Upozornění z UPC/blokace google sluzeb - BOTS mwtype Torpig

Zpráva

palmexman · #1 Příspěvek od **palmexman** » 29 kvě 2012 15:52

Ahoj kluci, musím se omluvit hned na začátku sice jsem počítače studoval ale na VIRY jsem lama.
UPC mi bloklo porty údajně se jednalo se o "BOTS mwtype Torpig" (mají tam log 2 dny po sobě)

Mám doma 2 pc a router takže mají MAC adresu routeru.

Můžete mi někdo poradit co si mám nainstalovat a co sem nahrát na výpis. Nejdřív bych dal svůj PC popř. pak i log z druhého.
Díky moc

-na velmi dobrou a přátelskou radu motji přikládám níže výpis z RSIT

palmexman · #2 Příspěvek od **palmexman** » 29 kvě 2012 15:52

Logfile of random's system information tool 1.09 (written by random/random)
Run by Vlasta at 2012-05-29 16:52:16
Microsoft Windows 7 Ultimate
System drive C: has 296 GB (84%) free of 353 GB
Total RAM: 3061 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:52:18, on 29.5.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16869)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Seznam.cz\bin\postak.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Programy\Miranda IM\miranda32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Opera\opera.exe
C:\Users\Vlasta\Desktop\RSIT.exe
C:\Users\Vlasta\Desktop\RSIT.exe
C:\Program Files\trend micro\Vlasta.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=12
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\bin\listicka.dll
O3 - Toolbar: Nástroje Lištičky - {1EA00BE1-6E54-4E2A-8099-680300BF23E1} - C:\Program Files\Seznam.cz\bin\toolbar\toolbar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\bin\postak.exe" -s
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: miranda32 – zástupce.lnk = C:\Programy\Miranda IM\miranda32.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\bin\listicka.dll
O9 - Extra 'Tools' menuitem: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\bin\listicka.dll
O9 - Extra button: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\bin\listicka.dll
O9 - Extra 'Tools' menuitem: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\bin\listicka.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://sslvpn.skoda-auto.cz/dana-cache ... Client.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 8010 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll [2012-05-10 2667544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 4221328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-26 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Lištička - C:\Program Files\Seznam.cz\bin\listicka.dll [2012-04-16 1508376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1EA00BE1-6E54-4E2A-8099-680300BF23E1} - Nástroje Lištičky - C:\Program Files\Seznam.cz\bin\toolbar\toolbar.dll [2012-04-16 188952]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-09-30 98304]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-11-19 9874024]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-01-12 2219184]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-11-02 59240]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2011-10-24 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2012-01-16 421736]
"SDTray"=C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [2012-05-10 3349488]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
"Seznam Postak"=C:\Program Files\Seznam.cz\bin\postak.exe [2012-01-10 491040]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-08-02 4910912]

C:\Users\Vlasta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
miranda32 – zástupce.lnk - C:\Programy\Miranda IM\miranda32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon]
SDWinLogon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 4221328]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon"
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe"="C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-05-29 16:47:05 ----D---- C:\rsit
2012-05-29 16:47:05 ----D---- C:\Program Files\trend micro
2012-05-28 20:34:15 ----A---- C:\Windows\system32\sdnclean.exe
2012-05-28 20:34:11 ----D---- C:\Program Files\Spybot - Search & Destroy 2
2012-05-28 19:01:17 ----D---- C:\ProgramData\AutoKMS
2012-05-28 18:59:12 ----A---- C:\Windows\system32\drivers\sbhips.sys
2012-05-28 18:59:11 ----A---- C:\Windows\system32\drivers\sbtis.sys
2012-05-28 18:59:03 ----A---- C:\Windows\system32\drivers\SbFwIm.sys
2012-05-28 18:59:03 ----A---- C:\Windows\system32\drivers\SbFw.sys
2012-05-28 18:20:26 ----D---- C:\Program Files\Ad-Aware Antivirus
2012-05-28 17:43:42 ----D---- C:\ProgramData\Spybot - Search & Destroy
2012-05-28 17:43:42 ----D---- C:\Program Files\Spybot - Search & Destroy
2012-05-20 18:27:23 ----A---- C:\Windows\system32\rmc_rtspdl.dll
2012-05-20 18:27:23 ----A---- C:\Windows\system32\rmc_fixasf.exe
2012-05-20 18:25:20 ----A---- C:\Windows\system32\AUDIOGENIE2.DLL
2012-05-20 18:24:27 ----D---- C:\Windows\Replay Media Catcher
2012-05-20 18:24:27 ----D---- C:\Program Files\Replay Media Catcher

======List of files/folders modified in the last 1 month======

2012-05-29 16:52:18 ----D---- C:\Windows\Temp
2012-05-29 16:48:40 ----D---- C:\Windows\System32
2012-05-29 16:48:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-05-29 16:47:05 ----RD---- C:\Program Files
2012-05-29 16:47:05 ----D---- C:\Windows\Prefetch
2012-05-29 16:44:11 ----D---- C:\Windows\system32\config
2012-05-29 06:32:29 ----D---- C:\Windows
2012-05-28 20:34:23 ----D---- C:\Windows\system32\Tasks
2012-05-28 20:34:19 ----SD---- C:\ProgramData\Microsoft
2012-05-28 19:43:58 ----SHD---- C:\Windows\Installer
2012-05-28 19:43:42 ----HD---- C:\ProgramData
2012-05-28 19:43:38 ----D---- C:\Windows\system32\drivers
2012-05-28 19:08:26 ----D---- C:\Windows\Tasks
2012-05-28 18:59:08 ----D---- C:\Windows\inf
2012-05-28 18:59:06 ----D---- C:\Windows\system32\catroot
2012-05-28 18:59:05 ----D---- C:\Windows\system32\DriverStore
2012-05-28 18:59:02 ----D---- C:\Program Files\Common Files\microsoft shared
2012-05-28 18:56:41 ----D---- C:\Windows\system32\wbem
2012-05-28 18:56:00 ----D---- C:\Windows\system32\wfp
2012-05-28 18:56:00 ----D---- C:\Windows\system32\drivers\etc
2012-05-28 18:56:00 ----D---- C:\Windows\system32\catroot2
2012-05-28 18:55:59 ----D---- C:\Windows\system32\NDF
2012-05-28 18:55:59 ----D---- C:\Windows\system32\CodeIntegrity
2012-05-28 18:55:59 ----D---- C:\Windows\AppCompat
2012-05-28 18:55:57 ----D---- C:\Windows\registration
2012-05-28 18:55:15 ----SHD---- C:\System Volume Information
2012-05-20 20:28:45 ----D---- C:\Users\Vlasta\AppData\Roaming\vlc
2012-05-14 06:41:35 ----D---- C:\Program Files\Opera
2012-05-05 11:57:06 ----A---- C:\Windows\system32\FlashPlayerApp.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
R1 SbFw;SbFw; C:\Windows\system32\drivers\SbFw.sys [2011-04-05 221784]
R1 SbTis;SbTis; C:\Windows\system32\drivers\sbtis.sys [2011-04-05 78936]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-12-21 137144]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 95384]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-09-29 6472192]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-09-29 228352]
R3 appliandMP;appliandMP; C:\Windows\system32\DRIVERS\appliand.sys [2011-06-26 28256]
R3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys [2011-01-27 98280]
R3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys [2011-01-27 304616]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2010-08-16 101904]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-06 232512]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2010-11-23 3253352]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2011-02-16 340072]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\Windows\system32\DRIVERS\SBFWIM.sys [2011-02-08 69208]
S1 SBRE;SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 ALSysIO;ALSysIO; \??\C:\Users\Vlasta\AppData\Local\Temp\ALSysIO.sys []
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 appliand;Applian Network Service; C:\Windows\system32\DRIVERS\appliand.sys [2011-06-26 28256]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service; C:\Windows\system32\DRIVERS\sbfwim.sys [2011-02-08 69208]
S3 sbhips;sbhips; C:\Windows\system32\drivers\sbhips.sys [2011-04-05 94040]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2011-08-02 42496]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-09-29 176128]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-24 55144]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 390504]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-01-12 810144]
R2 SDScannerService;Spybot-S&D 2 Scanner Service; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-05-10 1122296]
R2 SDUpdateService;Spybot-S&D 2 Updating Service; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-05-10 838136]
R2 SDWSCService;Spybot-S&D 2 Security Center Service; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-03-22 166528]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-01-16 821608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 KMService;KMService; C:\Windows\system32\srvany.exe [2011-11-08 8192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2011-01-12 33584]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-11-12 1343400]

-----------------EOF-----------------

#3 Příspěvek od **vyosek** » 29 kvě 2012 20:53

Zdravim a pekny vecer preji

Poprosim i o druhy log z RSIT s nazvem info.txt, je ulozen v c:\rsit

Predpokladam, ze ten NOD32 mate legalni = zakoupena licence

Mohu mit dotaz, proc si bezny uzivatel kupuje nejvyssi licenci Windows Ultimate, ktera je urcena spise pro velke korporace, kdyz stejne nevyuzije nic vic nez nabizi verze Home Premium

A nebo byla "koupena" nekde na internetu

Doporucuji odinstalovat Spybot - Search & Destroy - program ma uz nejlepsi leta davno za sebou a posledni cca 3 roky neni schopen celit aktualnim hrozbam

Nahrady za Spybota:
- Spyware Terminator - info o nem http://www.viry.cz/forum/viewtopic.php?f=29&t=44730
- SuperAntiSpyare - info o nem http://www.viry.cz/forum/viewtopic.php?f=29&t=51359
Samozrejme pouzivejte jen jeden z nich
Osobne doporucuji SuperAntiSpyware

palmexman · #4 Příspěvek od **palmexman** » 30 kvě 2012 05:41

Děkuji moc, níže druhý log.
Pc jsem dostal jako sestavu s již předinstalovaným systémem a několika zkušebn. verzemi programů. Osobně ani neznám rozdíly mezi windows.

