RogueKiller V11.0.12.0 [Feb 15 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Spuštěno : Normální režim
Uživatel : Jelena [Práva správce]
Started from : C:\Users\Jelena\Desktop\RogueKiller.exe
Mód : Smazat -- Datum : 02/17/2016 18:03:29
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 6 ¤¤¤
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : ([X]) -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : ([X]) -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : ([X]) -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{627338BD-5CE9-44C1-B37A-03F7246C7BE5} | DhcpNameServer : ([X]) -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{627338BD-5CE9-44C1-B37A-03F7246C7BE5} | DhcpNameServer : ([X]) -> Nahrazeno ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{627338BD-5CE9-44C1-B37A-03F7246C7BE5} | DhcpNameServer : ([X]) -> Nahrazeno ()
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 7 (Driver: Nahrán) ¤¤¤
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_CREATE[0] : Unknown @ 0xffffffff85ca61f8
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_CLOSE[2] : Unknown @ 0xffffffff85ca61f8
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0xffffffff85ca61f8
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0xffffffff85ca61f8
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_POWER[22] : Unknown @ 0xffffffff85ca61f8
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0xffffffff85ca61f8
[IRP:Addr(Hook.IRP)] \Driver\atapi - IRP_MJ_PNP[27] : Unknown @ 0xffffffff85ca61f8
¤¤¤ Webové prohlížeče : 3 ¤¤¤
[PUP][FIREFX:Addon] sdavcp3j.default : Seznam li?ti?ka [{ea614400-e918-4741-9a97-7a972ff7c30b}] -> Smazáno
[FIREFX:Addon] sdavcp3j.default : Microsoft .NET Framework Assistant [{20a82645-c095-46ed-80e3-08825760534b}] -> Smazáno
[FIREFX:Addon] sdavcp3j.default : DivX Plus Web Player HTML5 <video> [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] -> Smazáno
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAJS-22A8B0 ATA Device +++++
--- User ---
[MBR] 577f266db10d83996a3aee43f351ac78
[BSP] d4ddf413cb195773f110c53b3b68b61e : HP MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 15005 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 30734336 | Size: 184754 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409110528 | Size: 277178 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive2: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive3: Generic USB SM Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
+++++ PhysicalDrive4: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Po?adavek není podporován. )
problem CPU na 100 procent
Re: problem CPU na 100 procent
a zde
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Jelena on st 17.02.2016 at 18:09:19,14.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Jelena\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
17.2.2016 18:11:24 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\Program Files\AMD deleted successfully
C:\Program Files\GMT-MAX.ORG deleted successfully
C:\Program Files\Rockstar Games deleted successfully
C:\PROGRA~2\FixBackups deleted successfully
C:\PROGRA~2\LumaEmu_SteamCloud deleted successfully
C:\PROGRA~2\Mozilla deleted successfully
C:\PROGRA~2\Skype deleted successfully
C:\Users\Jelena\AppData\Roaming\DiskDefrag deleted successfully
C:\Users\Jelena\AppData\Roaming\EurekaLog deleted successfully
C:\Users\Jelena\AppData\Roaming\Outlook deleted successfully
C:\Users\Jelena\AppData\Roaming\PeerNetworking deleted successfully
C:\Users\Jelena\AppData\Roaming\WinRAR deleted successfully
C:\Users\Jelena\AppData\Local\CrashDumps deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WtuSystemSupport deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WtuSystemSupport deleted successfully
==== FireFox Fix ======================
Deleted from C:\Users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\1piz5tef.default\prefs.js:
user_pref("browser.search.defaulturl", "");
user_pref("keyword.URL", "http://badoo.com/startpage/?source=bsb&q=");
Added to C:\Users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\1piz5tef.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Deleted from C:\Users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\lry9rs40.default\prefs.js:
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "http://www.seznam.cz/");
user_pref("browser.search.defaulturl", "");
user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
user_pref("browser.search.defaultenginename", "SweetIM Search");
user_pref("browser.search.selectedEngine", "SweetIM Search");
user_pref("keyword.URL", "http://search.seznam.cz/?sourceid=FF_5&q=");
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\lry9rs40.default\prefs.js:
Deleted from C:\Users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\sdavcp3j.default\prefs.js:
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
user_pref("browser.search.defaulturl", "");
user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "");
user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
user_pref("keyword.URL", "http://badoo.com/startpage/?source=bsb&q=");
Added to C:\Users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\sdavcp3j.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\1piz5tef.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_17.02.2016_1826_.backup
ProfilePath: C:\Users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\lry9rs40.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_17.02.2016_1826_.backup
ProfilePath: C:\Users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\sdavcp3j.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_17.02.2016_1826_.backup
==== Deleting Files \ Folders ======================
C:\Program Files\AMD not found
C:\Program Files\GMT-MAX.ORG not found
C:\Program Files\Rockstar Games not found
C:\Users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\lry9rs40.default\extensions\toolbar@ask.com not found
C:\Users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\lry9rs40.default\extensions\toolbar@ask.com not found
"C:\Windows\Installer\16ea21.msi" not found
"C:\Windows\Installer\16ea5e.msi" not found
C:\Users\Jelena\AppData\Local\Rockstar Games deleted
C:\Program Files\AnyToISO deleted
C:\Windows\system32\appdata deleted
C:\Program Files\DayZLauncher deleted
C:\Program Files\AVG Web TuneUp deleted
C:\found.000 deleted
C:\Users\Jelena\AppData\Roaming\pcouffin.log deleted
C:\PROGRA~2\AVG Web TuneUp deleted
C:\PROGRA~2\Kingsoft deleted
C:\PROGRA~2\Vivendi Universal Games deleted
C:\PROGRA~2\Package Cache deleted
"C:\Windows\Installer\45c8c02.msi" deleted
"C:\Users\Jelena\AppData\Local\LumaEmu" deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\1piz5tef.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\sdavcp3j.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5" [12.11.2011 18:08]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\lry9rs40.default
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
- Personas - %ProfilePath%\extensions\personas@christopher.beard
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- AniWeather - %ProfilePath%\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
- Stylish - %ProfilePath%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
- FoxTab - %ProfilePath%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\lry9rs40.default
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
1040BD9BF3DDAB7CDA2346F8375480A2 - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll - Java(TM) Platform SE 6 U26
DE3745A51B7AC7FEDC356A83F76C8023 - C:\Windows\system32\Macromed\Flash\NPSWF32.dll - Shockwave Flash
5EB6F21D95E728C61BCFC89F899D6BB0 - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll - Java Deployment Toolkit 6.0.260.3
Profilepath: C:\Users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\sdavcp3j.default
6F120933F87E7DEC972476170288A267 - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
0BD343C45B4ECCF8D6AF94D6C3ADC310 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
AF8A94BCB98C299C49B28CC12EBC0ED2 - C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll - Google Update
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
1B743D5B6FD001660FAB17DD7C347A38 - C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll - Silverlight Plug-In
1040BD9BF3DDAB7CDA2346F8375480A2 - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll - Java(TM) Platform SE 6 U26
5EB6F21D95E728C61BCFC89F899D6BB0 - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll - Java Deployment Toolkit 6.0.260.3
B938C1AE3ADCE166190895685B0BEB0D - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll - DivX VOD Helper Plug-in
3D2C49ED6F0BBB07D7CCA0CA61F44F8F - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll - DivX Plus Web Player
DE3745A51B7AC7FEDC356A83F76C8023 - C:\Windows\system32\Macromed\Flash\NPSWF32.dll - Shockwave Flash
4F3F6B17B4A5BDB68B3CB0367A2C214E - C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrlui.dll - Microsoft® Silverlight
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[26.10.2011 12:10]
Lineage 2 Game Drop Calculator Interl... - Jelena\AppData\Local\Google\Chrome\User Data\Default\Extensions\eijklcammlbfkobaaiefhcdjeeeigofi
==== Chromium Fix ======================
C:\Users\Jelena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage-journal deleted successfully
C:\Users\Jelena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad.fida.cz_0.localstorage-journal deleted successfully
C:\Users\Jelena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads.hopzone.net_0.localstorage-journal deleted successfully
C:\Users\Jelena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads6e.dfiles.eu_0.localstorage-journal deleted successfully
C:\Users\Jelena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adserver.adtech.de_0.localstorage-journal deleted successfully
C:\Users\Jelena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_advert.uloz.to_0.localstorage-journal deleted successfully
C:\Users\Jelena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Jelena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Jelena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.safesidetabsearch.com_0.localstorage-journal deleted successfully
C:\Users\Jelena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.tvaddictsearch.com_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
HKCU\SearchScopes\{8A244612-A1F7-11E0-95C0-E71F4824019B} - http://badoo.com/startpage/?source=bsb&q={searchTerms}
HKCU\SearchScopes\{FF0D5C5C-857A-477A-86F9-BB0E3393E221} - http://www.google.cz/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
==== Reset Google Chrome ======================
C:\Users\Jelena\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Jelena\AppData\Local\Google\Chrome\User Data\Default\Preferences.bad was reset successfully
C:\Users\Jelena\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Jelena\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully
C:\Users\Jelena\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences was reset successfully
C:\Users\Jelena\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Jelena\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully
C:\Users\Jelena\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data-journal was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\44F52445D454F5F435057A857BC06200 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\81E3C7D2696E76B4B8D554DCB36E2BE7 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B46772A74345AAD4DB34A3FCF4CF7DEF deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\AVG Web TuneUp deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{54425F44-454D-4F5F-5350-A758B70C2600} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2D7C3E18-E696-4B67-8B5D-45CD3BE6B27E} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7A27764B-5434-4DAA-BD43-3ACF4FFCD7FE} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\44F52445D454F5F435057A857BC06200 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\81E3C7D2696E76B4B8D554DCB36E2BE7 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B46772A74345AAD4DB34A3FCF4CF7DEF deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt deleted successfully
==== Empty IE Cache ======================
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jelena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\lry9rs40.default\personas\cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Jelena\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=252 folders=73 138679420 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Jelena\AppData\Local\temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Jelena\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Jelena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\ehmsdri.log" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\ehRecvr.log" not deleted
==== EOF on st 17.02.2016 at 18:33:33,30 ======================
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Jelena on st 17.02.2016 at 18:09:19,14.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Jelena\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
17.2.2016 18:11:24 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\Program Files\AMD deleted successfully
C:\Program Files\GMT-MAX.ORG deleted successfully
C:\Program Files\Rockstar Games deleted successfully
C:\PROGRA~2\FixBackups deleted successfully
C:\PROGRA~2\LumaEmu_SteamCloud deleted successfully
C:\PROGRA~2\Mozilla deleted successfully
C:\PROGRA~2\Skype deleted successfully
C:\Users\Jelena\AppData\Roaming\DiskDefrag deleted successfully
C:\Users\Jelena\AppData\Roaming\EurekaLog deleted successfully
C:\Users\Jelena\AppData\Roaming\Outlook deleted successfully
C:\Users\Jelena\AppData\Roaming\PeerNetworking deleted successfully
C:\Users\Jelena\AppData\Roaming\WinRAR deleted successfully
C:\Users\Jelena\AppData\Local\CrashDumps deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WtuSystemSupport deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WtuSystemSupport deleted successfully
==== FireFox Fix ======================
Deleted from C:\Users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\1piz5tef.default\prefs.js:
user_pref("browser.search.defaulturl", "");
user_pref("keyword.URL", "http://badoo.com/startpage/?source=bsb&q=");
Added to C:\Users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\1piz5tef.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
Deleted from C:\Users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\lry9rs40.default\prefs.js:
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "http://www.seznam.cz/");
user_pref("browser.search.defaulturl", "");
user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
user_pref("browser.search.defaultenginename", "SweetIM Search");
user_pref("browser.search.selectedEngine", "SweetIM Search");
user_pref("keyword.URL", "http://search.seznam.cz/?sourceid=FF_5&q=");
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\lry9rs40.default\prefs.js:
Deleted from C:\Users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\sdavcp3j.default\prefs.js:
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
user_pref("browser.search.defaulturl", "");
user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "");
user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
user_pref("keyword.URL", "http://badoo.com/startpage/?source=bsb&q=");
Added to C:\Users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\sdavcp3j.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\1piz5tef.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_17.02.2016_1826_.backup
ProfilePath: C:\Users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\lry9rs40.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_17.02.2016_1826_.backup
ProfilePath: C:\Users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\sdavcp3j.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_17.02.2016_1826_.backup
==== Deleting Files \ Folders ======================
C:\Program Files\AMD not found
C:\Program Files\GMT-MAX.ORG not found
C:\Program Files\Rockstar Games not found
C:\Users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\lry9rs40.default\extensions\toolbar@ask.com not found
C:\Users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\lry9rs40.default\extensions\toolbar@ask.com not found
"C:\Windows\Installer\16ea21.msi" not found
"C:\Windows\Installer\16ea5e.msi" not found
C:\Users\Jelena\AppData\Local\Rockstar Games deleted
C:\Program Files\AnyToISO deleted
C:\Windows\system32\appdata deleted
C:\Program Files\DayZLauncher deleted
C:\Program Files\AVG Web TuneUp deleted
C:\found.000 deleted
C:\Users\Jelena\AppData\Roaming\pcouffin.log deleted
C:\PROGRA~2\AVG Web TuneUp deleted
C:\PROGRA~2\Kingsoft deleted
C:\PROGRA~2\Vivendi Universal Games deleted
C:\PROGRA~2\Package Cache deleted
"C:\Windows\Installer\45c8c02.msi" deleted
"C:\Users\Jelena\AppData\Local\LumaEmu" deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\1piz5tef.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
ProfilePath: C:\Users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\sdavcp3j.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5" [12.11.2011 18:08]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\lry9rs40.default
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
- Undetermined - C:\Program Files\Mozilla Firefox\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
- Personas - %ProfilePath%\extensions\personas@christopher.beard
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- AniWeather - %ProfilePath%\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
- Stylish - %ProfilePath%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
- FoxTab - %ProfilePath%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\lry9rs40.default
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
1040BD9BF3DDAB7CDA2346F8375480A2 - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll - Java(TM) Platform SE 6 U26
DE3745A51B7AC7FEDC356A83F76C8023 - C:\Windows\system32\Macromed\Flash\NPSWF32.dll - Shockwave Flash
5EB6F21D95E728C61BCFC89F899D6BB0 - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll - Java Deployment Toolkit 6.0.260.3
Profilepath: C:\Users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\sdavcp3j.default
6F120933F87E7DEC972476170288A267 - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
0BD343C45B4ECCF8D6AF94D6C3ADC310 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
AF8A94BCB98C299C49B28CC12EBC0ED2 - C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll - Google Update
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
1B743D5B6FD001660FAB17DD7C347A38 - C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll - Silverlight Plug-In
1040BD9BF3DDAB7CDA2346F8375480A2 - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll - Java(TM) Platform SE 6 U26
5EB6F21D95E728C61BCFC89F899D6BB0 - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll - Java Deployment Toolkit 6.0.260.3
B938C1AE3ADCE166190895685B0BEB0D - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll - DivX VOD Helper Plug-in
3D2C49ED6F0BBB07D7CCA0CA61F44F8F - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll - DivX Plus Web Player
DE3745A51B7AC7FEDC356A83F76C8023 - C:\Windows\system32\Macromed\Flash\NPSWF32.dll - Shockwave Flash
4F3F6B17B4A5BDB68B3CB0367A2C214E - C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrlui.dll - Microsoft® Silverlight
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[26.10.2011 12:10]
Lineage 2 Game Drop Calculator Interl... - Jelena\AppData\Local\Google\Chrome\User Data\Default\Extensions\eijklcammlbfkobaaiefhcdjeeeigofi
==== Chromium Fix ======================
C:\Users\Jelena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage-journal deleted successfully
C:\Users\Jelena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad.fida.cz_0.localstorage-journal deleted successfully
C:\Users\Jelena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads.hopzone.net_0.localstorage-journal deleted successfully
C:\Users\Jelena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads6e.dfiles.eu_0.localstorage-journal deleted successfully
C:\Users\Jelena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adserver.adtech.de_0.localstorage-journal deleted successfully
C:\Users\Jelena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_advert.uloz.to_0.localstorage-journal deleted successfully
C:\Users\Jelena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Jelena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Jelena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.safesidetabsearch.com_0.localstorage-journal deleted successfully
C:\Users\Jelena\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.tvaddictsearch.com_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
HKCU\SearchScopes\{8A244612-A1F7-11E0-95C0-E71F4824019B} - http://badoo.com/startpage/?source=bsb&q={searchTerms}
HKCU\SearchScopes\{FF0D5C5C-857A-477A-86F9-BB0E3393E221} - http://www.google.cz/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
==== Reset Google Chrome ======================
C:\Users\Jelena\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Jelena\AppData\Local\Google\Chrome\User Data\Default\Preferences.bad was reset successfully
C:\Users\Jelena\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Jelena\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully
C:\Users\Jelena\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences was reset successfully
C:\Users\Jelena\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Jelena\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully
C:\Users\Jelena\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data-journal was reset successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\44F52445D454F5F435057A857BC06200 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\81E3C7D2696E76B4B8D554DCB36E2BE7 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B46772A74345AAD4DB34A3FCF4CF7DEF deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\AVG Web TuneUp deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{54425F44-454D-4F5F-5350-A758B70C2600} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2D7C3E18-E696-4B67-8B5D-45CD3BE6B27E} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7A27764B-5434-4DAA-BD43-3ACF4FFCD7FE} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\44F52445D454F5F435057A857BC06200 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\81E3C7D2696E76B4B8D554DCB36E2BE7 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\B46772A74345AAD4DB34A3FCF4CF7DEF deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt deleted successfully
==== Empty IE Cache ======================
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jelena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\lry9rs40.default\personas\cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Jelena\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=252 folders=73 138679420 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Jelena\AppData\Local\temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Jelena\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Jelena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\ehmsdri.log" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\ehRecvr.log" not deleted
==== EOF on st 17.02.2016 at 18:33:33,30 ======================
Re: problem CPU na 100 procent
ComboFix 16-02-15.01 - Jelena 17.02.2016 18:47:04.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3582.2066 [GMT 1:00]
Spuštěný z: c:\users\Jelena\Documents\Downloads\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
FW: AVG update module *Disabled* {757AB44A-78C2-7D1A-E37F-CA42A037B368}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: AVG update module *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-01-17 do 2016-02-17 )))))))))))))))))))))))))))))))
.
.
