok
01:41:45.0158 1520 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
01:41:45.0174 1520 hcw85cir - ok
01:41:45.0221 1520 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
01:41:45.0236 1520 HdAudAddService - ok
01:41:45.0267 1520 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
01:41:45.0283 1520 HDAudBus - ok
01:41:45.0299 1520 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
01:41:45.0299 1520 HidBatt - ok
01:41:45.0314 1520 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
01:41:45.0330 1520 HidBth - ok
01:41:45.0423 1520 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
01:41:45.0439 1520 HidIr - ok
01:41:45.0470 1520 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
01:41:45.0486 1520 hidserv - ok
01:41:45.0533 1520 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
01:41:45.0533 1520 HidUsb - ok
01:41:45.0564 1520 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
01:41:45.0564 1520 hkmsvc - ok
01:41:45.0611 1520 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
01:41:45.0611 1520 HomeGroupListener - ok
01:41:45.0657 1520 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
01:41:45.0673 1520 HomeGroupProvider - ok
01:41:45.0704 1520 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
01:41:45.0704 1520 hpdskflt - ok
01:41:45.0735 1520 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
01:41:45.0751 1520 HpSAMD - ok
01:41:45.0767 1520 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
01:41:45.0767 1520 hpsrv - ok
01:41:45.0845 1520 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
01:41:45.0860 1520 HTTP - ok
01:41:45.0891 1520 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
01:41:45.0891 1520 hwpolicy - ok
01:41:45.0923 1520 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
01:41:45.0923 1520 i8042prt - ok
01:41:46.0001 1520 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
01:41:46.0016 1520 iaStorV - ok
01:41:46.0188 1520 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:41:46.0203 1520 idsvc - ok
01:41:46.0250 1520 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
01:41:46.0250 1520 iirsp - ok
01:41:46.0344 1520 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
01:41:46.0359 1520 IKEEXT - ok
01:41:46.0391 1520 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
01:41:46.0391 1520 intelide - ok
01:41:46.0422 1520 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
01:41:46.0437 1520 intelppm - ok
01:41:46.0469 1520 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
01:41:46.0469 1520 IPBusEnum - ok
01:41:46.0500 1520 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:41:46.0500 1520 IpFilterDriver - ok
01:41:46.0578 1520 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
01:41:46.0593 1520 iphlpsvc - ok
01:41:46.0625 1520 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
01:41:46.0625 1520 IPMIDRV - ok
01:41:46.0640 1520 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
01:41:46.0656 1520 IPNAT - ok
01:41:46.0687 1520 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
01:41:46.0687 1520 IRENUM - ok
01:41:46.0718 1520 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
01:41:46.0718 1520 isapnp - ok
01:41:46.0749 1520 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
01:41:46.0765 1520 iScsiPrt - ok
01:41:46.0812 1520 JMCR (665554f9f795446181c70349afa1b0a4) C:\Windows\system32\DRIVERS\jmcr.sys
01:41:46.0812 1520 JMCR - ok
01:41:46.0859 1520 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
01:41:46.0859 1520 kbdclass - ok
01:41:46.0905 1520 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
01:41:46.0905 1520 kbdhid - ok
01:41:46.0937 1520 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:41:46.0937 1520 KeyIso - ok
01:41:46.0968 1520 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
01:41:46.0983 1520 KSecDD - ok
01:41:47.0030 1520 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
01:41:47.0030 1520 KSecPkg - ok
01:41:47.0061 1520 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
01:41:47.0077 1520 ksthunk - ok
01:41:47.0124 1520 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
01:41:47.0139 1520 KtmRm - ok
01:41:47.0217 1520 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
01:41:47.0217 1520 LanmanServer - ok
01:41:47.0249 1520 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
01:41:47.0264 1520 LanmanWorkstation - ok
01:41:47.0327 1520 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
01:41:47.0327 1520 lltdio - ok
01:41:47.0389 1520 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
01:41:47.0389 1520 lltdsvc - ok
01:41:47.0420 1520 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
01:41:47.0436 1520 lmhosts - ok
01:41:47.0514 1520 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
01:41:47.0529 1520 LSI_FC - ok
01:41:47.0545 1520 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
01:41:47.0561 1520 LSI_SAS - ok
01:41:47.0576 1520 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
01:41:47.0592 1520 LSI_SAS2 - ok
01:41:47.0623 1520 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
01:41:47.0623 1520 LSI_SCSI - ok
01:41:47.0654 1520 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
01:41:47.0670 1520 luafv - ok
01:41:47.0717 1520 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
01:41:47.0732 1520 MBAMProtector - ok
01:41:47.0888 1520 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
01:41:47.0888 1520 MBAMService - ok
01:41:47.0982 1520 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
01:41:47.0982 1520 McComponentHostService - ok
01:41:48.0029 1520 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
01:41:48.0029 1520 Mcx2Svc - ok
01:41:48.0060 1520 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
01:41:48.0060 1520 megasas - ok