info.txt logfile of random's system information tool 1.09 2012-05-29 16:47:26

======Uninstall list======

-->MsiExec /X{5DB65884-C963-4454-AABA-4CA3089281FA}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Community Help-->msiexec /qb /x {0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Community Help-->MsiExec.exe /I{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Flash Player 11 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe -maintain activex
Adobe Flash Player 11 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe -maintain plugin
Adobe Media Player-->msiexec /qb /x {DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe Media Player-->MsiExec.exe /I{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
Adobe Photoshop CS5-->C:\Program Files\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{15FEDA5F-141C-4127-8D7E-B962D1742728}"
Adobe Reader X (10.1.1) - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AA1000000001}
AMD Drag and Drop Transcoding-->MsiExec.exe /X{B0933BBC-1A09-146A-C40A-BD5C1294749C}
Apple Application Support-->MsiExec.exe /I{343666E2-A059-48AC-AD67-230BF74E2DB2}
Apple Mobile Device Support-->MsiExec.exe /I{8153ED9A-C94A-426E-9880-5E6775C08B62}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
Asmedia ASM104x USB 3.0 Host Controller Driver-->MsiExec.exe /X{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}
ATI AVIVO Codecs-->MsiExec.exe /I{09BD1434-E53C-800A-BAE7-AAE85025E8A5}
ATI Catalyst Install Manager-->msiexec /q/x{47A5EFF0-3A7F-934F-C778-C7E6C8EBE497} REBOOT=ReallySuppress
ATI Problem Report Wizard-->MsiExec.exe /X{C19329AE-D1E7-8E9A-4EA8-4344E127E706}
Avidemux 2.5 (32-bit)-->C:\Program Files\Avidemux 2.5\uninstall.exe
Bonjour-->MsiExec.exe /X{79155F2B-9895-49D7-8612-D92580E0DE5B}
Catalyst Control Center - Branding-->MsiExec.exe /I{DDA34038-89BD-4804-B0B8-DC48D5DFB463}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Counter-Strike 1.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13B792AA-C078-43A4-8A3A-8B12D629940D}\Setup.exe" -l0x19
DAEMON Tools Lite-->C:\Program Files\DAEMON Tools Lite\uninst.exe
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{0DA5C61E-18AE-4BBE-A29B-0BFACADB5C6A}" "1029" "0"
Freemake Video Converter verze 2.4.0-->"C:\Program Files\Freemake\Freemake Video Converter\Uninstall\unins000.exe"
HydraVision-->MsiExec.exe /X{B80BE2E3-EA77-53D4-7A56-C53D452E6D50}
iTunes-->MsiExec.exe /I{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}
Java(TM) 6 Update 29-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216029FF}
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1029 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->MsiExec.exe /X{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Office Access MUI (Czech) 2010-->MsiExec.exe /X{90140000-0015-0405-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2010-->MsiExec.exe /X{90140000-0016-0405-0000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2010-->MsiExec.exe /X{90140000-00BA-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2010-->MsiExec.exe /X{90140000-0044-0405-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2010-->MsiExec.exe /X{90140000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2010-->MsiExec.exe /X{90140000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2010-->MsiExec.exe /X{90140000-0018-0405-0000-0000000FF1CE}
Microsoft Office Professional Plus 2010-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2010-->MsiExec.exe /X{90140000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2010-->MsiExec.exe /X{90140000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2010-->MsiExec.exe /X{90140000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2010-->MsiExec.exe /X{90140000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2010-->MsiExec.exe /X{90140000-002C-0405-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Czech) 2010-->MsiExec.exe /X{90140000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2010-->MsiExec.exe /X{90140000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2010-->MsiExec.exe /X{90140000-001B-0405-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft_VC80_ATL_x86-->MsiExec.exe /I{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}
Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}
Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}
Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}
Need for Speed(TM) Hot Pursuit-->MsiExec.exe /X{83A606F5-BF6F-42ED-9F33-B9F74297CDED}
NVIDIA PhysX-->MsiExec.exe /X{5DB65884-C963-4454-AABA-4CA3089281FA}
Opera 11.64-->"C:\Program Files\Opera\Opera.exe" /uninstall
PDF Settings CS5-->MsiExec.exe /I{A78FE97A-C0C8-49CE-89D0-EDD524A17392}
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
Power MP3 Cutter 2006, (ver 2.5)-->"C:\Program Files\Power MP3 Cutter\unins000.exe"
QuickTime-->MsiExec.exe /I{7BE15435-2D3E-4B58-867F-9C75BED0208C}
Realtek Ethernet Controller Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\Setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -removeonly
Replay Media Catcher 3.02-->"C:\Windows\Replay Media Catcher\uninstall.exe" "/U:C:\Program Files\Replay Media Catcher\Uninstall\uninstall.xml"
Replay Media Catcher 4 (4.3.2)-->C:\Program Files\Applian Technologies\Replay Media Catcher 4\uninstall.exe
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile CSY Language Pack (KB2478663)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder ClientLP
Security Update for Microsoft .NET Framework 4 Client Profile CSY Language Pack (KB2518870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder ClientLP
Security Update for Microsoft Excel 2010 (KB2553070)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{294BAA9E-9209-497F-A71F-7E52EFB194D4}" "1029" "0"
Security Update for Microsoft InfoPath 2010 (KB2510065)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{3C6C6854-EB6B-455C-B0A6-9871F0538028}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2289078)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{1D1A4F08-2F17-475B-BA72-476CE5992FEE}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2553091)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{07CA44F3-F5B3-4D12-8C91-EDC5FE91D45C}" "1029" "0"
Security Update for Microsoft Office 2010 (KB2553096)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{10802A6D-EDBF-4383-BCBD-9D5B32F56D35}" "1029" "0"
Security Update for Microsoft PowerPoint 2010 (KB2519975)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{45D7C5CD-B967-44AF-9DAB-E5C8545558AD}" "1029" "0"
Security Update for Microsoft Publisher 2010 (KB2409055)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{C3C277D5-36E3-4B1A-926A-175B2BC019CF}" "1029" "0"
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{337A3FB9-281D-4EC8-9CC1-7F6DDAC2359F}" "1029" "0"
Security Update for Microsoft Word 2010 (KB2345000)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{A6D422EE-1196-45EE-B9AE-6B5B64975E8B}" "1029" "0"
Seznam Lištička (Všichni uživatelé tohoto počítače.)-->"C:\Program Files\Seznam.cz\listicka-uninstall.exe" /AllUsers
Seznam Pošťák 2 (Všichni uživatelé tohoto počítače.)-->"C:\Program Files\Seznam.cz\postak-uninstall.exe" /AllUsers
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy 2\unins000.exe"
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Client
Update for Microsoft Office 2010 (KB2202188)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{86B7A074-265D-420C-9E1E-7A920EF0ECA7}" "1029" "0"
Update for Microsoft Office 2010 (KB2494150)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}" "1029" "0"
Update for Microsoft Office 2010 (KB2523113)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{C0FF04BF-A05E-408B-81CA-B7FACDA508A3}" "1029" "0"
Update for Microsoft Office 2010 (KB2553065)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{A8686D24-1E89-43A1-973E-05A258D2B3F8}" "1029" "0"
Update for Microsoft Office 2010 (KB2553092)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{7AC49FC8-F8D2-4DD8-9086-09E52385A21F}" "1029" "0"
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}" "1029" "0"
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{C8694FF0-8203-483B-A07A-2BC40433167D}" "1029" "0"
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0405-0000-0000000FF1CE}" "{6F6FD0B7-2500-41ED-8425-A6AE5958EB52}" "1029" "0"
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{147E3669-1EA6-454C-B53E-A2BE51D8E520}" "1029" "0"
Update for Microsoft Office 2010 (KB2566458)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{EFB525A0-E1C0-4E32-9968-FE401BC87363}" "1029" "0"
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{BEBC2484-290C-46AD-9834-6DAD1FA80273}" "1029" "0"
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0405-0000-0000000FF1CE}" "{3CF6665E-28CD-4EBC-B0C1-34BF7FB09C53}" "1029" "0"
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{29E94638-D92F-4C40-BDA1-FEDCC92F478D}" "1029" "0"
Update for Microsoft Outlook Social Connector (KB2583935)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{EDF9874C-9E37-4110-9FC3-094247E114DF}" "1029" "0"
Update for Microsoft Outlook Social Connector (KB2583935)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0405-0000-0000000FF1CE}" "{111B84C3-DACD-4F98-83E9-385598549B2B}" "1029" "0"
VLC media player 1.1.11-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Movie Maker 2.6-->MsiExec.exe /X{B3DAF54F-DB25-4586-9EF1-96D24BB14088}
WinRAR-->C:\Programy\WinRAR\uninstall.exe

======System event log======

Computer Name: Vlasta-PC
Event Code: 62464
Message: UVD Information
Record Number: 497128
Source Name: amdkmdag
Time Written: 20120507194857.305610-000
Event Type: Informace
User:

Computer Name: Vlasta-PC
Event Code: 62464
Message: UVD Information
Record Number: 497127
Source Name: amdkmdag
Time Written: 20120507194857.305610-000
Event Type: Informace
User:

Computer Name: Vlasta-PC
Event Code: 62464
Message: UVD Information
Record Number: 497126
Source Name: amdkmdag
Time Written: 20120507194857.305610-000
Event Type: Informace
User:

Computer Name: Vlasta-PC
Event Code: 62464
Message: UVD Information
Record Number: 497125
Source Name: amdkmdag
Time Written: 20120507194857.185609-000
Event Type: Informace
User:

Computer Name: Vlasta-PC
Event Code: 62464
Message: UVD Information
Record Number: 497124
Source Name: amdkmdag
Time Written: 20120507194857.185609-000
Event Type: Informace
User:

=====Application event log=====

Computer Name: 37L4247D28-05
Event Code: 1001
Message: Chybný blok , typ 0
Název události: PnPDriverNotFound
Reakce: Není k dispozici
ID souboru CAB: 0

Podpis problému:
P1: x86
P2: PCI\VEN_8086&DEV_1C22&SUBSYS_844D1043&REV_05
P3:
P4:
P5:
P6:
P7:
P8:
P9:
P10:

Připojené soubory:
C:\Windows\Temp\DMIEDA8.tmp.log.xml

Tyto soubory mohou být k dispozici zde:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x86_61938a6b8fe32cdb14ec222237e7842fb4250c7_cab_06a0ee92

Symbol analýzy:
Opětovné hledání řešení: 0
ID hlášení: b93e19e3-de4e-11e0-b6c5-a487747df18d
Stav hlášení: 6
Record Number: 5
Source Name: Windows Error Reporting
Time Written: 20110913212412.000000-000
Event Type: Informace
User:

Computer Name: 37L4247D28-05
Event Code: 5617
Message: Windows Management Instrumentation Service subsystems initialized successfully
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20110913212409.000000-000
Event Type: Informace
User:

Computer Name: 37L4247D28-05
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20110913212406.000000-000
Event Type: Informace
User:

Computer Name: 37L4247D28-05
Event Code: 1531
Message: Služba Profil uživatele byla úspěšně spuštěna.

Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20110913212404.026890-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: 37L4247D28-05
Event Code: 4625
Message: Subsystém EventSystem zabraňuje vytváření duplicitních záznamů v protokolu událostí po dobu 86400 sekund. Tuto dobu lze změnit pomocí hodnoty REG_DWORD s názvem SuppressDuplicateDuration v následujícím klíči registru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20110913212404.000000-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: Vlasta-PC
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 806
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111104150644.106988-000
Event Type: Úspěšný audit
User:

Computer Name: Vlasta-PC
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: VLASTA-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x240
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 805
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111104150644.106988-000
Event Type: Úspěšný audit
User:

Computer Name: Vlasta-PC
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 804
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111104150451.100842-000
Event Type: Úspěšný audit
User:

Computer Name: Vlasta-PC
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: VLASTA-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x240
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 803
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111104150451.100842-000
Event Type: Úspěšný audit
User:

Computer Name: Vlasta-PC
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-0-0
Název účtu: -
Doména účtu: -
ID přihlášení: 0x0

Typ přihlášení: 3

Nové přihlášení:
ID zabezpečení: S-1-5-7
Název účtu: ANONYMOUS LOGON
Doména účtu: NT AUTHORITY
ID přihlášení: 0x1bfb3
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x0
Název procesu: -

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: NtLmSsp
Balíček ověření: NTLM
Přenosové služby: -
Název balíčku (pouze NTLM): NTLM V1
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 802
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111104150440.711624-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 42 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=2a07
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"asl.log"=Destination=file

-----------------EOF-----------------

#5 Příspěvek od **vyosek** » 30 kvě 2012 07:18

Na to ze jste studoval PC a neznate rozdily v OS, docela asi zajimave studium

Co ten NOD, ten mate zakoupeny? nebo stale mate trial verzi (vice jak 30 dni) ???

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Ukoncete vsechny programy
Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Pockejte na dokonceni PreScanu
Zvolte moznost Prohledat (scan)
Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

Kliknete na volbu Change parametrs
V obou oknech (Objects to scan i Additional Option) zakliknete vsechny moznosti - ve vsech ctvereccich musi mit fajecka
Kliknete na OK
Utilite prikazte, at skenuje - klik na Start Scan
Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
Pokud mate vsude Skip, kliknete na Continue
Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

palmexman · #6 Příspěvek od **palmexman** » 30 kvě 2012 15:51

RogueKiller V7.5.1 [05/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows 7 (6.1.7600 ) 32 bits version
Spuštěno v: Normální režim
Uživatel: Vlasta [Práva správce]
Mód: Kontrola -- Datum: 05/30/2012 16:48:17

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Záznamy Registrů: 4 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST31000524AS ATA Device +++++
--- User ---
[MBR] f8ba69b61a85315da8ba6a33a4f56f40
[BSP] ac084bc1cfda2fe8b5136930faa9c17d : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 600768 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1230579712 | Size: 352999 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[1].txt >>
RKreport[1].txt