2016-02-17 17:55 . 2016-02-17 17:55 -------- d-----w- c:\users\Jelena\AppData\Local\temp
2016-02-17 17:55 . 2016-02-17 17:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-02-17 17:41 . 2016-02-17 17:41 -------- d-----w- c:\programdata\Kingsoft
2016-02-17 17:29 . 2016-02-17 17:09 24064 ----a-w- c:\windows\zoek-delete.exe
2016-02-17 17:09 . 2016-02-17 17:28 -------- d-----w- C:\zoek_backup
2016-02-17 13:43 . 2016-02-17 14:08 -------- d-----w- c:\users\Jelena\AppData\Local\ArmA 2 OA
2016-02-16 20:26 . 2016-02-17 11:57 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-02-16 20:25 . 2016-02-16 20:25 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-02-16 20:25 . 2016-02-16 20:25 -------- d-----w- c:\programdata\Malwarebytes
2016-02-16 20:25 . 2015-10-05 08:50 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-02-16 20:25 . 2015-10-05 08:50 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-02-16 20:25 . 2015-10-05 08:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-02-16 19:49 . 2016-02-17 16:39 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-02-16 19:49 . 2016-02-16 20:04 -------- d-----w- c:\programdata\RogueKiller
2016-02-15 23:18 . 2016-02-15 23:25 -------- d-----w- C:\AdwCleaner
2016-02-15 23:06 . 2016-02-15 23:10 -------- d-----w- c:\windows\system32\catroot2
2016-02-15 22:54 . 2016-02-17 17:33 -------- d-----w- c:\windows\system32\wbem\repository
2016-02-15 22:35 . 2016-02-15 22:35 -------- d-----w- C:\RegBackup
2016-02-15 22:35 . 2016-02-15 22:35 -------- d-----w- c:\program files\Tweaking.com
2016-02-12 14:31 . 2016-02-13 13:09 -------- d-----w- c:\program files\Steam
2016-02-10 14:12 . 2014-09-17 04:49 28448 ----a-w- c:\windows\system32\nvhdap32.dll
2016-02-10 14:12 . 2014-09-17 04:49 162592 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2016-02-05 15:56 . 2016-02-05 15:56 -------- d-----w- c:\users\Jelena\AppData\Local\Skype
2016-02-05 15:56 . 2016-02-05 15:56 -------- d-----w- c:\program files\Common Files\Skype
2016-02-05 15:56 . 2016-02-05 15:56 -------- d-----r- c:\program files\Skype
2016-02-04 18:31 . 2016-02-04 18:31 -------- d-----w- c:\programdata\boost_interprocess
2016-02-02 19:36 . 2016-01-23 03:45 925752 ----a-w- c:\windows\system32\nvdispgenco3236175.dll
2016-02-02 19:36 . 2016-01-23 03:45 1066944 ----a-w- c:\windows\system32\nvdispco3236175.dll
2016-01-31 19:34 . 2016-02-15 19:40 -------- d-----w- c:\users\Jelena\AppData\Roaming\TS3Client
2016-01-31 19:34 . 2016-02-01 14:42 -------- d-----w- c:\program files\TeamSpeak 3 Client
2016-01-31 19:30 . 2016-02-13 07:54 -------- d-----w- c:\users\Jelena\AppData\Roaming\Skype
2016-01-31 19:21 . 2016-01-31 19:21 -------- d-----w- c:\users\Jelena\AppData\Roaming\teamspeak2
2016-01-30 23:04 . 2016-02-17 13:43 -------- d-----w- c:\program files\Common Files\BattlEye
2016-01-30 21:39 . 2016-01-30 21:39 -------- d-----w- c:\users\Jelena\AppData\Local\DayZCommander
2016-01-30 21:35 . 2016-01-30 21:35 -------- d-----w- c:\program files\Dotjosh Studios
2016-01-30 18:06 . 2016-01-30 18:06 -------- d-----w- c:\programdata\Bohemia Interactive Studio
2016-01-30 12:55 . 2016-01-30 12:55 -------- d-----w- c:\users\Jelena\AppData\Roaming\Guild Wars 2
2016-01-24 06:01 . 2016-01-24 06:01 -------- d-----w- c:\program files\Slimi
2016-01-20 16:31 . 2016-01-20 16:31 -------- d-----w- c:\program files\Common Files\Adobe
2016-01-19 00:45 . 2016-01-19 00:45 -------- d-----w- c:\users\Jelena\AppData\Roaming\PowerISO
2016-01-19 00:33 . 2016-01-19 00:33 -------- d-----w- c:\program files\RAR to ZIP Converter
2016-01-19 00:27 . 2016-01-19 00:27 -------- d-----w- c:\users\Jelena\AppData\Roaming\Vso
2016-01-19 00:27 . 2016-01-19 00:27 47360 ----a-w- c:\users\Jelena\AppData\Roaming\pcouffin.sys
2016-01-19 00:27 . 2012-11-21 19:16 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2016-01-19 00:27 . 2012-11-21 19:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2016-01-19 00:27 . 2016-01-19 00:27 -------- d-----w- c:\programdata\VSO
2016-01-19 00:27 . 2016-01-19 00:27 -------- d-----w- c:\program files\VSO
2016-01-19 00:21 . 2016-01-19 00:22 -------- d-----w- c:\users\Jelena\AppData\Roaming\3D88BAF1-5EB2-46A7-B3C6-905CF7D9D548
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-01-23 01:00 . 2016-01-06 11:34 83512 ----a-w- c:\windows\system32\nv3dappshextr.dll
2016-01-23 01:00 . 2016-01-06 11:34 436160 ----a-w- c:\windows\system32\nv3dappshext.dll
2016-01-23 01:00 . 2016-01-06 11:34 2563128 ----a-w- c:\windows\system32\nvsvcr.dll
2016-01-18 17:46 . 2016-01-18 17:46 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2016-01-18 06:12 . 2016-01-18 06:12 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2016-01-18 06:12 . 2010-02-17 15:42 138576 ----a-w- c:\users\Jelena\AppData\Roaming\PnkBstrK.sys
2016-01-18 06:12 . 2016-01-18 06:12 291496 ----a-w- c:\windows\system32\PnkBstrB.exe
2016-01-18 06:12 . 2010-02-17 15:42 291496 ----a-w- c:\windows\system32\PnkBstrB.ex0
2016-01-18 06:12 . 2016-01-18 06:12 76152 ----a-w- c:\windows\system32\PnkBstrA.exe
2016-01-16 03:11 . 2010-02-17 15:42 912744 ----a-w- c:\windows\system32\pbsvc.exe
2016-01-16 02:30 . 2016-01-15 02:01 291512 ----a-w- c:\windows\system32\PnkBstrB.xtr
2016-01-16 02:17 . 2015-12-19 13:59 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2016-01-16 02:17 . 2015-12-19 13:59 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2015-12-30 17:12 . 2016-01-14 02:02 3609024 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-12-30 17:12 . 2016-01-14 02:02 3556800 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-12-21 22:49 . 2015-12-21 22:49 81768 ----a-w- c:\windows\system32\drivers\ksapi.sys
2015-12-21 22:49 . 2015-12-21 22:49 56680 ----a-w- c:\windows\system32\drivers\ksapi64.sys
2015-12-21 16:01 . 2016-01-02 08:35 43568 ----a-w- c:\windows\system32\drivers\tap0901t.sys
2015-12-20 04:41 . 2015-12-20 04:41 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F6E0D374-B70D-470F-AAC1-DF9298335219}\offreg.5920.dll
2015-12-18 22:17 . 2009-12-06 12:28 319456 ----a-w- c:\windows\DIFxAPI.dll
2015-12-18 21:05 . 2015-12-18 21:05 17472 ----a-w- c:\windows\system32\drivers\GUBootStartup.sys
2015-12-16 22:00 . 2016-01-13 05:46 916992 ----a-w- c:\windows\system32\wininet.dll
2015-12-16 22:00 . 2016-01-13 05:46 423936 ----a-w- c:\windows\system32\vbscript.dll
2015-12-16 21:54 . 2016-01-13 05:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
2015-12-16 21:54 . 2016-01-13 05:46 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2015-12-16 21:54 . 2016-01-13 05:46 109056 ----a-w- c:\windows\system32\iesysprep.dll
2015-12-16 21:54 . 2016-01-13 05:46 71680 ----a-w- c:\windows\system32\iesetup.dll
2015-12-16 21:51 . 2016-01-13 05:46 19456 ----a-w- c:\windows\system32\corpol.dll
2015-12-16 19:06 . 2016-01-13 05:46 385024 ----a-w- c:\windows\system32\html.iec
2015-12-16 17:20 . 2016-01-13 05:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2015-12-16 17:18 . 2016-01-13 05:46 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2015-12-16 17:04 . 2016-01-06 11:29 917112 ----a-w- c:\windows\system32\nvdispgenco3236143.dll
2015-12-16 17:04 . 2016-01-06 11:29 1060144 ----a-w- c:\windows\system32\nvdispco3236143.dll
2015-12-16 09:15 . 2015-12-19 05:50 9014120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F6E0D374-B70D-470F-AAC1-DF9298335219}\mpengine.dll
2015-12-09 18:58 . 2015-12-09 18:58 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2015-12-08 17:01 . 2016-01-14 02:03 801280 ----a-w- c:\windows\system32\advapi32.dll
2015-12-07 05:27 . 2015-12-18 22:53 22440 ----a-w- c:\windows\system32\RegBootDefrag.exe
2015-12-05 17:03 . 2016-01-14 02:06 767488 ----a-w- c:\windows\system32\WMVSENCD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 650240 ----a-w- c:\windows\system32\WMVXENCD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 1377792 ----a-w- c:\windows\system32\WMVSDECD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 605184 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 1567744 ----a-w- c:\windows\system32\WMVENCOD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 1326080 ----a-w- c:\windows\system32\WMSPDMOE.DLL
2015-12-05 17:03 . 2016-01-14 02:06 867328 ----a-w- c:\windows\system32\wmpmde.dll
2015-12-05 17:03 . 2016-01-14 02:06 759296 ----a-w- c:\windows\system32\WMADMOD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 1114624 ----a-w- c:\windows\system32\WMADMOE.DLL
2015-12-05 17:03 . 2016-01-14 02:06 243200 ----a-w- c:\windows\system32\VIDRESZR.DLL
2015-12-05 17:03 . 2016-01-14 02:06 212992 ----a-w- c:\windows\system32\RESAMPLEDMO.DLL
2015-12-05 17:03 . 2016-01-14 02:06 208896 ----a-w- c:\windows\system32\qasf.dll
2015-12-05 17:03 . 2016-01-14 02:06 497152 ----a-w- c:\windows\system32\qdvd.dll
2015-12-05 17:03 . 2016-01-14 02:06 1314816 ----a-w- c:\windows\system32\quartz.dll
2015-12-05 17:03 . 2016-01-14 02:06 506880 ----a-w- c:\windows\system32\qedit.dll
2015-12-05 17:03 . 2016-01-14 02:06 2873344 ----a-w- c:\windows\system32\mf.dll
2015-12-05 17:02 . 2016-01-14 02:06 613888 ----a-w- c:\windows\system32\MSMPEG2VDEC.DLL
2015-12-05 17:02 . 2016-01-14 02:06 506880 ----a-w- c:\windows\system32\MSMPEG2ENC.DLL
2015-12-05 17:02 . 2016-01-14 02:06 391680 ----a-w- c:\windows\system32\MSMPEG2ADEC.DLL
2015-12-05 17:02 . 2016-01-14 02:06 80896 ----a-w- c:\windows\system32\MP3DMOD.DLL
2015-12-05 17:02 . 2016-01-14 02:06 254976 ----a-w- c:\windows\system32\MPG4DECD.DLL
2015-12-05 17:02 . 2016-01-14 02:06 254976 ----a-w- c:\windows\system32\MP43DECD.DLL
2015-12-05 17:02 . 2016-01-14 02:06 314880 ----a-w- c:\windows\system32\MP4SDECD.DLL
2015-12-05 17:02 . 2016-01-14 02:06 606208 ----a-w- c:\windows\system32\MFWMAAEC.DLL
2015-12-05 17:02 . 2016-01-14 02:06 209920 ----a-w- c:\windows\system32\mfplat.dll
2015-12-05 17:02 . 2016-01-14 02:06 59392 ----a-w- c:\windows\system32\mfvdsp.dll
2015-12-05 17:02 . 2016-01-14 02:06 853504 ----a-w- c:\windows\system32\mcmde.dll
2015-12-05 17:02 . 2016-01-14 02:06 144384 ----a-w- c:\windows\system32\ksproxy.ax
2015-12-05 17:02 . 2016-01-14 02:02 298496 ----a-w- c:\windows\system32\gdi32.dll
2015-12-05 17:02 . 2016-01-14 02:06 480256 ----a-w- c:\windows\system32\evr.dll
2015-12-05 17:02 . 2016-01-14 02:06 64000 ----a-w- c:\windows\system32\devenum.dll
2015-12-05 17:02 . 2016-01-14 02:06 158208 ----a-w- c:\windows\system32\COLORCNV.DLL
2015-12-05 16:44 . 2016-01-14 02:06 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2015-12-05 15:24 . 2016-01-14 02:03 2068480 ----a-w- c:\windows\system32\win32k.sys
2015-12-02 12:25 . 2009-12-06 12:02 247976 ----a-w- c:\windows\system32\MpSigStub.exe
2015-11-24 23:32 . 2015-11-24 23:32 32672 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\program files\Steam\steam.exe" [2016-02-04 3014224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2015-12-15 4431848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GIGABYTE OC_GURU.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk
backup=c:\windows\pss\GIGABYTE OC_GURU.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 11:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmsc]
2015-12-21 23:08 771912 ----a-w- c:\program files\cmcm\Clean Master\cmtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUDelayStartup]
2015-12-07 05:27 36776 ----a-w- c:\program files\Glary Utilities 5\StartupManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
2016-01-12 04:43 2787264 ----a-w- c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
2014-05-09 16:11 12021464 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 13:18 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-10 22:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1772954895-572253709-3323056614-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-02-11 01:32 1090376 ----a-w- c:\program files\Google\Chrome\Application\48.0.2564.109\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-12 07:13]
.
2016-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-12 07:13]
.
2016-02-17 c:\windows\Tasks\User_Feed_Synchronization-{452712CC-A02B-430F-B812-C168DCA0292E}.job
- c:\windows\system32\msfeedssync.exe [2016-01-13 17:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: driversupport.com\apps
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\sdavcp3j.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{E31045B4-9DB5-9EBD-44DF-BD4E6CFD40DF}_is1 - c:\program files\DayZLauncher\unins000.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-02-17 18:55
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1772954895-572253709-3323056614-1000\Software\SecuROM\License information*]
"datasecu"=hex:c6,4a,52,07,64,5f,4c,4c,f7,b5,cd,b3,f9,ac,72,f5,a6,f9,68,93,2c,
da,4f,84,38,90,72,25,b9,a2,1a,92,b1,f9,8b,b6,72,a5,5b,90,5a,04,96,13,10,3f,\
"rkeysecu"=hex:eb,ed,25,36,87,f9,a4,0e,3e,55,52,03,a4,93,85,e0
.
Celkový čas: 2016-02-17 18:57:15
ComboFix-quarantined-files.txt 2016-02-17 17:57
ComboFix2.txt 2016-02-15 23:41
.
Před spuštěním: Volných bajtů: 91 897 159 680
Po spuštění: Volných bajtů: 91 856 158 720
.
- - End Of File - - 0595220249B689CF25089C7E8A5DCB71
5C616939100B85E558DA92B899A0FC36
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3582.2066 [GMT 1:00]
Spuštěný z: c:\users\Jelena\Documents\Downloads\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
FW: AVG update module *Disabled* {757AB44A-78C2-7D1A-E37F-CA42A037B368}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: AVG update module *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-01-17 do 2016-02-17 )))))))))))))))))))))))))))))))
.
.
2016-02-17 17:55 . 2016-02-17 17:55 -------- d-----w- c:\users\Jelena\AppData\Local\temp
2016-02-17 17:55 . 2016-02-17 17:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-02-17 17:41 . 2016-02-17 17:41 -------- d-----w- c:\programdata\Kingsoft
2016-02-17 17:29 . 2016-02-17 17:09 24064 ----a-w- c:\windows\zoek-delete.exe
2016-02-17 17:09 . 2016-02-17 17:28 -------- d-----w- C:\zoek_backup
2016-02-17 13:43 . 2016-02-17 14:08 -------- d-----w- c:\users\Jelena\AppData\Local\ArmA 2 OA
2016-02-16 20:26 . 2016-02-17 11:57 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-02-16 20:25 . 2016-02-16 20:25 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-02-16 20:25 . 2016-02-16 20:25 -------- d-----w- c:\programdata\Malwarebytes
2016-02-16 20:25 . 2015-10-05 08:50 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-02-16 20:25 . 2015-10-05 08:50 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-02-16 20:25 . 2015-10-05 08:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-02-16 19:49 . 2016-02-17 16:39 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-02-16 19:49 . 2016-02-16 20:04 -------- d-----w- c:\programdata\RogueKiller
2016-02-15 23:18 . 2016-02-15 23:25 -------- d-----w- C:\AdwCleaner
2016-02-15 23:06 . 2016-02-15 23:10 -------- d-----w- c:\windows\system32\catroot2
2016-02-15 22:54 . 2016-02-17 17:33 -------- d-----w- c:\windows\system32\wbem\repository
2016-02-15 22:35 . 2016-02-15 22:35 -------- d-----w- C:\RegBackup
2016-02-15 22:35 . 2016-02-15 22:35 -------- d-----w- c:\program files\Tweaking.com
2016-02-12 14:31 . 2016-02-13 13:09 -------- d-----w- c:\program files\Steam
2016-02-10 14:12 . 2014-09-17 04:49 28448 ----a-w- c:\windows\system32\nvhdap32.dll
2016-02-10 14:12 . 2014-09-17 04:49 162592 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2016-02-05 15:56 . 2016-02-05 15:56 -------- d-----w- c:\users\Jelena\AppData\Local\Skype
2016-02-05 15:56 . 2016-02-05 15:56 -------- d-----w- c:\program files\Common Files\Skype
2016-02-05 15:56 . 2016-02-05 15:56 -------- d-----r- c:\program files\Skype
2016-02-04 18:31 . 2016-02-04 18:31 -------- d-----w- c:\programdata\boost_interprocess
2016-02-02 19:36 . 2016-01-23 03:45 925752 ----a-w- c:\windows\system32\nvdispgenco3236175.dll
2016-02-02 19:36 . 2016-01-23 03:45 1066944 ----a-w- c:\windows\system32\nvdispco3236175.dll
2016-01-31 19:34 . 2016-02-15 19:40 -------- d-----w- c:\users\Jelena\AppData\Roaming\TS3Client
2016-01-31 19:34 . 2016-02-01 14:42 -------- d-----w- c:\program files\TeamSpeak 3 Client
2016-01-31 19:30 . 2016-02-13 07:54 -------- d-----w- c:\users\Jelena\AppData\Roaming\Skype
2016-01-31 19:21 . 2016-01-31 19:21 -------- d-----w- c:\users\Jelena\AppData\Roaming\teamspeak2
2016-01-30 23:04 . 2016-02-17 13:43 -------- d-----w- c:\program files\Common Files\BattlEye
2016-01-30 21:39 . 2016-01-30 21:39 -------- d-----w- c:\users\Jelena\AppData\Local\DayZCommander
2016-01-30 21:35 . 2016-01-30 21:35 -------- d-----w- c:\program files\Dotjosh Studios
2016-01-30 18:06 . 2016-01-30 18:06 -------- d-----w- c:\programdata\Bohemia Interactive Studio
2016-01-30 12:55 . 2016-01-30 12:55 -------- d-----w- c:\users\Jelena\AppData\Roaming\Guild Wars 2
2016-01-24 06:01 . 2016-01-24 06:01 -------- d-----w- c:\program files\Slimi
2016-01-20 16:31 . 2016-01-20 16:31 -------- d-----w- c:\program files\Common Files\Adobe
2016-01-19 00:45 . 2016-01-19 00:45 -------- d-----w- c:\users\Jelena\AppData\Roaming\PowerISO
2016-01-19 00:33 . 2016-01-19 00:33 -------- d-----w- c:\program files\RAR to ZIP Converter
2016-01-19 00:27 . 2016-01-19 00:27 -------- d-----w- c:\users\Jelena\AppData\Roaming\Vso
2016-01-19 00:27 . 2016-01-19 00:27 47360 ----a-w- c:\users\Jelena\AppData\Roaming\pcouffin.sys
2016-01-19 00:27 . 2012-11-21 19:16 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2016-01-19 00:27 . 2012-11-21 19:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2016-01-19 00:27 . 2016-01-19 00:27 -------- d-----w- c:\programdata\VSO
2016-01-19 00:27 . 2016-01-19 00:27 -------- d-----w- c:\program files\VSO
2016-01-19 00:21 . 2016-01-19 00:22 -------- d-----w- c:\users\Jelena\AppData\Roaming\3D88BAF1-5EB2-46A7-B3C6-905CF7D9D548
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-01-23 01:00 . 2016-01-06 11:34 83512 ----a-w- c:\windows\system32\nv3dappshextr.dll
2016-01-23 01:00 . 2016-01-06 11:34 436160 ----a-w- c:\windows\system32\nv3dappshext.dll
2016-01-23 01:00 . 2016-01-06 11:34 2563128 ----a-w- c:\windows\system32\nvsvcr.dll
2016-01-18 17:46 . 2016-01-18 17:46 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2016-01-18 06:12 . 2016-01-18 06:12 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2016-01-18 06:12 . 2010-02-17 15:42 138576 ----a-w- c:\users\Jelena\AppData\Roaming\PnkBstrK.sys
2016-01-18 06:12 . 2016-01-18 06:12 291496 ----a-w- c:\windows\system32\PnkBstrB.exe
2016-01-18 06:12 . 2010-02-17 15:42 291496 ----a-w- c:\windows\system32\PnkBstrB.ex0
2016-01-18 06:12 . 2016-01-18 06:12 76152 ----a-w- c:\windows\system32\PnkBstrA.exe
2016-01-16 03:11 . 2010-02-17 15:42 912744 ----a-w- c:\windows\system32\pbsvc.exe
2016-01-16 02:30 . 2016-01-15 02:01 291512 ----a-w- c:\windows\system32\PnkBstrB.xtr
2016-01-16 02:17 . 2015-12-19 13:59 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2016-01-16 02:17 . 2015-12-19 13:59 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2015-12-30 17:12 . 2016-01-14 02:02 3609024 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-12-30 17:12 . 2016-01-14 02:02 3556800 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-12-21 22:49 . 2015-12-21 22:49 81768 ----a-w- c:\windows\system32\drivers\ksapi.sys
2015-12-21 22:49 . 2015-12-21 22:49 56680 ----a-w- c:\windows\system32\drivers\ksapi64.sys
2015-12-21 16:01 . 2016-01-02 08:35 43568 ----a-w- c:\windows\system32\drivers\tap0901t.sys
2015-12-20 04:41 . 2015-12-20 04:41 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F6E0D374-B70D-470F-AAC1-DF9298335219}\offreg.5920.dll
2015-12-18 22:17 . 2009-12-06 12:28 319456 ----a-w- c:\windows\DIFxAPI.dll
2015-12-18 21:05 . 2015-12-18 21:05 17472 ----a-w- c:\windows\system32\drivers\GUBootStartup.sys
2015-12-16 22:00 . 2016-01-13 05:46 916992 ----a-w- c:\windows\system32\wininet.dll
2015-12-16 22:00 . 2016-01-13 05:46 423936 ----a-w- c:\windows\system32\vbscript.dll
2015-12-16 21:54 . 2016-01-13 05:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
2015-12-16 21:54 . 2016-01-13 05:46 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2015-12-16 21:54 . 2016-01-13 05:46 109056 ----a-w- c:\windows\system32\iesysprep.dll
2015-12-16 21:54 . 2016-01-13 05:46 71680 ----a-w- c:\windows\system32\iesetup.dll
2015-12-16 21:51 . 2016-01-13 05:46 19456 ----a-w- c:\windows\system32\corpol.dll
2015-12-16 19:06 . 2016-01-13 05:46 385024 ----a-w- c:\windows\system32\html.iec
2015-12-16 17:20 . 2016-01-13 05:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2015-12-16 17:18 . 2016-01-13 05:46 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2015-12-16 17:04 . 2016-01-06 11:29 917112 ----a-w- c:\windows\system32\nvdispgenco3236143.dll
2015-12-16 17:04 . 2016-01-06 11:29 1060144 ----a-w- c:\windows\system32\nvdispco3236143.dll