01:41:48.0107 1520 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
01:41:48.0122 1520 MegaSR - ok
01:41:48.0185 1520 Microsoft SharePoint Workspace Audit Service - ok
01:41:48.0231 1520 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
01:41:48.0247 1520 MMCSS - ok
01:41:48.0278 1520 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
01:41:48.0278 1520 Modem - ok
01:41:48.0309 1520 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
01:41:48.0309 1520 monitor - ok
01:41:48.0356 1520 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
01:41:48.0356 1520 mouclass - ok
01:41:48.0387 1520 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
01:41:48.0387 1520 mouhid - ok
01:41:48.0434 1520 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
01:41:48.0434 1520 mountmgr - ok
01:41:48.0528 1520 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:41:48.0543 1520 MozillaMaintenance - ok
01:41:48.0590 1520 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
01:41:48.0590 1520 mpio - ok
01:41:48.0621 1520 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
01:41:48.0621 1520 mpsdrv - ok
01:41:48.0731 1520 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
01:41:48.0746 1520 MpsSvc - ok
01:41:48.0777 1520 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
01:41:48.0777 1520 MRxDAV - ok
01:41:48.0824 1520 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:41:48.0824 1520 mrxsmb - ok
01:41:48.0871 1520 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:41:48.0871 1520 mrxsmb10 - ok
01:41:48.0902 1520 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:41:48.0902 1520 mrxsmb20 - ok
01:41:48.0949 1520 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
01:41:48.0949 1520 msahci - ok
01:41:48.0980 1520 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
01:41:48.0980 1520 msdsm - ok
01:41:49.0027 1520 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
01:41:49.0027 1520 MSDTC - ok
01:41:49.0074 1520 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
01:41:49.0074 1520 Msfs - ok
01:41:49.0089 1520 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
01:41:49.0089 1520 mshidkmdf - ok
01:41:49.0121 1520 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
01:41:49.0121 1520 msisadrv - ok
01:41:49.0167 1520 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
01:41:49.0167 1520 MSiSCSI - ok
01:41:49.0183 1520 msiserver - ok
01:41:49.0230 1520 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
01:41:49.0230 1520 MSKSSRV - ok
01:41:49.0245 1520 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
01:41:49.0245 1520 MSPCLOCK - ok
01:41:49.0261 1520 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
01:41:49.0261 1520 MSPQM - ok
01:41:49.0308 1520 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
01:41:49.0323 1520 MsRPC - ok
01:41:49.0339 1520 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
01:41:49.0339 1520 mssmbios - ok
01:41:49.0370 1520 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
01:41:49.0370 1520 MSTEE - ok
01:41:49.0386 1520 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
01:41:49.0386 1520 MTConfig - ok
01:41:49.0417 1520 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
01:41:49.0417 1520 Mup - ok
01:41:49.0495 1520 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
01:41:49.0511 1520 napagent - ok
01:41:49.0589 1520 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
01:41:49.0589 1520 NativeWifiP - ok
01:41:49.0698 1520 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
01:41:49.0713 1520 NDIS - ok
01:41:49.0745 1520 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
01:41:49.0745 1520 NdisCap - ok
01:41:49.0791 1520 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
01:41:49.0791 1520 NdisTapi - ok
01:41:49.0823 1520 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
01:41:49.0838 1520 Ndisuio - ok
01:41:49.0854 1520 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
01:41:49.0869 1520 NdisWan - ok
01:41:49.0885 1520 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
01:41:49.0885 1520 NDProxy - ok
01:41:49.0947 1520 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
01:41:49.0947 1520 NetBIOS - ok
01:41:49.0994 1520 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
01:41:50.0010 1520 NetBT - ok
01:41:50.0025 1520 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:41:50.0025 1520 Netlogon - ok
01:41:50.0088 1520 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
01:41:50.0103 1520 Netman - ok
01:41:50.0150 1520 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
01:41:50.0166 1520 netprofm - ok
01:41:50.0244 1520 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:41:50.0259 1520 NetTcpPortSharing - ok
01:41:50.0291 1520 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
01:41:50.0291 1520 nfrd960 - ok
01:41:50.0369 1520 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
01:41:50.0369 1520 NlaSvc - ok
01:41:50.0400 1520 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
01:41:50.0400 1520 Npfs - ok
01:41:50.0415 1520 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
01:41:50.0415 1520 nsi - ok
01:41:50.0447 1520 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
01:41:50.0447 1520 nsiproxy - ok
01:41:50.0618 1520 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
01:41:50.0665 1520 Ntfs - ok
01:41:50.0805 1520 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
01:41:50.0805 1520 Null - ok
01:41:50.0868 1520 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
01:41:50.0868 1520 nvraid - ok
01:41:50.0899 1520 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
01:41:50.0899 1520 nvstor - ok
01:41:50.0946 1520 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
