prosím o kontrolu logu

Zpráva

mr.Cooper · #1 Příspěvek od **mr.Cooper** » 11 říj 2013 17:00

Zdravím,
ESET našel trojana v operační paměti a hlásí
7.10.2013 8:45:46 Kontrola při startu soubor Operační paměť » C:\Program Files\Internet Explorer\iexplore.exe varianta infiltrace Win32/TrojanDownloader.Tiny.NIH trojský kůň nelze léčit Cooper-PC\Cooper
Chtěl bych poprosit o kontrolu logu...
Logfile of random's system information tool 1.09 (written by random/random)
Run by Cooper at 2013-10-07 17:55:49
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 4 GB (2%) free of 177 GB
Total RAM: 3582 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:56:01, on 7.10.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16720)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
C:\Program Files\AVerMedia\AVerUpdate\AVerUpdateServer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Program Files\SnugTV\SnugTV Station\AMAServer.exe
C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Seznam.cz\bin\postak.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\SnugTV\SnugTV Station\QuickStart.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Games\World_of_Tanks\WorldOfTanks.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Seznam.cz\bin\MiniBrowser.exe
C:\Program Files\Seznam.cz\bin\MiniBrowser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Cooper\Desktop\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Cooper.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Vizuální záložky - {C93F72A2-2162-4BBA-A07A-F13663C297A6} - C:\Program Files\Yandex\YandexBarIE\fastdial.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - (no file)
O3 - Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [nbdem] C:\ProgramData\nbdem.exe
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\bin\postak.exe" -s
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SpyEmergency] "C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe"
O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
O4 - Global Startup: AVerQuick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O4 - Global Startup: SnugTV Quick Start.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WebCapture.dll2.htm
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WebCapture.dll.htm
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll
O8 - Extra context menu item: Spustit klienta k monitoru &1 - C:\Windows\web\AOpenClient.htm
O8 - Extra context menu item: Spustit klienta k monitoru &2 - C:\Windows\web\AOpenClient.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: AVerUpdateServer - AVerMedia TECHNOLOGIES, Inc. - C:\Program Files\AVerMedia\AVerUpdate\AVerUpdateServer.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SnugTV Service - AVerMedia Technologies, Inc. - C:\Program Files\SnugTV\SnugTV Station\AMAServer.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
O23 - Service: Spy Emergency Engine Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 13029 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 66280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-08-28 329712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-10-07 194640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C93F72A2-2162-4BBA-A07A-F13663C297A6}]
Vizuální záložky - C:\Program Files\Yandex\YandexBarIE\fastdial.dll [2011-10-13 2697528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-08-28 59376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-10-07 194640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-04-09 2029640]
"Samsung PanelMgr"=C:\Windows\Samsung\PanelMgr\SSMMgr.exe [2009-08-27 614400]
"ATICustomerCare"=C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [2010-03-04 311296]
"WheelMouse"=C:\Program Files\A4Tech\Mouse\Amoumain.exe [2007-05-15 204800]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
"Driver Genius"= []
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-12-19 642808]
"nbdem"=C:\ProgramData\nbdem.exe [2013-10-05 77312]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"=C:\Program Files\Seznam.cz\bin\postak.exe [2012-01-10 491040]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-05-14 1479680]
"SpyEmergency"=C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe [2011-01-26 2394752]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
"HydraVisionDesktopManager"=C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [2009-11-24 385024]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
AVer HID Receiver.lnk - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
AVerQuick.lnk - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
SnugTV Quick Start.lnk - C:\Windows\Installer\{198F93FD-9919-4010-8164-06BC2349959C}\NewShortcut1_46FEF19C05F1475DAA14D9007DC15270_2.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2013-06-05 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.XFR1"=xfcodec.dll
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2013-10-05 20:25:02 ----A---- C:\Windows\system32\jscript.dll
2013-10-05 20:25:01 ----A---- C:\Windows\system32\jscript9.dll
2013-10-05 20:25:00 ----A---- C:\Windows\system32\jsproxy.dll
2013-10-05 20:25:00 ----A---- C:\Windows\system32\ieui.dll
2013-10-05 20:25:00 ----A---- C:\Windows\system32\iesetup.dll
2013-10-05 20:24:59 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-05 20:24:59 ----A---- C:\Windows\system32\msfeeds.dll
2013-10-05 20:24:59 ----A---- C:\Windows\system32\iesysprep.dll
2013-10-05 20:24:59 ----A---- C:\Windows\system32\iernonce.dll
2013-10-05 20:24:59 ----A---- C:\Windows\system32\ie4uinit.exe
2013-10-05 20:24:58 ----A---- C:\Windows\system32\urlmon.dll
2013-10-05 20:24:57 ----A---- C:\Windows\system32\iertutil.dll
2013-10-05 20:24:56 ----A---- C:\Windows\system32\wininet.dll
2013-10-05 20:24:54 ----A---- C:\Windows\system32\ieframe.dll
2013-10-05 20:24:48 ----A---- C:\Windows\system32\mshtml.dll
2013-10-05 12:32:24 ----A---- C:\ProgramData\nbdem.exe
2013-10-05 12:20:02 ----A---- C:\Windows\system32\comctl32.dll
2013-10-05 12:19:55 ----A---- C:\Windows\system32\drivers\tcpip.sys
2013-10-05 12:19:50 ----A---- C:\Windows\system32\mswsock.dll
2013-10-05 12:19:50 ----A---- C:\Windows\system32\drivers\afd.sys
2013-10-05 12:19:49 ----A---- C:\Windows\system32\drivers\usbscan.sys
2013-10-05 12:19:49 ----A---- C:\Windows\system32\drivers\hidparse.sys
2013-10-05 12:19:49 ----A---- C:\Windows\system32\drivers\hidclass.sys
2013-10-05 12:19:48 ----A---- C:\Windows\system32\drivers\usbhub.sys
2013-10-05 12:19:48 ----A---- C:\Windows\system32\drivers\usbehci.sys
2013-10-05 12:19:48 ----A---- C:\Windows\system32\drivers\usbccgp.sys
2013-10-05 12:19:47 ----A---- C:\Windows\system32\drivers\usbuhci.sys
2013-10-05 12:19:47 ----A---- C:\Windows\system32\drivers\usbport.sys
2013-10-05 12:19:47 ----A---- C:\Windows\system32\drivers\usbohci.sys
2013-10-05 12:19:47 ----A---- C:\Windows\system32\drivers\usbd.sys
2013-10-05 12:19:45 ----A---- C:\Windows\system32\drivers\usbser.sys
2013-10-05 12:19:43 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2013-10-05 12:19:41 ----A---- C:\Windows\system32\ntkrnlpa.exe
2013-10-05 12:19:40 ----A---- C:\Windows\system32\tdh.dll
2013-10-05 12:19:40 ----A---- C:\Windows\system32\ntoskrnl.exe
2013-10-05 12:19:40 ----A---- C:\Windows\system32\ntdll.dll
2013-10-05 12:19:39 ----A---- C:\Windows\system32\advapi32.dll
2013-10-05 12:19:38 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-05 12:19:36 ----A---- C:\Windows\system32\lpk.dll
2013-10-05 12:19:36 ----A---- C:\Windows\system32\fontsub.dll
2013-10-05 12:19:36 ----A---- C:\Windows\system32\dciman32.dll
2013-10-05 12:19:36 ----A---- C:\Windows\system32\atmlib.dll
2013-10-05 12:19:36 ----A---- C:\Windows\system32\atmfd.dll
2013-10-05 12:19:33 ----A---- C:\Windows\system32\scavengeui.dll
2013-10-05 12:19:31 ----A---- C:\Windows\system32\win32k.sys
2013-10-05 12:19:26 ----A---- C:\Windows\system32\WebClnt.dll
2013-10-05 12:19:26 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2013-10-05 12:19:26 ----A---- C:\Windows\system32\davclnt.dll
2013-10-05 12:19:23 ----A---- C:\Windows\system32\drivers\usbcir.sys
2013-10-05 12:19:22 ----A---- C:\Windows\system32\drivers\Wdf01000.sys
2013-09-13 08:11:57 ----A---- C:\Windows\system32\shell32.dll
2013-09-13 08:11:56 ----A---- C:\Windows\system32\shdocvw.dll
2013-09-13 08:11:53 ----A---- C:\Windows\system32\drivers\ataport.sys
2013-09-13 08:11:48 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-13 08:11:48 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-13 08:11:48 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-13 08:11:48 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-13 08:11:48 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-13 08:11:48 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-13 08:11:48 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-13 08:11:48 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-13 08:11:48 ----A---- C:\Windows\system32\winsrv.dll
2013-09-13 08:11:48 ----A---- C:\Windows\system32\KernelBase.dll
2013-09-13 08:11:48 ----A---- C:\Windows\system32\kernel32.dll
2013-09-13 08:11:48 ----A---- C:\Windows\system32\conhost.exe
2013-09-13 08:11:47 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-13 08:11:47 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-13 08:11:47 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-13 08:11:47 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-13 08:11:47 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-13 08:11:47 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-13 08:11:47 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-13 08:11:47 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-13 08:11:47 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-13 08:11:47 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-13 08:11:47 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-13 08:11:47 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-13 08:11:47 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-13 08:11:47 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-13 08:11:47 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-13 08:11:47 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-13 08:11:47 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-13 08:11:46 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-13 08:11:46 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-13 08:11:46 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