palmexman · #7 Příspěvek od **palmexman** » 30 kvě 2012 15:53

16:51:55.0099 3892 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
16:51:55.0239 3892 ============================================================
16:51:55.0239 3892 Current date / time: 2012/05/30 16:51:55.0239
16:51:55.0239 3892 SystemInfo:
16:51:55.0239 3892
16:51:55.0239 3892 OS Version: 6.1.7600 ServicePack: 0.0
16:51:55.0239 3892 Product type: Workstation
16:51:55.0239 3892 ComputerName: VLASTA-PC
16:51:55.0239 3892 UserName: Vlasta
16:51:55.0239 3892 Windows directory: C:\Windows
16:51:55.0239 3892 System windows directory: C:\Windows
16:51:55.0239 3892 Processor architecture: Intel x86
16:51:55.0239 3892 Number of processors: 4
16:51:55.0239 3892 Page size: 0x1000
16:51:55.0239 3892 Boot type: Normal boot
16:51:55.0239 3892 ============================================================
16:51:56.0191 3892 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:51:56.0191 3892 ============================================================
16:51:56.0191 3892 \Device\Harddisk0\DR0:
16:51:56.0191 3892 MBR partitions:
16:51:56.0191 3892 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:51:56.0191 3892 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x49560000
16:51:56.0191 3892 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x49592800, BlocksNum 0x2B173800
16:51:56.0191 3892 ============================================================
16:51:56.0222 3892 C: <-> \Device\Harddisk0\DR0\Partition2
16:51:56.0269 3892 D: <-> \Device\Harddisk0\DR0\Partition1
16:51:56.0269 3892 ============================================================
16:51:56.0269 3892 Initialize success
16:51:56.0269 3892 ============================================================
16:52:21.0759 1772 ============================================================
16:52:21.0759 1772 Scan started
16:52:21.0759 1772 Mode: Manual; SigCheck; TDLFS;
16:52:21.0759 1772 ============================================================
16:52:22.0212 1772 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
16:52:22.0274 1772 1394ohci - ok
16:52:22.0305 1772 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
16:52:22.0305 1772 ACPI - ok
16:52:22.0321 1772 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
16:52:22.0352 1772 AcpiPmi - ok
16:52:22.0446 1772 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:52:22.0446 1772 AdobeARMservice - ok
16:52:22.0539 1772 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:52:22.0555 1772 AdobeFlashPlayerUpdateSvc - ok
16:52:22.0602 1772 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
16:52:22.0648 1772 adp94xx - ok
16:52:22.0664 1772 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
16:52:22.0664 1772 adpahci - ok
16:52:22.0695 1772 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
16:52:22.0695 1772 adpu320 - ok
16:52:22.0758 1772 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
16:52:22.0789 1772 AeLookupSvc - ok
16:52:22.0836 1772 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
16:52:22.0867 1772 AFD - ok
16:52:22.0882 1772 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
16:52:22.0898 1772 agp440 - ok
16:52:22.0929 1772 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
16:52:22.0960 1772 aic78xx - ok
16:52:23.0132 1772 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
16:52:23.0163 1772 ALG - ok
16:52:23.0179 1772 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
16:52:23.0194 1772 aliide - ok
16:52:23.0257 1772 ALSysIO - ok
16:52:23.0319 1772 AMD External Events Utility (aa8c7a0a40d3b8992ea1845ef89fe2d4) C:\Windows\system32\atiesrxx.exe
16:52:23.0366 1772 AMD External Events Utility - ok
16:52:23.0382 1772 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
16:52:23.0397 1772 amdagp - ok
16:52:23.0397 1772 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
16:52:23.0397 1772 amdide - ok
16:52:23.0444 1772 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
16:52:23.0460 1772 AmdK8 - ok
16:52:23.0662 1772 amdkmdag (5ab10c74c8ea15e98a6c771b7269615e) C:\Windows\system32\DRIVERS\atikmdag.sys
16:52:23.0725 1772 amdkmdag - ok
16:52:23.0818 1772 amdkmdap (e9890f7ec1ab4d09afeb09dd76334622) C:\Windows\system32\DRIVERS\atikmpag.sys
16:52:23.0834 1772 amdkmdap - ok
16:52:23.0834 1772 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
16:52:23.0850 1772 AmdPPM - ok
16:52:23.0912 1772 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
16:52:23.0943 1772 amdsata - ok
16:52:23.0974 1772 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
16:52:23.0990 1772 amdsbs - ok
16:52:24.0006 1772 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
16:52:24.0021 1772 amdxata - ok
16:52:24.0052 1772 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
16:52:24.0084 1772 AppID - ok
16:52:24.0115 1772 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
16:52:24.0162 1772 AppIDSvc - ok
16:52:24.0193 1772 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
16:52:24.0208 1772 Appinfo - ok
16:52:24.0427 1772 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:52:24.0427 1772 Apple Mobile Device - ok
16:52:24.0442 1772 appliand (69370f2e2827ffba910d0bfa9e62e484) C:\Windows\system32\DRIVERS\appliand.sys
16:52:24.0474 1772 appliand - ok
16:52:24.0474 1772 appliandMP (69370f2e2827ffba910d0bfa9e62e484) C:\Windows\system32\DRIVERS\appliand.sys
16:52:24.0474 1772 appliandMP - ok
16:52:24.0505 1772 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
16:52:24.0536 1772 AppMgmt - ok
16:52:24.0567 1772 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
16:52:24.0567 1772 arc - ok
16:52:24.0583 1772 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
16:52:24.0598 1772 arcsas - ok
16:52:24.0645 1772 asmthub3 (494ebeffed4fe4e129ed74a5e76608a9) C:\Windows\system32\DRIVERS\asmthub3.sys
16:52:24.0676 1772 asmthub3 - ok
16:52:24.0723 1772 asmtxhci (2dbbb995ea10db01895edbf360b9256f) C:\Windows\system32\DRIVERS\asmtxhci.sys
16:52:24.0786 1772 asmtxhci - ok
16:52:24.0801 1772 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
16:52:24.0832 1772 AsyncMac - ok
16:52:24.0848 1772 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
16:52:24.0848 1772 atapi - ok
16:52:24.0895 1772 AtiHDAudioService (35207458c90f55c61247de139a6a243a) C:\Windows\system32\drivers\AtihdW73.sys
16:52:24.0910 1772 AtiHDAudioService - ok
16:52:24.0973 1772 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
16:52:25.0004 1772 AudioEndpointBuilder - ok
16:52:25.0004 1772 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
16:52:25.0020 1772 Audiosrv - ok
16:52:25.0035 1772 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
16:52:25.0066 1772 AxInstSV - ok
16:52:25.0098 1772 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
16:52:25.0113 1772 b06bdrv - ok
16:52:25.0144 1772 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
16:52:25.0176 1772 b57nd60x - ok
16:52:25.0176 1772 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
16:52:25.0191 1772 BDESVC - ok
16:52:25.0191 1772 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
16:52:25.0222 1772 Beep - ok
16:52:25.0269 1772 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
16:52:25.0300 1772 BFE - ok
16:52:25.0347 1772 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\System32\qmgr.dll
16:52:25.0410 1772 BITS - ok
16:52:25.0425 1772 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
16:52:25.0425 1772 blbdrive - ok
16:52:25.0534 1772 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
16:52:25.0550 1772 Bonjour Service - ok
16:52:25.0581 1772 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
16:52:25.0597 1772 bowser - ok
16:52:25.0612 1772 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:52:25.0644 1772 BrFiltLo - ok
16:52:25.0659 1772 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:52:25.0690 1772 BrFiltUp - ok
16:52:25.0706 1772 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
16:52:25.0722 1772 Browser - ok
16:52:25.0737 1772 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
16:52:25.0768 1772 Brserid - ok
16:52:25.0784 1772 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
16:52:25.0800 1772 BrSerWdm - ok
16:52:25.0815 1772 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:52:25.0831 1772 BrUsbMdm - ok
16:52:25.0846 1772 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
16:52:25.0862 1772 BrUsbSer - ok
16:52:25.0878 1772 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
16:52:25.0878 1772 BTHMODEM - ok
16:52:25.0909 1772 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
16:52:25.0940 1772 bthserv - ok
16:52:25.0971 1772 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
16:52:25.0987 1772 cdfs - ok
16:52:26.0018 1772 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
16:52:26.0034 1772 cdrom - ok
16:52:26.0049 1772 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
16:52:26.0080 1772 CertPropSvc - ok
16:52:26.0080 1772 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
16:52:26.0096 1772 circlass - ok
16:52:26.0112 1772 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
16:52:26.0127 1772 CLFS - ok
16:52:26.0174 1772 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:52:26.0190 1772 clr_optimization_v2.0.50727_32 - ok
16:52:26.0268 1772 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:52:26.0283 1772 clr_optimization_v4.0.30319_32 - ok
16:52:26.0299 1772 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
16:52:26.0299 1772 CmBatt - ok
16:52:26.0314 1772 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
16:52:26.0330 1772 cmdide - ok
16:52:26.0346 1772 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
16:52:26.0361 1772 CNG - ok
16:52:26.0377 1772 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
16:52:26.0392 1772 Compbatt - ok
16:52:26.0408 1772 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
16:52:26.0408 1772 CompositeBus - ok
16:52:26.0408 1772 COMSysApp - ok
16:52:26.0424 1772 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
16:52:26.0439 1772 crcdisk - ok
16:52:26.0470 1772 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
16:52:26.0533 1772 CryptSvc - ok
16:52:26.0564 1772 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
16:52:26.0595 1772 CSC - ok
16:52:26.0642 1772 CscService (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll
16:52:26.0658 1772 CscService - ok
16:52:26.0736 1772 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
16:52:26.0798 1772 DcomLaunch - ok
16:52:26.0814 1772 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
16:52:26.0845 1772 defragsvc - ok
16:52:26.0892 1772 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
16:52:26.0923 1772 DfsC - ok
16:52:26.0938 1772 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
16:52:26.0970 1772 Dhcp - ok
16:52:26.0970 1772 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
16:52:27.0032 1772 discache - ok
16:52:27.0063 1772 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
16:52:27.0079 1772 Disk - ok
16:52:27.0110 1772 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
16:52:27.0126 1772 Dnscache - ok
16:52:27.0157 1772 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
16:52:27.0204 1772 dot3svc - ok
16:52:27.0204 1772 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
16:52:27.0235 1772 DPS - ok
16:52:27.0282 1772 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
16:52:27.0328 1772 drmkaud - ok
16:52:27.0375 1772 dtsoftbus01 (c0c7ceccb6c85994c2bc92d58e52d3f2) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:52:27.0391 1772 dtsoftbus01 - ok
16:52:27.0438 1772 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
16:52:27.0469 1772 DXGKrnl - ok
16:52:27.0500 1772 eamonm (04cba07e73f152970fc34d66d3892e2a) C:\Windows\system32\DRIVERS\eamonm.sys
16:52:27.0516 1772 eamonm - ok
16:52:27.0531 1772 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
16:52:27.0547 1772 EapHost - ok
16:52:27.0656 1772 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
16:52:27.0672 1772 ebdrv - ok
16:52:27.0750 1772 EFS (f42309c4191c506b71db5d1126d26318) C:\Windows\System32\lsass.exe
16:52:27.0781 1772 EFS - ok
16:52:27.0828 1772 ehdrv (fe7824239d132ad9ebd8645fe1199b30) C:\Windows\system32\DRIVERS\ehdrv.sys
16:52:27.0828 1772 ehdrv - ok
16:52:27.0890 1772 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
16:52:27.0937 1772 ehRecvr - ok
16:52:27.0968 1772 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
16:52:27.0984 1772 ehSched - ok
16:52:28.0046 1772 EhttpSrv (68d91a34ce51cf15c45dd68f7f1257e8) C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
16:52:28.0062 1772 EhttpSrv - ok
16:52:28.0108 1772 ekrn (191d8eccc40f05b52fac0513f35ba01d) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
16:52:28.0124 1772 ekrn - ok
16:52:28.0405 1772 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
16:52:28.0436 1772 elxstor - ok
16:52:28.0452 1772 epfwwfpr (ddb45f6371714601a43e8be38145be18) C:\Windows\system32\DRIVERS\epfwwfpr.sys
16:52:28.0452 1772 epfwwfpr - ok
16:52:28.0467 1772 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
16:52:28.0483 1772 ErrDev - ok
16:52:28.0545 1772 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
16:52:28.0592 1772 EventSystem - ok
16:52:28.0608 1772 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
16:52:28.0623 1772 exfat - ok
16:52:28.0670 1772 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
16:52:28.0717 1772 fastfat - ok
16:52:28.0748 1772 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
16:52:28.0779 1772 Fax - ok
16:52:28.0795 1772 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
16:52:28.0810 1772 fdc - ok
16:52:28.0826 1772 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
16:52:28.0857 1772 fdPHost - ok
16:52:28.0873 1772 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
16:52:28.0920 1772 FDResPub - ok
16:52:28.0951 1772 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
16:52:28.0951 1772 FileInfo - ok
16:52:28.0966 1772 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
16:52:28.0998 1772 Filetrace - ok
16:52:29.0013 1772 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
16:52:29.0029 1772 flpydisk - ok
16:52:29.0044 1772 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
16:52:29.0044 1772 FltMgr - ok
16:52:29.0107 1772 FontCache (151258fc2ec8c48bdf8a53350ae0a676) C:\Windows\system32\FntCache.dll
16:52:29.0138 1772 FontCache - ok
16:52:29.0216 1772 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:52:29.0232 1772 FontCache3.0.0.0 - ok
16:52:29.0247 1772 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
16:52:29.0247 1772 FsDepends - ok
16:52:29.0263 1772 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
16:52:29.0278 1772 Fs_Rec - ok
16:52:29.0310 1772 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
16:52:29.0310 1772 fvevol - ok
16:52:29.0341 1772 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:52:29.0356 1772 gagp30kx - ok
16:52:29.0403 1772 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:52:29.0403 1772 GEARAspiWDM - ok
16:52:29.0419 1772 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
16:52:29.0450 1772 gpsvc - ok
16:52:29.0450 1772 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
16:52:29.0497 1772 hcw85cir - ok
16:52:29.0544 1772 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
16:52:29.0575 1772 HdAudAddService - ok
16:52:29.0590 1772 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:52:29.0622 1772 HDAudBus - ok
16:52:29.0637 1772 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
16:52:29.0668 1772 HidBatt - ok
16:52:29.0684 1772 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
16:52:29.0715 1772 HidBth - ok
16:52:29.0731 1772 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
16:52:29.0762 1772 HidIr - ok
16:52:29.0778 1772 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
16:52:29.0809 1772 hidserv - ok
16:52:29.0824 1772 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
16:52:29.0840 1772 HidUsb - ok
16:52:29.0856 1772 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
16:52:29.0902 1772 hkmsvc - ok