01:41:50.0961 1520 nv_agp - ok
01:41:50.0977 1520 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
01:41:50.0977 1520 ohci1394 - ok
01:41:51.0039 1520 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:41:51.0055 1520 ose64 - ok
01:41:51.0523 1520 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:41:51.0570 1520 osppsvc - ok
01:41:51.0710 1520 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
01:41:51.0726 1520 p2pimsvc - ok
01:41:51.0804 1520 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
01:41:51.0804 1520 p2psvc - ok
01:41:51.0866 1520 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
01:41:51.0882 1520 Parport - ok
01:41:51.0913 1520 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
01:41:51.0913 1520 partmgr - ok
01:41:51.0960 1520 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
01:41:51.0960 1520 PcaSvc - ok
01:41:52.0007 1520 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
01:41:52.0022 1520 pci - ok
01:41:52.0038 1520 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
01:41:52.0038 1520 pciide - ok
01:41:52.0085 1520 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
01:41:52.0085 1520 pcmcia - ok
01:41:52.0131 1520 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
01:41:52.0131 1520 pcw - ok
01:41:52.0209 1520 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
01:41:52.0225 1520 PEAUTH - ok
01:41:52.0350 1520 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
01:41:52.0381 1520 PeerDistSvc - ok
01:41:52.0475 1520 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
01:41:52.0490 1520 PerfHost - ok
01:41:52.0693 1520 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
01:41:52.0724 1520 pla - ok
01:41:52.0802 1520 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
01:41:52.0818 1520 PlugPlay - ok
01:41:52.0849 1520 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
01:41:52.0849 1520 PNRPAutoReg - ok
01:41:52.0911 1520 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
01:41:52.0911 1520 PNRPsvc - ok
01:41:52.0989 1520 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
01:41:53.0005 1520 PolicyAgent - ok
01:41:53.0052 1520 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
01:41:53.0052 1520 Power - ok
01:41:53.0130 1520 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
01:41:53.0130 1520 PptpMiniport - ok
01:41:53.0161 1520 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
01:41:53.0161 1520 Processor - ok
01:41:53.0223 1520 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
01:41:53.0223 1520 ProfSvc - ok
01:41:53.0255 1520 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:41:53.0255 1520 ProtectedStorage - ok
01:41:53.0301 1520 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
01:41:53.0301 1520 Psched - ok
01:41:53.0520 1520 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
01:41:53.0582 1520 ql2300 - ok
01:41:53.0754 1520 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
01:41:53.0754 1520 ql40xx - ok
01:41:53.0801 1520 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
01:41:53.0816 1520 QWAVE - ok
01:41:53.0832 1520 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
01:41:53.0847 1520 QWAVEdrv - ok
01:41:53.0863 1520 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
01:41:53.0863 1520 RasAcd - ok
01:41:53.0894 1520 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
01:41:53.0894 1520 RasAgileVpn - ok
01:41:53.0925 1520 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
01:41:53.0941 1520 RasAuto - ok
01:41:53.0972 1520 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:41:53.0972 1520 Rasl2tp - ok
01:41:54.0035 1520 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
01:41:54.0050 1520 RasMan - ok
01:41:54.0081 1520 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
01:41:54.0081 1520 RasPppoe - ok
01:41:54.0113 1520 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
01:41:54.0113 1520 RasSstp - ok
01:41:54.0159 1520 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
01:41:54.0175 1520 rdbss - ok
01:41:54.0191 1520 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
01:41:54.0191 1520 rdpbus - ok
01:41:54.0222 1520 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:41:54.0222 1520 RDPCDD - ok
01:41:54.0269 1520 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
01:41:54.0284 1520 RDPDR - ok
01:41:54.0315 1520 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
01:41:54.0315 1520 RDPENCDD - ok
01:41:54.0347 1520 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
01:41:54.0347 1520 RDPREFMP - ok
01:41:54.0393 1520 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
01:41:54.0393 1520 RDPWD - ok
01:41:54.0440 1520 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
01:41:54.0456 1520 rdyboost - ok
01:41:54.0487 1520 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
01:41:54.0487 1520 RemoteAccess - ok
01:41:54.0518 1520 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
01:41:54.0534 1520 RemoteRegistry - ok
01:41:54.0581 1520 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
01:41:54.0581 1520 RFCOMM - ok
01:41:54.0627 1520 RMCAST (caf88d6573d21cd2aa27001ddbfdc74d) C:\Windows\system32\DRIVERS\RMCAST.sys
01:41:54.0627 1520 RMCAST - ok
01:41:54.0674 1520 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
01:41:54.0690 1520 RpcEptMapper - ok
01:41:54.0721 1520 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
01:41:54.0721 1520 RpcLocator - ok
01:41:54.0783 1520 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
01:41:54.0799 1520 RpcSs - ok
01:41:54.0830 1520 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
01:41:54.0830 1520 rspndr - ok
01:41:54.0924 1520 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
01:41:54.0924 1520 RTL8167 - ok