======List of files/folders modified in the last 1 month======

2013-10-07 17:56:01 ----D---- C:\Windows\Prefetch
2013-10-07 17:55:51 ----D---- C:\Windows\Temp
2013-10-07 17:55:51 ----D---- C:\Program Files\trend micro
2013-10-07 11:42:16 ----D---- C:\Windows\system32\config
2013-10-07 11:30:04 ----D---- C:\Windows\rescache
2013-10-07 11:29:46 ----SHD---- C:\System Volume Information
2013-10-07 10:30:36 ----SHD---- C:\Windows\Installer
2013-10-06 12:24:11 ----D---- C:\Windows\Microsoft.NET
2013-10-06 12:23:51 ----RSD---- C:\Windows\assembly
2013-10-06 11:52:33 ----D---- C:\Windows\System32
2013-10-06 11:52:33 ----D---- C:\Windows\inf
2013-10-06 11:52:33 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-10-06 11:48:30 ----D---- C:\Windows\winsxs
2013-10-06 11:44:54 ----D---- C:\Windows\system32\drivers
2013-10-06 11:44:51 ----D---- C:\Windows\system32\cs-CZ
2013-10-06 11:44:51 ----D---- C:\Program Files\Internet Explorer
2013-10-06 11:44:42 ----D---- C:\Windows\system32\DriverStore
2013-10-06 11:43:20 ----D---- C:\Program Files\Microsoft Silverlight
2013-10-05 20:30:52 ----D---- C:\ProgramData\Microsoft Help
2013-10-05 20:29:33 ----D---- C:\Windows\system32\MRT
2013-10-05 20:27:03 ----A---- C:\Windows\system32\MRT.exe
2013-10-05 20:25:16 ----D---- C:\Windows\system32\catroot
2013-10-05 20:25:14 ----D---- C:\Windows\system32\catroot2
2013-10-05 12:32:24 ----D---- C:\ProgramData
2013-09-21 17:50:07 ----A---- C:\Windows\system32\FlashPlayerApp.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-05-06 691696]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-11 239168]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-04-09 107256]
R1 SpyEmrg;Spy Emergency Driver; C:\Windows\System32\Drivers\spyemrg.sys [2009-09-17 12344]
R2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [2007-01-17 41984]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-04-09 113960]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2009-04-09 133000]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2009-04-09 38240]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2008-01-03 5120]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-12-19 9647104]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-12-19 442368]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver; C:\Windows\system32\DRIVERS\Amps2prt.sys [2007-05-15 14336]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2012-11-06 84992]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2009-04-09 33096]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2012-09-29 47360]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver; C:\Windows\System32\Drivers\spyemrg_guard.sys [2009-09-17 14392]
R3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 36352]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 AmdLLD;AMD Low Level Device Driver; C:\Windows\system32\DRIVERS\AmdLLD.sys []
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-03-09 107024]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-12-19 9647104]
S3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM); C:\Windows\system32\drivers\averhbtv.sys [2009-08-20 306688]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2012-08-07 12400]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2012-08-07 25200]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2010-12-02 18304]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2010-12-02 23168]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2011-08-17 137472]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 SpyEmrgAccess;Spy Emergency OnAccess Driver; C:\Windows\System32\Drivers\spyemrg_access.sys [2009-09-17 18232]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2010-12-02 8192]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 28160]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2010-12-02 8192]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-12-19 219136]
R2 AVerRemote;AVerRemote; C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe [2009-10-31 348160]
R2 AVerScheduleService;AVerScheduleService; C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2009-12-07 397312]
R2 AVerUpdateServer;AVerUpdateServer; C:\Program Files\AVerMedia\AVerUpdate\AVerUpdateServer.exe [2011-01-06 168448]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-04-09 731840]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-08-08 836904]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2011-08-15 75136]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2013-04-26 214520]
R2 SnugTV Service;SnugTV Service; C:\Program Files\SnugTV\SnugTV Station\AMAServer.exe [2011-01-05 570880]
R2 SpyEmrgSrv;Spy Emergency Engine Service; C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe [2010-09-30 2230912]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-28 135664]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-21 257416]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-04-09 20680]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-28 135664]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-11 194032]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-08-03 382248]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-06-30 316664]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-07 1343400]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 11 říj 2013 17:05

Zdravim

Poprosim i o druhy log z RSIT s nazvem info.txt, je ulozen v c:\rsit

Predpokladam, ze ten ESET jak ma byt = zakoupena licence

A jeste se zeptam, pouzivate legalni operacni system, nejvyssi licence Ultimate zrovna neni bezna.

mr.Cooper · #3 Příspěvek od **mr.Cooper** » 11 říj 2013 17:10

Zdravím,
ještě jednou děkuji. Takhle jsem PC koupil a všechno by mělo být v pořádku. Druhý soubor přikládám:

info.txt logfile of random's system information tool 1.09 2011-10-18 14:59:42

======Uninstall list======

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->MsiExec /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10m_ActiveX.exe -maintain activex
Adobe Reader 9.4.4 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A94000000001}
AMD APP SDK Runtime-->MsiExec.exe /I{A25FF1C0-80B6-4B8B-A551-DC525697A408}
AMD Catalyst Install Manager-->msiexec /q/x{9CE4B7FA-8626-316B-B483-FCEF49E27430} REBOOT=ReallySuppress
AMD Drag and Drop Transcoding-->MsiExec.exe /X{B7F293A4-8666-6410-36F4-E47EB2029CCB}
ATI AVIVO Codecs-->MsiExec.exe /I{CBA454E9-DA4C-3CE7-4BDC-522B6F0F057A}
ATI Catalyst Registration-->MsiExec.exe /X{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}
AVerMedia Applications-->C:\Program Files\InstallShield Installation Information\{92C41B26-EBC5-41C5-8B6F-E3EF7E57FF16}\setup.exe -runfromtemp -l0x0405
AVerTV-->C:\Program Files\InstallShield Installation Information\{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}\setup.exe -runfromtemp -l0x0405
Balíček ovladače systému Windows - Nokia Modem (06/09/2010 4.5)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_x86_neutral_4afe3236e50779fa\nokia_bluetooth.inf
Balíček ovladače systému Windows - Nokia Modem (06/09/2010 7.01.0.7)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_x86_neutral_fe4babbc84a3ec95\nokbtmdm.inf
Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Battlefield: Bad Company™ 2-->MsiExec.exe /X{3AC8457C-0385-4BEA-A959-E095F05D6D67}
BulletStorm-->MsiExec.exe /I{45410935-B52C-468A-A836-0D1000018201}
BulletStorm-->MsiExec.exe /I{45410935-B52C-468A-A836-0D1000018202}
Call of Duty(R) - World at War(TM) 1.2 Patch-->C:\Program Files\InstallShield Installation Information\{2BF0AE92-C3BC-4112-9066-1546342B1FAE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM) 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{9F01A67B-7D67-482F-9D4F-D5980A440FD4}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM) 1.5 Patch-->C:\Program Files\InstallShield Installation Information\{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM) 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM) 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{750C87B8-AF19-4C3C-B791-50D9C83AE572}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM)-->C:\Program Files\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x0405
Call of Duty(R) 2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l2057
Call of Duty: Black Ops - Multiplayer-->"C:\Program Files\Steam\steam.exe" steam://uninstall/42710
Call of Duty: Black Ops-->"C:\Program Files\Steam\steam.exe" steam://uninstall/42700
Catalyst Control Center - Branding-->MsiExec.exe /I{19A492A0-888F-44A0-9B21-D91700763F62}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Corel Paint Shop Pro X-->MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
EasyWeb - publikační systém-->"C:\Program Files\CSTechnologies\EasyWeb\unins000.exe"
F.E.A.R. 3-->"C:\Program Files\WB Games\F.E.A.R. 3\unins000.exe"
Fakturky 4.8F-->"C:\Aplikace MB\Fakturky 4.8F\uninststall\uninstall.exe" "/U:C:\Aplikace MB\Fakturky 4.8F\uninststall\irunin.xml"
FileZilla Client 3.3.2.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
FORM studio-->"C:\Program Files\KASTNER software\FORM studio CZ\unins000.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_4E7D715D860E20E1.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HydraVision-->MsiExec.exe /X{A53E699B-AEAA-65FB-90ED-A45D1DC86D37}
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Mafia II-->"C:\Program Files\2K Games\Mafia II\unins000.exe"
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1029 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->MsiExec.exe /X{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{0A0CADCF-78DA-33C4-A350-CD51849B9702}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{8FB1B528-E260-451E-9B55-E9152F94B80B}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{F97E3841-CA9D-4964-9D64-26066241D26F}
Microsoft Office Access MUI (Czech) 2007-->MsiExec.exe /X{90120000-0015-0405-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Czech) 2007-->MsiExec.exe /X{90120000-0016-0405-0000-0000000FF1CE}
Microsoft Office Groove MUI (Czech) 2007-->MsiExec.exe /X{90120000-00BA-0405-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Czech) 2007-->MsiExec.exe /X{90120000-0044-0405-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Czech) 2007-->MsiExec.exe /X{90120000-00A1-0405-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Czech) 2007-->MsiExec.exe /X{90120000-001A-0405-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Czech) 2007-->MsiExec.exe /X{90120000-0018-0405-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Czech) 2007-->MsiExec.exe /X{90120000-002C-0405-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Czech) 2007-->MsiExec.exe /X{90120000-0019-0405-0000-0000000FF1CE}
Microsoft Office Shared MUI (Czech) 2007-->MsiExec.exe /X{90120000-006E-0405-0000-0000000FF1CE}
Microsoft Office Word MUI (Czech) 2007-->MsiExec.exe /X{90120000-001B-0405-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}
MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 8-->MsiExec.exe /X{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1029}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{1B9B5B3B-28E7-4E59-A80D-D670AA984514}
Nokia Map Loader-->MsiExec.exe /I{45D4F727-43B5-49CD-B474-B9866A8F4FB8}
Nokia PC Suite-->C:\ProgramData\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Nokia_PC_Suite_cze_web.exe
Nokia PC Suite-->MsiExec.exe /I{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}
NVIDIA PhysX-->MsiExec.exe /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}
O2CPlayerAC-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BB83E624-F15E-416E-A6DB-2C5245AE90D2}
PC Connectivity Solution-->MsiExec.exe /I{089DD780-DB3F-4CDB-A0C2-111360247298}
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
RCON 4 Call Of Duty 2 V1.0 (10/Nov/05)-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Rcon4Cod2\ST6UNST.LOG"
Readiris Pro 10-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}\setup.exe" -l0x9
Red Orchestra 2 Heroes of Stalingrad-->"C:\Program Files\Tripwire Interactive\Red Orchestra 2 Heroes of Stalingrad\unins000.exe"
Samsung CLX-216x Series-->C:\Program Files\Samsung\Samsung CLX-216x Series\Install\Setup.exe /R
Samsung SCX-4300 Series-->C:\Program Files\Samsung\Samsung SCX-4300 Series\Install\Setup.exe /R
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7E97AB83-C1FE-38DE-B848-877E0A4BD81E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile CSY Language Pack (KB2478663)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder ClientLP
Security Update for Microsoft .NET Framework 4 Client Profile CSY Language Pack (KB2518870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder ClientLP
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7A2C18A1-D2A2-3177-82F1-5FE9CC08ECB0} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {42A3562E-8B4E-39A4-B82D-CC12F82889E3} /parameterfolder Extended
Seznam Pošťák (Všichni uživatelé tohoto počítače.)-->"C:\Program Files\Seznam.cz\postak-uninstall.exe" /AllUsers
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SmarThru 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{90F1943D-EA4A-4460-B59F-30023F3BA69A}\Setup.exe" -l0x9 uninstall -l0009
SnugTV Station-->MsiExec.exe /I{198F93FD-9919-4010-8164-06BC2349959C}
Spy Emergency-->"C:\Program Files\NETGATE\Spy Emergency\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
TeamSpeak 3 Client-->"C:\Program Files\TeamSpeak 3 Client\uninstall.exe"
The KMPlayer (remove only)-->"C:\Program Files\The KMPlayer\uninstall.exe"
The Lord of the Rings FREE Trial -->MsiExec.exe /X{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD988F49-E1C8-3C84-9683-0448B6BB8E20} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Client
Update for Microsoft .NET Framework 4 Extended (KB2468871)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Extended
Update for Microsoft .NET Framework 4 Extended (KB2533523)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Extended
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WMV9/VC-1 Video Playback-->MsiExec.exe /X{AC84BA9D-B8B1-5723-ABE0-6BD8EA698A3F}
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"

======System event log======

Computer Name: Cooper-PC
Event Code: 62464
Message: UVD Information
Record Number: 265252
Source Name: amdkmdag
Time Written: 20110810194315.123712-000
Event Type: Informace
User:

Computer Name: Cooper-PC
Event Code: 62464
Message: UVD Information
Record Number: 265251
Source Name: amdkmdag
Time Written: 20110810194315.122712-000
Event Type: Informace
User:

Computer Name: Cooper-PC
Event Code: 62464
Message: UVD Information
Record Number: 265250
Source Name: amdkmdag
Time Written: 20110810194315.122712-000
Event Type: Informace
User:

Computer Name: Cooper-PC
Event Code: 62464
Message: UVD Information
Record Number: 265249
Source Name: amdkmdag
Time Written: 20110810194315.122712-000
Event Type: Informace
User:

Computer Name: Cooper-PC
Event Code: 62464
Message: UVD Information
Record Number: 265248
Source Name: amdkmdag
Time Written: 20110810194315.122712-000
Event Type: Informace
User:

=====Application event log=====

Computer Name: 37L4247D28-05
Event Code: 1001
Message: Chybný blok , typ 0
Název události: PnPGenericDriverFound
Reakce: Není k dispozici
ID souboru CAB: 0

Podpis problému:
P1: x86
P2: PCI\VEN_1002&DEV_68B8&SUBSYS_E147174B&REV_00
P3:
P4:
P5:
P6:
P7:
P8:
P9:
P10:

Připojené soubory:

Tyto soubory mohou být k dispozici zde:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x86_99bcd311f7c1bad74593181a7c2f4d93d355bd74_cab_065605ba

Symbol analýzy:
Opětovné hledání řešení: 0
ID hlášení: 332f09a5-3e7e-11df-bfd2-8da99c24a431
Stav hlášení: 6
Record Number: 5
Source Name: Windows Error Reporting
Time Written: 20100402173600.000000-000
Event Type: Informace
User:

Computer Name: 37L4247D28-05
Event Code: 5617
Message: Windows Management Instrumentation Service subsystems initialized successfully
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20100402173459.000000-000
Event Type: Informace
User:

Computer Name: 37L4247D28-05
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20100402173454.000000-000
Event Type: Informace
User:

Computer Name: 37L4247D28-05
Event Code: 1531
Message: Služba Profil uživatele byla úspěšně spuštěna.

Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100402173451.102909-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: 37L4247D28-05
Event Code: 4625
Message: Subsystém EventSystem zabraňuje vytváření duplicitních záznamů v protokolu událostí po dobu 86400 sekund. Tuto dobu lze změnit pomocí hodnoty REG_DWORD s názvem SuppressDuplicateDuration v následujícím klíči registru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20100402173451.000000-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: Cooper-PC
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 35437
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110401152032.905337-000
Event Type: Úspěšný audit
User:

Computer Name: Cooper-PC
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: COOPER-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x1f4
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 35436
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110401152032.905337-000
Event Type: Úspěšný audit
User:

Computer Name: Cooper-PC
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 35435
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110401151939.940308-000
Event Type: Úspěšný audit
User:

Computer Name: Cooper-PC
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: COOPER-PC$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x1f4
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 35434
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110401151939.940308-000
Event Type: Úspěšný audit
User:

Computer Name: Cooper-PC
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 35433
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110401151834.576569-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;c:\Program Files\AMD APP\bin\x86;C:\Program Files\NVIDIA Corporation\PhysX\Common;C:\Program Files\PC Connectivity Solution;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"AMDAPPSDKROOT"=c:\Program Files\AMD APP\

-----------------EOF-----------------

#4 Příspěvek od **vyosek** » 11 říj 2013 18:21

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

Kliknete na volbu Change parametrs
V okne Additional Option zakliknete vsechny moznosti
Kliknete na OK
Utilite prikazte, at skenuje - klik na Start Scan
Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
Pokud mate vsude Skip, kliknete na Continue
Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