2015-12-16 09:15 . 2015-12-19 05:50 9014120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F6E0D374-B70D-470F-AAC1-DF9298335219}\mpengine.dll
2015-12-09 18:58 . 2015-12-09 18:58 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2015-12-08 17:01 . 2016-01-14 02:03 801280 ----a-w- c:\windows\system32\advapi32.dll
2015-12-07 05:27 . 2015-12-18 22:53 22440 ----a-w- c:\windows\system32\RegBootDefrag.exe
2015-12-05 17:03 . 2016-01-14 02:06 767488 ----a-w- c:\windows\system32\WMVSENCD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 650240 ----a-w- c:\windows\system32\WMVXENCD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 1377792 ----a-w- c:\windows\system32\WMVSDECD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 605184 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 1567744 ----a-w- c:\windows\system32\WMVENCOD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 1326080 ----a-w- c:\windows\system32\WMSPDMOE.DLL
2015-12-05 17:03 . 2016-01-14 02:06 867328 ----a-w- c:\windows\system32\wmpmde.dll
2015-12-05 17:03 . 2016-01-14 02:06 759296 ----a-w- c:\windows\system32\WMADMOD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 1114624 ----a-w- c:\windows\system32\WMADMOE.DLL
2015-12-05 17:03 . 2016-01-14 02:06 243200 ----a-w- c:\windows\system32\VIDRESZR.DLL
2015-12-05 17:03 . 2016-01-14 02:06 212992 ----a-w- c:\windows\system32\RESAMPLEDMO.DLL
2015-12-05 17:03 . 2016-01-14 02:06 208896 ----a-w- c:\windows\system32\qasf.dll
2015-12-05 17:03 . 2016-01-14 02:06 497152 ----a-w- c:\windows\system32\qdvd.dll
2015-12-05 17:03 . 2016-01-14 02:06 1314816 ----a-w- c:\windows\system32\quartz.dll
2015-12-05 17:03 . 2016-01-14 02:06 506880 ----a-w- c:\windows\system32\qedit.dll
2015-12-05 17:03 . 2016-01-14 02:06 2873344 ----a-w- c:\windows\system32\mf.dll
2015-12-05 17:02 . 2016-01-14 02:06 613888 ----a-w- c:\windows\system32\MSMPEG2VDEC.DLL
2015-12-05 17:02 . 2016-01-14 02:06 506880 ----a-w- c:\windows\system32\MSMPEG2ENC.DLL
2015-12-05 17:02 . 2016-01-14 02:06 391680 ----a-w- c:\windows\system32\MSMPEG2ADEC.DLL
2015-12-05 17:02 . 2016-01-14 02:06 80896 ----a-w- c:\windows\system32\MP3DMOD.DLL
2015-12-05 17:02 . 2016-01-14 02:06 254976 ----a-w- c:\windows\system32\MPG4DECD.DLL
2015-12-05 17:02 . 2016-01-14 02:06 254976 ----a-w- c:\windows\system32\MP43DECD.DLL
2015-12-05 17:02 . 2016-01-14 02:06 314880 ----a-w- c:\windows\system32\MP4SDECD.DLL
2015-12-05 17:02 . 2016-01-14 02:06 606208 ----a-w- c:\windows\system32\MFWMAAEC.DLL
2015-12-05 17:02 . 2016-01-14 02:06 209920 ----a-w- c:\windows\system32\mfplat.dll
2015-12-05 17:02 . 2016-01-14 02:06 59392 ----a-w- c:\windows\system32\mfvdsp.dll
2015-12-05 17:02 . 2016-01-14 02:06 853504 ----a-w- c:\windows\system32\mcmde.dll
2015-12-05 17:02 . 2016-01-14 02:06 144384 ----a-w- c:\windows\system32\ksproxy.ax
2015-12-05 17:02 . 2016-01-14 02:02 298496 ----a-w- c:\windows\system32\gdi32.dll
2015-12-05 17:02 . 2016-01-14 02:06 480256 ----a-w- c:\windows\system32\evr.dll
2015-12-05 17:02 . 2016-01-14 02:06 64000 ----a-w- c:\windows\system32\devenum.dll
2015-12-05 17:02 . 2016-01-14 02:06 158208 ----a-w- c:\windows\system32\COLORCNV.DLL
2015-12-05 16:44 . 2016-01-14 02:06 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2015-12-05 15:24 . 2016-01-14 02:03 2068480 ----a-w- c:\windows\system32\win32k.sys
2015-12-02 12:25 . 2009-12-06 12:02 247976 ----a-w- c:\windows\system32\MpSigStub.exe
2015-11-24 23:32 . 2015-11-24 23:32 32672 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\program files\Steam\steam.exe" [2016-02-04 3014224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2015-12-15 4431848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GIGABYTE OC_GURU.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk
backup=c:\windows\pss\GIGABYTE OC_GURU.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 11:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmsc]
2015-12-21 23:08 771912 ----a-w- c:\program files\cmcm\Clean Master\cmtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUDelayStartup]
2015-12-07 05:27 36776 ----a-w- c:\program files\Glary Utilities 5\StartupManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
2016-01-12 04:43 2787264 ----a-w- c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
2014-05-09 16:11 12021464 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 13:18 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-10 22:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1772954895-572253709-3323056614-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-02-11 01:32 1090376 ----a-w- c:\program files\Google\Chrome\Application\48.0.2564.109\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-12 07:13]
.
2016-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-12 07:13]
.
2016-02-17 c:\windows\Tasks\User_Feed_Synchronization-{452712CC-A02B-430F-B812-C168DCA0292E}.job
- c:\windows\system32\msfeedssync.exe [2016-01-13 17:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: driversupport.com\apps
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\sdavcp3j.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{E31045B4-9DB5-9EBD-44DF-BD4E6CFD40DF}_is1 - c:\program files\DayZLauncher\unins000.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-02-17 18:55
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1772954895-572253709-3323056614-1000\Software\SecuROM\License information*]
"datasecu"=hex:c6,4a,52,07,64,5f,4c,4c,f7,b5,cd,b3,f9,ac,72,f5,a6,f9,68,93,2c,
da,4f,84,38,90,72,25,b9,a2,1a,92,b1,f9,8b,b6,72,a5,5b,90,5a,04,96,13,10,3f,\
"rkeysecu"=hex:eb,ed,25,36,87,f9,a4,0e,3e,55,52,03,a4,93,85,e0
.
Celkový čas: 2016-02-17 18:57:15
ComboFix-quarantined-files.txt 2016-02-17 17:57
ComboFix2.txt 2016-02-15 23:41
.
Před spuštěním: Volných bajtů: 91 897 159 680
Po spuštění: Volných bajtů: 91 856 158 720
.
- - End Of File - - 0595220249B689CF25089C7E8A5DCB71
5C616939100B85E558DA92B899A0FC36
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43060
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: problem CPU na 100 procent
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Kód: Vybrat vše
ClearJavaCache::
KillAll::
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
Folder::
c:\program files\Google\Update
DirLook::
c:\users\Jelena\AppData\Roaming\3D88BAF1-5EB2-46A7-B3C6-905CF7D9D548Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: problem CPU na 100 procent
ComboFix 16-02-15.01 - Jelena 18.02.2016 12:24:41.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3582.2013 [GMT 1:00]
Spuštěný z: c:\users\Jelena\Documents\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jelena\Desktop\CFScript.txt
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
FW: AVG update module *Disabled* {757AB44A-78C2-7D1A-E37F-CA42A037B368}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: AVG update module *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Update
c:\program files\Google\Update\1.3.29.5\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.29.5\GoogleUpdate.exe
c:\program files\Google\Update\1.3.29.5\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.29.5\GoogleUpdateComRegisterShell64.exe
c:\program files\Google\Update\1.3.29.5\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.29.5\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.29.5\GoogleUpdateWebPlugin.exe
c:\program files\Google\Update\1.3.29.5\goopdate.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_am.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_ar.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_bg.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_bn.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_ca.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_cs.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_da.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_de.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_el.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_en.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_es.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_et.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_fa.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_fi.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_fil.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_fr.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_gu.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_hi.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_hr.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_hu.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_id.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_is.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_it.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_iw.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_ja.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_kn.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_ko.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_lt.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_lv.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_ml.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_mr.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_ms.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_nl.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_no.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_pl.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_ro.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_ru.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_sk.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_sl.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_sr.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_sv.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_sw.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_ta.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_te.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_th.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_tr.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_uk.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_ur.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_vi.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.29.5\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.29.5\psmachine.dll
c:\program files\Google\Update\1.3.29.5\psmachine_64.dll
c:\program files\Google\Update\1.3.29.5\psuser.dll
c:\program files\Google\Update\1.3.29.5\psuser_64.dll
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
Nakažená kopie c:\windows\system32\userinit.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\erdnt\cache\userinit.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-01-18 do 2016-02-18 )))))))))))))))))))))))))))))))
.
.
2016-02-18 11:35 . 2016-02-18 11:39 -------- d-----w- c:\users\Jelena\AppData\Local\temp
2016-02-18 11:35 . 2016-02-18 11:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-02-17 17:41 . 2016-02-17 17:41 -------- d-----w- c:\programdata\Kingsoft
2016-02-17 17:29 . 2016-02-17 17:09 24064 ----a-w- c:\windows\zoek-delete.exe
2016-02-17 17:09 . 2016-02-17 17:28 -------- d-----w- C:\zoek_backup
2016-02-17 13:43 . 2016-02-17 14:08 -------- d-----w- c:\users\Jelena\AppData\Local\ArmA 2 OA
2016-02-16 20:26 . 2016-02-17 11:57 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-02-16 20:25 . 2016-02-16 20:25 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-02-16 20:25 . 2016-02-16 20:25 -------- d-----w- c:\programdata\Malwarebytes
2016-02-16 20:25 . 2015-10-05 08:50 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-02-16 20:25 . 2015-10-05 08:50 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-02-16 20:25 . 2015-10-05 08:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-02-16 19:49 . 2016-02-17 16:39 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-02-16 19:49 . 2016-02-16 20:04 -------- d-----w- c:\programdata\RogueKiller
2016-02-15 23:18 . 2016-02-15 23:25 -------- d-----w- C:\AdwCleaner
2016-02-15 23:06 . 2016-02-15 23:10 -------- d-----w- c:\windows\system32\catroot2
2016-02-15 22:54 . 2016-02-18 11:38 -------- d-----w- c:\windows\system32\wbem\repository
2016-02-15 22:35 . 2016-02-15 22:35 -------- d-----w- C:\RegBackup
2016-02-15 22:35 . 2016-02-15 22:35 -------- d-----w- c:\program files\Tweaking.com
2016-02-12 14:31 . 2016-02-13 13:09 -------- d-----w- c:\program files\Steam
2016-02-10 14:12 . 2014-09-17 04:49 28448 ----a-w- c:\windows\system32\nvhdap32.dll
2016-02-10 14:12 . 2014-09-17 04:49 162592 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2016-02-05 15:56 . 2016-02-05 15:56 -------- d-----w- c:\users\Jelena\AppData\Local\Skype
2016-02-05 15:56 . 2016-02-05 15:56 -------- d-----w- c:\program files\Common Files\Skype
2016-02-05 15:56 . 2016-02-05 15:56 -------- d-----r- c:\program files\Skype
2016-02-04 18:31 . 2016-02-04 18:31 -------- d-----w- c:\programdata\boost_interprocess
2016-02-02 19:36 . 2016-01-23 03:45 925752 ----a-w- c:\windows\system32\nvdispgenco3236175.dll
2016-02-02 19:36 . 2016-01-23 03:45 1066944 ----a-w- c:\windows\system32\nvdispco3236175.dll
2016-01-31 19:34 . 2016-02-15 19:40 -------- d-----w- c:\users\Jelena\AppData\Roaming\TS3Client
2016-01-31 19:34 . 2016-02-01 14:42 -------- d-----w- c:\program files\TeamSpeak 3 Client
2016-01-31 19:30 . 2016-02-13 07:54 -------- d-----w- c:\users\Jelena\AppData\Roaming\Skype
2016-01-31 19:21 . 2016-01-31 19:21 -------- d-----w- c:\users\Jelena\AppData\Roaming\teamspeak2
2016-01-30 23:04 . 2016-02-17 13:43 -------- d-----w- c:\program files\Common Files\BattlEye
2016-01-30 21:39 . 2016-01-30 21:39 -------- d-----w- c:\users\Jelena\AppData\Local\DayZCommander
2016-01-30 21:35 . 2016-01-30 21:35 -------- d-----w- c:\program files\Dotjosh Studios
2016-01-30 18:06 . 2016-01-30 18:06 -------- d-----w- c:\programdata\Bohemia Interactive Studio
2016-01-30 12:55 . 2016-01-30 12:55 -------- d-----w- c:\users\Jelena\AppData\Roaming\Guild Wars 2
2016-01-24 06:01 . 2016-01-24 06:01 -------- d-----w- c:\program files\Slimi
2016-01-20 16:31 . 2016-01-20 16:31 -------- d-----w- c:\program files\Common Files\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-01-23 01:00 . 2016-01-06 11:34 83512 ----a-w- c:\windows\system32\nv3dappshextr.dll
2016-01-23 01:00 . 2016-01-06 11:34 436160 ----a-w- c:\windows\system32\nv3dappshext.dll
2016-01-23 01:00 . 2016-01-06 11:34 2563128 ----a-w- c:\windows\system32\nvsvcr.dll
2016-01-19 00:27 . 2016-01-19 00:27 47360 ----a-w- c:\users\Jelena\AppData\Roaming\pcouffin.sys
2016-01-18 17:46 . 2016-01-18 17:46 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2016-01-18 06:12 . 2016-01-18 06:12 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2016-01-18 06:12 . 2010-02-17 15:42 138576 ----a-w- c:\users\Jelena\AppData\Roaming\PnkBstrK.sys
2016-01-18 06:12 . 2016-01-18 06:12 291496 ----a-w- c:\windows\system32\PnkBstrB.exe
2016-01-18 06:12 . 2010-02-17 15:42 291496 ----a-w- c:\windows\system32\PnkBstrB.ex0
2016-01-18 06:12 . 2016-01-18 06:12 76152 ----a-w- c:\windows\system32\PnkBstrA.exe
2016-01-16 03:11 . 2010-02-17 15:42 912744 ----a-w- c:\windows\system32\pbsvc.exe
2016-01-16 02:30 . 2016-01-15 02:01 291512 ----a-w- c:\windows\system32\PnkBstrB.xtr
2016-01-16 02:17 . 2015-12-19 13:59 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2016-01-16 02:17 . 2015-12-19 13:59 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2015-12-30 17:12 . 2016-01-14 02:02 3609024 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-12-30 17:12 . 2016-01-14 02:02 3556800 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-12-21 22:49 . 2015-12-21 22:49 81768 ----a-w- c:\windows\system32\drivers\ksapi.sys
2015-12-21 22:49 . 2015-12-21 22:49 56680 ----a-w- c:\windows\system32\drivers\ksapi64.sys
2015-12-21 16:01 . 2016-01-02 08:35 43568 ----a-w- c:\windows\system32\drivers\tap0901t.sys
2015-12-20 04:41 . 2015-12-20 04:41 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F6E0D374-B70D-470F-AAC1-DF9298335219}\offreg.5920.dll
2015-12-18 22:17 . 2009-12-06 12:28 319456 ----a-w- c:\windows\DIFxAPI.dll
2015-12-18 21:05 . 2015-12-18 21:05 17472 ----a-w- c:\windows\system32\drivers\GUBootStartup.sys
2015-12-16 22:00 . 2016-01-13 05:46 916992 ----a-w- c:\windows\system32\wininet.dll
2015-12-16 22:00 . 2016-01-13 05:46 423936 ----a-w- c:\windows\system32\vbscript.dll
2015-12-16 21:54 . 2016-01-13 05:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
2015-12-16 21:54 . 2016-01-13 05:46 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2015-12-16 21:54 . 2016-01-13 05:46 109056 ----a-w- c:\windows\system32\iesysprep.dll
2015-12-16 21:54 . 2016-01-13 05:46 71680 ----a-w- c:\windows\system32\iesetup.dll
2015-12-16 21:51 . 2016-01-13 05:46 19456 ----a-w- c:\windows\system32\corpol.dll
2015-12-16 19:06 . 2016-01-13 05:46 385024 ----a-w- c:\windows\system32\html.iec
2015-12-16 17:20 . 2016-01-13 05:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2015-12-16 17:18 . 2016-01-13 05:46 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2015-12-16 17:04 . 2016-01-06 11:29 917112 ----a-w- c:\windows\system32\nvdispgenco3236143.dll
2015-12-16 17:04 . 2016-01-06 11:29 1060144 ----a-w- c:\windows\system32\nvdispco3236143.dll
2015-12-16 09:15 . 2015-12-19 05:50 9014120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F6E0D374-B70D-470F-AAC1-DF9298335219}\mpengine.dll
2015-12-09 18:58 . 2015-12-09 18:58 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2015-12-08 17:01 . 2016-01-14 02:03 801280 ----a-w- c:\windows\system32\advapi32.dll
2015-12-07 05:27 . 2015-12-18 22:53 22440 ----a-w- c:\windows\system32\RegBootDefrag.exe
2015-12-05 17:03 . 2016-01-14 02:06 767488 ----a-w- c:\windows\system32\WMVSENCD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 650240 ----a-w- c:\windows\system32\WMVXENCD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 1377792 ----a-w- c:\windows\system32\WMVSDECD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 605184 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 1567744 ----a-w- c:\windows\system32\WMVENCOD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 1326080 ----a-w- c:\windows\system32\WMSPDMOE.DLL
2015-12-05 17:03 . 2016-01-14 02:06 867328 ----a-w- c:\windows\system32\wmpmde.dll
2015-12-05 17:03 . 2016-01-14 02:06 759296 ----a-w- c:\windows\system32\WMADMOD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 1114624 ----a-w- c:\windows\system32\WMADMOE.DLL
2015-12-05 17:03 . 2016-01-14 02:06 243200 ----a-w- c:\windows\system32\VIDRESZR.DLL
2015-12-05 17:03 . 2016-01-14 02:06 212992 ----a-w- c:\windows\system32\RESAMPLEDMO.DLL
2015-12-05 17:03 . 2016-01-14 02:06 208896 ----a-w- c:\windows\system32\qasf.dll
2015-12-05 17:03 . 2016-01-14 02:06 497152 ----a-w- c:\windows\system32\qdvd.dll
2015-12-05 17:03 . 2016-01-14 02:06 1314816 ----a-w- c:\windows\system32\quartz.dll
2015-12-05 17:03 . 2016-01-14 02:06 506880 ----a-w- c:\windows\system32\qedit.dll
2015-12-05 17:03 . 2016-01-14 02:06 2873344 ----a-w- c:\windows\system32\mf.dll
2015-12-05 17:02 . 2016-01-14 02:06 613888 ----a-w- c:\windows\system32\MSMPEG2VDEC.DLL
2015-12-05 17:02 . 2016-01-14 02:06 506880 ----a-w- c:\windows\system32\MSMPEG2ENC.DLL
2015-12-05 17:02 . 2016-01-14 02:06 391680 ----a-w- c:\windows\system32\MSMPEG2ADEC.DLL
2015-12-05 17:02 . 2016-01-14 02:06 80896 ----a-w- c:\windows\system32\MP3DMOD.DLL
2015-12-05 17:02 . 2016-01-14 02:06 254976 ----a-w- c:\windows\system32\MPG4DECD.DLL
2015-12-05 17:02 . 2016-01-14 02:06 254976 ----a-w- c:\windows\system32\MP43DECD.DLL
2015-12-05 17:02 . 2016-01-14 02:06 314880 ----a-w- c:\windows\system32\MP4SDECD.DLL
2015-12-05 17:02 . 2016-01-14 02:06 606208 ----a-w- c:\windows\system32\MFWMAAEC.DLL
2015-12-05 17:02 . 2016-01-14 02:06 209920 ----a-w- c:\windows\system32\mfplat.dll
2015-12-05 17:02 . 2016-01-14 02:06 59392 ----a-w- c:\windows\system32\mfvdsp.dll
2015-12-05 17:02 . 2016-01-14 02:06 853504 ----a-w- c:\windows\system32\mcmde.dll
2015-12-05 17:02 . 2016-01-14 02:06 144384 ----a-w- c:\windows\system32\ksproxy.ax
2015-12-05 17:02 . 2016-01-14 02:02 298496 ----a-w- c:\windows\system32\gdi32.dll
2015-12-05 17:02 . 2016-01-14 02:06 480256 ----a-w- c:\windows\system32\evr.dll
2015-12-05 17:02 . 2016-01-14 02:06 64000 ----a-w- c:\windows\system32\devenum.dll
2015-12-05 17:02 . 2016-01-14 02:06 158208 ----a-w- c:\windows\system32\COLORCNV.DLL
2015-12-05 16:44 . 2016-01-14 02:06 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2015-12-05 15:24 . 2016-01-14 02:03 2068480 ----a-w- c:\windows\system32\win32k.sys
2015-12-02 12:25 . 2009-12-06 12:02 247976 ----a-w- c:\windows\system32\MpSigStub.exe
2015-11-24 23:32 . 2015-11-24 23:32 32672 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Jelena\AppData\Roaming\3D88BAF1-5EB2-46A7-B3C6-905CF7D9D548 ----
.