16:52:29.0934 1772 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
16:52:29.0965 1772 HomeGroupListener - ok
16:52:29.0996 1772 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
16:52:30.0012 1772 HomeGroupProvider - ok
16:52:30.0043 1772 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
16:52:30.0043 1772 HpSAMD - ok
16:52:30.0090 1772 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
16:52:30.0136 1772 HTTP - ok
16:52:30.0152 1772 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
16:52:30.0168 1772 hwpolicy - ok
16:52:30.0183 1772 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
16:52:30.0199 1772 i8042prt - ok
16:52:30.0246 1772 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
16:52:30.0261 1772 iaStorV - ok
16:52:30.0324 1772 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:52:30.0355 1772 idsvc - ok
16:52:30.0370 1772 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
16:52:30.0370 1772 iirsp - ok
16:52:30.0402 1772 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
16:52:30.0433 1772 IKEEXT - ok
16:52:30.0573 1772 IntcAzAudAddService (5294f1c52a6d8c2a15ffd2945c552736) C:\Windows\system32\drivers\RTKVHDA.sys
16:52:30.0604 1772 IntcAzAudAddService - ok
16:52:30.0667 1772 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
16:52:30.0682 1772 intelide - ok
16:52:30.0729 1772 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
16:52:30.0745 1772 intelppm - ok
16:52:30.0776 1772 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
16:52:30.0823 1772 IPBusEnum - ok
16:52:30.0838 1772 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:52:30.0854 1772 IpFilterDriver - ok
16:52:30.0901 1772 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
16:52:30.0932 1772 iphlpsvc - ok
16:52:30.0948 1772 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:52:30.0948 1772 IPMIDRV - ok
16:52:30.0963 1772 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
16:52:31.0010 1772 IPNAT - ok
16:52:31.0104 1772 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
16:52:31.0135 1772 iPod Service - ok
16:52:31.0166 1772 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
16:52:31.0182 1772 IRENUM - ok
16:52:31.0197 1772 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
16:52:31.0197 1772 isapnp - ok
16:52:31.0213 1772 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
16:52:31.0228 1772 iScsiPrt - ok
16:52:31.0244 1772 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:52:31.0260 1772 kbdclass - ok
16:52:31.0260 1772 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
16:52:31.0291 1772 kbdhid - ok
16:52:31.0306 1772 KeyIso (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
16:52:31.0322 1772 KeyIso - ok
16:52:31.0384 1772 KMService (4635935fc972c582632bf45c26bfcb0e) C:\Windows\system32\srvany.exe
16:52:31.0400 1772 KMService ( UnsignedFile.Multi.Generic ) - warning
16:52:31.0400 1772 KMService - detected UnsignedFile.Multi.Generic (1)
16:52:31.0400 1772 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
16:52:31.0416 1772 KSecDD - ok
16:52:31.0462 1772 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
16:52:31.0478 1772 KSecPkg - ok
16:52:31.0509 1772 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
16:52:31.0540 1772 KtmRm - ok
16:52:31.0572 1772 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\system32\srvsvc.dll
16:52:31.0587 1772 LanmanServer - ok
16:52:31.0603 1772 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
16:52:31.0634 1772 LanmanWorkstation - ok
16:52:31.0665 1772 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
16:52:31.0696 1772 lltdio - ok
16:52:31.0728 1772 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
16:52:31.0743 1772 lltdsvc - ok
16:52:31.0759 1772 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
16:52:31.0790 1772 lmhosts - ok
16:52:31.0821 1772 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:52:31.0837 1772 LSI_FC - ok
16:52:31.0852 1772 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:52:31.0852 1772 LSI_SAS - ok
16:52:31.0868 1772 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:52:31.0868 1772 LSI_SAS2 - ok
16:52:31.0868 1772 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:52:31.0884 1772 LSI_SCSI - ok
16:52:31.0915 1772 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
16:52:31.0977 1772 luafv - ok
16:52:31.0993 1772 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
16:52:32.0008 1772 Mcx2Svc - ok
16:52:32.0024 1772 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
16:52:32.0040 1772 megasas - ok
16:52:32.0055 1772 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
16:52:32.0071 1772 MegaSR - ok
16:52:32.0133 1772 Microsoft SharePoint Workspace Audit Service - ok
16:52:32.0180 1772 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
16:52:32.0211 1772 MMCSS - ok
16:52:32.0227 1772 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
16:52:32.0242 1772 Modem - ok
16:52:32.0242 1772 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
16:52:32.0274 1772 monitor - ok
16:52:32.0289 1772 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
16:52:32.0289 1772 mouclass - ok
16:52:32.0305 1772 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
16:52:32.0320 1772 mouhid - ok
16:52:32.0352 1772 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
16:52:32.0352 1772 mountmgr - ok
16:52:32.0367 1772 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
16:52:32.0383 1772 mpio - ok
16:52:32.0398 1772 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
16:52:32.0430 1772 mpsdrv - ok
16:52:32.0461 1772 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
16:52:32.0508 1772 MpsSvc - ok
16:52:32.0539 1772 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
16:52:32.0554 1772 MRxDAV - ok
16:52:32.0586 1772 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:52:32.0601 1772 mrxsmb - ok
16:52:32.0617 1772 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:52:32.0664 1772 mrxsmb10 - ok
16:52:32.0679 1772 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:52:32.0679 1772 mrxsmb20 - ok
16:52:32.0695 1772 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
16:52:32.0726 1772 msahci - ok
16:52:32.0742 1772 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
16:52:32.0742 1772 msdsm - ok
16:52:32.0757 1772 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
16:52:32.0773 1772 MSDTC - ok
16:52:32.0804 1772 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
16:52:32.0820 1772 Msfs - ok
16:52:32.0851 1772 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
16:52:32.0898 1772 mshidkmdf - ok
16:52:32.0898 1772 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
16:52:32.0913 1772 msisadrv - ok
16:52:32.0944 1772 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
16:52:33.0007 1772 MSiSCSI - ok
16:52:33.0007 1772 msiserver - ok
16:52:33.0038 1772 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
16:52:33.0069 1772 MSKSSRV - ok
16:52:33.0100 1772 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
16:52:33.0132 1772 MSPCLOCK - ok
16:52:33.0147 1772 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
16:52:33.0163 1772 MSPQM - ok
16:52:33.0194 1772 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
16:52:33.0194 1772 MsRPC - ok
16:52:33.0210 1772 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
16:52:33.0225 1772 mssmbios - ok
16:52:33.0241 1772 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
16:52:33.0256 1772 MSTEE - ok
16:52:33.0256 1772 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
16:52:33.0272 1772 MTConfig - ok
16:52:33.0288 1772 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
16:52:33.0288 1772 Mup - ok
16:52:33.0319 1772 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
16:52:33.0350 1772 napagent - ok
16:52:33.0537 1772 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
16:52:33.0568 1772 NativeWifiP - ok
16:52:33.0646 1772 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
16:52:33.0662 1772 NDIS - ok
16:52:33.0693 1772 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
16:52:33.0724 1772 NdisCap - ok
16:52:33.0756 1772 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
16:52:33.0771 1772 NdisTapi - ok
16:52:33.0787 1772 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
16:52:33.0802 1772 Ndisuio - ok
16:52:33.0802 1772 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
16:52:33.0818 1772 NdisWan - ok
16:52:33.0834 1772 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
16:52:33.0849 1772 NDProxy - ok
16:52:33.0865 1772 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
16:52:33.0896 1772 NetBIOS - ok
16:52:33.0912 1772 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
16:52:33.0943 1772 NetBT - ok
16:52:33.0958 1772 Netlogon (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
16:52:33.0974 1772 Netlogon - ok
16:52:34.0021 1772 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
16:52:34.0052 1772 Netman - ok
16:52:34.0068 1772 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
16:52:34.0083 1772 netprofm - ok
16:52:34.0146 1772 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:52:34.0161 1772 NetTcpPortSharing - ok
16:52:34.0192 1772 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
16:52:34.0224 1772 nfrd960 - ok
16:52:34.0239 1772 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
16:52:34.0255 1772 NlaSvc - ok
16:52:34.0255 1772 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
16:52:34.0270 1772 Npfs - ok
16:52:34.0270 1772 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
16:52:34.0286 1772 nsi - ok
16:52:34.0302 1772 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
16:52:34.0333 1772 nsiproxy - ok
16:52:34.0395 1772 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
16:52:34.0426 1772 Ntfs - ok
16:52:34.0426 1772 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
16:52:34.0458 1772 Null - ok
16:52:34.0504 1772 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
16:52:34.0504 1772 nvraid - ok
16:52:34.0520 1772 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
16:52:34.0536 1772 nvstor - ok
16:52:34.0551 1772 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
16:52:34.0567 1772 nv_agp - ok
16:52:34.0582 1772 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
16:52:34.0582 1772 ohci1394 - ok
16:52:34.0676 1772 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:52:34.0676 1772 ose - ok
16:52:34.0863 1772 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:52:34.0972 1772 osppsvc - ok
16:52:35.0035 1772 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
16:52:35.0050 1772 p2pimsvc - ok
16:52:35.0082 1772 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
16:52:35.0113 1772 p2psvc - ok
16:52:35.0160 1772 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
16:52:35.0175 1772 Parport - ok
16:52:35.0191 1772 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
16:52:35.0206 1772 partmgr - ok
16:52:35.0222 1772 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
16:52:35.0253 1772 Parvdm - ok
16:52:35.0269 1772 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
16:52:35.0284 1772 PcaSvc - ok
16:52:35.0300 1772 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
16:52:35.0331 1772 pci - ok
16:52:35.0347 1772 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
16:52:35.0347 1772 pciide - ok
16:52:35.0378 1772 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
16:52:35.0394 1772 pcmcia - ok
16:52:35.0409 1772 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
16:52:35.0409 1772 pcw - ok
16:52:35.0440 1772 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
16:52:35.0472 1772 PEAUTH - ok
16:52:35.0534 1772 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
16:52:35.0565 1772 PeerDistSvc - ok
16:52:35.0612 1772 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
16:52:35.0659 1772 pla - ok
16:52:35.0737 1772 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
16:52:35.0768 1772 PlugPlay - ok
16:52:35.0799 1772 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
16:52:35.0815 1772 PNRPAutoReg - ok
16:52:35.0846 1772 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
16:52:35.0862 1772 PNRPsvc - ok
16:52:35.0877 1772 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
16:52:35.0908 1772 PolicyAgent - ok
16:52:35.0940 1772 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
16:52:35.0986 1772 Power - ok
16:52:36.0002 1772 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
16:52:36.0049 1772 PptpMiniport - ok
16:52:36.0080 1772 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
16:52:36.0096 1772 Processor - ok
16:52:36.0111 1772 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
16:52:36.0142 1772 ProfSvc - ok
16:52:36.0158 1772 ProtectedStorage (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
16:52:36.0158 1772 ProtectedStorage - ok
16:52:36.0205 1772 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
16:52:36.0252 1772 Psched - ok
16:52:36.0314 1772 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
16:52:36.0345 1772 ql2300 - ok
16:52:36.0392 1772 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
16:52:36.0408 1772 ql40xx - ok
16:52:36.0423 1772 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
16:52:36.0439 1772 QWAVE - ok
16:52:36.0470 1772 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
16:52:36.0486 1772 QWAVEdrv - ok
16:52:36.0486 1772 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
16:52:36.0517 1772 RasAcd - ok
16:52:36.0532 1772 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:52:36.0548 1772 RasAgileVpn - ok
16:52:36.0564 1772 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
16:52:36.0595 1772 RasAuto - ok
16:52:36.0610 1772 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:52:36.0642 1772 Rasl2tp - ok
16:52:36.0657 1772 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
16:52:36.0688 1772 RasMan - ok
16:52:36.0720 1772 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
16:52:36.0751 1772 RasPppoe - ok
16:52:36.0766 1772 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
16:52:36.0798 1772 RasSstp - ok
16:52:36.0813 1772 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
16:52:36.0829 1772 rdbss - ok
16:52:36.0844 1772 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
16:52:36.0844 1772 rdpbus - ok
16:52:36.0860 1772 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:52:36.0891 1772 RDPCDD - ok
16:52:36.0922 1772 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
16:52:36.0938 1772 RDPDR - ok
16:52:36.0985 1772 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
16:52:37.0016 1772 RDPENCDD - ok
16:52:37.0047 1772 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
16:52:37.0063 1772 RDPREFMP - ok
16:52:37.0063 1772 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
16:52:37.0094 1772 RDPWD - ok
16:52:37.0110 1772 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
16:52:37.0110 1772 rdyboost - ok
16:52:37.0125 1772 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
16:52:37.0156 1772 RemoteAccess - ok
16:52:37.0188 1772 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
16:52:37.0219 1772 RemoteRegistry - ok
16:52:37.0250 1772 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
16:52:37.0281 1772 RpcEptMapper - ok
16:52:37.0297 1772 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
16:52:37.0312 1772 RpcLocator - ok
16:52:37.0328 1772 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
16:52:37.0344 1772 RpcSs - ok
16:52:37.0359 1772 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
16:52:37.0375 1772 rspndr - ok
16:52:37.0422 1772 RTL8167 (effd24b219c44f9044b8dbb95a54b7ab) C:\Windows\system32\DRIVERS\Rt86win7.sys
16:52:37.0422 1772 RTL8167 - ok
16:52:37.0437 1772 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
16:52:37.0437 1772 s3cap - ok
16:52:37.0453 1772 SamSs (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
16:52:37.0468 1772 SamSs - ok
16:52:37.0531 1772 SbFw (9c9bcc79aef0aa97f16766c498002d36) C:\Windows\system32\drivers\SbFw.sys
16:52:37.0546 1772 SbFw - ok