mr.Cooper · #5 Příspěvek od **mr.Cooper** » 11 říj 2013 18:39

posílám

19:34:21.0739 7752 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:34:32.0248 7752 ============================================================
19:34:32.0248 7752 Current date / time: 2013/10/11 19:34:32.0248
19:34:32.0248 7752 SystemInfo:
19:34:32.0248 7752
19:34:32.0248 7752 OS Version: 6.1.7601 ServicePack: 1.0
19:34:32.0248 7752 Product type: Workstation
19:34:32.0248 7752 ComputerName: COOPER-PC
19:34:32.0249 7752 UserName: Cooper
19:34:32.0249 7752 Windows directory: C:\Windows
19:34:32.0249 7752 System windows directory: C:\Windows
19:34:32.0249 7752 Processor architecture: Intel x86
19:34:32.0249 7752 Number of processors: 2
19:34:32.0249 7752 Page size: 0x1000
19:34:32.0249 7752 Boot type: Normal boot
19:34:32.0249 7752 ============================================================
19:34:33.0332 7752 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:34:33.0333 7752 ============================================================
19:34:33.0333 7752 \Device\Harddisk0\DR0:
19:34:33.0333 7752 MBR partitions:
19:34:33.0333 7752 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x159934DD
19:34:33.0345 7752 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1599355B, BlocksNum 0x249F16E6
19:34:33.0345 7752 ============================================================
19:34:33.0370 7752 C: <-> \Device\Harddisk0\DR0\Partition1
19:34:33.0398 7752 D: <-> \Device\Harddisk0\DR0\Partition2
19:34:33.0432 7752 ============================================================
19:34:33.0432 7752 Initialize success
19:34:33.0432 7752 ============================================================
19:35:02.0399 7768 ============================================================
19:35:02.0399 7768 Scan started
19:35:02.0399 7768 Mode: Manual; SigCheck; TDLFS;
19:35:02.0399 7768 ============================================================
19:35:02.0653 7768 ================ Scan system memory ========================
19:35:02.0653 7768 System memory - ok
19:35:02.0653 7768 ================ Scan services =============================
19:35:02.0823 7768 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:35:02.0969 7768 1394ohci - ok
19:35:03.0017 7768 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:35:03.0033 7768 ACPI - ok
19:35:03.0055 7768 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:35:03.0090 7768 AcpiPmi - ok
19:35:03.0199 7768 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:35:03.0212 7768 AdobeARMservice - ok
19:35:03.0284 7768 [ A283108E14F3970432C21AF4C0CB1BCE ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:35:03.0297 7768 AdobeFlashPlayerUpdateSvc - ok
19:35:03.0334 7768 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:35:03.0398 7768 adp94xx - ok
19:35:03.0418 7768 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:35:03.0451 7768 adpahci - ok
19:35:03.0488 7768 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:35:03.0520 7768 adpu320 - ok
19:35:03.0543 7768 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:35:03.0647 7768 AeLookupSvc - ok
19:35:03.0689 7768 [ F81BB7E487EDCEAB630A7EE66CF23913 ] AFD C:\Windows\system32\drivers\afd.sys
19:35:03.0744 7768 AFD - ok
19:35:03.0769 7768 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
19:35:03.0796 7768 agp440 - ok
19:35:03.0830 7768 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
19:35:03.0843 7768 aic78xx - ok
19:35:03.0860 7768 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
19:35:03.0897 7768 ALG - ok
19:35:03.0921 7768 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
19:35:03.0947 7768 aliide - ok
19:35:03.0994 7768 [ 20883D2D6E1D94321246AFF39AFCE56C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:35:04.0067 7768 AMD External Events Utility - ok
19:35:04.0089 7768 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:35:04.0116 7768 amdagp - ok
19:35:04.0140 7768 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
19:35:04.0169 7768 amdide - ok
19:35:04.0259 7768 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:35:04.0373 7768 AmdK8 - ok
19:35:04.0599 7768 [ 8852D7B22CC76CBFE38FE1B539D40285 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:35:04.0877 7768 amdkmdag - ok
19:35:04.0899 7768 [ E84DAD432A49480D3FBB7AFBD854AC1C ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:35:04.0952 7768 amdkmdap - ok
19:35:04.0970 7768 AmdLLD - ok
19:35:04.0987 7768 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:35:05.0051 7768 AmdPPM - ok
19:35:05.0083 7768 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:35:05.0096 7768 amdsata - ok
19:35:05.0125 7768 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:35:05.0161 7768 amdsbs - ok
19:35:05.0177 7768 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:35:05.0188 7768 amdxata - ok
19:35:05.0224 7768 [ F0F3C6865ACF65971B9570201DFAE68F ] Amps2prt C:\Windows\system32\DRIVERS\Amps2prt.sys
19:35:05.0243 7768 Amps2prt ( UnsignedFile.Multi.Generic ) - warning
19:35:05.0243 7768 Amps2prt - detected UnsignedFile.Multi.Generic (1)
19:35:05.0273 7768 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
19:35:05.0385 7768 AppID - ok
19:35:05.0417 7768 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:35:05.0462 7768 AppIDSvc - ok
19:35:05.0493 7768 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
19:35:05.0533 7768 Appinfo - ok
19:35:05.0567 7768 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
19:35:05.0631 7768 AppMgmt - ok
19:35:05.0661 7768 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
19:35:05.0689 7768 arc - ok
19:35:05.0704 7768 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:35:05.0737 7768 arcsas - ok
19:35:05.0817 7768 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:35:05.0857 7768 aspnet_state - ok
19:35:05.0886 7768 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:35:05.0992 7768 AsyncMac - ok
19:35:06.0020 7768 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
19:35:06.0031 7768 atapi - ok
19:35:06.0112 7768 [ C7C4A32657EA691895DC5A270EB1DE77 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
19:35:06.0174 7768 AtiHDAudioService - ok
19:35:06.0216 7768 [ C822C615B2F693EF4E5B355432976A81 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
19:35:06.0246 7768 AtiHdmiService - ok
19:35:06.0491 7768 [ 8852D7B22CC76CBFE38FE1B539D40285 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:35:06.0618 7768 atikmdag - ok
19:35:06.0665 7768 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:35:06.0711 7768 AudioEndpointBuilder - ok
19:35:06.0732 7768 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:35:06.0758 7768 Audiosrv - ok
19:35:06.0793 7768 [ 4B263605D60314544C8BBABDDC97C0D7 ] AVerHybrid C:\Windows\system32\drivers\averhbtv.sys
19:35:06.0834 7768 AVerHybrid - ok
19:35:06.0924 7768 [ 95D7F9544B6C989D1AEBBBE4664BCD70 ] AVerRemote C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
19:35:07.0005 7768 AVerRemote ( UnsignedFile.Multi.Generic ) - warning
19:35:07.0005 7768 AVerRemote - detected UnsignedFile.Multi.Generic (1)
19:35:07.0028 7768 [ 0DB0AB8415BFF81037981AF1D3BBBE97 ] AVerScheduleService C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
19:35:07.0053 7768 AVerScheduleService ( UnsignedFile.Multi.Generic ) - warning
19:35:07.0053 7768 AVerScheduleService - detected UnsignedFile.Multi.Generic (1)
19:35:07.0094 7768 [ AC116B5EBD1CD55EB4FA6399DC3ABC3D ] AVerUpdateServer C:\Program Files\AVerMedia\AVerUpdate\AVerUpdateServer.exe
19:35:07.0126 7768 AVerUpdateServer ( UnsignedFile.Multi.Generic ) - warning
19:35:07.0126 7768 AVerUpdateServer - detected UnsignedFile.Multi.Generic (1)
19:35:07.0156 7768 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:35:07.0211 7768 AxInstSV - ok
19:35:07.0249 7768 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
19:35:07.0297 7768 b06bdrv - ok
19:35:07.0328 7768 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
19:35:07.0348 7768 b57nd60x - ok
19:35:07.0379 7768 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
19:35:07.0445 7768 BDESVC - ok
19:35:07.0463 7768 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
19:35:07.0503 7768 Beep - ok
19:35:07.0556 7768 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
19:35:07.0633 7768 BFE - ok
19:35:07.0668 7768 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
19:35:07.0723 7768 BITS - ok
19:35:07.0737 7768 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:35:07.0764 7768 blbdrive - ok
19:35:07.0792 7768 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:35:07.0848 7768 bowser - ok
19:35:07.0865 7768 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:35:07.0934 7768 BrFiltLo - ok
19:35:07.0948 7768 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:35:07.0974 7768 BrFiltUp - ok
19:35:08.0002 7768 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
19:35:08.0066 7768 Browser - ok
19:35:08.0097 7768 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:35:08.0166 7768 Brserid - ok
19:35:08.0176 7768 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:35:08.0224 7768 BrSerWdm - ok
19:35:08.0240 7768 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:35:08.0253 7768 BrUsbMdm - ok
19:35:08.0262 7768 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:35:08.0289 7768 BrUsbSer - ok
19:35:08.0301 7768 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:35:08.0345 7768 BTHMODEM - ok
19:35:08.0376 7768 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
19:35:08.0415 7768 bthserv - ok
19:35:08.0445 7768 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:35:08.0486 7768 cdfs - ok
19:35:08.0551 7768 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:35:08.0613 7768 cdrom - ok
19:35:08.0649 7768 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
19:35:08.0727 7768 CertPropSvc - ok
19:35:08.0742 7768 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:35:08.0793 7768 circlass - ok
19:35:08.0814 7768 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
19:35:08.0829 7768 CLFS - ok
19:35:08.0870 7768 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:35:08.0881 7768 clr_optimization_v2.0.50727_32 - ok
19:35:08.0924 7768 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:35:09.0016 7768 clr_optimization_v4.0.30319_32 - ok
19:35:09.0040 7768 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:35:09.0065 7768 CmBatt - ok
19:35:09.0105 7768 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:35:09.0140 7768 cmdide - ok
19:35:09.0221 7768 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
19:35:09.0271 7768 CNG - ok
19:35:09.0283 7768 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:35:09.0295 7768 Compbatt - ok
19:35:09.0317 7768 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:35:09.0344 7768 CompositeBus - ok
19:35:09.0355 7768 COMSysApp - ok
19:35:09.0405 7768 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:35:09.0431 7768 crcdisk - ok
19:35:09.0498 7768 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:35:09.0557 7768 CryptSvc - ok
19:35:09.0613 7768 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
19:35:09.0722 7768 CSC - ok
19:35:09.0757 7768 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
19:35:09.0789 7768 CscService - ok
19:35:09.0804 7768 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
19:35:09.0843 7768 DcomLaunch - ok
19:35:09.0864 7768 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
19:35:09.0907 7768 defragsvc - ok
19:35:09.0946 7768 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:35:09.0971 7768 DfsC - ok
19:35:10.0002 7768 [ 770471DE2550820FEEB7E5D24BF2E273 ] DgiVecp C:\Windows\system32\Drivers\DgiVecp.sys
19:35:10.0010 7768 DgiVecp ( UnsignedFile.Multi.Generic ) - warning
19:35:10.0010 7768 DgiVecp - detected UnsignedFile.Multi.Generic (1)
19:35:10.0055 7768 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
19:35:10.0117 7768 Dhcp - ok
19:35:10.0137 7768 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
19:35:10.0172 7768 discache - ok
19:35:10.0197 7768 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:35:10.0209 7768 Disk - ok
19:35:10.0240 7768 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:35:10.0292 7768 Dnscache - ok
19:35:10.0320 7768 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
19:35:10.0361 7768 dot3svc - ok
19:35:10.0414 7768 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
19:35:10.0457 7768 DPS - ok
19:35:10.0481 7768 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:35:10.0505 7768 drmkaud - ok
19:35:10.0539 7768 [ FB38473835476A6FB272215A1D972AF9 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:35:10.0553 7768 dtsoftbus01 - ok
19:35:10.0616 7768 [ 71BC35067CABC02C9453AEAA42B2E43E ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:35:10.0641 7768 DXGKrnl - ok
19:35:10.0686 7768 [ 3B2E8F97B6869C29DA023EE75BF585D5 ] eamon C:\Windows\system32\DRIVERS\eamon.sys
19:35:10.0720 7768 eamon - ok
19:35:10.0745 7768 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
19:35:10.0785 7768 EapHost - ok
19:35:10.0864 7768 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
19:35:10.0981 7768 ebdrv - ok
19:35:11.0011 7768 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
19:35:11.0092 7768 EFS - ok
19:35:11.0130 7768 [ 4FAD054CBCAA296BE7BD2CB77DA9D9B4 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
19:35:11.0157 7768 ehdrv - ok
19:35:11.0214 7768 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:35:11.0268 7768 ehRecvr - ok
19:35:11.0292 7768 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
19:35:11.0329 7768 ehSched - ok
19:35:11.0368 7768 [ A292D2284353AF1350A6A3C20D231098 ] EhttpSrv C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
19:35:11.0379 7768 EhttpSrv - ok
19:35:11.0410 7768 [ 8791F03854611DEAC8D2967C1C958A7E ] ekrn C:\Program Files\ESET\ESET Smart Security\ekrn.exe
19:35:11.0434 7768 ekrn - ok
19:35:11.0479 7768 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:35:11.0535 7768 elxstor - ok
19:35:11.0564 7768 [ 63C9DFC27C401BFF6188A1CA68D0ABB0 ] epfw C:\Windows\system32\DRIVERS\epfw.sys
19:35:11.0579 7768 epfw - ok
19:35:11.0591 7768 [ 3B47010B2425B69826004767E59045BA ] Epfwndis C:\Windows\system32\DRIVERS\Epfwndis.sys
19:35:11.0632 7768 Epfwndis - ok
19:35:11.0667 7768 [ B379D66406FE395E8ADC557EF6074D17 ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys
19:35:11.0676 7768 epfwwfp - ok
19:35:11.0699 7768 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:35:11.0741 7768 ErrDev - ok
19:35:11.0772 7768 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
19:35:11.0810 7768 EventSystem - ok
19:35:11.0843 7768 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
19:35:11.0901 7768 exfat - ok
19:35:11.0922 7768 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:35:11.0983 7768 fastfat - ok
19:35:12.0021 7768 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
19:35:12.0096 7768 Fax - ok
19:35:12.0116 7768 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:35:12.0181 7768 fdc - ok
19:35:12.0210 7768 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
19:35:12.0249 7768 fdPHost - ok
19:35:12.0265 7768 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
19:35:12.0306 7768 FDResPub - ok
19:35:12.0322 7768 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:35:12.0353 7768 FileInfo - ok
19:35:12.0367 7768 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:35:12.0400 7768 Filetrace - ok
19:35:12.0421 7768 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:35:12.0456 7768 flpydisk - ok
19:35:12.0471 7768 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:35:12.0488 7768 FltMgr - ok
19:35:12.0538 7768 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
19:35:12.0613 7768 FontCache - ok
19:35:12.0669 7768 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:35:12.0679 7768 FontCache3.0.0.0 - ok
19:35:12.0693 7768 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:35:12.0705 7768 FsDepends - ok
19:35:12.0735 7768 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:35:12.0761 7768 Fs_Rec - ok
19:35:12.0807 7768 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:35:12.0863 7768 fvevol - ok
19:35:12.0885 7768 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:35:12.0898 7768 gagp30kx - ok
19:35:12.0936 7768 [ 93CA4D9A0433BE0EDD0B9F2F26D5E54C ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
19:35:12.0949 7768 ggflt - ok
19:35:12.0983 7768 [ 17E678AAB82CCDFB80E7614504933895 ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
19:35:13.0045 7768 ggsemc - ok
19:35:13.0079 7768 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
19:35:13.0123 7768 gpsvc - ok
19:35:13.0219 7768 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:35:13.0230 7768 gupdate - ok
19:35:13.0252 7768 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:35:13.0262 7768 gupdatem - ok
19:35:13.0328 7768 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:35:13.0341 7768 gusvc - ok
19:35:13.0364 7768 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:35:13.0454 7768 hcw85cir - ok
19:35:13.0498 7768 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:35:13.0528 7768 HdAudAddService - ok
19:35:13.0547 7768 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:35:13.0569 7768 HDAudBus - ok
19:35:13.0587 7768 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:35:13.0599 7768 HidBatt - ok
19:35:13.0612 7768 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:35:13.0638 7768 HidBth - ok
19:35:13.0655 7768 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:35:13.0684 7768 HidIr - ok
19:35:13.0701 7768 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
19:35:13.0748 7768 hidserv - ok
19:35:13.0792 7768 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
19:35:13.0853 7768 HidUsb - ok
19:35:13.0872 7768 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:35:13.0906 7768 hkmsvc - ok
19:35:13.0930 7768 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:35:13.0976 7768 HomeGroupListener - ok
19:35:14.0006 7768 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:35:14.0033 7768 HomeGroupProvider - ok