2016-01-19 00:24 . 2016-01-19 00:52 1275 ----a-w- c:\users\Jelena\AppData\Roaming\3D88BAF1-5EB2-46A7-B3C6-905CF7D9D548\Logs\Jelena\KB_26990216.dat
2016-01-19 00:22 . 2016-01-19 00:22 40 ----a-w- c:\users\Jelena\AppData\Roaming\3D88BAF1-5EB2-46A7-B3C6-905CF7D9D548\settings.bin
2016-01-19 00:22 . 2016-01-19 00:22 426840 ----a-w- c:\users\Jelena\AppData\Roaming\3D88BAF1-5EB2-46A7-B3C6-905CF7D9D548\storage.dat
2016-01-19 00:22 . 2016-01-19 00:22 232 ----a-w- c:\users\Jelena\AppData\Roaming\3D88BAF1-5EB2-46A7-B3C6-905CF7D9D548\catalog.dat
2016-01-19 00:21 . 2016-01-19 00:21 8 ----a-w- c:\users\Jelena\AppData\Roaming\3D88BAF1-5EB2-46A7-B3C6-905CF7D9D548\run.dat
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GIGABYTE OC_GURU.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk
backup=c:\windows\pss\GIGABYTE OC_GURU.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 11:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmsc]
2015-12-21 23:08 771912 ----a-w- c:\program files\cmcm\Clean Master\cmtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUDelayStartup]
2015-12-07 05:27 36776 ----a-w- c:\program files\Glary Utilities 5\StartupManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
2016-01-12 04:43 2787264 ----a-w- c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
2014-05-09 16:11 12021464 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 13:18 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-10 22:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1772954895-572253709-3323056614-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-02-11 01:32 1090376 ----a-w- c:\program files\Google\Chrome\Application\48.0.2564.109\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-02-18 c:\windows\Tasks\User_Feed_Synchronization-{452712CC-A02B-430F-B812-C168DCA0292E}.job
- c:\windows\system32\msfeedssync.exe [2016-01-13 17:18]
pozor bude pokracovat
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3582.2013 [GMT 1:00]
Spuštěný z: c:\users\Jelena\Documents\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jelena\Desktop\CFScript.txt
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
FW: AVG update module *Disabled* {757AB44A-78C2-7D1A-E37F-CA42A037B368}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: AVG update module *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Update
c:\program files\Google\Update\1.3.29.5\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.29.5\GoogleUpdate.exe
c:\program files\Google\Update\1.3.29.5\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.29.5\GoogleUpdateComRegisterShell64.exe
c:\program files\Google\Update\1.3.29.5\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.29.5\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.29.5\GoogleUpdateWebPlugin.exe
c:\program files\Google\Update\1.3.29.5\goopdate.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_am.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_ar.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_bg.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_bn.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_ca.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_cs.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_da.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_de.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_el.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_en.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_es.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_et.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_fa.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_fi.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_fil.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_fr.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_gu.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_hi.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_hr.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_hu.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_id.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_is.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_it.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_iw.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_ja.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_kn.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_ko.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_lt.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_lv.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_ml.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_mr.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_ms.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_nl.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_no.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_pl.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_ro.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_ru.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_sk.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_sl.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_sr.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_sv.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_sw.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_ta.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_te.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_th.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_tr.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_uk.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_ur.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_vi.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.29.5\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.29.5\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.29.5\psmachine.dll
c:\program files\Google\Update\1.3.29.5\psmachine_64.dll
c:\program files\Google\Update\1.3.29.5\psuser.dll
c:\program files\Google\Update\1.3.29.5\psuser_64.dll
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
Nakažená kopie c:\windows\system32\userinit.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\erdnt\cache\userinit.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-01-18 do 2016-02-18 )))))))))))))))))))))))))))))))
.
.
2016-02-18 11:35 . 2016-02-18 11:39 -------- d-----w- c:\users\Jelena\AppData\Local\temp
2016-02-18 11:35 . 2016-02-18 11:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-02-17 17:41 . 2016-02-17 17:41 -------- d-----w- c:\programdata\Kingsoft
2016-02-17 17:29 . 2016-02-17 17:09 24064 ----a-w- c:\windows\zoek-delete.exe
2016-02-17 17:09 . 2016-02-17 17:28 -------- d-----w- C:\zoek_backup
2016-02-17 13:43 . 2016-02-17 14:08 -------- d-----w- c:\users\Jelena\AppData\Local\ArmA 2 OA
2016-02-16 20:26 . 2016-02-17 11:57 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-02-16 20:25 . 2016-02-16 20:25 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-02-16 20:25 . 2016-02-16 20:25 -------- d-----w- c:\programdata\Malwarebytes
2016-02-16 20:25 . 2015-10-05 08:50 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-02-16 20:25 . 2015-10-05 08:50 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-02-16 20:25 . 2015-10-05 08:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-02-16 19:49 . 2016-02-17 16:39 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-02-16 19:49 . 2016-02-16 20:04 -------- d-----w- c:\programdata\RogueKiller
2016-02-15 23:18 . 2016-02-15 23:25 -------- d-----w- C:\AdwCleaner
2016-02-15 23:06 . 2016-02-15 23:10 -------- d-----w- c:\windows\system32\catroot2
2016-02-15 22:54 . 2016-02-18 11:38 -------- d-----w- c:\windows\system32\wbem\repository
2016-02-15 22:35 . 2016-02-15 22:35 -------- d-----w- C:\RegBackup
2016-02-15 22:35 . 2016-02-15 22:35 -------- d-----w- c:\program files\Tweaking.com
2016-02-12 14:31 . 2016-02-13 13:09 -------- d-----w- c:\program files\Steam
2016-02-10 14:12 . 2014-09-17 04:49 28448 ----a-w- c:\windows\system32\nvhdap32.dll
2016-02-10 14:12 . 2014-09-17 04:49 162592 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2016-02-05 15:56 . 2016-02-05 15:56 -------- d-----w- c:\users\Jelena\AppData\Local\Skype
2016-02-05 15:56 . 2016-02-05 15:56 -------- d-----w- c:\program files\Common Files\Skype
2016-02-05 15:56 . 2016-02-05 15:56 -------- d-----r- c:\program files\Skype
2016-02-04 18:31 . 2016-02-04 18:31 -------- d-----w- c:\programdata\boost_interprocess
2016-02-02 19:36 . 2016-01-23 03:45 925752 ----a-w- c:\windows\system32\nvdispgenco3236175.dll
2016-02-02 19:36 . 2016-01-23 03:45 1066944 ----a-w- c:\windows\system32\nvdispco3236175.dll
2016-01-31 19:34 . 2016-02-15 19:40 -------- d-----w- c:\users\Jelena\AppData\Roaming\TS3Client
2016-01-31 19:34 . 2016-02-01 14:42 -------- d-----w- c:\program files\TeamSpeak 3 Client
2016-01-31 19:30 . 2016-02-13 07:54 -------- d-----w- c:\users\Jelena\AppData\Roaming\Skype
2016-01-31 19:21 . 2016-01-31 19:21 -------- d-----w- c:\users\Jelena\AppData\Roaming\teamspeak2
2016-01-30 23:04 . 2016-02-17 13:43 -------- d-----w- c:\program files\Common Files\BattlEye
2016-01-30 21:39 . 2016-01-30 21:39 -------- d-----w- c:\users\Jelena\AppData\Local\DayZCommander
2016-01-30 21:35 . 2016-01-30 21:35 -------- d-----w- c:\program files\Dotjosh Studios
2016-01-30 18:06 . 2016-01-30 18:06 -------- d-----w- c:\programdata\Bohemia Interactive Studio
2016-01-30 12:55 . 2016-01-30 12:55 -------- d-----w- c:\users\Jelena\AppData\Roaming\Guild Wars 2
2016-01-24 06:01 . 2016-01-24 06:01 -------- d-----w- c:\program files\Slimi
2016-01-20 16:31 . 2016-01-20 16:31 -------- d-----w- c:\program files\Common Files\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-01-23 01:00 . 2016-01-06 11:34 83512 ----a-w- c:\windows\system32\nv3dappshextr.dll
2016-01-23 01:00 . 2016-01-06 11:34 436160 ----a-w- c:\windows\system32\nv3dappshext.dll
2016-01-23 01:00 . 2016-01-06 11:34 2563128 ----a-w- c:\windows\system32\nvsvcr.dll
2016-01-19 00:27 . 2016-01-19 00:27 47360 ----a-w- c:\users\Jelena\AppData\Roaming\pcouffin.sys
2016-01-18 17:46 . 2016-01-18 17:46 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2016-01-18 06:12 . 2016-01-18 06:12 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2016-01-18 06:12 . 2010-02-17 15:42 138576 ----a-w- c:\users\Jelena\AppData\Roaming\PnkBstrK.sys
2016-01-18 06:12 . 2016-01-18 06:12 291496 ----a-w- c:\windows\system32\PnkBstrB.exe
2016-01-18 06:12 . 2010-02-17 15:42 291496 ----a-w- c:\windows\system32\PnkBstrB.ex0
2016-01-18 06:12 . 2016-01-18 06:12 76152 ----a-w- c:\windows\system32\PnkBstrA.exe
2016-01-16 03:11 . 2010-02-17 15:42 912744 ----a-w- c:\windows\system32\pbsvc.exe
2016-01-16 02:30 . 2016-01-15 02:01 291512 ----a-w- c:\windows\system32\PnkBstrB.xtr
2016-01-16 02:17 . 2015-12-19 13:59 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2016-01-16 02:17 . 2015-12-19 13:59 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2015-12-30 17:12 . 2016-01-14 02:02 3609024 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-12-30 17:12 . 2016-01-14 02:02 3556800 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-12-21 22:49 . 2015-12-21 22:49 81768 ----a-w- c:\windows\system32\drivers\ksapi.sys
2015-12-21 22:49 . 2015-12-21 22:49 56680 ----a-w- c:\windows\system32\drivers\ksapi64.sys
2015-12-21 16:01 . 2016-01-02 08:35 43568 ----a-w- c:\windows\system32\drivers\tap0901t.sys
2015-12-20 04:41 . 2015-12-20 04:41 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F6E0D374-B70D-470F-AAC1-DF9298335219}\offreg.5920.dll
2015-12-18 22:17 . 2009-12-06 12:28 319456 ----a-w- c:\windows\DIFxAPI.dll
2015-12-18 21:05 . 2015-12-18 21:05 17472 ----a-w- c:\windows\system32\drivers\GUBootStartup.sys
2015-12-16 22:00 . 2016-01-13 05:46 916992 ----a-w- c:\windows\system32\wininet.dll
2015-12-16 22:00 . 2016-01-13 05:46 423936 ----a-w- c:\windows\system32\vbscript.dll
2015-12-16 21:54 . 2016-01-13 05:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
2015-12-16 21:54 . 2016-01-13 05:46 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2015-12-16 21:54 . 2016-01-13 05:46 109056 ----a-w- c:\windows\system32\iesysprep.dll
2015-12-16 21:54 . 2016-01-13 05:46 71680 ----a-w- c:\windows\system32\iesetup.dll
2015-12-16 21:51 . 2016-01-13 05:46 19456 ----a-w- c:\windows\system32\corpol.dll
2015-12-16 19:06 . 2016-01-13 05:46 385024 ----a-w- c:\windows\system32\html.iec
2015-12-16 17:20 . 2016-01-13 05:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2015-12-16 17:18 . 2016-01-13 05:46 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2015-12-16 17:04 . 2016-01-06 11:29 917112 ----a-w- c:\windows\system32\nvdispgenco3236143.dll
2015-12-16 17:04 . 2016-01-06 11:29 1060144 ----a-w- c:\windows\system32\nvdispco3236143.dll
2015-12-16 09:15 . 2015-12-19 05:50 9014120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F6E0D374-B70D-470F-AAC1-DF9298335219}\mpengine.dll
2015-12-09 18:58 . 2015-12-09 18:58 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2015-12-08 17:01 . 2016-01-14 02:03 801280 ----a-w- c:\windows\system32\advapi32.dll
2015-12-07 05:27 . 2015-12-18 22:53 22440 ----a-w- c:\windows\system32\RegBootDefrag.exe
2015-12-05 17:03 . 2016-01-14 02:06 767488 ----a-w- c:\windows\system32\WMVSENCD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 650240 ----a-w- c:\windows\system32\WMVXENCD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 1377792 ----a-w- c:\windows\system32\WMVSDECD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 605184 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 1567744 ----a-w- c:\windows\system32\WMVENCOD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 1326080 ----a-w- c:\windows\system32\WMSPDMOE.DLL
2015-12-05 17:03 . 2016-01-14 02:06 867328 ----a-w- c:\windows\system32\wmpmde.dll
2015-12-05 17:03 . 2016-01-14 02:06 759296 ----a-w- c:\windows\system32\WMADMOD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 1114624 ----a-w- c:\windows\system32\WMADMOE.DLL
2015-12-05 17:03 . 2016-01-14 02:06 243200 ----a-w- c:\windows\system32\VIDRESZR.DLL
2015-12-05 17:03 . 2016-01-14 02:06 212992 ----a-w- c:\windows\system32\RESAMPLEDMO.DLL
2015-12-05 17:03 . 2016-01-14 02:06 208896 ----a-w- c:\windows\system32\qasf.dll
2015-12-05 17:03 . 2016-01-14 02:06 497152 ----a-w- c:\windows\system32\qdvd.dll
2015-12-05 17:03 . 2016-01-14 02:06 1314816 ----a-w- c:\windows\system32\quartz.dll
2015-12-05 17:03 . 2016-01-14 02:06 506880 ----a-w- c:\windows\system32\qedit.dll
2015-12-05 17:03 . 2016-01-14 02:06 2873344 ----a-w- c:\windows\system32\mf.dll
2015-12-05 17:02 . 2016-01-14 02:06 613888 ----a-w- c:\windows\system32\MSMPEG2VDEC.DLL
2015-12-05 17:02 . 2016-01-14 02:06 506880 ----a-w- c:\windows\system32\MSMPEG2ENC.DLL
2015-12-05 17:02 . 2016-01-14 02:06 391680 ----a-w- c:\windows\system32\MSMPEG2ADEC.DLL
2015-12-05 17:02 . 2016-01-14 02:06 80896 ----a-w- c:\windows\system32\MP3DMOD.DLL
2015-12-05 17:02 . 2016-01-14 02:06 254976 ----a-w- c:\windows\system32\MPG4DECD.DLL
2015-12-05 17:02 . 2016-01-14 02:06 254976 ----a-w- c:\windows\system32\MP43DECD.DLL
2015-12-05 17:02 . 2016-01-14 02:06 314880 ----a-w- c:\windows\system32\MP4SDECD.DLL
2015-12-05 17:02 . 2016-01-14 02:06 606208 ----a-w- c:\windows\system32\MFWMAAEC.DLL
2015-12-05 17:02 . 2016-01-14 02:06 209920 ----a-w- c:\windows\system32\mfplat.dll
2015-12-05 17:02 . 2016-01-14 02:06 59392 ----a-w- c:\windows\system32\mfvdsp.dll
2015-12-05 17:02 . 2016-01-14 02:06 853504 ----a-w- c:\windows\system32\mcmde.dll
2015-12-05 17:02 . 2016-01-14 02:06 144384 ----a-w- c:\windows\system32\ksproxy.ax
2015-12-05 17:02 . 2016-01-14 02:02 298496 ----a-w- c:\windows\system32\gdi32.dll
2015-12-05 17:02 . 2016-01-14 02:06 480256 ----a-w- c:\windows\system32\evr.dll
2015-12-05 17:02 . 2016-01-14 02:06 64000 ----a-w- c:\windows\system32\devenum.dll
2015-12-05 17:02 . 2016-01-14 02:06 158208 ----a-w- c:\windows\system32\COLORCNV.DLL
2015-12-05 16:44 . 2016-01-14 02:06 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2015-12-05 15:24 . 2016-01-14 02:03 2068480 ----a-w- c:\windows\system32\win32k.sys
2015-12-02 12:25 . 2009-12-06 12:02 247976 ----a-w- c:\windows\system32\MpSigStub.exe
2015-11-24 23:32 . 2015-11-24 23:32 32672 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Jelena\AppData\Roaming\3D88BAF1-5EB2-46A7-B3C6-905CF7D9D548 ----
.