16:52:37.0578 1772 SBFWIMCL (f27b38d70b7621378161d6f48be04d2c) C:\Windows\system32\DRIVERS\sbfwim.sys
16:52:37.0578 1772 SBFWIMCL - ok
16:52:37.0593 1772 SBFWIMCLMP (f27b38d70b7621378161d6f48be04d2c) C:\Windows\system32\DRIVERS\SBFWIM.sys
16:52:37.0593 1772 SBFWIMCLMP - ok
16:52:37.0609 1772 sbhips (53e5e7dc26bb920b97f258bbd52abfdc) C:\Windows\system32\drivers\sbhips.sys
16:52:37.0624 1772 sbhips - ok
16:52:37.0640 1772 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
16:52:37.0656 1772 sbp2port - ok
16:52:37.0671 1772 SBRE - ok
16:52:37.0687 1772 SbTis (6468e2973e04525decc105947ddd0d34) C:\Windows\system32\drivers\sbtis.sys
16:52:37.0687 1772 SbTis - ok
16:52:37.0702 1772 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
16:52:37.0749 1772 SCardSvr - ok
16:52:37.0796 1772 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
16:52:37.0827 1772 scfilter - ok
16:52:37.0905 1772 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
16:52:37.0921 1772 Schedule - ok
16:52:37.0952 1772 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
16:52:37.0983 1772 SCPolicySvc - ok
16:52:37.0999 1772 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
16:52:38.0014 1772 SDRSVC - ok
16:52:38.0108 1772 SDScannerService (e1f35f902b825c7b18236271f398dda2) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
16:52:38.0139 1772 SDScannerService - ok
16:52:38.0170 1772 SDUpdateService (2db434f4ce96b3fb65d44b3ad5a4de3e) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
16:52:38.0186 1772 SDUpdateService - ok
16:52:38.0217 1772 SDWSCService (59dce6783f9ed27eb72c81466e363bf8) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
16:52:38.0217 1772 SDWSCService - ok
16:52:38.0295 1772 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:52:38.0342 1772 secdrv - ok
16:52:38.0358 1772 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
16:52:38.0404 1772 seclogon - ok
16:52:38.0420 1772 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
16:52:38.0451 1772 SENS - ok
16:52:38.0467 1772 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
16:52:38.0498 1772 SensrSvc - ok
16:52:38.0545 1772 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
16:52:38.0576 1772 Serenum - ok
16:52:38.0592 1772 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
16:52:38.0592 1772 Serial - ok
16:52:38.0623 1772 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
16:52:38.0638 1772 sermouse - ok
16:52:38.0654 1772 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
16:52:38.0685 1772 SessionEnv - ok
16:52:38.0716 1772 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
16:52:38.0716 1772 sffdisk - ok
16:52:38.0716 1772 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
16:52:38.0748 1772 sffp_mmc - ok
16:52:38.0779 1772 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:52:38.0810 1772 sffp_sd - ok
16:52:38.0810 1772 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
16:52:38.0841 1772 sfloppy - ok
16:52:38.0857 1772 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
16:52:38.0872 1772 SharedAccess - ok
16:52:38.0888 1772 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
16:52:38.0904 1772 ShellHWDetection - ok
16:52:38.0919 1772 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
16:52:38.0919 1772 sisagp - ok
16:52:38.0950 1772 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:52:38.0950 1772 SiSRaid2 - ok
16:52:38.0966 1772 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
16:52:38.0966 1772 SiSRaid4 - ok
16:52:38.0982 1772 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
16:52:39.0013 1772 Smb - ok
16:52:39.0060 1772 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
16:52:39.0091 1772 SNMPTRAP - ok
16:52:39.0106 1772 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
16:52:39.0106 1772 spldr - ok
16:52:39.0169 1772 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
16:52:39.0184 1772 Spooler - ok
16:52:39.0278 1772 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
16:52:39.0356 1772 sppsvc - ok
16:52:39.0418 1772 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
16:52:39.0450 1772 sppuinotify - ok
16:52:39.0543 1772 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
16:52:39.0559 1772 srv - ok
16:52:39.0590 1772 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
16:52:39.0621 1772 srv2 - ok
16:52:39.0652 1772 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
16:52:39.0684 1772 srvnet - ok
16:52:39.0699 1772 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
16:52:39.0730 1772 SSDPSRV - ok
16:52:39.0746 1772 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
16:52:39.0762 1772 SstpSvc - ok
16:52:39.0777 1772 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
16:52:39.0793 1772 stexstor - ok
16:52:39.0808 1772 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
16:52:39.0840 1772 StiSvc - ok
16:52:39.0871 1772 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
16:52:39.0871 1772 storflt - ok
16:52:39.0886 1772 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
16:52:39.0886 1772 storvsc - ok
16:52:39.0902 1772 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
16:52:39.0902 1772 swenum - ok
16:52:40.0027 1772 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
16:52:40.0042 1772 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
16:52:40.0042 1772 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
16:52:40.0058 1772 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
16:52:40.0089 1772 swprv - ok
16:52:40.0136 1772 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
16:52:40.0167 1772 SysMain - ok
16:52:40.0183 1772 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
16:52:40.0198 1772 TabletInputService - ok
16:52:40.0214 1772 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
16:52:40.0245 1772 TapiSrv - ok
16:52:40.0245 1772 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
16:52:40.0261 1772 TBS - ok
16:52:40.0339 1772 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
16:52:40.0370 1772 Tcpip - ok
16:52:40.0386 1772 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
16:52:40.0401 1772 TCPIP6 - ok
16:52:40.0432 1772 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
16:52:40.0448 1772 tcpipreg - ok
16:52:40.0464 1772 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
16:52:40.0510 1772 TDPIPE - ok
16:52:40.0526 1772 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
16:52:40.0573 1772 TDTCP - ok
16:52:40.0588 1772 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
16:52:40.0620 1772 tdx - ok
16:52:40.0635 1772 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
16:52:40.0635 1772 TermDD - ok
16:52:40.0651 1772 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
16:52:40.0682 1772 TermService - ok
16:52:40.0682 1772 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
16:52:40.0698 1772 Themes - ok
16:52:40.0729 1772 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
16:52:40.0744 1772 THREADORDER - ok
16:52:40.0776 1772 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
16:52:40.0822 1772 TrkWks - ok
16:52:40.0869 1772 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
16:52:40.0885 1772 TrustedInstaller - ok
16:52:40.0885 1772 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:52:40.0916 1772 tssecsrv - ok
16:52:40.0947 1772 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
16:52:40.0978 1772 tunnel - ok
16:52:40.0994 1772 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
16:52:41.0010 1772 uagp35 - ok
16:52:41.0010 1772 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
16:52:41.0041 1772 udfs - ok
16:52:41.0041 1772 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
16:52:41.0072 1772 UI0Detect - ok
16:52:41.0103 1772 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
16:52:41.0103 1772 uliagpkx - ok
16:52:41.0119 1772 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
16:52:41.0150 1772 umbus - ok
16:52:41.0166 1772 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
16:52:41.0166 1772 UmPass - ok
16:52:41.0228 1772 UmRdpService (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll
16:52:41.0244 1772 UmRdpService - ok
16:52:41.0290 1772 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
16:52:41.0322 1772 upnphost - ok
16:52:41.0368 1772 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
16:52:41.0384 1772 USBAAPL - ok
16:52:41.0431 1772 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
16:52:41.0478 1772 usbccgp - ok
16:52:41.0493 1772 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
16:52:41.0524 1772 usbcir - ok
16:52:41.0540 1772 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\drivers\usbehci.sys
16:52:41.0540 1772 usbehci - ok
16:52:41.0587 1772 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
16:52:41.0602 1772 usbhub - ok
16:52:41.0618 1772 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
16:52:41.0634 1772 usbohci - ok
16:52:41.0649 1772 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
16:52:41.0665 1772 usbprint - ok
16:52:41.0680 1772 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:52:41.0696 1772 USBSTOR - ok
16:52:41.0696 1772 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
16:52:41.0696 1772 usbuhci - ok
16:52:41.0712 1772 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
16:52:41.0727 1772 UxSms - ok
16:52:41.0743 1772 VaultSvc (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe
16:52:41.0758 1772 VaultSvc - ok
16:52:41.0758 1772 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
16:52:41.0758 1772 vdrvroot - ok
16:52:41.0790 1772 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
16:52:41.0821 1772 vds - ok
16:52:41.0821 1772 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
16:52:41.0836 1772 vga - ok
16:52:41.0852 1772 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
16:52:41.0868 1772 VgaSave - ok
16:52:41.0883 1772 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
16:52:41.0899 1772 vhdmp - ok
16:52:41.0930 1772 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
16:52:41.0961 1772 viaagp - ok
16:52:41.0961 1772 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
16:52:41.0977 1772 ViaC7 - ok
16:52:41.0977 1772 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
16:52:41.0977 1772 viaide - ok
16:52:42.0008 1772 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
16:52:42.0024 1772 vmbus - ok
16:52:42.0024 1772 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
16:52:42.0039 1772 VMBusHID - ok
16:52:42.0055 1772 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
16:52:42.0055 1772 volmgr - ok
16:52:42.0070 1772 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
16:52:42.0086 1772 volmgrx - ok
16:52:42.0102 1772 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
16:52:42.0117 1772 volsnap - ok
16:52:42.0133 1772 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
16:52:42.0148 1772 vsmraid - ok
16:52:42.0180 1772 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
16:52:42.0211 1772 VSS - ok
16:52:42.0226 1772 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
16:52:42.0242 1772 vwifibus - ok
16:52:42.0273 1772 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
16:52:42.0304 1772 W32Time - ok
16:52:42.0320 1772 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
16:52:42.0336 1772 WacomPen - ok
16:52:42.0351 1772 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
16:52:42.0382 1772 WANARP - ok
16:52:42.0382 1772 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
16:52:42.0398 1772 Wanarpv6 - ok
16:52:42.0476 1772 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
16:52:42.0507 1772 WatAdminSvc - ok
16:52:42.0554 1772 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
16:52:42.0585 1772 wbengine - ok
16:52:42.0601 1772 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
16:52:42.0616 1772 WbioSrvc - ok
16:52:42.0663 1772 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
16:52:42.0679 1772 wcncsvc - ok
16:52:42.0694 1772 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
16:52:42.0710 1772 WcsPlugInService - ok
16:52:42.0741 1772 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
16:52:42.0757 1772 Wd - ok
16:52:42.0788 1772 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
16:52:42.0804 1772 Wdf01000 - ok
16:52:42.0819 1772 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
16:52:42.0850 1772 WdiServiceHost - ok
16:52:42.0850 1772 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
16:52:42.0866 1772 WdiSystemHost - ok
16:52:42.0928 1772 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
16:52:42.0960 1772 WebClient - ok
16:52:42.0991 1772 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
16:52:43.0022 1772 Wecsvc - ok
16:52:43.0053 1772 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
16:52:43.0084 1772 wercplsupport - ok
16:52:43.0116 1772 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
16:52:43.0131 1772 WerSvc - ok
16:52:43.0147 1772 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
16:52:43.0162 1772 WfpLwf - ok
16:52:43.0178 1772 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
16:52:43.0178 1772 WIMMount - ok
16:52:43.0256 1772 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
16:52:43.0272 1772 WinDefend - ok
16:52:43.0287 1772 WinHttpAutoProxySvc - ok
16:52:43.0334 1772 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
16:52:43.0381 1772 Winmgmt - ok
16:52:43.0428 1772 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
16:52:43.0459 1772 WinRM - ok
16:52:43.0490 1772 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
16:52:43.0506 1772 Wlansvc - ok
16:52:43.0552 1772 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:52:43.0568 1772 WmiAcpi - ok
16:52:43.0584 1772 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
16:52:43.0599 1772 wmiApSrv - ok
16:52:43.0646 1772 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
16:52:43.0677 1772 WMPNetworkSvc - ok
16:52:43.0708 1772 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
16:52:43.0724 1772 WPCSvc - ok
16:52:43.0771 1772 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
16:52:43.0786 1772 WPDBusEnum - ok
16:52:43.0818 1772 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
16:52:43.0849 1772 ws2ifsl - ok
16:52:43.0896 1772 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\System32\wscsvc.dll
16:52:43.0942 1772 wscsvc - ok
16:52:43.0942 1772 WSearch - ok
16:52:44.0005 1772 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll
16:52:44.0067 1772 wuauserv - ok
16:52:44.0114 1772 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
16:52:44.0130 1772 WudfPf - ok
16:52:44.0161 1772 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:52:44.0192 1772 WUDFRd - ok
16:52:44.0208 1772 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
16:52:44.0254 1772 wudfsvc - ok
16:52:44.0301 1772 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
16:52:44.0332 1772 WwanSvc - ok
16:52:44.0348 1772 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:52:44.0504 1772 \Device\Harddisk0\DR0 - ok
16:52:44.0520 1772 Boot (0x1200) (8145b75b3c7639459f34a0520bf00f8e) \Device\Harddisk0\DR0\Partition0
16:52:44.0520 1772 \Device\Harddisk0\DR0\Partition0 - ok
16:52:44.0551 1772 Boot (0x1200) (9233ee173915f53953104015015ad183) \Device\Harddisk0\DR0\Partition1
16:52:44.0551 1772 \Device\Harddisk0\DR0\Partition1 - ok
16:52:44.0566 1772 Boot (0x1200) (9c4f6c5985088eba989e8f9b6a44ac2e) \Device\Harddisk0\DR0\Partition2
16:52:44.0566 1772 \Device\Harddisk0\DR0\Partition2 - ok
16:52:44.0566 1772 ============================================================
16:52:44.0566 1772 Scan finished
16:52:44.0566 1772 ============================================================
16:52:44.0582 1980 Detected object count: 2
16:52:44.0582 1980 Actual detected object count: 2
16:52:56.0469 1980 KMService ( UnsignedFile.Multi.Generic ) - skipped by user
16:52:56.0469 1980 KMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:52:56.0469 1980 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
16:52:56.0469 1980 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