19:35:14.0069 7768 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:35:14.0109 7768 HpSAMD - ok
19:35:14.0152 7768 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:35:14.0219 7768 HTTP - ok
19:35:14.0246 7768 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:35:14.0272 7768 hwpolicy - ok
19:35:14.0293 7768 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:35:14.0313 7768 i8042prt - ok
19:35:14.0337 7768 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:35:14.0375 7768 iaStorV - ok
19:35:14.0461 7768 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:35:14.0627 7768 idsvc - ok
19:35:14.0664 7768 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:35:14.0685 7768 iirsp - ok
19:35:14.0727 7768 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
19:35:14.0789 7768 IKEEXT - ok
19:35:14.0820 7768 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
19:35:14.0846 7768 intelide - ok
19:35:14.0862 7768 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:35:14.0876 7768 intelppm - ok
19:35:14.0898 7768 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:35:14.0959 7768 IPBusEnum - ok
19:35:14.0973 7768 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:35:15.0010 7768 IpFilterDriver - ok
19:35:15.0114 7768 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:35:15.0205 7768 iphlpsvc - ok
19:35:15.0234 7768 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:35:15.0271 7768 IPMIDRV - ok
19:35:15.0298 7768 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:35:15.0338 7768 IPNAT - ok
19:35:15.0362 7768 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:35:15.0404 7768 IRENUM - ok
19:35:15.0429 7768 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:35:15.0452 7768 isapnp - ok
19:35:15.0482 7768 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:35:15.0498 7768 iScsiPrt - ok
19:35:15.0522 7768 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:35:15.0534 7768 kbdclass - ok
19:35:15.0559 7768 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:35:15.0579 7768 kbdhid - ok
19:35:15.0592 7768 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
19:35:15.0604 7768 KeyIso - ok
19:35:15.0643 7768 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:35:15.0668 7768 KSecDD - ok
19:35:15.0699 7768 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:35:15.0742 7768 KSecPkg - ok
19:35:15.0774 7768 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
19:35:15.0814 7768 KtmRm - ok
19:35:15.0848 7768 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
19:35:15.0880 7768 LanmanServer - ok
19:35:15.0888 7768 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:35:15.0922 7768 LanmanWorkstation - ok
19:35:15.0953 7768 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:35:16.0000 7768 lltdio - ok
19:35:16.0046 7768 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:35:16.0109 7768 lltdsvc - ok
19:35:16.0126 7768 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
19:35:16.0155 7768 lmhosts - ok
19:35:16.0181 7768 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:35:16.0210 7768 LSI_FC - ok
19:35:16.0219 7768 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:35:16.0235 7768 LSI_SAS - ok
19:35:16.0243 7768 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:35:16.0284 7768 LSI_SAS2 - ok
19:35:16.0291 7768 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:35:16.0304 7768 LSI_SCSI - ok
19:35:16.0316 7768 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
19:35:16.0353 7768 luafv - ok
19:35:16.0401 7768 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:35:16.0423 7768 Mcx2Svc - ok
19:35:16.0436 7768 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:35:16.0476 7768 megasas - ok
19:35:16.0504 7768 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:35:16.0535 7768 MegaSR - ok
19:35:16.0638 7768 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
19:35:16.0662 7768 Microsoft Office Groove Audit Service - ok
19:35:16.0683 7768 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
19:35:16.0719 7768 MMCSS - ok
19:35:16.0730 7768 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
19:35:16.0779 7768 Modem - ok
19:35:16.0796 7768 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:35:16.0822 7768 monitor - ok
19:35:16.0857 7768 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:35:16.0869 7768 mouclass - ok
19:35:16.0896 7768 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:35:16.0938 7768 mouhid - ok
19:35:16.0970 7768 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:35:17.0006 7768 mountmgr - ok
19:35:17.0043 7768 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
19:35:17.0084 7768 mpio - ok
19:35:17.0103 7768 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:35:17.0169 7768 mpsdrv - ok
19:35:17.0204 7768 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:35:17.0259 7768 MpsSvc - ok
19:35:17.0297 7768 [ 21F4B24ACFC79A483515BD986DD9043F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:35:17.0363 7768 MRxDAV - ok
19:35:17.0404 7768 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:35:17.0471 7768 mrxsmb - ok
19:35:17.0499 7768 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:35:17.0516 7768 mrxsmb10 - ok
19:35:17.0531 7768 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:35:17.0555 7768 mrxsmb20 - ok
19:35:17.0604 7768 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
19:35:17.0615 7768 msahci - ok
19:35:17.0629 7768 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:35:17.0659 7768 msdsm - ok
19:35:17.0682 7768 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
19:35:17.0709 7768 MSDTC - ok
19:35:17.0733 7768 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:35:17.0779 7768 Msfs - ok
19:35:17.0790 7768 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:35:17.0840 7768 mshidkmdf - ok
19:35:17.0861 7768 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:35:17.0873 7768 msisadrv - ok
19:35:17.0902 7768 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:35:17.0937 7768 MSiSCSI - ok
19:35:17.0941 7768 msiserver - ok
19:35:17.0966 7768 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:35:17.0994 7768 MSKSSRV - ok
19:35:18.0016 7768 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:35:18.0065 7768 MSPCLOCK - ok
19:35:18.0069 7768 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:35:18.0104 7768 MSPQM - ok
19:35:18.0120 7768 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:35:18.0136 7768 MsRPC - ok
19:35:18.0167 7768 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:35:18.0194 7768 mssmbios - ok
19:35:18.0209 7768 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:35:18.0237 7768 MSTEE - ok
19:35:18.0252 7768 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:35:18.0300 7768 MTConfig - ok
19:35:18.0322 7768 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
19:35:18.0335 7768 Mup - ok
19:35:18.0397 7768 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
19:35:18.0443 7768 napagent - ok
19:35:18.0475 7768 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:35:18.0509 7768 NativeWifiP - ok
19:35:18.0579 7768 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:35:18.0614 7768 NDIS - ok
19:35:18.0638 7768 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:35:18.0691 7768 NdisCap - ok
19:35:18.0714 7768 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:35:18.0751 7768 NdisTapi - ok
19:35:18.0784 7768 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:35:18.0836 7768 Ndisuio - ok
19:35:18.0852 7768 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:35:18.0911 7768 NdisWan - ok
19:35:18.0934 7768 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:35:19.0004 7768 NDProxy - ok
19:35:19.0105 7768 [ A0101E836D2A39682E134C47B1565256 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
19:35:19.0154 7768 Nero BackItUp Scheduler 3 - ok
19:35:19.0182 7768 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:35:19.0214 7768 NetBIOS - ok
19:35:19.0273 7768 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:35:19.0332 7768 NetBT - ok
19:35:19.0349 7768 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
19:35:19.0362 7768 Netlogon - ok
19:35:19.0417 7768 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
19:35:19.0447 7768 Netman - ok
19:35:19.0501 7768 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:35:19.0514 7768 NetMsmqActivator - ok
19:35:19.0528 7768 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:35:19.0537 7768 NetPipeActivator - ok
19:35:19.0559 7768 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
19:35:19.0618 7768 netprofm - ok
19:35:19.0643 7768 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:35:19.0653 7768 NetTcpActivator - ok
19:35:19.0662 7768 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:35:19.0672 7768 NetTcpPortSharing - ok
19:35:19.0712 7768 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:35:19.0742 7768 nfrd960 - ok
19:35:19.0836 7768 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
19:35:19.0870 7768 NlaSvc - ok
19:35:19.0940 7768 [ 6EF0506CE1F553E9BD085645933C8686 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
19:35:19.0955 7768 NMIndexingService - ok
19:35:19.0999 7768 [ 712BC0C22BA00B2BA324C6B8DF668EE7 ] nmwcd C:\Windows\system32\drivers\ccdcmb.sys
19:35:20.0072 7768 nmwcd - ok
19:35:20.0096 7768 [ 7312987B6CCDE6F6CEE32C14BED1CA2E ] nmwcdc C:\Windows\system32\drivers\ccdcmbo.sys
19:35:20.0118 7768 nmwcdc - ok
19:35:20.0167 7768 [ 4F0DE685A96DC843CCC8A861B3FAC12D ] nmwcdnsu C:\Windows\system32\drivers\nmwcdnsu.sys
19:35:20.0224 7768 nmwcdnsu - ok
19:35:20.0235 7768 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:35:20.0288 7768 Npfs - ok
19:35:20.0331 7768 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
19:35:20.0375 7768 nsi - ok
19:35:20.0394 7768 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:35:20.0434 7768 nsiproxy - ok
19:35:20.0507 7768 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:35:20.0579 7768 Ntfs - ok
19:35:20.0595 7768 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
19:35:20.0656 7768 Null - ok
19:35:20.0697 7768 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:35:20.0727 7768 nvraid - ok
19:35:20.0752 7768 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:35:20.0799 7768 nvstor - ok
19:35:20.0833 7768 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:35:20.0846 7768 nv_agp - ok
19:35:20.0927 7768 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:35:20.0949 7768 odserv - ok
19:35:20.0979 7768 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:35:20.0995 7768 ohci1394 - ok
19:35:21.0051 7768 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:35:21.0063 7768 ose - ok
19:35:21.0093 7768 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:35:21.0150 7768 p2pimsvc - ok
19:35:21.0170 7768 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
19:35:21.0204 7768 p2psvc - ok
19:35:21.0229 7768 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:35:21.0261 7768 Parport - ok
19:35:21.0280 7768 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:35:21.0321 7768 partmgr - ok
19:35:21.0342 7768 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
19:35:21.0371 7768 Parvdm - ok
19:35:21.0411 7768 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:35:21.0443 7768 PcaSvc - ok
19:35:21.0489 7768 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys
19:35:21.0534 7768 pccsmcfd - ok
19:35:21.0563 7768 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
19:35:21.0576 7768 pci - ok
19:35:21.0590 7768 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
19:35:21.0617 7768 pciide - ok
19:35:21.0692 7768 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:35:21.0707 7768 pcmcia - ok
19:35:21.0745 7768 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
19:35:21.0802 7768 pcouffin - ok
19:35:21.0806 7768 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
19:35:21.0818 7768 pcw - ok
19:35:21.0857 7768 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:35:21.0915 7768 PEAUTH - ok
19:35:21.0963 7768 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:35:22.0077 7768 PeerDistSvc - ok
19:35:22.0271 7768 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
19:35:22.0375 7768 pla - ok
19:35:22.0413 7768 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:35:22.0459 7768 PlugPlay - ok
19:35:22.0509 7768 [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
19:35:22.0522 7768 PnkBstrA - ok
19:35:22.0577 7768 [ 7C01817ADF3207FB65A4B56E6D5AD833 ] PnkBstrB C:\Windows\system32\PnkBstrB.exe
19:35:22.0599 7768 PnkBstrB - ok
19:35:22.0618 7768 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:35:22.0636 7768 PNRPAutoReg - ok
19:35:22.0659 7768 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:35:22.0674 7768 PNRPsvc - ok
19:35:22.0717 7768 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:35:22.0759 7768 PolicyAgent - ok
19:35:22.0789 7768 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
19:35:22.0822 7768 Power - ok
19:35:22.0855 7768 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:35:22.0910 7768 PptpMiniport - ok
19:35:22.0924 7768 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:35:22.0946 7768 Processor - ok
19:35:22.0976 7768 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
19:35:23.0026 7768 ProfSvc - ok
19:35:23.0039 7768 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:35:23.0052 7768 ProtectedStorage - ok
19:35:23.0105 7768 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:35:23.0132 7768 Psched - ok
19:35:23.0329 7768 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:35:23.0407 7768 ql2300 - ok
19:35:23.0435 7768 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:35:23.0449 7768 ql40xx - ok
19:35:23.0504 7768 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
19:35:23.0555 7768 QWAVE - ok
19:35:23.0568 7768 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:35:23.0599 7768 QWAVEdrv - ok
19:35:23.0616 7768 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:35:23.0641 7768 RasAcd - ok
19:35:23.0673 7768 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:35:23.0695 7768 RasAgileVpn - ok
19:35:23.0712 7768 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
19:35:23.0756 7768 RasAuto - ok
19:35:23.0769 7768 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:35:23.0815 7768 Rasl2tp - ok
19:35:23.0855 7768 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
19:35:23.0897 7768 RasMan - ok
19:35:23.0914 7768 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:35:23.0956 7768 RasPppoe - ok
19:35:23.0990 7768 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:35:24.0036 7768 RasSstp - ok
19:35:24.0064 7768 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:35:24.0142 7768 rdbss - ok
19:35:24.0155 7768 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:35:24.0181 7768 rdpbus - ok
19:35:24.0211 7768 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:35:24.0262 7768 RDPCDD - ok
19:35:24.0308 7768 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:35:24.0379 7768 RDPDR - ok
19:35:24.0401 7768 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:35:24.0449 7768 RDPENCDD - ok
19:35:24.0479 7768 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:35:24.0530 7768 RDPREFMP - ok
19:35:24.0582 7768 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:35:24.0650 7768 RdpVideoMiniport - ok
19:35:24.0684 7768 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:35:24.0805 7768 RDPWD - ok
19:35:24.0972 7768 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:35:25.0011 7768 rdyboost - ok
19:35:25.0044 7768 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
19:35:25.0081 7768 RemoteAccess - ok
19:35:25.0118 7768 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:35:25.0161 7768 RemoteRegistry - ok
19:35:25.0212 7768 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:35:25.0257 7768 RpcEptMapper - ok
19:35:25.0277 7768 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
19:35:25.0317 7768 RpcLocator - ok
19:35:25.0356 7768 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
19:35:25.0385 7768 RpcSs - ok
19:35:25.0420 7768 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:35:25.0461 7768 rspndr - ok
19:35:25.0504 7768 [ D5EDE44CA85899E0478208C8413C1C31 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
19:35:25.0541 7768 RTL8167 - ok
19:35:25.0567 7768 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
19:35:25.0628 7768 s3cap - ok
19:35:25.0638 7768 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
19:35:25.0653 7768 SamSs - ok
19:35:25.0682 7768 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:35:25.0695 7768 sbp2port - ok
19:35:25.0722 7768 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:35:25.0763 7768 SCardSvr - ok
19:35:25.0778 7768 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:35:25.0803 7768 scfilter - ok
19:35:25.0843 7768 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
19:35:25.0908 7768 Schedule - ok
19:35:25.0958 7768 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:35:25.0980 7768 SCPolicySvc - ok
19:35:26.0002 7768 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:35:26.0063 7768 SDRSVC - ok
19:35:26.0095 7768 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:35:26.0141 7768 secdrv - ok
19:35:26.0161 7768 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
19:35:26.0193 7768 seclogon - ok
19:35:26.0218 7768 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
19:35:26.0258 7768 SENS - ok
19:35:26.0275 7768 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:35:26.0337 7768 SensrSvc - ok
19:35:26.0350 7768 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:35:26.0373 7768 Serenum - ok
19:35:26.0391 7768 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:35:26.0431 7768 Serial - ok
19:35:26.0464 7768 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:35:26.0490 7768 sermouse - ok
19:35:26.0563 7768 [ 2D841B7B7F6DEC32162EDFCC69D61F42 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
19:35:26.0587 7768 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