2016-01-19 00:24 . 2016-01-19 00:52 1275 ----a-w- c:\users\Jelena\AppData\Roaming\3D88BAF1-5EB2-46A7-B3C6-905CF7D9D548\Logs\Jelena\KB_26990216.dat
2016-01-19 00:22 . 2016-01-19 00:22 40 ----a-w- c:\users\Jelena\AppData\Roaming\3D88BAF1-5EB2-46A7-B3C6-905CF7D9D548\settings.bin
2016-01-19 00:22 . 2016-01-19 00:22 426840 ----a-w- c:\users\Jelena\AppData\Roaming\3D88BAF1-5EB2-46A7-B3C6-905CF7D9D548\storage.dat
2016-01-19 00:22 . 2016-01-19 00:22 232 ----a-w- c:\users\Jelena\AppData\Roaming\3D88BAF1-5EB2-46A7-B3C6-905CF7D9D548\catalog.dat
2016-01-19 00:21 . 2016-01-19 00:21 8 ----a-w- c:\users\Jelena\AppData\Roaming\3D88BAF1-5EB2-46A7-B3C6-905CF7D9D548\run.dat
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GIGABYTE OC_GURU.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk
backup=c:\windows\pss\GIGABYTE OC_GURU.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 11:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmsc]
2015-12-21 23:08 771912 ----a-w- c:\program files\cmcm\Clean Master\cmtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUDelayStartup]
2015-12-07 05:27 36776 ----a-w- c:\program files\Glary Utilities 5\StartupManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
2016-01-12 04:43 2787264 ----a-w- c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
2014-05-09 16:11 12021464 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 13:18 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-10 22:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1772954895-572253709-3323056614-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-02-11 01:32 1090376 ----a-w- c:\program files\Google\Chrome\Application\48.0.2564.109\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-02-18 c:\windows\Tasks\User_Feed_Synchronization-{452712CC-A02B-430F-B812-C168DCA0292E}.job
- c:\windows\system32\msfeedssync.exe [2016-01-13 17:18]
pozor bude pokracovat
Re: problem CPU na 100 procent
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: driversupport.com\apps
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\sdavcp3j.default\
FF - prefs.js: browser.startup.homepage - about:home
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-02-18 12:38
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Data]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Networking]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Networking 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET Data Provider for Oracle]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET Data Provider for SqlServer]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET Memory Cache 4.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NETFramework]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ACPI]
"ImagePath"="system32\drivers\acpi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AdobeARMservice]
"ImagePath"="\"c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adp94xx]
"ImagePath"="\SystemRoot\system32\drivers\adp94xx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpahci]
"ImagePath"="\SystemRoot\system32\drivers\adpahci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpu160m]
"ImagePath"="\SystemRoot\system32\drivers\adpu160m.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpu320]
"ImagePath"="\SystemRoot\system32\drivers\adpu320.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adsi]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AeLookupSvc]
"ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AFD]
"ImagePath"="\SystemRoot\system32\drivers\afd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\agp440]
"ImagePath"="\SystemRoot\system32\drivers\agp440.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aic78xx]
"ImagePath"="\SystemRoot\system32\drivers\djsvs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aliide]
"ImagePath"="\SystemRoot\system32\drivers\aliide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\amdagp]
"ImagePath"="\SystemRoot\system32\drivers\amdagp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\amdide]
"ImagePath"="\SystemRoot\system32\drivers\amdide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AmdK7]
"ImagePath"="\SystemRoot\system32\drivers\amdk7.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AmdK8]
"ImagePath"="system32\DRIVERS\amdk8.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Appinfo]
"ServiceDll"="%SystemRoot%\System32\appinfo.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\arc]
"ImagePath"="\SystemRoot\system32\drivers\arc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\arcsas]
"ImagePath"="\SystemRoot\system32\drivers\arcsas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ASP.NET]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ASP.NET_4.0.30319]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aspnet_state]
"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi]
"ImagePath"="system32\drivers\atapi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ati External Event Utility]
"ImagePath"="%SystemRoot%\system32\Ati2evxx.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Atierecord]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atikmdag]
"ImagePath"="system32\DRIVERS\atikmdag.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AudioEndpointBuilder]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Audiosrv]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgfwfd]
"ImagePath"="system32\DRIVERS\avgfwd6x.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avgfws]
"ImagePath"="\"c:\program files\AVG\AVG2013\avgfws.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSAgent]
"ImagePath"="\"c:\program files\AVG\AVG2013\avgidsagent.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSDriver]
"ImagePath"="system32\DRIVERS\avgidsdriverx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSHX]
"ImagePath"="system32\DRIVERS\avgidshx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSShim]
"ImagePath"="system32\DRIVERS\avgidsshimx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgldx86]
"ImagePath"="system32\DRIVERS\avgldx86.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avglogx]
"ImagePath"="system32\DRIVERS\avglogx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgmfx86]
"ImagePath"="system32\DRIVERS\avgmfx86.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgrkx86]
"ImagePath"="system32\DRIVERS\avgrkx86.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgtdix]
"ImagePath"="system32\DRIVERS\avgtdix.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avgwd]
"ImagePath"="\"c:\program files\AVG\AVG2013\avgwdsvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BattC]
"MofImagePath"="system32\drivers\battc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Beep]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BEService]
"ImagePath"="\"c:\program files\Common Files\BattlEye\BEService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BFE]
"ServiceDll"="%SystemRoot%\System32\bfe.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\blbdrive]
"ImagePath"="\SystemRoot\system32\drivers\blbdrive.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BootDefrag]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bowser]
"ImagePath"="system32\DRIVERS\bowser.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrFiltLo]
"ImagePath"="\SystemRoot\system32\drivers\brfiltlo.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrFiltUp]
"ImagePath"="\SystemRoot\system32\drivers\brfiltup.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Brserid]
"ImagePath"="\SystemRoot\system32\drivers\brserid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrSerWdm]
"ImagePath"="\SystemRoot\system32\drivers\brserwdm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrUsbMdm]
"ImagePath"="\SystemRoot\system32\drivers\brusbmdm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrUsbSer]
"ImagePath"="\SystemRoot\system32\drivers\brusbser.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHMODEM]
"ImagePath"="\SystemRoot\system32\drivers\bthmodem.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\catchme]
"ImagePath"="\??\c:\users\Jelena\AppData\Local\Temp\catchme.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cdfs]
"ImagePath"="system32\DRIVERS\cdfs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CertPropSvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\circlass]
"ImagePath"="\SystemRoot\system32\drivers\circlass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CLFS]
"ImagePath"="System32\CLFS.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\clr_optimization_v2.0.50727_32]
"ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\clr_optimization_v4.0.30319_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmcore]
"ImagePath"="\"c:\program files\cmcm\Clean Master\cmcore.exe\" /service cmcore"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdide]
"ImagePath"="\SystemRoot\system32\drivers\cmdide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Compbatt]
"ImagePath"="\SystemRoot\system32\drivers\compbatt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\COMSysApp]
"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cpuz134]
"ImagePath"="\??\c:\users\Jelena\AppData\Local\Temp\cpuz134\cpuz134_x32.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\crcdisk]
"ImagePath"="system32\drivers\crcdisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Crusoe]
"ImagePath"="\SystemRoot\system32\drivers\crusoe.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\crypt32]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DCLocator]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DfsC]
"ImagePath"="System32\Drivers\dfsc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DFSR]
"ImagePath"="%SystemRoot%\system32\DFSR.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp]
"ServiceDll"="%SystemRoot%\system32\dhcpcsvc.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\disk]
"ImagePath"="system32\drivers\disk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DPS]
"ServiceDll"="%SystemRoot%\system32\dps.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DXGKrnl]
"ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\E1G60]
"ImagePath"="system32\DRIVERS\E1G60I32.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ecache]
"ImagePath"="System32\drivers\ecache.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ehRecvr]
"ImagePath"="%systemroot%\ehome\ehRecvr.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ehSched]
"ImagePath"="%systemroot%\ehome\ehsched.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ehstart]
"ServiceDll"="%SystemRoot%\ehome\ehstart.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\elxstor]
"ImagePath"="\SystemRoot\system32\drivers\elxstor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EmdCache]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EMDMgmt]
"ServiceDll"="%systemroot%\system32\emdmgmt.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ErrDev]
"ImagePath"="\SystemRoot\system32\drivers\errdev.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ESENT]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog]
"ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystem]
"ServiceDll"="%systemroot%\system32\es.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\exfat]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fastfat]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fdPHost]
"ServiceDll"="%SystemRoot%\system32\fdPHost.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FDResPub]
"ServiceDll"="%SystemRoot%\system32\fdrespub.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FileInfo]
"ImagePath"="system32\drivers\fileinfo.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Filetrace]
"ImagePath"="system32\drivers\filetrace.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\flpydisk]
"ImagePath"="system32\DRIVERS\flpydisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FontCache]
"ServiceDll"="%SystemRoot%\system32\FntCache.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FontCache3.0.0.0]
"ImagePath"="%systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Fs_Rec]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gagp30kx]
"ImagePath"="\SystemRoot\system32\drivers\gagp30kx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\getPlusHelper]
"ServiceDll"="c:\program files\NOS\bin\getPlus_Helper.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GfExperienceService]
"ImagePath"="\"c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GPCIDrv]
"ImagePath"="\??\c:\program files\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gpsvc]
"ServiceDll"="%SystemRoot%\System32\gpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GUBootStartup]
"ImagePath"="\??\c:\windows\System32\drivers\GUBootStartup.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hamachi]
"ImagePath"="system32\DRIVERS\hamachi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HdAudAddService]
"ImagePath"="system32\drivers\HdAudio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidBth]
"ImagePath"="\SystemRoot\system32\drivers\hidbth.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidIr]
"ImagePath"="\SystemRoot\system32\drivers\hidir.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hidserv]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hkmsvc]
"ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HpCISSs]
"ImagePath"="\SystemRoot\system32\drivers\hpcisss.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HTCAND32]
"ImagePath"="System32\Drivers\ANDROIDUSB.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\htcnprot]
"ImagePath"="system32\DRIVERS\htcnprot.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HTTP]
"ImagePath"="system32\drivers\HTTP.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i2omp]
"ImagePath"="\SystemRoot\system32\drivers\i2omp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iaStorV]
"ImagePath"="\SystemRoot\system32\drivers\iastorv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IDriverT]
"ImagePath"="\"c:\program files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\idsvc]
"ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iirsp]
"ImagePath"="\SystemRoot\system32\drivers\iirsp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IKEEXT]
"ServiceDll"="%SystemRoot%\System32\ikeext.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\inetaccs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IntcAzAudAddService]
"ImagePath"="system32\drivers\RTKVHDA.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\intelide]
"ImagePath"="\SystemRoot\system32\drivers\intelide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPBusEnum]
"ServiceDll"="%SystemRoot%\system32\ipbusenum.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvc]
"ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPMIDRV]
"ImagePath"="\SystemRoot\system32\drivers\ipmidrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPNAT]
"ImagePath"="system32\DRIVERS\ipnat.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IRENUM]
"ImagePath"="system32\drivers\irenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\isapnp]
"ImagePath"="\SystemRoot\system32\drivers\isapnp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iScsiPrt]
"ImagePath"="system32\DRIVERS\msiscsi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iteatapi]
"ImagePath"="\SystemRoot\system32\drivers\iteatapi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iteraid]
"ImagePath"="\SystemRoot\system32\drivers\iteraid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KeyIso]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ksapi]
"ImagePath"="\??\c:\windows\system32\drivers\ksapi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KSecDD]
"ImagePath"="System32\Drivers\ksecdd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KtmRm]
"ServiceDll"="%systemroot%\system32\msdtckrm.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanServer]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanWorkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ldap]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lltdio]
"ImagePath"="system32\DRIVERS\lltdio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lltdsvc]
"ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lmhosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LMIGuardianSvc]
"ImagePath"="\"c:\program files\LogMeIn Ignition\LMIGuardianSvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lmimirr]
"ImagePath"="system32\DRIVERS\lmimirr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Lsa]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_FC]
"ImagePath"="\SystemRoot\system32\drivers\lsi_fc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_SAS]
"ImagePath"="\SystemRoot\system32\drivers\lsi_sas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_SCSI]
"ImagePath"="\SystemRoot\system32\drivers\lsi_scsi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\luafv]
"ImagePath"="\SystemRoot\system32\drivers\luafv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MBAMProtector]
"ImagePath"="\??\c:\windows\system32\drivers\mbam.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MBAMService]
"ImagePath"="\"c:\program files\Malwarebytes Anti-Malware\mbamservice.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MBAMWebAccessControl]
"ImagePath"="\??\c:\windows\system32\drivers\mwac.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McComponentHostService]
"ImagePath"="\"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mcx2Svc]
"ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\megasas]
"ImagePath"="\SystemRoot\system32\drivers\megasas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MegaSR]
"ImagePath"="\SystemRoot\system32\drivers\megasr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MMCSS]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Modem]
"ImagePath"="system32\drivers\modem.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\monitor]
"ImagePath"="system32\DRIVERS\monitor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MountMgr]
"ImagePath"="System32\drivers\mountmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MozillaMaintenance]
"ImagePath"="\"c:\program files\Mozilla Maintenance Service\maintenanceservice.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mpio]
"ImagePath"="\SystemRoot\system32\drivers\mpio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mpsdrv]
"ImagePath"="System32\drivers\mpsdrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpsSvc]
"ServiceDll"="%SystemRoot%\system32\mpssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mraid35x]
"ImagePath"="\SystemRoot\system32\drivers\mraid35x.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MRxDAV]
"ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb10]
"ImagePath"="system32\DRIVERS\mrxsmb10.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb20]
"ImagePath"="system32\DRIVERS\mrxsmb20.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msahci]
"ImagePath"="\SystemRoot\system32\drivers\msahci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msdsm]
"ImagePath"="\SystemRoot\system32\drivers\msdsm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC]
"ImagePath"="c:\windows\system32\msdtc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC Bridge 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC Bridge 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Msfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msisadrv]
"ImagePath"="system32\drivers\msisadrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSiSCSI]
"ServiceDll"="%systemroot%\system32\iscsiexe.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MsRPC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSSCNTRS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mup]
"ImagePath"="System32\Drivers\mup.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\napagent]
"ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NativeWifiP]
"ImagePath"="system32\DRIVERS\nwifi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NDIS]
"ImagePath"="system32\drivers\ndis.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NDProxy]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Nero BackItUp Scheduler 4.0]
"ImagePath"="c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netbt]
"ImagePath"="System32\DRIVERS\netbt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetMsmqActivator]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe\" -NetMsmqActivator"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetPipeActivator]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netprofm]
"ServiceDll"="%SystemRoot%\System32\netprofm.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetTcpActivator]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetTcpPortSharing]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nfrd960]
"ImagePath"="\SystemRoot\system32\drivers\nfrd960.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NlaSvc]
"ServiceDll"="%SystemRoot%\System32\nlasvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Npfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsi]
"ServiceDll"="%systemroot%\system32\nsisvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsiproxy]
"ImagePath"="system32\drivers\nsiproxy.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NTDS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ntfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ntrigdigi]
"ImagePath"="\SystemRoot\system32\drivers\ntrigdigi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Null]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NVHDA]
"ImagePath"="system32\drivers\nvhda32v.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvlddmkm]
"ImagePath"="system32\DRIVERS\nvlddmkm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NvNetworkService]
"ImagePath"="\"c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvraid]
"ImagePath"="\SystemRoot\system32\drivers\nvraid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvstor]
"ImagePath"="\SystemRoot\system32\drivers\nvstor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvsvc]
"ImagePath"="\"c:\windows\system32\nvvsvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nv_agp]
"ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\odserv]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ohci1394]
"ImagePath"="system32\DRIVERS\ohci1394.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ose]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Outlook]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p2pimsvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p2psvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Parport]
"ImagePath"="\SystemRoot\system32\drivers\parport.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partmgr]
"ImagePath"="System32\drivers\partmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Parvdm]
"ImagePath"="\SystemRoot\system32\drivers\parvdm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PassThru Service]
"ImagePath"="c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PcaSvc]
"ServiceDll"="%SystemRoot%\System32\pcasvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pci]
"ImagePath"="system32\drivers\pci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pciide]
"ImagePath"="system32\drivers\pciide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pcmcia]
"ImagePath"="\SystemRoot\system32\drivers\pcmcia.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PEAUTH]
"ImagePath"="system32\drivers\peauth.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfDisk]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfNet]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfOS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfProc]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ph3xIB32]
"ImagePath"="system32\DRIVERS\Ph3xIB32.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pla]
"ServiceDll"="%systemroot%\system32\pla.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PlugPlay]
"ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PnkBstrA]
"ImagePath"="c:\windows\system32\PnkBstrA.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PNRPAutoReg]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PNRPsvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PolicyAgent]
"ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PortProxy]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Processor]
"ImagePath"="\SystemRoot\system32\drivers\processr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProfSvc]
"ServiceDll"="%systemroot%\system32\profsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\pacer.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ql2300]
"ImagePath"="\SystemRoot\system32\drivers\ql2300.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ql40xx]
"ImagePath"="\SystemRoot\system32\drivers\ql40xx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\QWAVE]
"ServiceDll"="%windir%\system32\qwave.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\QWAVEdrv]
"ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAcd]
"ImagePath"="System32\DRIVERS\rasacd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasSstp]
"ImagePath"="system32\DRIVERS\rassstp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPDD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdpdr]
"ImagePath"="\SystemRoot\system32\drivers\rdpdr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPENCDD]
"ImagePath"="system32\drivers\rdpencdd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPNP]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPWD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess]
"ServiceDLL"="%SystemRoot%\System32\mprdim.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rspndr]
"ImagePath"="system32\DRIVERS\rspndr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sbp2port]
"ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCardSvr]
"ServiceDll"="%SystemRoot%\System32\SCardSvr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Schedule]
"ServiceDll"="%systemroot%\system32\schedsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCPolicySvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SDRSVC]
"ServiceDll"="%Systemroot%\System32\SDRSVC.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\secdrv]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\seclogon]
"ServiceDll"="%windir%\system32\seclogon.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Serenum]
"ImagePath"="\SystemRoot\system32\drivers\serenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Serial]
"ImagePath"="\SystemRoot\system32\drivers\serial.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sermouse]
"ImagePath"="\SystemRoot\system32\drivers\sermouse.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceModelOperation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceModelService 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SessionEnv]
"ServiceDLL"="%SystemRoot%\system32\sessenv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sffdisk]
"ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sffp_mmc]
"ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sffp_sd]
"ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sfloppy]
"ImagePath"="\SystemRoot\system32\drivers\sfloppy.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sisagp]
"ImagePath"="\SystemRoot\system32\drivers\sisagp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SiSRaid2]
"ImagePath"="\SystemRoot\system32\drivers\sisraid2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SiSRaid4]
"ImagePath"="\SystemRoot\system32\drivers\sisraid4.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SkypeUpdate]
"ImagePath"="\"c:\program files\Skype\Updater\Updater.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\slsvc]
"ImagePath"="%SystemRoot%\system32\SLsvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SLUINotify]
"ServiceDll"="%SystemRoot%\system32\SLUINotify.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Smb]
"ImagePath"="system32\DRIVERS\smb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SMSvcHost 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SMSvcHost 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SNMPTRAP]
"ImagePath"="%SystemRoot%\System32\snmptrap.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\spldr]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\System32\spoolsv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd]
"ImagePath"="System32\Drivers\sptd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srv]
"ImagePath"="System32\DRIVERS\srv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srv2]
"ImagePath"="System32\DRIVERS\srv2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srvnet]
"ImagePath"="System32\DRIVERS\srvnet.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SstpSvc]
"ServiceDll"="%SystemRoot%\system32\sstpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Steam Client Service]
"ImagePath"="\"c:\program files\Common Files\Steam\SteamService.exe\" /RunAsService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\System32\wiaservc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swprv]
"ServiceDll"="%Systemroot%\System32\swprv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Symc8xx]
"ImagePath"="\SystemRoot\system32\drivers\symc8xx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sym_hi]
"ImagePath"="\SystemRoot\system32\drivers\sym_hi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sym_u3]
"ImagePath"="\SystemRoot\system32\drivers\sym_u3.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SysMain]
"ServiceDll"="%systemroot%\system32\sysmain.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TabletInputService]
"ServiceDll"="%SystemRoot%\System32\TabSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TBS]
"ServiceDll"="%SystemRoot%\System32\tbssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip]
"ImagePath"="System32\drivers\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6]
"ImagePath"="system32\DRIVERS\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tcpipreg]
"ImagePath"="System32\drivers\tcpipreg.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDPIPE]
"ImagePath"="system32\drivers\tdpipe.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDTCP]
"ImagePath"="system32\drivers\tdtcp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdx]
"ImagePath"="system32\DRIVERS\tdx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\system32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\THREADORDER]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\System32\trkwks.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrustedInstaller]
"ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TSDDD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tssecsrv]
"ImagePath"="System32\DRIVERS\tssecsrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tunmp]
"ImagePath"="system32\DRIVERS\tunmp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tunnel]
"ImagePath"="system32\DRIVERS\tunnel.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uagp35]
"ImagePath"="\SystemRoot\system32\drivers\uagp35.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\udfs]
"ImagePath"="system32\DRIVERS\udfs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UGatherer]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UGTHRSVC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UI0Detect]
"ImagePath"="%SystemRoot%\system32\UI0Detect.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uliagpkx]
"ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uliahci]
"ImagePath"="\SystemRoot\system32\drivers\uliahci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UlSata]
"ImagePath"="\SystemRoot\system32\drivers\ulsata.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ulsata2]
"ImagePath"="\SystemRoot\system32\drivers\ulsata2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\umbus]
"ImagePath"="system32\DRIVERS\umbus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usb]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbcir]
"ImagePath"="\SystemRoot\system32\drivers\usbcir.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbprint]
"ImagePath"="\SystemRoot\system32\drivers\usbprint.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UxSms]
"ServiceDll"="%SystemRoot%\System32\uxsms.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vds]
"ImagePath"="%SystemRoot%\System32\vds.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vga]
"ImagePath"="system32\DRIVERS\vgapnp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\viaagp]
"ImagePath"="\SystemRoot\system32\drivers\viaagp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ViaC7]
"ImagePath"="\SystemRoot\system32\drivers\viac7.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\viaide]
"ImagePath"="\SystemRoot\system32\drivers\viaide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\volmgr]
"ImagePath"="system32\drivers\volmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\volmgrx]
"ImagePath"="System32\drivers\volmgrx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\volsnap]
"ImagePath"="system32\drivers\volsnap.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vsmraid]
"ImagePath"="\SystemRoot\system32\drivers\vsmraid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS]
"ImagePath"="%systemroot%\system32\vssvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W3SVC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WacomPen]
"ImagePath"="\SystemRoot\system32\drivers\wacompen.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wanarpv6]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wcncsvc]
"ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WcsPlugInService]
"ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wd]
"ImagePath"="\SystemRoot\system32\drivers\wd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wdf01000]
"ImagePath"="system32\drivers\Wdf01000.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdiServiceHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdiSystemHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wecsvc]
"ServiceDll"="%SystemRoot%\system32\wecsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wercplsupport]
"ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WerSvc]
"ServiceDll"="%SystemRoot%\System32\WerSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinDefend]
"ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Workflow Foundation 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinHttpAutoProxySvc]
"ServiceDll"="winhttp.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinRM]
"ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wlansvc]
"ServiceDll"="%SystemRoot%\System32\wlansvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wlidsvc]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiAcpi]
"ImagePath"="system32\DRIVERS\wmiacpi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiApRpl]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiApSrv]
"ImagePath"="c:\windows\system32\wbem\WmiApSrv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WMPNetworkSvc]
"ImagePath"="\"%ProgramFiles%\Windows Media Player\wmpnetwk.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPCSvc]
"ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPDBusEnum]
"ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WpdUsb]
"ImagePath"="system32\DRIVERS\wpdusb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPFFontCache_v0400]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ws2ifsl]
"ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WSearch]
"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WSearchIdxPi]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv]
"ServiceDll"="%systemroot%\system32\wuaueng.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WudfPf]
"ImagePath"="system32\drivers\WudfPf.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WUDFRd]
"ImagePath"="system32\DRIVERS\WUDFRd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wudfsvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprov]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\yukonwlh]
"ImagePath"="system32\DRIVERS\yk60x86.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{627338BD-5CE9-44C1-B37A-03F7246C7BE5}]
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1772954895-572253709-3323056614-1000\Software\SecuROM\License information*]
"datasecu"=hex:c6,4a,52,07,64,5f,4c,4c,f7,b5,cd,b3,f9,ac,72,f5,a6,f9,68,93,2c,
da,4f,84,38,90,72,25,b9,a2,1a,92,b1,f9,8b,b6,72,a5,5b,90,5a,04,96,13,10,3f,\
"rkeysecu"=hex:eb,ed,25,36,87,f9,a4,0e,3e,55,52,03,a4,93,85,e0
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\cmcm\Clean Master\cmcore.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\AVG\AVG2013\avgfws.exe
c:\program files\AVG\AVG2013\avgwdsvc.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehsched.exe
c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
c:\program files\LogMeIn Ignition\LMIGuardianSvc.exe
c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\conime.exe
c:\program files\AVG\AVG2013\avgui.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\AVG\AVG2013\avgcfgex.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2016-02-18 12:42:56 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-02-18 11:42
ComboFix2.txt 2016-02-17 17:57
ComboFix3.txt 2016-02-15 23:41
.