#8 Příspěvek od **vyosek** » 30 kvě 2012 21:14

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

palmexman · #9 Příspěvek od **palmexman** » 30 kvě 2012 21:18

dekuji udelam snad do vikendu a jak tobzatim vypada je pc zaneseny?

#10 Příspěvek od **vyosek** » 30 kvě 2012 21:24

Prave ze nic nenasedcuje torpingu a nebylo by to poprve co UPC blblo

palmexman · #11 Příspěvek od **palmexman** » 31 kvě 2012 05:20

ComboFix 12-05-30.04 - Vlasta 31.05.2012 6:14.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3061.1981 [GMT 2:00]
Spuštěný z: c:\users\Vlasta\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Spybot - Search and Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
* Rezidentní štít AV je zapnutý
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\ReadMe.txt
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-04-28 do 2012-05-31 )))))))))))))))))))))))))))))))
.
.
2012-05-31 04:18 . 2012-05-31 04:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-31 04:10 . 2012-05-31 04:10 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{34547E8B-6D3E-42B3-AC14-EFFCCE5BD986}\offreg.dll
2012-05-29 14:47 . 2012-05-29 14:52 -------- d-----w- c:\program files\trend micro
2012-05-29 14:47 . 2012-05-29 14:47 -------- d-----w- C:\rsit
2012-05-28 17:01 . 2012-05-28 17:01 -------- d-----w- c:\programdata\AutoKMS
2012-05-28 16:59 . 2011-04-05 15:35 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-05-28 16:59 . 2011-04-05 15:35 78936 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-05-28 16:59 . 2011-04-05 15:35 221784 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-05-28 16:59 . 2011-02-08 07:14 69208 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-05-28 16:20 . 2012-05-28 17:43 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-05-28 15:43 . 2012-05-28 18:48 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-05-28 15:43 . 2012-05-28 16:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-05-20 16:27 . 2012-05-20 16:34 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2012-05-20 16:27 . 2012-05-20 16:34 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2012-05-20 16:25 . 2012-05-20 16:34 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2012-05-20 16:24 . 2012-05-20 16:36 -------- d-----w- c:\program files\Replay Media Catcher
2012-05-20 16:24 . 2012-05-20 16:24 -------- d-----w- c:\windows\Replay Media Catcher
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 09:57 . 2012-04-02 04:49 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 09:57 . 2011-09-13 15:40 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1EA00BE1-6E54-4E2A-8099-680300BF23E1}"= "c:\program files\Seznam.cz\bin\toolbar\toolbar.dll" [2012-04-16 188952]
.
[HKEY_CLASSES_ROOT\clsid\{1ea00be1-6e54-4e2a-8099-680300bf23e1}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{34AB3C4C-DA1A-4067-96F4-31452C7CFE65}"= "c:\program files\Seznam.cz\bin\listicka.dll" [2012-04-16 1508376]
.
[HKEY_CLASSES_ROOT\clsid\{34ab3c4c-da1a-4067-96f4-31452c7cfe65}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Seznam Postak"="c:\program files\Seznam.cz\bin\postak.exe" [2012-01-10 491040]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-19 9874024]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
c:\users\Vlasta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
miranda32 – zástupce.lnk - c:\programy\Miranda IM\miranda32.exe [2011-9-13 694368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2011-11-08 8192]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 ALSysIO;ALSysIO;c:\users\Vlasta\AppData\Local\Temp\ALSysIO.sys [x]
R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 28256]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-02-08 69208]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-04-05 94040]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-11 1343400]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-04-05 221784]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 78936]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-29 176128]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 137144]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 95384]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-29 6472192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-29 228352]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 28256]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-01-27 98280]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-01-27 304616]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-08-16 101904]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-06 232512]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-02-16 340072]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-02-08 69208]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2012-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 09:57]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/?clid=12
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\bin\listicka.dll
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-05-31 06:19:25
ComboFix-quarantined-files.txt 2012-05-31 04:19
.
Před spuštěním: Volných bajtů: 277 847 396 352
Po spuštění: Volných bajtů: 277 761 490 944
.
- - End Of File - - B405F0E1FB703C8F66F2FD1D5932695C

#12 Příspěvek od **vyosek** » 31 kvě 2012 19:55

Pokud jste tak neucinil, tak odinstalujte toho Spybota

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

File::
c:\windows\Tasks\Adobe Flash Player Updater.job

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-
"SunJavaUpdateSched"=-
"AdobeAAMUpdater-1.0"=-
"SwitchBoard"=-
"AdobeCS5ServiceManager"=-
"QuickTime Task"=-
"iTunesHelper"=-

Folder::
c:\programdata\AutoKMS
c:\program files\Ad-Aware Antivirus
c:\programdata\Spybot - Search & Destroy
c:\program files\Spybot - Search & Destroy

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

palmexman · #13 Příspěvek od **palmexman** » 31 kvě 2012 20:12

ComboFix 12-05-30.04 - Vlasta 31.05.2012 21:04:38.2.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.3061.2125 [GMT 2:00]
Spuštěný z: c:\users\Vlasta\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Vlasta\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ad-Aware Antivirus
c:\program files\Ad-Aware Antivirus\BlockedAdPage.htm
c:\program files\Ad-Aware Antivirus\BlockedWebPage.htm
c:\program files\Ad-Aware Antivirus\Definitions\adsrules.dat
c:\program files\Ad-Aware Antivirus\Definitions\AdviceTx.vdx
c:\program files\Ad-Aware Antivirus\Definitions\apincl.dat
c:\program files\Ad-Aware Antivirus\Definitions\apprules.dat
c:\program files\Ad-Aware Antivirus\Definitions\bhmem.vtd
c:\program files\Ad-Aware Antivirus\Definitions\bhsl.vtd
c:\program files\Ad-Aware Antivirus\Definitions\bmem.vtd
c:\program files\Ad-Aware Antivirus\Definitions\CatDesc.vdx
c:\program files\Ad-Aware Antivirus\Definitions\CatID.vdx
c:\program files\Ad-Aware Antivirus\Definitions\cblk.vtd
c:\program files\Ad-Aware Antivirus\Definitions\cmem.vtd
c:\program files\Ad-Aware Antivirus\Definitions\cname.wtd
c:\program files\Ad-Aware Antivirus\Definitions\Cookies.vdx
c:\program files\Ad-Aware Antivirus\Definitions\CoreVer.txt
c:\program files\Ad-Aware Antivirus\Definitions\ctid.vtd
c:\program files\Ad-Aware Antivirus\Definitions\DefVer.txt
c:\program files\Ad-Aware Antivirus\Definitions\dnrl.vdx
c:\program files\Ad-Aware Antivirus\Definitions\EPSigs.vdx
c:\program files\Ad-Aware Antivirus\Definitions\FastSigs.vdx
c:\program files\Ad-Aware Antivirus\Definitions\FileDT.vdx
c:\program files\Ad-Aware Antivirus\Definitions\FolderDT.vdx
c:\program files\Ad-Aware Antivirus\Definitions\fsigs.vdx
c:\program files\Ad-Aware Antivirus\Definitions\hcol.wtd
c:\program files\Ad-Aware Antivirus\Definitions\HistoryCleaner.xml
c:\program files\Ad-Aware Antivirus\Definitions\hstn.vtd
c:\program files\Ad-Aware Antivirus\Definitions\idsrules.dat
c:\program files\Ad-Aware Antivirus\Definitions\ih.vdx
c:\program files\Ad-Aware Antivirus\Definitions\incompats.dat
c:\program files\Ad-Aware Antivirus\Definitions\ip.vtd
c:\program files\Ad-Aware Antivirus\Definitions\JSSigs.vdx
c:\program files\Ad-Aware Antivirus\Definitions\kbu.dat
c:\program files\Ad-Aware Antivirus\Definitions\MFastSigs.vdx
c:\program files\Ad-Aware Antivirus\Definitions\networkrules.dat
c:\program files\Ad-Aware Antivirus\Definitions\qscnf.vdx
c:\program files\Ad-Aware Antivirus\Definitions\qscnr.vdx
c:\program files\Ad-Aware Antivirus\Definitions\RegDT.vdx
c:\program files\Ad-Aware Antivirus\Definitions\RootCA.wtd
c:\program files\Ad-Aware Antivirus\Definitions\RTmem.vdx
c:\program files\Ad-Aware Antivirus\Definitions\SBTS.dat
c:\program files\Ad-Aware Antivirus\Definitions\sel.dat
c:\program files\Ad-Aware Antivirus\Definitions\ThreatCategoryGlossary.xml
c:\program files\Ad-Aware Antivirus\Definitions\ThreatCategoryGlossary.xsd
c:\program files\Ad-Aware Antivirus\Definitions\ThreatDT.vdx
c:\program files\Ad-Aware Antivirus\Definitions\ThreatID.vdx
c:\program files\Ad-Aware Antivirus\Definitions\TImem.vdx
c:\program files\Ad-Aware Antivirus\Definitions\VVSSigs.vdx
c:\program files\Ad-Aware Antivirus\Definitions\WebFilterExceptions.dat
c:\program files\Ad-Aware Antivirus\Definitions\white.wtd
c:\program files\Ad-Aware Antivirus\Definitions\whmem.wtd
c:\program files\Ad-Aware Antivirus\Definitions\whsl.wtd
c:\program files\Ad-Aware Antivirus\Definitions\wmem.wtd
c:\program files\Ad-Aware Antivirus\FSSC.dat
c:\program files\Ad-Aware Antivirus\htmlayout.dll
c:\program files\Ad-Aware Antivirus\Incompats.dat
c:\program files\Ad-Aware Antivirus\SBAMConfig.bin
c:\program files\Ad-Aware Antivirus\sbipl.dat
c:\program files\Ad-Aware Antivirus\x32\sbbd.exe
c:\program files\Spybot - Search & Destroy
c:\program files\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll
c:\program files\Spybot - Search & Destroy\Tools.dll
c:\programdata\AutoKMS
c:\programdata\AutoKMS\AutoKMS.cmd
c:\programdata\AutoKMS\Resources\LicenseManagement\ospp.vbs
c:\programdata\AutoKMS\Resources\LicenseManagement\osppc.dll
c:\programdata\AutoKMS\Resources\LicenseManagement\slerror.xml
c:\programdata\AutoKMS\Resources\MSGBox\Messagebox.exe
c:\programdata\AutoKMS\Resources\StartX\StartX.exe
c:\programdata\Spybot - Search & Destroy
c:\programdata\Spybot - Search & Destroy\Cleaning\120528-203451.xml
c:\programdata\Spybot - Search & Destroy\ClientCount.bin
c:\programdata\Spybot - Search & Destroy\Excludes\Bots.sbe
c:\programdata\Spybot - Search & Destroy\Excludes\Cookies.sbe
c:\programdata\Spybot - Search & Destroy\Excludes\FileExt.sbe
c:\programdata\Spybot - Search & Destroy\Excludes\Links.sbe
c:\programdata\Spybot - Search & Destroy\Excludes\Single.sbe
c:\programdata\Spybot - Search & Destroy\Excludes\SystemInternals.sbe
c:\programdata\Spybot - Search & Destroy\Excludes\WaitFor.sbe
c:\programdata\Spybot - Search & Destroy\Logs\Firewall.log
c:\programdata\Spybot - Search & Destroy\Logs\Fixes.120528-1804.txt
c:\programdata\Spybot - Search & Destroy\Logs\Checks.120528-1744.log
c:\programdata\Spybot - Search & Destroy\Logs\Checks.120528-1759.txt
c:\programdata\Spybot - Search & Destroy\Logs\Checks.120528-204625.txt
c:\programdata\Spybot - Search & Destroy\Logs\Checks.120529-172457.txt
c:\programdata\Spybot - Search & Destroy\Logs\Scanner.log
c:\programdata\Spybot - Search & Destroy\Logs\Update downloads.log
c:\programdata\Spybot - Search & Destroy\Logs\Updates.log
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar.zip
c:\programdata\Spybot - Search & Destroy\Recovery\ToolbarFacemood.zip
c:\programdata\Spybot - Search & Destroy\Recovery\ToolbarFacemood1.zip
c:\programdata\Spybot - Search & Destroy\Recovery\ToolbarFacemood2.zip
c:\programdata\Spybot - Search & Destroy\Recovery\ToolbarFacemood3.zip
c:\programdata\Spybot - Search & Destroy\Recovery\ToolbarFacemood4.zip
c:\windows\Tasks\Adobe Flash Player Updater.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-04-28 do 2012-05-31 )))))))))))))))))))))))))))))))
.
.
2012-05-29 14:47 . 2012-05-29 14:52 -------- d-----w- c:\program files\trend micro
2012-05-29 14:47 . 2012-05-29 14:47 -------- d-----w- C:\rsit
2012-05-28 16:59 . 2011-04-05 15:35 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-05-28 16:59 . 2011-04-05 15:35 78936 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-05-28 16:59 . 2011-04-05 15:35 221784 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-05-28 16:59 . 2011-02-08 07:14 69208 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-05-20 16:27 . 2012-05-20 16:34 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2012-05-20 16:27 . 2012-05-20 16:34 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2012-05-20 16:25 . 2012-05-20 16:34 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2012-05-20 16:24 . 2012-05-20 16:36 -------- d-----w- c:\program files\Replay Media Catcher
2012-05-20 16:24 . 2012-05-20 16:24 -------- d-----w- c:\windows\Replay Media Catcher
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 09:57 . 2012-04-02 04:49 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 09:57 . 2011-09-13 15:40 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1EA00BE1-6E54-4E2A-8099-680300BF23E1}"= "c:\program files\Seznam.cz\bin\toolbar\toolbar.dll" [2012-04-16 188952]
.
[HKEY_CLASSES_ROOT\clsid\{1ea00be1-6e54-4e2a-8099-680300bf23e1}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{34AB3C4C-DA1A-4067-96F4-31452C7CFE65}"= "c:\program files\Seznam.cz\bin\listicka.dll" [2012-04-16 1508376]
.
[HKEY_CLASSES_ROOT\clsid\{34ab3c4c-da1a-4067-96f4-31452c7cfe65}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Seznam Postak"="c:\program files\Seznam.cz\bin\postak.exe" [2012-01-10 491040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-19 9874024]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
.
c:\users\Vlasta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
miranda32 – zástupce.lnk - c:\programy\Miranda IM\miranda32.exe [2011-9-13 694368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2011-11-08 8192]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 ALSysIO;ALSysIO;c:\users\Vlasta\AppData\Local\Temp\ALSysIO.sys [x]
R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 28256]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-02-08 69208]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-04-05 94040]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-11 1343400]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-12-21 115008]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-04-05 221784]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 78936]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-29 176128]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-12-21 137144]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-01-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 95384]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-29 6472192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-29 228352]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [2011-06-26 28256]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-01-27 98280]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-01-27 304616]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-08-16 101904]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-06 232512]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-02-16 340072]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-02-08 69208]
.
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/?clid=12
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\bin\listicka.dll
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Celkový čas: 2012-05-31 21:11:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-05-31 19:11
ComboFix2.txt 2012-05-31 04:19
.
Před spuštěním: Volných bajtů: 277 439 741 952
Po spuštění: Volných bajtů: 277 298 565 120
.
- - End Of File - - 3DE293B6D1112D83330185692CFDF328

děkuji za další radu, stále mě zajímá zda jsem infikován

#14 Příspěvek od **vyosek** » 31 kvě 2012 20:14

Log se zda jiz cisty, ale po torpingu nebylo ani stopy

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A je to

palmexman · #15 Příspěvek od **palmexman** » 02 čer 2012 08:24

Děkuji moc za pomoc

VIRY.CZ

Upozornění z UPC/blokace google sluzeb - BOTS mwtype Torpig

Upozornění z UPC/blokace google sluzeb - BOTS mwtype Torpig

Re: Upozornění z UPC/blokace google sluzeb - BOTS mwtype Tor

Re: Upozornění z UPC/blokace google sluzeb - BOTS mwtype Tor

Re: Upozornění z UPC/blokace google sluzeb - BOTS mwtype Tor

Re: Upozornění z UPC/blokace google sluzeb - BOTS mwtype Tor

Re: Upozornění z UPC/blokace google sluzeb - BOTS mwtype Tor

Re: Upozornění z UPC/blokace google sluzeb - BOTS mwtype Tor

Re: Upozornění z UPC/blokace google sluzeb - BOTS mwtype Tor

Re: Upozornění z UPC/blokace google sluzeb - BOTS mwtype Tor

Re: Upozornění z UPC/blokace google sluzeb - BOTS mwtype Tor

Re: Upozornění z UPC/blokace google sluzeb - BOTS mwtype Tor

Re: Upozornění z UPC/blokace google sluzeb - BOTS mwtype Tor

Re: Upozornění z UPC/blokace google sluzeb - BOTS mwtype Tor

Re: Upozornění z UPC/blokace google sluzeb - BOTS mwtype Tor

Re: Upozornění z UPC/blokace google sluzeb - BOTS mwtype Tor