od **asphyxia** » 25 Črc 2012 03:19

01:41:54.0955 1520 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
01:41:54.0955 1520 s3cap - ok
01:41:55.0002 1520 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:41:55.0002 1520 SamSs - ok
01:41:55.0017 1520 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
01:41:55.0033 1520 sbp2port - ok
01:41:55.0080 1520 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
01:41:55.0080 1520 SCardSvr - ok
01:41:55.0111 1520 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
01:41:55.0111 1520 scfilter - ok
01:41:55.0220 1520 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
01:41:55.0251 1520 Schedule - ok
01:41:55.0283 1520 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
01:41:55.0283 1520 SCPolicySvc - ok
01:41:55.0345 1520 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
01:41:55.0345 1520 sdbus - ok
01:41:55.0392 1520 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
01:41:55.0407 1520 SDRSVC - ok
01:41:55.0423 1520 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
01:41:55.0423 1520 seclogon - ok
01:41:55.0470 1520 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
01:41:55.0485 1520 SENS - ok
01:41:55.0517 1520 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
01:41:55.0532 1520 SensrSvc - ok
01:41:55.0563 1520 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
01:41:55.0563 1520 Serenum - ok
01:41:55.0595 1520 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
01:41:55.0610 1520 Serial - ok
01:41:55.0641 1520 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
01:41:55.0657 1520 sermouse - ok
01:41:55.0704 1520 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
01:41:55.0719 1520 SessionEnv - ok
01:41:55.0751 1520 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
01:41:55.0751 1520 sffdisk - ok
01:41:55.0766 1520 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
01:41:55.0766 1520 sffp_mmc - ok
01:41:55.0782 1520 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
01:41:55.0782 1520 sffp_sd - ok
01:41:55.0797 1520 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
01:41:55.0797 1520 sfloppy - ok
01:41:55.0860 1520 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
01:41:55.0860 1520 SharedAccess - ok
01:41:55.0922 1520 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
01:41:55.0922 1520 ShellHWDetection - ok
01:41:55.0969 1520 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
01:41:55.0969 1520 SiSRaid2 - ok
01:41:55.0985 1520 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
01:41:55.0985 1520 SiSRaid4 - ok
01:41:56.0031 1520 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
01:41:56.0047 1520 Smb - ok
01:41:56.0078 1520 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
01:41:56.0078 1520 SNMPTRAP - ok
01:41:56.0109 1520 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
01:41:56.0109 1520 spldr - ok
01:41:56.0172 1520 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
01:41:56.0187 1520 Spooler - ok
01:41:56.0499 1520 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
01:41:56.0609 1520 sppsvc - ok
01:41:56.0733 1520 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
01:41:56.0733 1520 sppuinotify - ok
01:41:56.0874 1520 sptd (88e5162e58c8919cc873f5d8946197cf) C:\Windows\system32\Drivers\sptd.sys
01:41:56.0874 1520 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 88e5162e58c8919cc873f5d8946197cf
01:41:56.0889 1520 sptd ( LockedFile.Multi.Generic ) - warning
01:41:56.0889 1520 sptd - detected LockedFile.Multi.Generic (1)
01:41:56.0952 1520 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
01:41:56.0967 1520 srv - ok
01:41:57.0030 1520 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
01:41:57.0045 1520 srv2 - ok
01:41:57.0092 1520 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
01:41:57.0092 1520 srvnet - ok
01:41:57.0139 1520 sscdbus (ed161b91fdf7eaa39469d72d463d5f4e) C:\Windows\system32\DRIVERS\sscdbus.sys
01:41:57.0155 1520 sscdbus - ok
01:41:57.0201 1520 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
01:41:57.0217 1520 SSDPSRV - ok
01:41:57.0233 1520 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
01:41:57.0248 1520 SstpSvc - ok
01:41:57.0279 1520 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
01:41:57.0279 1520 stexstor - ok
01:41:57.0357 1520 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
01:41:57.0373 1520 stisvc - ok
01:41:57.0404 1520 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
01:41:57.0404 1520 storflt - ok
01:41:57.0451 1520 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
01:41:57.0451 1520 StorSvc - ok
01:41:57.0482 1520 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
01:41:57.0482 1520 storvsc - ok
01:41:57.0513 1520 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
01:41:57.0513 1520 swenum - ok
01:41:57.0591 1520 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
01:41:57.0607 1520 swprv - ok
01:41:57.0747 1520 SynTP (1bfdd504f8c2e76b74e86ccf11283368) C:\Windows\system32\DRIVERS\SynTP.sys
01:41:57.0810 1520 SynTP - ok
01:41:58.0059 1520 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
01:41:58.0091 1520 SysMain - ok
01:41:58.0215 1520 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