19:35:26.0587 7768 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
19:35:26.0633 7768 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
19:35:26.0670 7768 SessionEnv - ok
19:35:26.0699 7768 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:35:26.0766 7768 sffdisk - ok
19:35:26.0774 7768 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:35:26.0802 7768 sffp_mmc - ok
19:35:26.0817 7768 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:35:26.0853 7768 sffp_sd - ok
19:35:26.0872 7768 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:35:26.0898 7768 sfloppy - ok
19:35:26.0930 7768 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:35:26.0963 7768 SharedAccess - ok
19:35:26.0987 7768 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:35:27.0021 7768 ShellHWDetection - ok
19:35:27.0040 7768 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:35:27.0072 7768 sisagp - ok
19:35:27.0104 7768 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:35:27.0116 7768 SiSRaid2 - ok
19:35:27.0127 7768 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:35:27.0169 7768 SiSRaid4 - ok
19:35:27.0252 7768 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
19:35:27.0277 7768 SkypeUpdate - ok
19:35:27.0299 7768 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:35:27.0339 7768 Smb - ok
19:35:27.0375 7768 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:35:27.0395 7768 SNMPTRAP - ok
19:35:27.0478 7768 [ D1591BACDC8187A828471075FF1A3EED ] SnugTV Service C:\Program Files\SnugTV\SnugTV Station\AMAServer.exe
19:35:27.0505 7768 SnugTV Service ( UnsignedFile.Multi.Generic ) - warning
19:35:27.0506 7768 SnugTV Service - detected UnsignedFile.Multi.Generic (1)
19:35:27.0610 7768 [ 3A4F2C0BB87A0895ABEBA341AA1E341B ] Sony PC Companion C:\Program Files\Sony\Sony PC Companion\PCCService.exe
19:35:27.0635 7768 Sony PC Companion - ok
19:35:27.0661 7768 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
19:35:27.0675 7768 spldr - ok
19:35:27.0715 7768 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
19:35:27.0767 7768 Spooler - ok
19:35:28.0079 7768 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
19:35:28.0209 7768 sppsvc - ok
19:35:28.0234 7768 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:35:28.0270 7768 sppuinotify - ok
19:35:28.0351 7768 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\Windows\system32\Drivers\sptd.sys
19:35:28.0352 7768 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
19:35:28.0354 7768 sptd ( LockedFile.Multi.Generic ) - warning
19:35:28.0354 7768 sptd - detected LockedFile.Multi.Generic (1)
19:35:28.0424 7768 [ A60F1294709054AB62AC909C5616CA78 ] SpyEmrg C:\Windows\system32\Drivers\spyemrg.sys
19:35:28.0434 7768 SpyEmrg - ok
19:35:28.0479 7768 [ CAC0E73A49C850ED21904B5843A37C0A ] SpyEmrgAccess C:\Windows\system32\Drivers\spyemrg_access.sys
19:35:28.0490 7768 SpyEmrgAccess - ok
19:35:28.0519 7768 [ 0E4FAA4DCFC4E60D746E267F820D2446 ] SpyEmrgGuard C:\Windows\system32\Drivers\spyemrg_guard.sys
19:35:28.0531 7768 SpyEmrgGuard - ok
19:35:28.0645 7768 [ FA9B767ADDD3885C988227A779A0EEEF ] SpyEmrgSrv C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe
19:35:28.0723 7768 SpyEmrgSrv - ok
19:35:28.0757 7768 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:35:28.0791 7768 srv - ok
19:35:28.0825 7768 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:35:28.0843 7768 srv2 - ok
19:35:28.0851 7768 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:35:28.0874 7768 srvnet - ok
19:35:28.0897 7768 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:35:28.0931 7768 SSDPSRV - ok
19:35:28.0958 7768 [ EF3458337D7341A05169CEFC73709264 ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
19:35:28.0962 7768 SSPORT ( UnsignedFile.Multi.Generic ) - warning
19:35:28.0962 7768 SSPORT - detected UnsignedFile.Multi.Generic (1)
19:35:28.0975 7768 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:35:29.0014 7768 SstpSvc - ok
19:35:29.0029 7768 Steam Client Service - ok
19:35:29.0056 7768 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:35:29.0067 7768 stexstor - ok
19:35:29.0115 7768 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
19:35:29.0161 7768 StiSvc - ok
19:35:29.0181 7768 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
19:35:29.0193 7768 storflt - ok
19:35:29.0215 7768 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:35:29.0226 7768 storvsc - ok
19:35:29.0246 7768 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
19:35:29.0259 7768 swenum - ok
19:35:29.0283 7768 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
19:35:29.0322 7768 swprv - ok
19:35:29.0326 7768 Synth3dVsc - ok
19:35:29.0368 7768 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
19:35:29.0412 7768 SysMain - ok
19:35:29.0431 7768 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:35:29.0462 7768 TabletInputService - ok
19:35:29.0487 7768 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
19:35:29.0516 7768 TapiSrv - ok
19:35:29.0544 7768 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
19:35:29.0572 7768 TBS - ok
19:35:29.0627 7768 [ CA59F7C570AF70BC174F477CFE2D9EE3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:35:29.0698 7768 Tcpip - ok
19:35:29.0744 7768 [ CA59F7C570AF70BC174F477CFE2D9EE3 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:35:29.0771 7768 TCPIP6 - ok
19:35:29.0792 7768 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:35:29.0814 7768 tcpipreg - ok
19:35:29.0839 7768 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:35:29.0872 7768 TDPIPE - ok
19:35:29.0895 7768 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:35:29.0938 7768 TDTCP - ok
19:35:29.0967 7768 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:35:30.0063 7768 tdx - ok
19:35:30.0093 7768 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:35:30.0127 7768 TermDD - ok
19:35:30.0179 7768 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
19:35:30.0227 7768 TermService - ok
19:35:30.0267 7768 [ 59CFDA4EACB3788F8B17F87B49B0AC0E ] Themes C:\Windows\system32\themeservice.dll
19:35:30.0286 7768 Themes ( UnsignedFile.Multi.Generic ) - warning
19:35:30.0286 7768 Themes - detected UnsignedFile.Multi.Generic (1)
19:35:30.0302 7768 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
19:35:30.0327 7768 THREADORDER - ok
19:35:30.0384 7768 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
19:35:30.0415 7768 TrkWks - ok
19:35:30.0443 7768 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:35:30.0481 7768 TrustedInstaller - ok
19:35:30.0514 7768 [ B37B08F2E5EEB1A37E448E09BACE1101 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:35:30.0544 7768 tssecsrv - ok
19:35:30.0569 7768 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:35:30.0604 7768 TsUsbFlt - ok
19:35:30.0608 7768 tsusbhub - ok
19:35:30.0640 7768 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:35:30.0681 7768 tunnel - ok
19:35:30.0699 7768 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:35:30.0727 7768 uagp35 - ok
19:35:30.0739 7768 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:35:30.0811 7768 udfs - ok
19:35:30.0843 7768 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:35:30.0868 7768 UI0Detect - ok
19:35:30.0897 7768 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:35:30.0926 7768 uliagpkx - ok
19:35:30.0946 7768 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
19:35:30.0982 7768 umbus - ok
19:35:31.0017 7768 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:35:31.0059 7768 UmPass - ok
19:35:31.0097 7768 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
19:35:31.0120 7768 UmRdpService - ok
19:35:31.0143 7768 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
19:35:31.0188 7768 upnphost - ok
19:35:31.0227 7768 [ 7062ED67A10F1C83B2AB951736E24F11 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
19:35:31.0264 7768 upperdev - ok
19:35:31.0300 7768 [ 71D97F1A3CC47A56728F7A400A3F8295 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:35:31.0361 7768 usbccgp - ok
19:35:31.0397 7768 [ 2352AB5F9F8F097BF9D41D5A4718A041 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:35:31.0457 7768 usbcir - ok
19:35:31.0483 7768 [ C4FB8E7ADEA9B5CEEA885A1B504B7E40 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:35:31.0510 7768 usbehci - ok
19:35:31.0552 7768 [ 86AA95ACB611001E26CD2C0145F2225A ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:35:31.0583 7768 usbhub - ok
19:35:31.0609 7768 [ DCDF9855145A14DFCA0AB32308871961 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:35:31.0630 7768 usbohci - ok
19:35:31.0664 7768 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:35:31.0691 7768 usbprint - ok
19:35:31.0716 7768 [ FC6B21DB4B5B398AB93DBE59CBF11036 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:35:31.0739 7768 usbscan - ok
19:35:31.0780 7768 [ 007C0C8D5B01D82ACEB70431D15083F6 ] usbser C:\Windows\system32\drivers\usbser.sys
19:35:31.0812 7768 usbser - ok
19:35:31.0838 7768 [ B76D8039F5B595C4CA551B3D5DD15A98 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
19:35:31.0864 7768 UsbserFilt - ok
19:35:31.0895 7768 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:35:31.0952 7768 USBSTOR - ok
19:35:31.0963 7768 [ 8E51D04175BAA14C4F79AA5F6D248770 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:35:31.0987 7768 usbuhci - ok
19:35:32.0006 7768 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
19:35:32.0047 7768 UxSms - ok
19:35:32.0060 7768 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
19:35:32.0072 7768 VaultSvc - ok
19:35:32.0110 7768 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:35:32.0123 7768 vdrvroot - ok
19:35:32.0155 7768 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
19:35:32.0217 7768 vds - ok
19:35:32.0238 7768 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:35:32.0283 7768 vga - ok
19:35:32.0303 7768 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:35:32.0359 7768 VgaSave - ok
19:35:32.0363 7768 VGPU - ok
19:35:32.0382 7768 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:35:32.0397 7768 vhdmp - ok
19:35:32.0416 7768 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:35:32.0443 7768 viaagp - ok
19:35:32.0457 7768 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
19:35:32.0498 7768 ViaC7 - ok
19:35:32.0529 7768 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
19:35:32.0556 7768 viaide - ok
19:35:32.0576 7768 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
19:35:32.0593 7768 vmbus - ok
19:35:32.0604 7768 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
19:35:32.0619 7768 VMBusHID - ok
19:35:32.0635 7768 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:35:32.0676 7768 volmgr - ok
19:35:32.0697 7768 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:35:32.0743 7768 volmgrx - ok
19:35:32.0757 7768 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:35:32.0773 7768 volsnap - ok
19:35:32.0798 7768 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:35:32.0829 7768 vsmraid - ok
19:35:32.0870 7768 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
19:35:32.0931 7768 VSS - ok
19:35:32.0941 7768 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:35:32.0967 7768 vwifibus - ok
19:35:32.0996 7768 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
19:35:33.0032 7768 W32Time - ok
19:35:33.0052 7768 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:35:33.0089 7768 WacomPen - ok
19:35:33.0118 7768 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:35:33.0148 7768 WANARP - ok
19:35:33.0153 7768 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:35:33.0177 7768 Wanarpv6 - ok
19:35:33.0246 7768 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:35:33.0288 7768 WatAdminSvc - ok
19:35:33.0333 7768 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
19:35:33.0433 7768 wbengine - ok
19:35:33.0457 7768 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:35:33.0486 7768 WbioSrvc - ok
19:35:33.0515 7768 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:35:33.0537 7768 wcncsvc - ok
19:35:33.0548 7768 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:35:33.0594 7768 WcsPlugInService - ok
19:35:33.0611 7768 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:35:33.0638 7768 Wd - ok
19:35:33.0675 7768 [ 25944D2CC49E0A6C581D02A74B7D6645 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:35:33.0698 7768 Wdf01000 - ok
19:35:33.0713 7768 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:35:33.0795 7768 WdiServiceHost - ok
19:35:33.0798 7768 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:35:33.0815 7768 WdiSystemHost - ok
19:35:33.0841 7768 [ 75E8EBD7040CE238684333F97014762A ] WebClient C:\Windows\System32\webclnt.dll
19:35:33.0871 7768 WebClient - ok
19:35:33.0895 7768 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:35:33.0927 7768 Wecsvc - ok
19:35:33.0940 7768 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:35:33.0977 7768 wercplsupport - ok
19:35:34.0014 7768 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
19:35:34.0050 7768 WerSvc - ok
19:35:34.0082 7768 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:35:34.0125 7768 WfpLwf - ok
19:35:34.0135 7768 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:35:34.0162 7768 WIMMount - ok
19:35:34.0226 7768 [ 082CF481F659FAE0DE51AD060881EB47 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:35:34.0268 7768 WinDefend - ok
19:35:34.0279 7768 WinHttpAutoProxySvc - ok
19:35:34.0318 7768 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:35:34.0352 7768 Winmgmt - ok
19:35:34.0394 7768 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
19:35:34.0449 7768 WinRM - ok
19:35:34.0497 7768 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:35:34.0515 7768 WinUsb - ok
19:35:34.0546 7768 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:35:34.0604 7768 Wlansvc - ok
19:35:34.0699 7768 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:35:34.0777 7768 wlidsvc - ok
19:35:34.0804 7768 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:35:34.0836 7768 WmiAcpi - ok
19:35:34.0858 7768 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:35:34.0880 7768 wmiApSrv - ok
19:35:34.0936 7768 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:35:35.0001 7768 WMPNetworkSvc - ok
19:35:35.0027 7768 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:35:35.0061 7768 WPCSvc - ok
19:35:35.0089 7768 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:35:35.0112 7768 WPDBusEnum - ok
19:35:35.0139 7768 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:35:35.0188 7768 ws2ifsl - ok
19:35:35.0250 7768 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
19:35:35.0333 7768 wscsvc - ok
19:35:35.0337 7768 WSearch - ok
19:35:35.0402 7768 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
19:35:35.0488 7768 wuauserv - ok
19:35:35.0524 7768 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:35:35.0585 7768 WudfPf - ok
19:35:35.0621 7768 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:35:35.0652 7768 WUDFRd - ok
19:35:35.0692 7768 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:35:35.0708 7768 wudfsvc - ok
19:35:35.0747 7768 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll
19:35:35.0788 7768 WwanSvc - ok
19:35:35.0799 7768 ================ Scan global ===============================
19:35:35.0829 7768 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
19:35:35.0859 7768 [ 51BB04243DF6196C06E125898127E397 ] C:\Windows\system32\winsrv.dll
19:35:35.0868 7768 [ 51BB04243DF6196C06E125898127E397 ] C:\Windows\system32\winsrv.dll
19:35:35.0897 7768 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
19:35:35.0923 7768 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
19:35:35.0929 7768 [Global] - ok
19:35:35.0929 7768 ================ Scan MBR ==================================
19:35:35.0937 7768 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:35:36.0318 7768 \Device\Harddisk0\DR0 - ok
19:35:36.0319 7768 ================ Scan VBR ==================================
19:35:36.0321 7768 [ B4EE5BAF6D97594F7CF46FE630D53E01 ] \Device\Harddisk0\DR0\Partition1
19:35:36.0323 7768 \Device\Harddisk0\DR0\Partition1 - ok
19:35:36.0342 7768 [ C6CFDF82C3474B99FD0A0E40CCDEAC23 ] \Device\Harddisk0\DR0\Partition2
19:35:36.0343 7768 \Device\Harddisk0\DR0\Partition2 - ok
19:35:36.0344 7768 ============================================================
19:35:36.0344 7768 Scan finished
19:35:36.0344 7768 ============================================================
19:35:36.0353 6560 Detected object count: 10
19:35:36.0353 6560 Actual detected object count: 10
19:36:08.0298 6560 Amps2prt ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:08.0298 6560 Amps2prt ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:36:08.0300 6560 AVerRemote ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:08.0300 6560 AVerRemote ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:36:08.0302 6560 AVerScheduleService ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:08.0302 6560 AVerScheduleService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:36:08.0303 6560 AVerUpdateServer ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:08.0303 6560 AVerUpdateServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:36:08.0304 6560 DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:08.0304 6560 DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:36:08.0306 6560 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:08.0306 6560 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:36:08.0307 6560 SnugTV Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:08.0307 6560 SnugTV Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:36:08.0308 6560 sptd ( LockedFile.Multi.Generic ) - skipped by user
19:36:08.0308 6560 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
19:36:08.0310 6560 SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:08.0310 6560 SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:36:08.0311 6560 Themes ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:08.0311 6560 Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:36:54.0804 9532 Deinitialize success