Před spuštěním: Volných bajtů: 91 268 239 360
Po spuštění: Volných bajtů: 90 910 162 944
.
- - End Of File - - 5DED3BC29C31C9C87256253BBD1D8A26
5C616939100B85E558DA92B899A0FC36
.
uStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: driversupport.com\apps
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\sdavcp3j.default\
FF - prefs.js: browser.startup.homepage - about:home
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-02-18 12:38
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Data]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Networking]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Networking 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET Data Provider for Oracle]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET Data Provider for SqlServer]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET Memory Cache 4.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NETFramework]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ACPI]
"ImagePath"="system32\drivers\acpi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AdobeARMservice]
"ImagePath"="\"c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adp94xx]
"ImagePath"="\SystemRoot\system32\drivers\adp94xx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpahci]
"ImagePath"="\SystemRoot\system32\drivers\adpahci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpu160m]
"ImagePath"="\SystemRoot\system32\drivers\adpu160m.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpu320]
"ImagePath"="\SystemRoot\system32\drivers\adpu320.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adsi]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AeLookupSvc]
"ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AFD]
"ImagePath"="\SystemRoot\system32\drivers\afd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\agp440]
"ImagePath"="\SystemRoot\system32\drivers\agp440.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aic78xx]
"ImagePath"="\SystemRoot\system32\drivers\djsvs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aliide]
"ImagePath"="\SystemRoot\system32\drivers\aliide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\amdagp]
"ImagePath"="\SystemRoot\system32\drivers\amdagp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\amdide]
"ImagePath"="\SystemRoot\system32\drivers\amdide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AmdK7]
"ImagePath"="\SystemRoot\system32\drivers\amdk7.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AmdK8]
"ImagePath"="system32\DRIVERS\amdk8.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Appinfo]
"ServiceDll"="%SystemRoot%\System32\appinfo.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\arc]
"ImagePath"="\SystemRoot\system32\drivers\arc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\arcsas]
"ImagePath"="\SystemRoot\system32\drivers\arcsas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ASP.NET]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ASP.NET_4.0.30319]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aspnet_state]
"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi]
"ImagePath"="system32\drivers\atapi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ati External Event Utility]
"ImagePath"="%SystemRoot%\system32\Ati2evxx.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Atierecord]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atikmdag]
"ImagePath"="system32\DRIVERS\atikmdag.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AudioEndpointBuilder]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Audiosrv]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgfwfd]
"ImagePath"="system32\DRIVERS\avgfwd6x.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avgfws]
"ImagePath"="\"c:\program files\AVG\AVG2013\avgfws.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSAgent]
"ImagePath"="\"c:\program files\AVG\AVG2013\avgidsagent.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSDriver]
"ImagePath"="system32\DRIVERS\avgidsdriverx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSHX]
"ImagePath"="system32\DRIVERS\avgidshx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSShim]
"ImagePath"="system32\DRIVERS\avgidsshimx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgldx86]
"ImagePath"="system32\DRIVERS\avgldx86.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avglogx]
"ImagePath"="system32\DRIVERS\avglogx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgmfx86]
"ImagePath"="system32\DRIVERS\avgmfx86.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgrkx86]
"ImagePath"="system32\DRIVERS\avgrkx86.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgtdix]
"ImagePath"="system32\DRIVERS\avgtdix.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avgwd]
"ImagePath"="\"c:\program files\AVG\AVG2013\avgwdsvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BattC]
"MofImagePath"="system32\drivers\battc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Beep]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BEService]
"ImagePath"="\"c:\program files\Common Files\BattlEye\BEService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BFE]
"ServiceDll"="%SystemRoot%\System32\bfe.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\blbdrive]
"ImagePath"="\SystemRoot\system32\drivers\blbdrive.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BootDefrag]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bowser]
"ImagePath"="system32\DRIVERS\bowser.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrFiltLo]
"ImagePath"="\SystemRoot\system32\drivers\brfiltlo.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrFiltUp]
"ImagePath"="\SystemRoot\system32\drivers\brfiltup.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Brserid]
"ImagePath"="\SystemRoot\system32\drivers\brserid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrSerWdm]
"ImagePath"="\SystemRoot\system32\drivers\brserwdm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrUsbMdm]
"ImagePath"="\SystemRoot\system32\drivers\brusbmdm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrUsbSer]
"ImagePath"="\SystemRoot\system32\drivers\brusbser.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHMODEM]
"ImagePath"="\SystemRoot\system32\drivers\bthmodem.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\catchme]
"ImagePath"="\??\c:\users\Jelena\AppData\Local\Temp\catchme.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cdfs]
"ImagePath"="system32\DRIVERS\cdfs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CertPropSvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\circlass]
"ImagePath"="\SystemRoot\system32\drivers\circlass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CLFS]
"ImagePath"="System32\CLFS.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\clr_optimization_v2.0.50727_32]
"ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\clr_optimization_v4.0.30319_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmcore]
"ImagePath"="\"c:\program files\cmcm\Clean Master\cmcore.exe\" /service cmcore"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdide]
"ImagePath"="\SystemRoot\system32\drivers\cmdide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Compbatt]
"ImagePath"="\SystemRoot\system32\drivers\compbatt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\COMSysApp]
"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cpuz134]
"ImagePath"="\??\c:\users\Jelena\AppData\Local\Temp\cpuz134\cpuz134_x32.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\crcdisk]
"ImagePath"="system32\drivers\crcdisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Crusoe]
"ImagePath"="\SystemRoot\system32\drivers\crusoe.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\crypt32]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DCLocator]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DfsC]
"ImagePath"="System32\Drivers\dfsc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DFSR]
"ImagePath"="%SystemRoot%\system32\DFSR.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp]
"ServiceDll"="%SystemRoot%\system32\dhcpcsvc.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\disk]
"ImagePath"="system32\drivers\disk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DPS]
"ServiceDll"="%SystemRoot%\system32\dps.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DXGKrnl]
"ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\E1G60]
"ImagePath"="system32\DRIVERS\E1G60I32.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ecache]
"ImagePath"="System32\drivers\ecache.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ehRecvr]
"ImagePath"="%systemroot%\ehome\ehRecvr.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ehSched]
"ImagePath"="%systemroot%\ehome\ehsched.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ehstart]
"ServiceDll"="%SystemRoot%\ehome\ehstart.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\elxstor]
"ImagePath"="\SystemRoot\system32\drivers\elxstor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EmdCache]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EMDMgmt]
"ServiceDll"="%systemroot%\system32\emdmgmt.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ErrDev]
"ImagePath"="\SystemRoot\system32\drivers\errdev.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ESENT]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog]
"ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystem]
"ServiceDll"="%systemroot%\system32\es.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\exfat]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fastfat]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fdPHost]
"ServiceDll"="%SystemRoot%\system32\fdPHost.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FDResPub]
"ServiceDll"="%SystemRoot%\system32\fdrespub.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FileInfo]
"ImagePath"="system32\drivers\fileinfo.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Filetrace]
"ImagePath"="system32\drivers\filetrace.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\flpydisk]
"ImagePath"="system32\DRIVERS\flpydisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FontCache]
"ServiceDll"="%SystemRoot%\system32\FntCache.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FontCache3.0.0.0]
"ImagePath"="%systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Fs_Rec]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gagp30kx]
"ImagePath"="\SystemRoot\system32\drivers\gagp30kx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\getPlusHelper]
"ServiceDll"="c:\program files\NOS\bin\getPlus_Helper.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GfExperienceService]
"ImagePath"="\"c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GPCIDrv]
"ImagePath"="\??\c:\program files\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gpsvc]
"ServiceDll"="%SystemRoot%\System32\gpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GUBootStartup]
"ImagePath"="\??\c:\windows\System32\drivers\GUBootStartup.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hamachi]
"ImagePath"="system32\DRIVERS\hamachi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HdAudAddService]
"ImagePath"="system32\drivers\HdAudio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidBth]
"ImagePath"="\SystemRoot\system32\drivers\hidbth.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidIr]
"ImagePath"="\SystemRoot\system32\drivers\hidir.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hidserv]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hkmsvc]
"ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HpCISSs]
"ImagePath"="\SystemRoot\system32\drivers\hpcisss.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HTCAND32]
"ImagePath"="System32\Drivers\ANDROIDUSB.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\htcnprot]
"ImagePath"="system32\DRIVERS\htcnprot.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HTTP]
"ImagePath"="system32\drivers\HTTP.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i2omp]
"ImagePath"="\SystemRoot\system32\drivers\i2omp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iaStorV]
"ImagePath"="\SystemRoot\system32\drivers\iastorv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IDriverT]
"ImagePath"="\"c:\program files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\idsvc]
"ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iirsp]
"ImagePath"="\SystemRoot\system32\drivers\iirsp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IKEEXT]
"ServiceDll"="%SystemRoot%\System32\ikeext.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\inetaccs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IntcAzAudAddService]
"ImagePath"="system32\drivers\RTKVHDA.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\intelide]
"ImagePath"="\SystemRoot\system32\drivers\intelide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPBusEnum]
"ServiceDll"="%SystemRoot%\system32\ipbusenum.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvc]
"ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPMIDRV]
"ImagePath"="\SystemRoot\system32\drivers\ipmidrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPNAT]
"ImagePath"="system32\DRIVERS\ipnat.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IRENUM]
"ImagePath"="system32\drivers\irenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\isapnp]
"ImagePath"="\SystemRoot\system32\drivers\isapnp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iScsiPrt]
"ImagePath"="system32\DRIVERS\msiscsi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iteatapi]
"ImagePath"="\SystemRoot\system32\drivers\iteatapi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iteraid]
"ImagePath"="\SystemRoot\system32\drivers\iteraid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KeyIso]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ksapi]
"ImagePath"="\??\c:\windows\system32\drivers\ksapi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KSecDD]
"ImagePath"="System32\Drivers\ksecdd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KtmRm]
"ServiceDll"="%systemroot%\system32\msdtckrm.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanServer]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanWorkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ldap]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lltdio]
"ImagePath"="system32\DRIVERS\lltdio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lltdsvc]
"ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lmhosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LMIGuardianSvc]
"ImagePath"="\"c:\program files\LogMeIn Ignition\LMIGuardianSvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lmimirr]
"ImagePath"="system32\DRIVERS\lmimirr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Lsa]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_FC]
"ImagePath"="\SystemRoot\system32\drivers\lsi_fc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_SAS]
"ImagePath"="\SystemRoot\system32\drivers\lsi_sas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_SCSI]
"ImagePath"="\SystemRoot\system32\drivers\lsi_scsi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\luafv]
"ImagePath"="\SystemRoot\system32\drivers\luafv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MBAMProtector]
"ImagePath"="\??\c:\windows\system32\drivers\mbam.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MBAMService]
"ImagePath"="\"c:\program files\Malwarebytes Anti-Malware\mbamservice.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MBAMWebAccessControl]
"ImagePath"="\??\c:\windows\system32\drivers\mwac.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McComponentHostService]
"ImagePath"="\"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mcx2Svc]
"ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\megasas]
"ImagePath"="\SystemRoot\system32\drivers\megasas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MegaSR]
"ImagePath"="\SystemRoot\system32\drivers\megasr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MMCSS]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Modem]
"ImagePath"="system32\drivers\modem.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\monitor]
"ImagePath"="system32\DRIVERS\monitor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MountMgr]
"ImagePath"="System32\drivers\mountmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MozillaMaintenance]
"ImagePath"="\"c:\program files\Mozilla Maintenance Service\maintenanceservice.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mpio]
"ImagePath"="\SystemRoot\system32\drivers\mpio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mpsdrv]
"ImagePath"="System32\drivers\mpsdrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpsSvc]
"ServiceDll"="%SystemRoot%\system32\mpssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mraid35x]
"ImagePath"="\SystemRoot\system32\drivers\mraid35x.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MRxDAV]
"ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb10]
"ImagePath"="system32\DRIVERS\mrxsmb10.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb20]
"ImagePath"="system32\DRIVERS\mrxsmb20.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msahci]
"ImagePath"="\SystemRoot\system32\drivers\msahci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msdsm]
"ImagePath"="\SystemRoot\system32\drivers\msdsm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC]
"ImagePath"="c:\windows\system32\msdtc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC Bridge 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC Bridge 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Msfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msisadrv]
"ImagePath"="system32\drivers\msisadrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSiSCSI]
"ServiceDll"="%systemroot%\system32\iscsiexe.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MsRPC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSSCNTRS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mup]
"ImagePath"="System32\Drivers\mup.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\napagent]
"ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NativeWifiP]
"ImagePath"="system32\DRIVERS\nwifi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NDIS]
"ImagePath"="system32\drivers\ndis.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NDProxy]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Nero BackItUp Scheduler 4.0]
"ImagePath"="c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netbt]
"ImagePath"="System32\DRIVERS\netbt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetMsmqActivator]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe\" -NetMsmqActivator"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetPipeActivator]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netprofm]
"ServiceDll"="%SystemRoot%\System32\netprofm.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetTcpActivator]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetTcpPortSharing]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nfrd960]
"ImagePath"="\SystemRoot\system32\drivers\nfrd960.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NlaSvc]
"ServiceDll"="%SystemRoot%\System32\nlasvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Npfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsi]
"ServiceDll"="%systemroot%\system32\nsisvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsiproxy]
"ImagePath"="system32\drivers\nsiproxy.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NTDS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ntfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ntrigdigi]
"ImagePath"="\SystemRoot\system32\drivers\ntrigdigi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Null]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NVHDA]
"ImagePath"="system32\drivers\nvhda32v.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvlddmkm]
"ImagePath"="system32\DRIVERS\nvlddmkm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NvNetworkService]
"ImagePath"="\"c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvraid]
"ImagePath"="\SystemRoot\system32\drivers\nvraid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvstor]
"ImagePath"="\SystemRoot\system32\drivers\nvstor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvsvc]
"ImagePath"="\"c:\windows\system32\nvvsvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nv_agp]
"ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\odserv]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ohci1394]
"ImagePath"="system32\DRIVERS\ohci1394.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ose]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Outlook]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p2pimsvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p2psvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Parport]
"ImagePath"="\SystemRoot\system32\drivers\parport.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partmgr]
"ImagePath"="System32\drivers\partmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Parvdm]
"ImagePath"="\SystemRoot\system32\drivers\parvdm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PassThru Service]
"ImagePath"="c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PcaSvc]
"ServiceDll"="%SystemRoot%\System32\pcasvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pci]
"ImagePath"="system32\drivers\pci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pciide]
"ImagePath"="system32\drivers\pciide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pcmcia]
"ImagePath"="\SystemRoot\system32\drivers\pcmcia.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PEAUTH]
"ImagePath"="system32\drivers\peauth.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfDisk]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfNet]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfOS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfProc]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ph3xIB32]
"ImagePath"="system32\DRIVERS\Ph3xIB32.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pla]
"ServiceDll"="%systemroot%\system32\pla.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PlugPlay]
"ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PnkBstrA]
"ImagePath"="c:\windows\system32\PnkBstrA.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PNRPAutoReg]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PNRPsvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PolicyAgent]
"ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PortProxy]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Processor]
"ImagePath"="\SystemRoot\system32\drivers\processr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProfSvc]
"ServiceDll"="%systemroot%\system32\profsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\pacer.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ql2300]
"ImagePath"="\SystemRoot\system32\drivers\ql2300.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ql40xx]
"ImagePath"="\SystemRoot\system32\drivers\ql40xx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\QWAVE]
"ServiceDll"="%windir%\system32\qwave.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\QWAVEdrv]
"ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAcd]
"ImagePath"="System32\DRIVERS\rasacd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasSstp]
"ImagePath"="system32\DRIVERS\rassstp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPDD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdpdr]
"ImagePath"="\SystemRoot\system32\drivers\rdpdr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPENCDD]
"ImagePath"="system32\drivers\rdpencdd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPNP]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPWD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess]
"ServiceDLL"="%SystemRoot%\System32\mprdim.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rspndr]
"ImagePath"="system32\DRIVERS\rspndr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sbp2port]
"ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCardSvr]
"ServiceDll"="%SystemRoot%\System32\SCardSvr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Schedule]
"ServiceDll"="%systemroot%\system32\schedsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCPolicySvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SDRSVC]
"ServiceDll"="%Systemroot%\System32\SDRSVC.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\secdrv]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\seclogon]
"ServiceDll"="%windir%\system32\seclogon.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Serenum]
"ImagePath"="\SystemRoot\system32\drivers\serenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Serial]
"ImagePath"="\SystemRoot\system32\drivers\serial.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sermouse]
"ImagePath"="\SystemRoot\system32\drivers\sermouse.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceModelOperation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceModelService 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SessionEnv]
"ServiceDLL"="%SystemRoot%\system32\sessenv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sffdisk]
"ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sffp_mmc]
"ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sffp_sd]
"ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sfloppy]
"ImagePath"="\SystemRoot\system32\drivers\sfloppy.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sisagp]
"ImagePath"="\SystemRoot\system32\drivers\sisagp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SiSRaid2]
"ImagePath"="\SystemRoot\system32\drivers\sisraid2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SiSRaid4]
"ImagePath"="\SystemRoot\system32\drivers\sisraid4.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SkypeUpdate]
"ImagePath"="\"c:\program files\Skype\Updater\Updater.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\slsvc]
"ImagePath"="%SystemRoot%\system32\SLsvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SLUINotify]
"ServiceDll"="%SystemRoot%\system32\SLUINotify.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Smb]
"ImagePath"="system32\DRIVERS\smb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SMSvcHost 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SMSvcHost 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SNMPTRAP]
"ImagePath"="%SystemRoot%\System32\snmptrap.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\spldr]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\System32\spoolsv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd]
"ImagePath"="System32\Drivers\sptd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srv]
"ImagePath"="System32\DRIVERS\srv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srv2]
"ImagePath"="System32\DRIVERS\srv2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srvnet]
"ImagePath"="System32\DRIVERS\srvnet.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SstpSvc]
"ServiceDll"="%SystemRoot%\system32\sstpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Steam Client Service]
"ImagePath"="\"c:\program files\Common Files\Steam\SteamService.exe\" /RunAsService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\System32\wiaservc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swprv]
"ServiceDll"="%Systemroot%\System32\swprv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Symc8xx]
"ImagePath"="\SystemRoot\system32\drivers\symc8xx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sym_hi]
"ImagePath"="\SystemRoot\system32\drivers\sym_hi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sym_u3]
"ImagePath"="\SystemRoot\system32\drivers\sym_u3.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SysMain]
"ServiceDll"="%systemroot%\system32\sysmain.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TabletInputService]
"ServiceDll"="%SystemRoot%\System32\TabSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TBS]
"ServiceDll"="%SystemRoot%\System32\tbssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip]
"ImagePath"="System32\drivers\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6]
"ImagePath"="system32\DRIVERS\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tcpipreg]
"ImagePath"="System32\drivers\tcpipreg.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDPIPE]
"ImagePath"="system32\drivers\tdpipe.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDTCP]
"ImagePath"="system32\drivers\tdtcp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdx]
"ImagePath"="system32\DRIVERS\tdx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\system32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\THREADORDER]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\System32\trkwks.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrustedInstaller]
"ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TSDDD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tssecsrv]
"ImagePath"="System32\DRIVERS\tssecsrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tunmp]
"ImagePath"="system32\DRIVERS\tunmp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tunnel]
"ImagePath"="system32\DRIVERS\tunnel.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uagp35]
"ImagePath"="\SystemRoot\system32\drivers\uagp35.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\udfs]
"ImagePath"="system32\DRIVERS\udfs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UGatherer]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UGTHRSVC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UI0Detect]
"ImagePath"="%SystemRoot%\system32\UI0Detect.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uliagpkx]
"ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uliahci]
"ImagePath"="\SystemRoot\system32\drivers\uliahci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UlSata]
"ImagePath"="\SystemRoot\system32\drivers\ulsata.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ulsata2]
"ImagePath"="\SystemRoot\system32\drivers\ulsata2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\umbus]
"ImagePath"="system32\DRIVERS\umbus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usb]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbcir]
"ImagePath"="\SystemRoot\system32\drivers\usbcir.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbprint]
"ImagePath"="\SystemRoot\system32\drivers\usbprint.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UxSms]
"ServiceDll"="%SystemRoot%\System32\uxsms.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vds]
"ImagePath"="%SystemRoot%\System32\vds.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vga]
"ImagePath"="system32\DRIVERS\vgapnp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\viaagp]
"ImagePath"="\SystemRoot\system32\drivers\viaagp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ViaC7]
"ImagePath"="\SystemRoot\system32\drivers\viac7.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\viaide]
"ImagePath"="\SystemRoot\system32\drivers\viaide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\volmgr]
"ImagePath"="system32\drivers\volmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\volmgrx]
"ImagePath"="System32\drivers\volmgrx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\volsnap]
"ImagePath"="system32\drivers\volsnap.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vsmraid]
"ImagePath"="\SystemRoot\system32\drivers\vsmraid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS]
"ImagePath"="%systemroot%\system32\vssvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W3SVC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WacomPen]
"ImagePath"="\SystemRoot\system32\drivers\wacompen.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wanarpv6]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wcncsvc]
"ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WcsPlugInService]
"ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wd]
"ImagePath"="\SystemRoot\system32\drivers\wd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wdf01000]
"ImagePath"="system32\drivers\Wdf01000.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdiServiceHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdiSystemHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wecsvc]
"ServiceDll"="%SystemRoot%\system32\wecsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wercplsupport]
"ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WerSvc]
"ServiceDll"="%SystemRoot%\System32\WerSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinDefend]
"ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Workflow Foundation 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinHttpAutoProxySvc]
"ServiceDll"="winhttp.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinRM]
"ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wlansvc]
"ServiceDll"="%SystemRoot%\System32\wlansvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wlidsvc]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiAcpi]
"ImagePath"="system32\DRIVERS\wmiacpi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiApRpl]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiApSrv]
"ImagePath"="c:\windows\system32\wbem\WmiApSrv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WMPNetworkSvc]
"ImagePath"="\"%ProgramFiles%\Windows Media Player\wmpnetwk.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPCSvc]
"ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPDBusEnum]
"ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WpdUsb]
"ImagePath"="system32\DRIVERS\wpdusb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPFFontCache_v0400]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ws2ifsl]
"ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WSearch]
"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WSearchIdxPi]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv]
"ServiceDll"="%systemroot%\system32\wuaueng.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WudfPf]
"ImagePath"="system32\drivers\WudfPf.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WUDFRd]
"ImagePath"="system32\DRIVERS\WUDFRd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wudfsvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprov]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\yukonwlh]
"ImagePath"="system32\DRIVERS\yk60x86.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{627338BD-5CE9-44C1-B37A-03F7246C7BE5}]
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1772954895-572253709-3323056614-1000\Software\SecuROM\License information*]
"datasecu"=hex:c6,4a,52,07,64,5f,4c,4c,f7,b5,cd,b3,f9,ac,72,f5,a6,f9,68,93,2c,
da,4f,84,38,90,72,25,b9,a2,1a,92,b1,f9,8b,b6,72,a5,5b,90,5a,04,96,13,10,3f,\
"rkeysecu"=hex:eb,ed,25,36,87,f9,a4,0e,3e,55,52,03,a4,93,85,e0
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\cmcm\Clean Master\cmcore.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\AVG\AVG2013\avgfws.exe
c:\program files\AVG\AVG2013\avgwdsvc.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehsched.exe
c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
c:\program files\LogMeIn Ignition\LMIGuardianSvc.exe
c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\conime.exe
c:\program files\AVG\AVG2013\avgui.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\AVG\AVG2013\avgcfgex.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2016-02-18 12:42:56 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-02-18 11:42
ComboFix2.txt 2016-02-17 17:57
ComboFix3.txt 2016-02-15 23:41
.