01:41:58.0231 1520 TabletInputService - ok
01:41:58.0262 1520 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
01:41:58.0278 1520 TapiSrv - ok
01:41:58.0325 1520 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
01:41:58.0325 1520 TBS - ok
01:41:58.0543 1520 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
01:41:58.0590 1520 Tcpip - ok
01:41:58.0902 1520 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
01:41:58.0917 1520 TCPIP6 - ok
01:41:59.0073 1520 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
01:41:59.0073 1520 tcpipreg - ok
01:41:59.0089 1520 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
01:41:59.0105 1520 TDPIPE - ok
01:41:59.0136 1520 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
01:41:59.0136 1520 TDTCP - ok
01:41:59.0183 1520 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
01:41:59.0198 1520 tdx - ok
01:41:59.0214 1520 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
01:41:59.0229 1520 TermDD - ok
01:41:59.0307 1520 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
01:41:59.0323 1520 TermService - ok
01:41:59.0354 1520 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
01:41:59.0354 1520 Themes - ok
01:41:59.0385 1520 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
01:41:59.0401 1520 THREADORDER - ok
01:41:59.0448 1520 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
01:41:59.0463 1520 TrkWks - ok
01:41:59.0526 1520 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
01:41:59.0526 1520 TrustedInstaller - ok
01:41:59.0557 1520 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:41:59.0557 1520 tssecsrv - ok
01:41:59.0604 1520 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
01:41:59.0604 1520 TsUsbFlt - ok
01:41:59.0635 1520 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
01:41:59.0635 1520 TsUsbGD - ok
01:41:59.0697 1520 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
01:41:59.0697 1520 tunnel - ok
01:41:59.0729 1520 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
01:41:59.0744 1520 uagp35 - ok
01:41:59.0775 1520 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
01:41:59.0791 1520 udfs - ok
01:41:59.0838 1520 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
01:41:59.0853 1520 UI0Detect - ok
01:41:59.0885 1520 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
01:41:59.0885 1520 uliagpkx - ok
01:41:59.0916 1520 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
01:41:59.0931 1520 umbus - ok
01:41:59.0947 1520 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
01:41:59.0963 1520 UmPass - ok
01:41:59.0994 1520 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
01:42:00.0009 1520 UmRdpService - ok
01:42:00.0072 1520 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
01:42:00.0087 1520 upnphost - ok
01:42:00.0119 1520 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
01:42:00.0119 1520 usbccgp - ok
01:42:00.0181 1520 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
01:42:00.0181 1520 usbcir - ok
01:42:00.0212 1520 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
01:42:00.0228 1520 usbehci - ok
01:42:00.0290 1520 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
01:42:00.0290 1520 usbhub - ok
01:42:00.0321 1520 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
01:42:00.0321 1520 usbohci - ok
01:42:00.0368 1520 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
01:42:00.0384 1520 usbprint - ok
01:42:00.0415 1520 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
01:42:00.0415 1520 usbscan - ok
01:42:00.0462 1520 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:42:00.0462 1520 USBSTOR - ok
01:42:00.0477 1520 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
01:42:00.0477 1520 usbuhci - ok
01:42:00.0540 1520 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
01:42:00.0540 1520 usbvideo - ok
01:42:00.0571 1520 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
01:42:00.0571 1520 UxSms - ok
01:42:00.0618 1520 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
01:42:00.0618 1520 VaultSvc - ok
01:42:00.0649 1520 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
01:42:00.0665 1520 vdrvroot - ok
01:42:00.0743 1520 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
01:42:00.0758 1520 vds - ok
01:42:00.0805 1520 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
01:42:00.0805 1520 vga - ok
01:42:00.0821 1520 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
01:42:00.0821 1520 VgaSave - ok
01:42:00.0852 1520 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
01:42:00.0852 1520 vhdmp - ok
01:42:00.0867 1520 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
01:42:00.0867 1520 viaide - ok
01:42:00.0914 1520 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
01:42:00.0930 1520 vmbus - ok
01:42:00.0945 1520 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
01:42:00.0945 1520 VMBusHID - ok
01:42:00.0977 1520 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
01:42:00.0992 1520 volmgr - ok
01:42:01.0039 1520 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
01:42:01.0039 1520 volmgrx - ok
01:42:01.0086 1520 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
01:42:01.0086 1520 volsnap - ok