#6 Příspěvek od **vyosek** » 11 říj 2013 18:56

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

mr.Cooper · #7 Příspěvek od **mr.Cooper** » 11 říj 2013 19:14

Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/11/2013 08:11:20 PM in x86 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\Samsung\PanelMgr\SSMMgr.exe (PID: 2512) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* C:\Windows\System32\UxTheme.dll : 249 856 : 12/24/2010 01:13 PM : 5ae8fd64fc69a242c572968e1d4e6eb2 [NoSig]
+-> C:\Windows\winsxs\x86_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_a5baf0f767e33083\uxtheme.dll : 249 856 : 07/14/2009 03:16 AM : 63bfdf555da2075a77d677829c3cccd0 [Pos Repl]

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 10/11/2013 08:12:39 PM
Execution time: 0 hours(s), 1 minute(s), and 19 seconds(s)

mr.Cooper · #8 Příspěvek od **mr.Cooper** » 11 říj 2013 19:42

ComboFix 13-10-09.01 - Cooper 11.10.2013 20:20:36.4.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.3582.1243 [GMT 2:00]
Spuštěný z: c:\users\Cooper\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: ESET personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\nbdem.exe
c:\users\Cooper\AppData\Local\assembly\tmp
c:\users\Cooper\AppData\Roaming\inst.exe
c:\users\Cooper\ia_remove.sh4712.tmp
c:\windows\Installer\{198F93FD-9919-4010-8164-06BC2349959C}\NewShortcut1_46FEF19C05F1475DAA14D9007DC15270_2.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-09-11 do 2013-10-11 )))))))))))))))))))))))))))))))
.
.
2013-10-11 18:39 . 2013-10-11 18:39 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-10-11 18:39 . 2013-10-11 18:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-11 18:38 . 2013-10-11 18:38 77312 ----a-w- c:\programdata\jdoyz.exe
2013-10-11 17:29 . 2013-10-11 17:29 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4F1369DB-86E5-44FC-A0F0-F5CF57E1978B}\offreg.dll
2013-10-07 08:11 . 2013-09-05 05:02 7328304 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4F1369DB-86E5-44FC-A0F0-F5CF57E1978B}\mpengine.dll
2013-10-05 18:25 . 2013-09-21 03:30 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-05 18:25 . 2013-09-22 23:28 217600 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-10-05 18:25 . 2013-09-22 23:27 2876928 ----a-w- c:\windows\system32\jscript9.dll
2013-10-05 18:25 . 2013-09-22 23:27 108032 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2013-10-05 18:25 . 2013-09-22 23:27 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-10-05 10:20 . 2013-07-04 11:50 530432 ----a-w- c:\windows\system32\comctl32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-11 16:50 . 2012-04-05 10:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-11 16:50 . 2012-04-05 10:53 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-07 02:22 . 2010-04-02 18:04 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-07-25 08:57 . 2013-08-14 11:39 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-19 01:41 . 2013-08-14 11:39 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\bin\postak.exe" [2012-01-10 491040]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"SpyEmergency"="c:\program files\NETGATE\Spy Emergency\SpyEmergency.exe" [2011-01-26 2394752]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\HydraVision\HydraDM.exe" [2009-11-24 385024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-04-09 2029640]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-08-27 614400]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"jdoyz"="c:\programdata\jdoyz.exe" [2013-10-11 77312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2010-9-26 155648]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2010-9-26 718336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);c:\windows\system32\drivers\averhbtv.sys [2009-08-20 306688]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-08-07 12400]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-08-17 137472]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
R3 SpyEmrgAccess;Spy Emergency OnAccess Driver;c:\windows\system32\Drivers\spyemrg_access.sys [2009-09-17 18232]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-07 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-05-06 691696]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-11 239168]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-04-09 107256]
S1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\Drivers\spyemrg.sys [2009-09-17 12344]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 219136]
S2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [2009-10-30 348160]
S2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2009-12-07 397312]
S2 AVerUpdateServer;AVerUpdateServer;c:\program files\AVerMedia\AVerUpdate\AVerUpdateServer.exe [2011-01-06 168448]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-04-09 731840]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-04-09 38240]
S2 SnugTV Service;SnugTV Service;c:\program files\SnugTV\SnugTV Station\AMAServer.exe [2011-01-05 570880]
S2 SpyEmrgSrv;Spy Emergency Engine Service;c:\program files\NETGATE\Spy Emergency\SpyEmergencySrv.exe [2010-09-30 2230912]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2008-01-03 5120]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2prt.sys [2007-05-15 14336]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-11-06 84992]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2012-09-29 47360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\Drivers\spyemrg_guard.sys [2009-09-17 14392]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - 92271251
*Deregistered* - 92271251
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-04 13:29 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-10-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 16:50]
.
2013-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-28 18:50]
.
2013-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-28 18:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
IE: Spustit klienta k monitoru &1 - c:\windows\web\AOpenClient.htm
IE: Spustit klienta k monitoru &2 - c:\windows\web\AOpenClient.htm
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{493431F5-3772-440C-AAC2-F9A183E1372F}: DhcpNameServer = 192.168.2.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{91397D20-1446-11D4-8AF4-0040CA1127B6} - (no file)
HKLM-Run-Driver Genius - (no file)
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SnugTV Quick Start.lnk - c:\windows\Installer\{198F93FD-9919-4010-8164-06BC2349959C}\NewShortcut1_46FEF19C05F1475DAA14D9007DC15270_2.exe
AddRemove-{1AA94747-3BF6-4237-9E1A-7B3067738FE1} - c:\program files (x86)\InstallShield Installation Information\{1AA94747-3BF6-4237-9E1A-7B3067738FE1}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2013-10-11 20:40:48
ComboFix-quarantined-files.txt 2013-10-11 18:40
.
Před spuštěním: 4 248 600 576
Po spuštění: 4 462 198 784
.
- - End Of File - - C3C03529C4DAAF494C7E0CBD69E6ACA1
A36C5E4F47E84449FF07ED3517B43A31