Před spuštěním: Volných bajtů: 91 268 239 360
Po spuštění: Volných bajtů: 90 910 162 944
.
- - End Of File - - 5DED3BC29C31C9C87256253BBD1D8A26
5C616939100B85E558DA92B899A0FC36
Re: problem CPU na 100 procent
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 14:27:58, on 18.2.2016
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19727)
FIREFOX: 43.0.4 (x86 cs)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Jelena\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [Steam] "D:\Program Files\Steam\steam.exe" -silent
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O15 - Trusted Zone: http://apps.driversupport.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files\Common Files\BattlEye\BEService.exe
O23 - Service: Clean Master Core Service (cmcore) - Kingsoft Corporation - c:\program files\cmcm\Clean Master\cmcore.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Support LogMeIn processes with quality assurance feedback (LMIGuardianSvc) - LogMeIn, Inc. - C:\Program Files\LogMeIn Ignition\LMIGuardianSvc.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 5043 bytes
Scan saved at 14:27:58, on 18.2.2016
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19727)
FIREFOX: 43.0.4 (x86 cs)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Jelena\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [Steam] "D:\Program Files\Steam\steam.exe" -silent
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O15 - Trusted Zone: http://apps.driversupport.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files\Common Files\BattlEye\BEService.exe
O23 - Service: Clean Master Core Service (cmcore) - Kingsoft Corporation - c:\program files\cmcm\Clean Master\cmcore.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Support LogMeIn processes with quality assurance feedback (LMIGuardianSvc) - LogMeIn, Inc. - C:\Program Files\LogMeIn Ignition\LMIGuardianSvc.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 5043 bytes
Re: problem CPU na 100 procent
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-02-18 14:31:34
-----------------------------
14:31:34.825 OS Version: Windows 6.0.6002 Service Pack 2
14:31:34.825 Number of processors: 2 586 0x6B02
14:31:34.825 ComputerName: VIRTUALCZE UserName: Jelena
14:31:36.899 Initialize success
14:31:37.024 VM: initialized successfully
14:31:37.024 VM: Amd CPU virtualization not supported
14:31:42.463 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:31:42.463 Disk 0 Vendor: WDC_WD5000AAJS-22A8B0 01.03B01 Size: 476940MB BusType: 3
14:31:42.572 Disk 0 MBR read successfully
14:31:42.572 Disk 0 MBR scan
14:31:42.588 Disk 0 Windows VISTA default MBR code
14:31:42.603 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15005 MB offset 63
14:31:42.619 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 184754 MB offset 30734336
14:31:42.635 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 277178 MB offset 409110528
14:31:42.666 Disk 0 scanning sectors +976771072
14:31:42.744 Disk 0 scanning C:\Windows\system32\drivers
14:31:47.876 Service scanning
14:31:56.784 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
14:31:59.233 Modules scanning
14:31:59.233 Disk 0 trace - called modules:
14:31:59.249 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85ca61f8]<<
14:31:59.264 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f603c0]
14:31:59.264 3 CLASSPNP.SYS[8bfac8b3] -> nt!IofCallDriver -> [0x85d1be88]
14:31:59.280 5 acpi.sys[8072e6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85d1eb98]
14:31:59.280 \Driver\atapi[0x85d1aaf0] -> IRP_MJ_CREATE -> 0x85ca61f8
14:31:59.295 Disk 0 statistics 67500/0/0 @ 8,04 MB/s
14:31:59.295 Scan finished successfully
14:33:10.681 Disk 0 MBR has been saved successfully to "C:\Users\Jelena\Desktop\MBR.dat"
14:33:10.681 The log file has been saved successfully to "C:\Users\Jelena\Desktop\aswMBR.txt"
Run date: 2016-02-18 14:31:34
-----------------------------
14:31:34.825 OS Version: Windows 6.0.6002 Service Pack 2
14:31:34.825 Number of processors: 2 586 0x6B02
14:31:34.825 ComputerName: VIRTUALCZE UserName: Jelena
14:31:36.899 Initialize success
14:31:37.024 VM: initialized successfully
14:31:37.024 VM: Amd CPU virtualization not supported
14:31:42.463 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:31:42.463 Disk 0 Vendor: WDC_WD5000AAJS-22A8B0 01.03B01 Size: 476940MB BusType: 3
14:31:42.572 Disk 0 MBR read successfully
14:31:42.572 Disk 0 MBR scan
14:31:42.588 Disk 0 Windows VISTA default MBR code
14:31:42.603 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15005 MB offset 63
14:31:42.619 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 184754 MB offset 30734336
14:31:42.635 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 277178 MB offset 409110528
14:31:42.666 Disk 0 scanning sectors +976771072
14:31:42.744 Disk 0 scanning C:\Windows\system32\drivers
14:31:47.876 Service scanning
14:31:56.784 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
14:31:59.233 Modules scanning
14:31:59.233 Disk 0 trace - called modules:
14:31:59.249 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85ca61f8]<<
14:31:59.264 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f603c0]
14:31:59.264 3 CLASSPNP.SYS[8bfac8b3] -> nt!IofCallDriver -> [0x85d1be88]
14:31:59.280 5 acpi.sys[8072e6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85d1eb98]
14:31:59.280 \Driver\atapi[0x85d1aaf0] -> IRP_MJ_CREATE -> 0x85ca61f8
14:31:59.295 Disk 0 statistics 67500/0/0 @ 8,04 MB/s
14:31:59.295 Scan finished successfully
14:33:10.681 Disk 0 MBR has been saved successfully to "C:\Users\Jelena\Desktop\MBR.dat"
14:33:10.681 The log file has been saved successfully to "C:\Users\Jelena\Desktop\aswMBR.txt"
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43060
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: problem CPU na 100 procent
Odinstaluj:
McAfee Security Scan
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
McAfee Security Scan
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Kód: Vybrat vše
FixCSet::
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: problem CPU na 100 procent
ComboFix 16-02-15.01 - Jelena 19.02.2016 4:20.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3582.2666 [GMT 1:00]
Spuštěný z: c:\users\Jelena\Documents\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jelena\Desktop\CFScript.txt
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
FW: AVG update module *Disabled* {757AB44A-78C2-7D1A-E37F-CA42A037B368}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: AVG update module *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-01-19 do 2016-02-19 )))))))))))))))))))))))))))))))
.
.
2016-02-19 03:29 . 2016-02-19 03:29 -------- d-----w- c:\users\Jelena\AppData\Local\temp
2016-02-19 03:29 . 2016-02-19 03:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-02-17 17:41 . 2016-02-17 17:41 -------- d-----w- c:\programdata\Kingsoft
2016-02-17 17:29 . 2016-02-17 17:09 24064 ----a-w- c:\windows\zoek-delete.exe
2016-02-17 17:09 . 2016-02-17 17:28 -------- d-----w- C:\zoek_backup
2016-02-17 13:43 . 2016-02-17 14:08 -------- d-----w- c:\users\Jelena\AppData\Local\ArmA 2 OA
2016-02-16 20:26 . 2016-02-17 11:57 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-02-16 20:25 . 2016-02-16 20:25 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-02-16 20:25 . 2016-02-16 20:25 -------- d-----w- c:\programdata\Malwarebytes
2016-02-16 20:25 . 2015-10-05 08:50 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-02-16 20:25 . 2015-10-05 08:50 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-02-16 20:25 . 2015-10-05 08:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-02-16 19:49 . 2016-02-17 16:39 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-02-16 19:49 . 2016-02-16 20:04 -------- d-----w- c:\programdata\RogueKiller
2016-02-15 23:18 . 2016-02-15 23:25 -------- d-----w- C:\AdwCleaner
2016-02-15 23:06 . 2016-02-15 23:10 -------- d-----w- c:\windows\system32\catroot2
2016-02-15 22:54 . 2016-02-19 03:09 -------- d-----w- c:\windows\system32\wbem\repository
2016-02-15 22:35 . 2016-02-15 22:35 -------- d-----w- C:\RegBackup
2016-02-15 22:35 . 2016-02-15 22:35 -------- d-----w- c:\program files\Tweaking.com
2016-02-12 14:31 . 2016-02-13 13:09 -------- d-----w- c:\program files\Steam
2016-02-10 14:12 . 2014-09-17 04:49 28448 ----a-w- c:\windows\system32\nvhdap32.dll
2016-02-10 14:12 . 2014-09-17 04:49 162592 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2016-02-05 15:56 . 2016-02-05 15:56 -------- d-----w- c:\users\Jelena\AppData\Local\Skype
2016-02-05 15:56 . 2016-02-05 15:56 -------- d-----w- c:\program files\Common Files\Skype
2016-02-05 15:56 . 2016-02-05 15:56 -------- d-----r- c:\program files\Skype
2016-02-04 18:31 . 2016-02-04 18:31 -------- d-----w- c:\programdata\boost_interprocess
2016-02-02 19:36 . 2016-01-23 03:45 925752 ----a-w- c:\windows\system32\nvdispgenco3236175.dll
2016-02-02 19:36 . 2016-01-23 03:45 1066944 ----a-w- c:\windows\system32\nvdispco3236175.dll
2016-01-31 19:34 . 2016-02-15 19:40 -------- d-----w- c:\users\Jelena\AppData\Roaming\TS3Client
2016-01-31 19:34 . 2016-02-01 14:42 -------- d-----w- c:\program files\TeamSpeak 3 Client
2016-01-31 19:30 . 2016-02-13 07:54 -------- d-----w- c:\users\Jelena\AppData\Roaming\Skype
2016-01-31 19:21 . 2016-01-31 19:21 -------- d-----w- c:\users\Jelena\AppData\Roaming\teamspeak2
2016-01-30 23:04 . 2016-02-17 13:43 -------- d-----w- c:\program files\Common Files\BattlEye
2016-01-30 21:39 . 2016-01-30 21:39 -------- d-----w- c:\users\Jelena\AppData\Local\DayZCommander
2016-01-30 21:35 . 2016-01-30 21:35 -------- d-----w- c:\program files\Dotjosh Studios
2016-01-30 18:06 . 2016-01-30 18:06 -------- d-----w- c:\programdata\Bohemia Interactive Studio
2016-01-30 12:55 . 2016-01-30 12:55 -------- d-----w- c:\users\Jelena\AppData\Roaming\Guild Wars 2
2016-01-24 06:01 . 2016-01-24 06:01 -------- d-----w- c:\program files\Slimi
2016-01-20 16:31 . 2016-01-20 16:31 -------- d-----w- c:\program files\Common Files\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-01-23 01:00 . 2016-01-06 11:34 83512 ----a-w- c:\windows\system32\nv3dappshextr.dll
2016-01-23 01:00 . 2016-01-06 11:34 436160 ----a-w- c:\windows\system32\nv3dappshext.dll
2016-01-23 01:00 . 2016-01-06 11:34 2563128 ----a-w- c:\windows\system32\nvsvcr.dll
2016-01-19 00:27 . 2016-01-19 00:27 47360 ----a-w- c:\users\Jelena\AppData\Roaming\pcouffin.sys
2016-01-18 17:46 . 2016-01-18 17:46 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2016-01-18 06:12 . 2016-01-18 06:12 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2016-01-18 06:12 . 2010-02-17 15:42 138576 ----a-w- c:\users\Jelena\AppData\Roaming\PnkBstrK.sys
2016-01-18 06:12 . 2016-01-18 06:12 291496 ----a-w- c:\windows\system32\PnkBstrB.exe
2016-01-18 06:12 . 2010-02-17 15:42 291496 ----a-w- c:\windows\system32\PnkBstrB.ex0
2016-01-18 06:12 . 2016-01-18 06:12 76152 ----a-w- c:\windows\system32\PnkBstrA.exe
2016-01-16 03:11 . 2010-02-17 15:42 912744 ----a-w- c:\windows\system32\pbsvc.exe
2016-01-16 02:30 . 2016-01-15 02:01 291512 ----a-w- c:\windows\system32\PnkBstrB.xtr
2016-01-16 02:17 . 2015-12-19 13:59 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2016-01-16 02:17 . 2015-12-19 13:59 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2015-12-30 17:12 . 2016-01-14 02:02 3609024 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-12-30 17:12 . 2016-01-14 02:02 3556800 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-12-21 22:49 . 2015-12-21 22:49 81768 ----a-w- c:\windows\system32\drivers\ksapi.sys
2015-12-21 22:49 . 2015-12-21 22:49 56680 ----a-w- c:\windows\system32\drivers\ksapi64.sys
2015-12-21 16:01 . 2016-01-02 08:35 43568 ----a-w- c:\windows\system32\drivers\tap0901t.sys
2015-12-20 04:41 . 2015-12-20 04:41 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F6E0D374-B70D-470F-AAC1-DF9298335219}\offreg.5920.dll
2015-12-18 22:17 . 2009-12-06 12:28 319456 ----a-w- c:\windows\DIFxAPI.dll
2015-12-18 21:05 . 2015-12-18 21:05 17472 ----a-w- c:\windows\system32\drivers\GUBootStartup.sys
2015-12-16 22:00 . 2016-01-13 05:46 916992 ----a-w- c:\windows\system32\wininet.dll
2015-12-16 22:00 . 2016-01-13 05:46 423936 ----a-w- c:\windows\system32\vbscript.dll
2015-12-16 21:54 . 2016-01-13 05:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
2015-12-16 21:54 . 2016-01-13 05:46 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2015-12-16 21:54 . 2016-01-13 05:46 109056 ----a-w- c:\windows\system32\iesysprep.dll
2015-12-16 21:54 . 2016-01-13 05:46 71680 ----a-w- c:\windows\system32\iesetup.dll
2015-12-16 21:51 . 2016-01-13 05:46 19456 ----a-w- c:\windows\system32\corpol.dll
2015-12-16 19:06 . 2016-01-13 05:46 385024 ----a-w- c:\windows\system32\html.iec
2015-12-16 17:20 . 2016-01-13 05:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2015-12-16 17:18 . 2016-01-13 05:46 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2015-12-16 17:04 . 2016-01-06 11:29 917112 ----a-w- c:\windows\system32\nvdispgenco3236143.dll
2015-12-16 17:04 . 2016-01-06 11:29 1060144 ----a-w- c:\windows\system32\nvdispco3236143.dll
2015-12-16 09:15 . 2015-12-19 05:50 9014120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F6E0D374-B70D-470F-AAC1-DF9298335219}\mpengine.dll
2015-12-09 18:58 . 2015-12-09 18:58 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2015-12-08 17:01 . 2016-01-14 02:03 801280 ----a-w- c:\windows\system32\advapi32.dll
2015-12-07 05:27 . 2015-12-18 22:53 22440 ----a-w- c:\windows\system32\RegBootDefrag.exe
2015-12-05 17:03 . 2016-01-14 02:06 767488 ----a-w- c:\windows\system32\WMVSENCD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 650240 ----a-w- c:\windows\system32\WMVXENCD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 1377792 ----a-w- c:\windows\system32\WMVSDECD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 605184 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 1567744 ----a-w- c:\windows\system32\WMVENCOD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 1326080 ----a-w- c:\windows\system32\WMSPDMOE.DLL
2015-12-05 17:03 . 2016-01-14 02:06 867328 ----a-w- c:\windows\system32\wmpmde.dll
2015-12-05 17:03 . 2016-01-14 02:06 759296 ----a-w- c:\windows\system32\WMADMOD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 1114624 ----a-w- c:\windows\system32\WMADMOE.DLL
2015-12-05 17:03 . 2016-01-14 02:06 243200 ----a-w- c:\windows\system32\VIDRESZR.DLL
2015-12-05 17:03 . 2016-01-14 02:06 212992 ----a-w- c:\windows\system32\RESAMPLEDMO.DLL
2015-12-05 17:03 . 2016-01-14 02:06 208896 ----a-w- c:\windows\system32\qasf.dll
2015-12-05 17:03 . 2016-01-14 02:06 497152 ----a-w- c:\windows\system32\qdvd.dll
2015-12-05 17:03 . 2016-01-14 02:06 1314816 ----a-w- c:\windows\system32\quartz.dll
2015-12-05 17:03 . 2016-01-14 02:06 506880 ----a-w- c:\windows\system32\qedit.dll
2015-12-05 17:03 . 2016-01-14 02:06 2873344 ----a-w- c:\windows\system32\mf.dll
2015-12-05 17:02 . 2016-01-14 02:06 613888 ----a-w- c:\windows\system32\MSMPEG2VDEC.DLL
2015-12-05 17:02 . 2016-01-14 02:06 506880 ----a-w- c:\windows\system32\MSMPEG2ENC.DLL
2015-12-05 17:02 . 2016-01-14 02:06 391680 ----a-w- c:\windows\system32\MSMPEG2ADEC.DLL
2015-12-05 17:02 . 2016-01-14 02:06 80896 ----a-w- c:\windows\system32\MP3DMOD.DLL
2015-12-05 17:02 . 2016-01-14 02:06 254976 ----a-w- c:\windows\system32\MPG4DECD.DLL
2015-12-05 17:02 . 2016-01-14 02:06 254976 ----a-w- c:\windows\system32\MP43DECD.DLL
2015-12-05 17:02 . 2016-01-14 02:06 314880 ----a-w- c:\windows\system32\MP4SDECD.DLL
2015-12-05 17:02 . 2016-01-14 02:06 606208 ----a-w- c:\windows\system32\MFWMAAEC.DLL
2015-12-05 17:02 . 2016-01-14 02:06 209920 ----a-w- c:\windows\system32\mfplat.dll
2015-12-05 17:02 . 2016-01-14 02:06 59392 ----a-w- c:\windows\system32\mfvdsp.dll
2015-12-05 17:02 . 2016-01-14 02:06 853504 ----a-w- c:\windows\system32\mcmde.dll
2015-12-05 17:02 . 2016-01-14 02:06 144384 ----a-w- c:\windows\system32\ksproxy.ax
2015-12-05 17:02 . 2016-01-14 02:02 298496 ----a-w- c:\windows\system32\gdi32.dll
2015-12-05 17:02 . 2016-01-14 02:06 480256 ----a-w- c:\windows\system32\evr.dll
2015-12-05 17:02 . 2016-01-14 02:06 64000 ----a-w- c:\windows\system32\devenum.dll
2015-12-05 17:02 . 2016-01-14 02:06 158208 ----a-w- c:\windows\system32\COLORCNV.DLL
2015-12-05 16:44 . 2016-01-14 02:06 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2015-12-05 15:24 . 2016-01-14 02:03 2068480 ----a-w- c:\windows\system32\win32k.sys
2015-12-02 12:25 . 2009-12-06 12:02 247976 ----a-w- c:\windows\system32\MpSigStub.exe
2015-11-24 23:32 . 2015-11-24 23:32 32672 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\program files\Steam\steam.exe" [2016-02-04 3014224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2015-12-15 4431848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GIGABYTE OC_GURU.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk
backup=c:\windows\pss\GIGABYTE OC_GURU.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 11:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmsc]
2015-12-21 23:08 771912 ----a-w- c:\program files\cmcm\Clean Master\cmtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUDelayStartup]
2015-12-07 05:27 36776 ----a-w- c:\program files\Glary Utilities 5\StartupManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
2016-01-12 04:43 2787264 ----a-w- c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
2014-05-09 16:11 12021464 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 13:18 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-10 22:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1772954895-572253709-3323056614-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-02-11 01:32 1090376 ----a-w- c:\program files\Google\Chrome\Application\48.0.2564.109\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-02-19 c:\windows\Tasks\User_Feed_Synchronization-{452712CC-A02B-430F-B812-C168DCA0292E}.job
- c:\windows\system32\msfeedssync.exe [2016-01-13 17:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: driversupport.com\apps
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\sdavcp3j.default\
FF - prefs.js: browser.startup.homepage - about:home
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-02-19 04:29
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1772954895-572253709-3323056614-1000\Software\SecuROM\License information*]
"datasecu"=hex:c6,4a,52,07,64,5f,4c,4c,f7,b5,cd,b3,f9,ac,72,f5,a6,f9,68,93,2c,
da,4f,84,38,90,72,25,b9,a2,1a,92,b1,f9,8b,b6,72,a5,5b,90,5a,04,96,13,10,3f,\
"rkeysecu"=hex:eb,ed,25,36,87,f9,a4,0e,3e,55,52,03,a4,93,85,e0
.
Celkový čas: 2016-02-19 04:30:26
ComboFix-quarantined-files.txt 2016-02-19 03:30
ComboFix2.txt 2016-02-18 11:42
ComboFix3.txt 2016-02-17 17:57
ComboFix4.txt 2016-02-15 23:41
.
Před spuštěním: Volných bajtů: 90 585 870 336
Po spuštění: Volných bajtů: 89 871 650 816
.
- - End Of File - - 8CDF0A5A285AD65DB901E53EF29B0427
5C616939100B85E558DA92B899A0FC36
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3582.2666 [GMT 1:00]
Spuštěný z: c:\users\Jelena\Documents\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jelena\Desktop\CFScript.txt
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
FW: AVG update module *Disabled* {757AB44A-78C2-7D1A-E37F-CA42A037B368}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: AVG update module *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-01-19 do 2016-02-19 )))))))))))))))))))))))))))))))
.
.
2016-02-19 03:29 . 2016-02-19 03:29 -------- d-----w- c:\users\Jelena\AppData\Local\temp
2016-02-19 03:29 . 2016-02-19 03:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-02-17 17:41 . 2016-02-17 17:41 -------- d-----w- c:\programdata\Kingsoft
2016-02-17 17:29 . 2016-02-17 17:09 24064 ----a-w- c:\windows\zoek-delete.exe
2016-02-17 17:09 . 2016-02-17 17:28 -------- d-----w- C:\zoek_backup
2016-02-17 13:43 . 2016-02-17 14:08 -------- d-----w- c:\users\Jelena\AppData\Local\ArmA 2 OA
2016-02-16 20:26 . 2016-02-17 11:57 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-02-16 20:25 . 2016-02-16 20:25 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-02-16 20:25 . 2016-02-16 20:25 -------- d-----w- c:\programdata\Malwarebytes
2016-02-16 20:25 . 2015-10-05 08:50 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-02-16 20:25 . 2015-10-05 08:50 94936 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-02-16 20:25 . 2015-10-05 08:50 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-02-16 19:49 . 2016-02-17 16:39 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-02-16 19:49 . 2016-02-16 20:04 -------- d-----w- c:\programdata\RogueKiller
2016-02-15 23:18 . 2016-02-15 23:25 -------- d-----w- C:\AdwCleaner
2016-02-15 23:06 . 2016-02-15 23:10 -------- d-----w- c:\windows\system32\catroot2
2016-02-15 22:54 . 2016-02-19 03:09 -------- d-----w- c:\windows\system32\wbem\repository
2016-02-15 22:35 . 2016-02-15 22:35 -------- d-----w- C:\RegBackup
2016-02-15 22:35 . 2016-02-15 22:35 -------- d-----w- c:\program files\Tweaking.com
2016-02-12 14:31 . 2016-02-13 13:09 -------- d-----w- c:\program files\Steam
2016-02-10 14:12 . 2014-09-17 04:49 28448 ----a-w- c:\windows\system32\nvhdap32.dll
2016-02-10 14:12 . 2014-09-17 04:49 162592 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2016-02-05 15:56 . 2016-02-05 15:56 -------- d-----w- c:\users\Jelena\AppData\Local\Skype
2016-02-05 15:56 . 2016-02-05 15:56 -------- d-----w- c:\program files\Common Files\Skype
2016-02-05 15:56 . 2016-02-05 15:56 -------- d-----r- c:\program files\Skype
2016-02-04 18:31 . 2016-02-04 18:31 -------- d-----w- c:\programdata\boost_interprocess
2016-02-02 19:36 . 2016-01-23 03:45 925752 ----a-w- c:\windows\system32\nvdispgenco3236175.dll
2016-02-02 19:36 . 2016-01-23 03:45 1066944 ----a-w- c:\windows\system32\nvdispco3236175.dll
2016-01-31 19:34 . 2016-02-15 19:40 -------- d-----w- c:\users\Jelena\AppData\Roaming\TS3Client
2016-01-31 19:34 . 2016-02-01 14:42 -------- d-----w- c:\program files\TeamSpeak 3 Client
2016-01-31 19:30 . 2016-02-13 07:54 -------- d-----w- c:\users\Jelena\AppData\Roaming\Skype
2016-01-31 19:21 . 2016-01-31 19:21 -------- d-----w- c:\users\Jelena\AppData\Roaming\teamspeak2
2016-01-30 23:04 . 2016-02-17 13:43 -------- d-----w- c:\program files\Common Files\BattlEye
2016-01-30 21:39 . 2016-01-30 21:39 -------- d-----w- c:\users\Jelena\AppData\Local\DayZCommander
2016-01-30 21:35 . 2016-01-30 21:35 -------- d-----w- c:\program files\Dotjosh Studios
2016-01-30 18:06 . 2016-01-30 18:06 -------- d-----w- c:\programdata\Bohemia Interactive Studio
2016-01-30 12:55 . 2016-01-30 12:55 -------- d-----w- c:\users\Jelena\AppData\Roaming\Guild Wars 2
2016-01-24 06:01 . 2016-01-24 06:01 -------- d-----w- c:\program files\Slimi
2016-01-20 16:31 . 2016-01-20 16:31 -------- d-----w- c:\program files\Common Files\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-01-23 01:00 . 2016-01-06 11:34 83512 ----a-w- c:\windows\system32\nv3dappshextr.dll
2016-01-23 01:00 . 2016-01-06 11:34 436160 ----a-w- c:\windows\system32\nv3dappshext.dll
2016-01-23 01:00 . 2016-01-06 11:34 2563128 ----a-w- c:\windows\system32\nvsvcr.dll
2016-01-19 00:27 . 2016-01-19 00:27 47360 ----a-w- c:\users\Jelena\AppData\Roaming\pcouffin.sys
2016-01-18 17:46 . 2016-01-18 17:46 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2016-01-18 06:12 . 2016-01-18 06:12 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2016-01-18 06:12 . 2010-02-17 15:42 138576 ----a-w- c:\users\Jelena\AppData\Roaming\PnkBstrK.sys
2016-01-18 06:12 . 2016-01-18 06:12 291496 ----a-w- c:\windows\system32\PnkBstrB.exe
2016-01-18 06:12 . 2010-02-17 15:42 291496 ----a-w- c:\windows\system32\PnkBstrB.ex0
2016-01-18 06:12 . 2016-01-18 06:12 76152 ----a-w- c:\windows\system32\PnkBstrA.exe
2016-01-16 03:11 . 2010-02-17 15:42 912744 ----a-w- c:\windows\system32\pbsvc.exe
2016-01-16 02:30 . 2016-01-15 02:01 291512 ----a-w- c:\windows\system32\PnkBstrB.xtr
2016-01-16 02:17 . 2015-12-19 13:59 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2016-01-16 02:17 . 2015-12-19 13:59 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2015-12-30 17:12 . 2016-01-14 02:02 3609024 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-12-30 17:12 . 2016-01-14 02:02 3556800 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-12-21 22:49 . 2015-12-21 22:49 81768 ----a-w- c:\windows\system32\drivers\ksapi.sys
2015-12-21 22:49 . 2015-12-21 22:49 56680 ----a-w- c:\windows\system32\drivers\ksapi64.sys
2015-12-21 16:01 . 2016-01-02 08:35 43568 ----a-w- c:\windows\system32\drivers\tap0901t.sys
2015-12-20 04:41 . 2015-12-20 04:41 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F6E0D374-B70D-470F-AAC1-DF9298335219}\offreg.5920.dll
2015-12-18 22:17 . 2009-12-06 12:28 319456 ----a-w- c:\windows\DIFxAPI.dll
2015-12-18 21:05 . 2015-12-18 21:05 17472 ----a-w- c:\windows\system32\drivers\GUBootStartup.sys
2015-12-16 22:00 . 2016-01-13 05:46 916992 ----a-w- c:\windows\system32\wininet.dll
2015-12-16 22:00 . 2016-01-13 05:46 423936 ----a-w- c:\windows\system32\vbscript.dll
2015-12-16 21:54 . 2016-01-13 05:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
2015-12-16 21:54 . 2016-01-13 05:46 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2015-12-16 21:54 . 2016-01-13 05:46 109056 ----a-w- c:\windows\system32\iesysprep.dll
2015-12-16 21:54 . 2016-01-13 05:46 71680 ----a-w- c:\windows\system32\iesetup.dll
2015-12-16 21:51 . 2016-01-13 05:46 19456 ----a-w- c:\windows\system32\corpol.dll
2015-12-16 19:06 . 2016-01-13 05:46 385024 ----a-w- c:\windows\system32\html.iec
2015-12-16 17:20 . 2016-01-13 05:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2015-12-16 17:18 . 2016-01-13 05:46 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2015-12-16 17:04 . 2016-01-06 11:29 917112 ----a-w- c:\windows\system32\nvdispgenco3236143.dll
2015-12-16 17:04 . 2016-01-06 11:29 1060144 ----a-w- c:\windows\system32\nvdispco3236143.dll
2015-12-16 09:15 . 2015-12-19 05:50 9014120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F6E0D374-B70D-470F-AAC1-DF9298335219}\mpengine.dll
2015-12-09 18:58 . 2015-12-09 18:58 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2015-12-08 17:01 . 2016-01-14 02:03 801280 ----a-w- c:\windows\system32\advapi32.dll
2015-12-07 05:27 . 2015-12-18 22:53 22440 ----a-w- c:\windows\system32\RegBootDefrag.exe
2015-12-05 17:03 . 2016-01-14 02:06 767488 ----a-w- c:\windows\system32\WMVSENCD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 650240 ----a-w- c:\windows\system32\WMVXENCD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 1377792 ----a-w- c:\windows\system32\WMVSDECD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 605184 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 1567744 ----a-w- c:\windows\system32\WMVENCOD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 1326080 ----a-w- c:\windows\system32\WMSPDMOE.DLL
2015-12-05 17:03 . 2016-01-14 02:06 867328 ----a-w- c:\windows\system32\wmpmde.dll
2015-12-05 17:03 . 2016-01-14 02:06 759296 ----a-w- c:\windows\system32\WMADMOD.DLL
2015-12-05 17:03 . 2016-01-14 02:06 1114624 ----a-w- c:\windows\system32\WMADMOE.DLL
2015-12-05 17:03 . 2016-01-14 02:06 243200 ----a-w- c:\windows\system32\VIDRESZR.DLL
2015-12-05 17:03 . 2016-01-14 02:06 212992 ----a-w- c:\windows\system32\RESAMPLEDMO.DLL
2015-12-05 17:03 . 2016-01-14 02:06 208896 ----a-w- c:\windows\system32\qasf.dll
2015-12-05 17:03 . 2016-01-14 02:06 497152 ----a-w- c:\windows\system32\qdvd.dll
2015-12-05 17:03 . 2016-01-14 02:06 1314816 ----a-w- c:\windows\system32\quartz.dll
2015-12-05 17:03 . 2016-01-14 02:06 506880 ----a-w- c:\windows\system32\qedit.dll
2015-12-05 17:03 . 2016-01-14 02:06 2873344 ----a-w- c:\windows\system32\mf.dll
2015-12-05 17:02 . 2016-01-14 02:06 613888 ----a-w- c:\windows\system32\MSMPEG2VDEC.DLL
2015-12-05 17:02 . 2016-01-14 02:06 506880 ----a-w- c:\windows\system32\MSMPEG2ENC.DLL
2015-12-05 17:02 . 2016-01-14 02:06 391680 ----a-w- c:\windows\system32\MSMPEG2ADEC.DLL
2015-12-05 17:02 . 2016-01-14 02:06 80896 ----a-w- c:\windows\system32\MP3DMOD.DLL
2015-12-05 17:02 . 2016-01-14 02:06 254976 ----a-w- c:\windows\system32\MPG4DECD.DLL
2015-12-05 17:02 . 2016-01-14 02:06 254976 ----a-w- c:\windows\system32\MP43DECD.DLL
2015-12-05 17:02 . 2016-01-14 02:06 314880 ----a-w- c:\windows\system32\MP4SDECD.DLL
2015-12-05 17:02 . 2016-01-14 02:06 606208 ----a-w- c:\windows\system32\MFWMAAEC.DLL
2015-12-05 17:02 . 2016-01-14 02:06 209920 ----a-w- c:\windows\system32\mfplat.dll
2015-12-05 17:02 . 2016-01-14 02:06 59392 ----a-w- c:\windows\system32\mfvdsp.dll
2015-12-05 17:02 . 2016-01-14 02:06 853504 ----a-w- c:\windows\system32\mcmde.dll
2015-12-05 17:02 . 2016-01-14 02:06 144384 ----a-w- c:\windows\system32\ksproxy.ax
2015-12-05 17:02 . 2016-01-14 02:02 298496 ----a-w- c:\windows\system32\gdi32.dll
2015-12-05 17:02 . 2016-01-14 02:06 480256 ----a-w- c:\windows\system32\evr.dll
2015-12-05 17:02 . 2016-01-14 02:06 64000 ----a-w- c:\windows\system32\devenum.dll
2015-12-05 17:02 . 2016-01-14 02:06 158208 ----a-w- c:\windows\system32\COLORCNV.DLL
2015-12-05 16:44 . 2016-01-14 02:06 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2015-12-05 15:24 . 2016-01-14 02:03 2068480 ----a-w- c:\windows\system32\win32k.sys
2015-12-02 12:25 . 2009-12-06 12:02 247976 ----a-w- c:\windows\system32\MpSigStub.exe
2015-11-24 23:32 . 2015-11-24 23:32 32672 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\program files\Steam\steam.exe" [2016-02-04 3014224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2015-12-15 4431848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GIGABYTE OC_GURU.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk
backup=c:\windows\pss\GIGABYTE OC_GURU.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 11:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmsc]
2015-12-21 23:08 771912 ----a-w- c:\program files\cmcm\Clean Master\cmtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUDelayStartup]
2015-12-07 05:27 36776 ----a-w- c:\program files\Glary Utilities 5\StartupManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
2016-01-12 04:43 2787264 ----a-w- c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
2014-05-09 16:11 12021464 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 13:18 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-10 22:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1772954895-572253709-3323056614-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-02-11 01:32 1090376 ----a-w- c:\program files\Google\Chrome\Application\48.0.2564.109\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-02-19 c:\windows\Tasks\User_Feed_Synchronization-{452712CC-A02B-430F-B812-C168DCA0292E}.job
- c:\windows\system32\msfeedssync.exe [2016-01-13 17:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: driversupport.com\apps
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Jelena\AppData\Roaming\Mozilla\Firefox\Profiles\sdavcp3j.default\
FF - prefs.js: browser.startup.homepage - about:home
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-02-19 04:29
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1772954895-572253709-3323056614-1000\Software\SecuROM\License information*]
"datasecu"=hex:c6,4a,52,07,64,5f,4c,4c,f7,b5,cd,b3,f9,ac,72,f5,a6,f9,68,93,2c,
da,4f,84,38,90,72,25,b9,a2,1a,92,b1,f9,8b,b6,72,a5,5b,90,5a,04,96,13,10,3f,\
"rkeysecu"=hex:eb,ed,25,36,87,f9,a4,0e,3e,55,52,03,a4,93,85,e0
.
Celkový čas: 2016-02-19 04:30:26
ComboFix-quarantined-files.txt 2016-02-19 03:30
ComboFix2.txt 2016-02-18 11:42
ComboFix3.txt 2016-02-17 17:57
ComboFix4.txt 2016-02-15 23:41
.
Před spuštěním: Volných bajtů: 90 585 870 336
Po spuštění: Volných bajtů: 89 871 650 816
.
- - End Of File - - 8CDF0A5A285AD65DB901E53EF29B0427
5C616939100B85E558DA92B899A0FC36
Re: problem CPU na 100 procent
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 4:40:28, on 19.2.2016
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19727)
FIREFOX: 43.0.4 (x86 cs)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Users\Jelena\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [Steam] "D:\Program Files\Steam\steam.exe" -silent
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O15 - Trusted Zone: http://apps.driversupport.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files\Common Files\BattlEye\BEService.exe
O23 - Service: Clean Master Core Service (cmcore) - Kingsoft Corporation - c:\program files\cmcm\Clean Master\cmcore.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Support LogMeIn processes with quality assurance feedback (LMIGuardianSvc) - LogMeIn, Inc. - C:\Program Files\LogMeIn Ignition\LMIGuardianSvc.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 4945 bytes
Scan saved at 4:40:28, on 19.2.2016
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19727)
FIREFOX: 43.0.4 (x86 cs)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Users\Jelena\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [Steam] "D:\Program Files\Steam\steam.exe" -silent
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O15 - Trusted Zone: http://apps.driversupport.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files\Common Files\BattlEye\BEService.exe
O23 - Service: Clean Master Core Service (cmcore) - Kingsoft Corporation - c:\program files\cmcm\Clean Master\cmcore.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Support LogMeIn processes with quality assurance feedback (LMIGuardianSvc) - LogMeIn, Inc. - C:\Program Files\LogMeIn Ignition\LMIGuardianSvc.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 4945 bytes
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43060
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: problem CPU na 100 procent
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
Vyčisti systém CCleanerem
Stáhni si OTC
na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.
Co problémy?
Start-Spustit a zadej ComboFix /Uninstall
Vyčisti systém CCleanerem
Stáhni si OTC
na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.
Co problémy?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 4 hosti