01:42:01.0133 1520 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
01:42:01.0133 1520 vsmraid - ok
01:42:01.0304 1520 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
01:42:01.0351 1520 VSS - ok
01:42:01.0507 1520 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
01:42:01.0507 1520 vwifibus - ok
01:42:01.0585 1520 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
01:42:01.0601 1520 vwififlt - ok
01:42:01.0679 1520 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
01:42:01.0679 1520 W32Time - ok
01:42:01.0725 1520 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
01:42:01.0725 1520 WacomPen - ok
01:42:01.0772 1520 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:42:01.0772 1520 WANARP - ok
01:42:01.0772 1520 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
01:42:01.0788 1520 Wanarpv6 - ok
01:42:01.0928 1520 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
01:42:01.0959 1520 WatAdminSvc - ok
01:42:02.0100 1520 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
01:42:02.0147 1520 wbengine - ok
01:42:02.0271 1520 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
01:42:02.0287 1520 WbioSrvc - ok
01:42:02.0334 1520 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
01:42:02.0349 1520 wcncsvc - ok
01:42:02.0381 1520 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
01:42:02.0381 1520 WcsPlugInService - ok
01:42:02.0443 1520 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
01:42:02.0459 1520 Wd - ok
01:42:02.0521 1520 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
01:42:02.0552 1520 Wdf01000 - ok
01:42:02.0583 1520 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
01:42:02.0599 1520 WdiServiceHost - ok
01:42:02.0599 1520 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
01:42:02.0615 1520 WdiSystemHost - ok
01:42:02.0661 1520 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
01:42:02.0677 1520 WebClient - ok
01:42:02.0708 1520 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
01:42:02.0724 1520 Wecsvc - ok
01:42:02.0755 1520 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
01:42:02.0755 1520 wercplsupport - ok
01:42:02.0786 1520 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
01:42:02.0802 1520 WerSvc - ok
01:42:02.0864 1520 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
01:42:02.0864 1520 WfpLwf - ok
01:42:02.0880 1520 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
01:42:02.0895 1520 WIMMount - ok
01:42:02.0927 1520 WinDefend - ok
01:42:02.0942 1520 WinHttpAutoProxySvc - ok
01:42:03.0020 1520 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
01:42:03.0020 1520 Winmgmt - ok
01:42:03.0223 1520 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
01:42:03.0270 1520 WinRM - ok
01:42:03.0457 1520 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
01:42:03.0457 1520 WinUsb - ok
01:42:03.0566 1520 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
01:42:03.0582 1520 Wlansvc - ok
01:42:03.0629 1520 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
01:42:03.0629 1520 WmiAcpi - ok
01:42:03.0707 1520 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
01:42:03.0707 1520 wmiApSrv - ok
01:42:03.0753 1520 WMPNetworkSvc - ok
01:42:03.0785 1520 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
01:42:03.0800 1520 WPCSvc - ok
01:42:03.0816 1520 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
01:42:03.0831 1520 WPDBusEnum - ok
01:42:03.0863 1520 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
01:42:03.0863 1520 ws2ifsl - ok
01:42:03.0894 1520 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
01:42:03.0909 1520 wscsvc - ok
01:42:03.0925 1520 WSearch - ok
01:42:04.0159 1520 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
01:42:04.0221 1520 wuauserv - ok
01:42:04.0377 1520 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
01:42:04.0377 1520 WudfPf - ok
01:42:04.0440 1520 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:42:04.0440 1520 WUDFRd - ok
01:42:04.0487 1520 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
01:42:04.0487 1520 wudfsvc - ok
01:42:04.0533 1520 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
01:42:04.0549 1520 WwanSvc - ok
01:42:04.0596 1520 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
01:42:04.0892 1520 \Device\Harddisk0\DR0 - ok
01:42:04.0908 1520 Boot (0x1200) (c8a7c900270b4dcd5a7881b2d2e8e667) \Device\Harddisk0\DR0\Partition0
01:42:04.0908 1520 \Device\Harddisk0\DR0\Partition0 - ok
01:42:04.0923 1520 Boot (0x1200) (14adf2b9c32251e4d456aa9b173db0fe) \Device\Harddisk0\DR0\Partition1
01:42:04.0923 1520 \Device\Harddisk0\DR0\Partition1 - ok
01:42:04.0955 1520 Boot (0x1200) (c91a33b2a015b206b0af14ab18d89b18) \Device\Harddisk0\DR0\Partition2
01:42:04.0955 1520 \Device\Harddisk0\DR0\Partition2 - ok
01:42:04.0955 1520 ============================================================
01:42:04.0955 1520 Scan finished
01:42:04.0955 1520 ============================================================
01:42:04.0970 3680 Detected object count: 1
01:42:04.0970 3680 Actual detected object count: 1
01:42:35.0858 3680 sptd ( LockedFile.Multi.Generic ) - skipped by user
01:42:35.0858 3680 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
01:42:40.0772 2840 Deinitialize success

od **asphyxia** » 25 Črc 2012 03:21

Tady je to ComboFix:

ComboFix 12-07-25.04 - Aduš 25.07.2012 1:59.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3552.2167 [GMT 2:00]
Spuštěný z: c:\users\AduÜ\Downloads\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Aduš\hijackthis.exe
c:\windows\PFRO.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
Nakažená kopie c:\windows\SysWow64\user32.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-25 do 2012-07-25 )))))))))))))))))))))))))))))))
.
.
2012-07-25 00:05 . 2012-07-25 00:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-24 23:37 . 2012-07-24 23:39 -------- d-----w- C:\tdsskiller
2012-07-24 10:02 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E0F6BEE5-A36A-42CD-96DD-E2C85C2546E3}\mpengine.dll
2012-07-23 18:58 . 2012-07-23 18:58 -------- d-----w- c:\users\Aduš\AppData\Roaming\Malwarebytes
2012-07-23 18:58 . 2012-07-23 18:58 -------- d-----w- c:\programdata\Malwarebytes
2012-07-23 18:58 . 2012-07-23 18:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-23 18:58 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-23 18:57 . 2012-07-23 18:57 -------- d-----w- C:\Malwarebytes Anti - Malware
2012-07-23 18:54 . 2012-07-23 18:54 -------- d-----w- C:\ATF -Cleaner
2012-07-23 18:51 . 2012-07-23 18:51 -------- d-----w- c:\users\Aduš\backups
2012-07-23 12:37 . 2012-07-23 12:37 -------- d-----w- c:\users\Aduš\AppData\Local\MetaGeek,_LLC
2012-07-23 12:33 . 2012-07-23 12:33 -------- d-----w- c:\program files (x86)\MetaGeek
2012-07-23 12:31 . 2012-07-23 12:31 1802240 ----a-w- c:\users\Aduš\inSSIDer-Installer-2.1.5.1393.msi
2012-07-17 00:10 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 11:09 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-07-09 16:25 . 2012-07-09 16:25 -------- d-----w- c:\users\Aduš\AppData\Roaming\YourFileDownloader
2012-07-02 18:03 . 2012-07-02 18:03 -------- d-----w- c:\program files (x86)\epson
2012-07-02 18:03 . 2006-12-27 22:00 245248 ----a-w- c:\windows\system32\esxuin7e.dll
2012-07-02 18:03 . 2006-12-27 22:00 208896 ----a-w- c:\windows\SysWow64\esint7e.dll
2012-07-02 18:03 . 2006-03-09 22:00 4608 ----a-w- c:\windows\system32\esxwiaml.dll
2012-07-02 18:03 . 2006-12-27 22:00 100352 ----a-w- c:\windows\system32\esxwia7e.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-23 12:31 . 2012-07-23 12:31 1802240 ----a-w- c:\users\Aduš\inSSIDer-Installer-2.1.5.1393.msi
2012-07-23 12:31 . 2012-07-23 12:31 1802240 ----a-w- c:\users\Aduš\inSSIDer-Installer-2.1.5.1393.msi
2012-07-17 00:07 . 2011-10-15 11:07 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-20 07:42 . 2012-06-20 07:42 3678720 ----a-w- c:\windows\system32\drivers\athrx.sys
2012-06-14 13:47 . 2012-04-04 09:43 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-14 13:47 . 2011-10-15 18:56 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-22 20:39 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 20:39 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 20:39 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 20:39 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 20:39 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 20:39 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 20:39 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 20:38 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-22 20:38 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:45 . 2012-07-16 06:43 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:40 . 2012-07-16 06:43 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-05-31 10:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-18 21:55 . 2012-05-18 21:55 16498 ----a-w- C:\cc_20120518_235532.reg
2012-05-04 22:15 . 2012-04-04 10:15 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 11:06 . 2012-06-13 17:01 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 17:01 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 17:01 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 17:01 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 17:01 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 17:01 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 17:01 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 17:01 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-25 336384]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-15 1255736]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-02-15 871408]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-25 204288]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2011-08-09 8329576]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-08 974944]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 137144]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2011-03-17 87168]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-05-25 9263104]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-05-25 300544]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2011-03-17 188544]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-03-08 174680]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}]
2011-12-07 17:28 414720 ----a-w- c:\users\Aduš\AppData\Roaming\Media Finder\Extensions\IEPlugin64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-08 4030008]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Aduš\AppData\Roaming\Mozilla\Firefox\Profiles\75ca2718.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 2786678&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.id - 58065957000000000000d0df9aa7cab8
FF - user.js: extensions.BabylonToolbar_i.hardId - 58065957000000000000d0df9aa7cab8
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15423
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.171:11
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110482
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-07-25 02:11:28 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-07-25 00:11
.
Před spuštěním: Volných bajtů: 68 491 345 920
Po spuštění: Volných bajtů: 67 730 001 920
.
- - End Of File - - 79A55A20878ECC668E3933D8C5C16194

od **jaro3** » 25 Črc 2012 10:31

Odinstaluj:
McAfee Security Scan

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše: ClearJavaCache:: KillAll:: File:: c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe Folder:: c:\program files (x86)\McAfee Security Scan C:\tdsskiller Driver:: McComponentHostService Firefox:: FF - ProfilePath - c:\users\Aduš\AppData\Roaming\Mozilla\Firefox\Profiles\75ca2718.default\ FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon) FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 2786678&q= FF - prefs.js: network.proxy.type - 0 FF - user.js: extensions.BabylonToolbar_i.id - 58065957000000000000d0df9aa7cab8 FF - user.js: extensions.BabylonToolbar_i.hardId - 58065957000000000000d0df9aa7cab8 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15423 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.171:11 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110482 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.instlRef - sst RegLock:: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\SysWow64\user32.dll
c:\windows\system32\esxwiaml.dll

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

od **asphyxia** » 25 Črc 2012 15:31

ComboFix 12-07-25.04 - Aduš 25.07.2012 13:40:09.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3552.2138 [GMT 2:00]
Spuštěný z: c:\users\AduÜ\Downloads\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\AduÜ\Downloads\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-25 do 2012-07-25 )))))))))))))))))))))))))))))))
.
.
2012-07-25 12:16 . 2012-07-25 12:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-24 23:37 . 2012-07-24 23:39 -------- d-----w- C:\tdsskiller
2012-07-24 10:02 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E0F6BEE5-A36A-42CD-96DD-E2C85C2546E3}\mpengine.dll
2012-07-23 18:58 . 2012-07-23 18:58 -------- d-----w- c:\users\Aduš\AppData\Roaming\Malwarebytes
2012-07-23 18:58 . 2012-07-23 18:58 -------- d-----w- c:\programdata\Malwarebytes
2012-07-23 18:58 . 2012-07-23 18:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-23 18:58 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-23 18:57 . 2012-07-23 18:57 -------- d-----w- C:\Malwarebytes Anti - Malware
2012-07-23 18:54 . 2012-07-23 18:54 -------- d-----w- C:\ATF -Cleaner
2012-07-23 18:51 . 2012-07-23 18:51 -------- d-----w- c:\users\Aduš\backups
2012-07-23 12:37 . 2012-07-23 12:37 -------- d-----w- c:\users\Aduš\AppData\Local\MetaGeek,_LLC
2012-07-23 12:33 . 2012-07-23 12:33 -------- d-----w- c:\program files (x86)\MetaGeek
2012-07-23 12:31 . 2012-07-23 12:31 1802240 ----a-w- c:\users\Aduš\inSSIDer-Installer-2.1.5.1393.msi
2012-07-17 00:10 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 11:09 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-07-09 16:25 . 2012-07-09 16:25 -------- d-----w- c:\users\Aduš\AppData\Roaming\YourFileDownloader
2012-07-02 18:03 . 2012-07-02 18:03 -------- d-----w- c:\program files (x86)\epson
2012-07-02 18:03 . 2006-12-27 22:00 245248 ----a-w- c:\windows\system32\esxuin7e.dll
2012-07-02 18:03 . 2006-12-27 22:00 208896 ----a-w- c:\windows\SysWow64\esint7e.dll
2012-07-02 18:03 . 2006-03-09 22:00 4608 ----a-w- c:\windows\system32\esxwiaml.dll
2012-07-02 18:03 . 2006-12-27 22:00 100352 ----a-w- c:\windows\system32\esxwia7e.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-23 12:31 . 2012-07-23 12:31 1802240 ----a-w- c:\users\Aduš\inSSIDer-Installer-2.1.5.1393.msi
2012-07-23 12:31 . 2012-07-23 12:31 1802240 ----a-w- c:\users\Aduš\inSSIDer-Installer-2.1.5.1393.msi
2012-07-17 00:07 . 2011-10-15 11:07 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-20 07:42 . 2012-06-20 07:42 3678720 ----a-w- c:\windows\system32\drivers\athrx.sys
2012-06-14 13:47 . 2012-04-04 09:43 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-14 13:47 . 2011-10-15 18:56 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-22 20:39 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 20:39 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 20:39 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 20:39 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 20:39 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 20:39 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 20:39 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 20:38 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-22 20:38 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:45 . 2012-07-16 06:43 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:40 . 2012-07-16 06:43 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-05-31 10:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-18 21:55 . 2012-05-18 21:55 16498 ----a-w- C:\cc_20120518_235532.reg
2012-05-04 22:15 . 2012-04-04 10:15 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 11:06 . 2012-06-13 17:01 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 17:01 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 17:01 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 17:01 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 17:01 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-25_00.07.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-07-25 00:08 28080 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-25 01:09 46330 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-15 09:22 . 2012-07-25 01:09 10390 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2541502201-1689814716-1813449491-1000_UserData.bin
+ 2012-02-16 01:15 . 2012-07-25 01:06 7858 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-07-25 01:07 . 2012-07-25 01:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-25 00:06 . 2012-07-25 00:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-25 01:07 . 2012-07-25 01:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-25 00:06 . 2012-07-25 00:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-16 16:26 . 2012-07-25 12:15 313280 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-10-15 15:53 . 2012-07-25 11:33 394220 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-07-24 23:48 616242 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-25 01:11 616242 c:\windows\system32\perfh009.dat
- 2011-04-12 08:34 . 2012-07-24 23:48 631526 c:\windows\system32\perfh005.dat
+ 2011-04-12 08:34 . 2012-07-25 01:11 631526 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2012-07-25 01:11 106622 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-24 23:48 106622 c:\windows\system32\perfc009.dat
- 2011-04-12 08:34 . 2012-07-24 23:48 122148 c:\windows\system32\perfc005.dat
+ 2011-04-12 08:34 . 2012-07-25 01:11 122148 c:\windows\system32\perfc005.dat
+ 2009-07-14 05:01 . 2012-07-25 01:06 390844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-25 00:05 390844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-25 336384]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-15 1255736]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-02-15 871408]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-25 204288]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2011-08-09 8329576]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-08 974944]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 137144]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2011-03-17 87168]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-05-25 9263104]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-05-25 300544]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2011-03-17 188544]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-03-08 174680]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}]
2011-12-07 17:28 414720 ----a-w- c:\users\Aduš\AppData\Roaming\Media Finder\Extensions\IEPlugin64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-08 4030008]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Aduš\AppData\Roaming\Mozilla\Firefox\Profiles\75ca2718.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 2786678&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.id - 58065957000000000000d0df9aa7cab8
FF - user.js: extensions.BabylonToolbar_i.hardId - 58065957000000000000d0df9aa7cab8
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15423
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.171:11
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110482
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-07-25 14:19:32
ComboFix-quarantined-files.txt 2012-07-25 12:19
ComboFix2.txt 2012-07-25 00:11
.
Před spuštěním: Volných bajtů: 67 776 778 240
Po spuštění: Volných bajtů: 67 707 092 992
.
- - End Of File - - 3A52FC4C7728841B97A5D2D449A5C5E7

Nelze se připojit přes wifi

Nelze se připojit přes wifi

Re: Nelze se připojit přes wifi

Re: Nelze se připojit přes wifi

Re: Nelze se připojit přes wifi

Re: Nelze se připojit přes wifi

Re: Nelze se připojit přes wifi

Re: Nelze se připojit přes wifi

Re: Nelze se připojit přes wifi

Re: Nelze se připojit přes wifi

Re: Nelze se připojit přes wifi

Re: Nelze se připojit přes wifi

Re: Nelze se připojit přes wifi

Kdo je online