#9 Příspěvek od **vyosek** » 12 říj 2013 06:30

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Collect::
c:\programdata\jdoyz.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"=-
"PC Suite Tray"=-
"SpyEmergency"=-
"DAEMON Tools Lite"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=-
"SunJavaUpdateSched"=-
"Adobe ARM"=-
"jdoyz"=-

File::
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

mr.Cooper · #10 Příspěvek od **mr.Cooper** » 12 říj 2013 08:35

ComboFix 13-10-09.01 - Cooper 12.10.2013 9:08.5.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.3582.2229 [GMT 2:00]
Spuštěný z: c:\users\Cooper\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Cooper\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: ESET personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-09-12 do 2013-10-12 )))))))))))))))))))))))))))))))
.
.
2013-10-12 07:25 . 2013-10-12 07:25 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-10-12 07:25 . 2013-10-12 07:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-07 08:11 . 2013-09-05 05:02 7328304 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4F1369DB-86E5-44FC-A0F0-F5CF57E1978B}\mpengine.dll
2013-10-05 18:25 . 2013-09-21 03:30 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-05 18:25 . 2013-09-22 23:28 217600 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-10-05 18:25 . 2013-09-22 23:27 2876928 ----a-w- c:\windows\system32\jscript9.dll
2013-10-05 18:25 . 2013-09-22 23:27 108032 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2013-10-05 18:25 . 2013-09-22 23:27 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-10-05 10:20 . 2013-07-04 11:50 530432 ----a-w- c:\windows\system32\comctl32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-11 16:50 . 2012-04-05 10:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-11 16:50 . 2012-04-05 10:53 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-07 02:22 . 2010-04-02 18:04 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-07-25 08:57 . 2013-08-14 11:39 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-19 01:41 . 2013-08-14 11:39 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\HydraVision\HydraDM.exe" [2009-11-24 385024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-04-09 2029640]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-08-27 614400]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2010-9-26 155648]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2010-9-26 718336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);c:\windows\system32\drivers\averhbtv.sys [2009-08-20 306688]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-08-07 12400]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-08-17 137472]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
R3 SpyEmrgAccess;Spy Emergency OnAccess Driver;c:\windows\system32\Drivers\spyemrg_access.sys [2009-09-17 18232]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-07 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-05-06 691696]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-11 239168]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-04-09 107256]
S1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\Drivers\spyemrg.sys [2009-09-17 12344]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 219136]
S2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [2009-10-30 348160]
S2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2009-12-07 397312]
S2 AVerUpdateServer;AVerUpdateServer;c:\program files\AVerMedia\AVerUpdate\AVerUpdateServer.exe [2011-01-06 168448]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-04-09 731840]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-04-09 38240]
S2 SnugTV Service;SnugTV Service;c:\program files\SnugTV\SnugTV Station\AMAServer.exe [2011-01-05 570880]
S2 SpyEmrgSrv;Spy Emergency Engine Service;c:\program files\NETGATE\Spy Emergency\SpyEmergencySrv.exe [2010-09-30 2230912]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2008-01-03 5120]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2prt.sys [2007-05-15 14336]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-11-06 84992]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2012-09-29 47360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\Drivers\spyemrg_guard.sys [2009-09-17 14392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-04 13:29 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
IE: Spustit klienta k monitoru &1 - c:\windows\web\AOpenClient.htm
IE: Spustit klienta k monitoru &2 - c:\windows\web\AOpenClient.htm
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{493431F5-3772-440C-AAC2-F9A183E1372F}: DhcpNameServer = 192.168.2.1
.
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(4540)
c:\program files\ATI Technologies\HydraVision\HydraDMH.dll
c:\program files\ESET\ESET Smart Security\eplgHooks.dll
c:\windows\system32\Amhooker.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2013-10-12 09:33:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-10-12 07:33
ComboFix2.txt 2013-10-11 18:40
.
Před spuštěním: 4 003 323 904
Po spuštění: 1 361 211 392
.
- - End Of File - - 71A6C4F51C1648DCF2C37E8C4211D5B3
A36C5E4F47E84449FF07ED3517B43A31

#11 Příspěvek od **cernohous13** » 12 říj 2013 19:30

Zdravím,

mohl bys spustit CF ještě jednou bez scriptu?
je tam nějaká nejasnost v informaci o volném místě na disku

mr.Cooper · #12 Příspěvek od **mr.Cooper** » 12 říj 2013 22:05

bez scriptu je to o příspěvek výše...jinak udělám znova

#13 Příspěvek od **vyosek** » 12 říj 2013 22:07

Spustte CF jen tam, dvouklikem, potrebujeme neco overiti - je to ve spolupraci se zahranicni konzultantkou, ktera o CF hooodne vi...

mr.Cooper · #14 Příspěvek od **mr.Cooper** » 12 říj 2013 23:31

tak snad to bude tohle
ComboFix 13-10-09.01 - Cooper 13.10.2013 0:07.6.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.3582.2414 [GMT 2:00]
Spuštěný z: c:\users\Cooper\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: ESET personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Cooper\AppData\Roaming\inst.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-09-12 do 2013-10-12 )))))))))))))))))))))))))))))))
.
.
2013-10-12 22:24 . 2013-10-12 22:25 -------- d-----w- c:\users\Cooper\AppData\Local\temp
2013-10-12 22:24 . 2013-10-12 22:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-10-12 22:24 . 2013-10-12 22:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-12 12:46 . 2013-10-12 14:19 -------- d-----w- c:\programdata\xml_param
2013-10-12 12:45 . 2013-10-12 12:45 -------- d-----w- c:\users\Cooper\AppData\Roaming\Wondershare Video Converter Pro
2013-10-12 12:44 . 2013-10-12 12:44 -------- d-----w- c:\users\Cooper\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
2013-10-12 12:44 . 2013-10-12 12:44 -------- d-----w- c:\users\Cooper\AppData\Local\Wondershare
2013-10-12 12:44 . 2013-10-12 12:44 -------- d-----w- c:\program files\Common Files\Wondershare
2013-10-12 12:44 . 2013-08-07 12:31 214528 ----a-w- c:\windows\system32\WSCM32.dll
2013-10-12 12:44 . 2013-10-12 13:10 -------- d-----w- c:\programdata\Wondershare Video Converter Pro
2013-10-12 12:43 . 2013-10-12 16:18 -------- d-----w- c:\program files\Wondershare
2013-10-12 12:43 . 2013-10-12 12:43 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4F1369DB-86E5-44FC-A0F0-F5CF57E1978B}\offreg.dll
2013-10-07 08:11 . 2013-09-05 05:02 7328304 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4F1369DB-86E5-44FC-A0F0-F5CF57E1978B}\mpengine.dll
2013-10-05 18:25 . 2013-09-21 03:30 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-05 18:25 . 2013-09-22 23:28 217600 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-10-05 18:25 . 2013-09-22 23:27 2876928 ----a-w- c:\windows\system32\jscript9.dll
2013-10-05 18:25 . 2013-09-22 23:27 108032 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2013-10-05 18:25 . 2013-09-22 23:27 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-10-05 10:20 . 2013-07-04 11:50 530432 ----a-w- c:\windows\system32\comctl32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-12 12:29 . 2012-09-29 17:27 47360 ----a-w- c:\users\Cooper\AppData\Roaming\pcouffin.sys
2013-10-11 16:50 . 2012-04-05 10:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-11 16:50 . 2012-04-05 10:53 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-08-07 02:22 . 2010-04-02 18:04 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-07-25 08:57 . 2013-08-14 11:39 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-19 01:41 . 2013-08-14 11:39 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\HydraVision\HydraDM.exe" [2009-11-24 385024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-04-09 2029640]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-08-27 614400]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2013-05-29 1743136]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2010-9-26 155648]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2010-9-26 718336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);c:\windows\system32\drivers\averhbtv.sys [2009-08-20 306688]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-08-07 12400]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-08-17 137472]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2012-09-29 47360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
R3 SpyEmrgAccess;Spy Emergency OnAccess Driver;c:\windows\system32\Drivers\spyemrg_access.sys [2009-09-17 18232]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-07 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-05-06 691696]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-11 239168]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-04-09 107256]
S1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\Drivers\spyemrg.sys [2009-09-17 12344]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 219136]
S2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [2009-10-30 348160]
S2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2009-12-07 397312]
S2 AVerUpdateServer;AVerUpdateServer;c:\program files\AVerMedia\AVerUpdate\AVerUpdateServer.exe [2011-01-06 168448]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-04-09 731840]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-04-09 38240]
S2 SnugTV Service;SnugTV Service;c:\program files\SnugTV\SnugTV Station\AMAServer.exe [2011-01-05 570880]
S2 SpyEmrgSrv;Spy Emergency Engine Service;c:\program files\NETGATE\Spy Emergency\SpyEmergencySrv.exe [2010-09-30 2230912]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2008-01-03 5120]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2prt.sys [2007-05-15 14336]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-11-06 84992]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\Drivers\spyemrg_guard.sys [2009-09-17 14392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-04 13:29 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: SmarThru4 Capture Selection - c:\program files\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Save as HTML - c:\program files\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files\SmarThru 4\WebCapture.dll
IE: Spustit klienta k monitoru &1 - c:\windows\web\AOpenClient.htm
IE: Spustit klienta k monitoru &2 - c:\windows\web\AOpenClient.htm
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{493431F5-3772-440C-AAC2-F9A183E1372F}: DhcpNameServer = 192.168.2.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-BrowserPlugInHelper - c:\program files\Wondershare\Video Converter Pro\BrowserPlugInHelper.exe
.
.
.
Celkový čas: 2013-10-13 00:26:54
ComboFix-quarantined-files.txt 2013-10-12 22:26
ComboFix2.txt 2013-10-12 07:33
ComboFix3.txt 2013-10-11 18:40
.
Před spuštěním: Volných bajtů: 18 126 270 464
Po spuštění: Volných bajtů: 17 804 156 928
.
- - End Of File - - 7CEEBAC203656045E2BD405B3336368F
A36C5E4F47E84449FF07ED3517B43A31

#15 Příspěvek od **vyosek** » 13 říj 2013 21:36

Maly dotaz, provadel jste ted nejake presuny dat (ve vetsim), jelikoz jendou je tam 3 GB volneho, pak 1 GB, ted 17 GB

VIRY.CZ

prosím o kontrolu logu

prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu