Nefunguje Windows update Vyřešeno

[profic]

viz: http://www.pc-help.cz/viewtopic.php?f=46&t=89235&p=681624#p6
Ještě dodám MBAM nenalezl žádné hrozby

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:49:03, on 14.8.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files (x86)\Common Files\Manažer instalací SolidWorks\BackgroundDownloading\sldBgDwld.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
O4 - HKLM\..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
O4 - HKLM\..\Run: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Bonus.SSR.FR11] "C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - Startup: Jádro Plánovače úloh SolidWorks.lnk = C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\swBOEngine.exe
O4 - Global Startup: SolidWorks Nástroj pro stahování na pozadí.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{997BD4E3-3846-494B-BA86-11953D80B980}: NameServer = 192.168.1.3,192.168.1.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: ABBYY FineReader 11 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.11.0) - ABBYY - C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systemes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
O23 - Service: DEBridge - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\Windows\SysWOW64\flcdlock.exe
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SolidWorks Workgroup PDM Server (PDMWorks Workgroup Server) - Dassault Systemes SolidWorks Corp. - C:\Program Files (x86)\PDMWorks Workgroup\Vault\pdmwService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Remote Solver for Flow Simulation 2011 - Mentor Graphics Corporation - C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15117 bytes

[Reklama]

[Žbeky]

Odinstaluj DAEMON Tools Toolbar

Fixni:

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

[profic]

HiJackThis
MBAM byl ještě včera odinstalován

Uvedené položky nebyly nalezeny, předpokládám, že z výše uvdených důvodů
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

TDSSKiller

Log je přiloženým souborem (max velikost zprávy 60000 znaků)

ComboFix
ComboFix 12-08-14.05 - mtrnka 15.08.2012 8:08.1.8 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.8151.6228 [GMT 2:00]
Spuštěný z: c:\users\mtrnka\Desktop\ComboFix.exe
AV: AVG Anti-Virus 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\xp-AntiSpy
c:\program files (x86)\xp-AntiSpy\Uninstall.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.chm
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.url
c:\programdata\4565DFD9A4.sys
c:\users\mtrnka\AppData\Local\Microsoft\Windows\Temporary Internet Files\hardcopy.log
c:\users\mtrnka\AppData\Local\Microsoft\Windows\Temporary Internet Files\plot.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-15 do 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-08-15 06:12 . 2012-08-15 06:12 -------- d-----w- c:\users\uzivatel\AppData\Local\temp
2012-08-15 05:58 . 2012-08-15 05:58 -------- d-----w- c:\users\mtrnka\AppData\Local\AVG Secure Search
2012-08-15 05:57 . 2012-08-15 05:57 -------- d-----w- c:\users\mtrnka\AppData\Local\ATI
2012-08-14 12:55 . 2012-08-14 12:55 -------- d-----w- c:\programdata\Nokia
2012-08-14 08:42 . 2012-08-14 08:42 388096 ----a-r- c:\users\mtrnka\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-14 08:42 . 2012-08-14 08:42 -------- d-----w- c:\program files (x86)\Trend Micro
2012-08-14 08:17 . 2012-08-14 08:17 -------- d-----w- c:\users\mtrnka\AppData\Roaming\Malwarebytes
2012-08-14 08:16 . 2012-08-14 08:16 -------- d-----w- c:\programdata\Malwarebytes
2012-08-14 08:03 . 2012-08-14 08:03 -------- d-----w- C:\inetpub
2012-08-14 07:50 . 2012-08-14 07:50 -------- d-----w- c:\users\mtrnka\AppData\Local\Supremus Corporation
2012-08-14 07:50 . 2012-08-14 07:50 -------- d-----w- c:\program files\Windows Updates Downloader
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-15 05:30 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-08-15 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2010-02-11 710656]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-09 2068992]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-12-12 11265536]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-01-17 2339168]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-08-29 343168]
"Bonus.SSR.FR11"="c:\program files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" [2011-08-18 925960]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-08-15 1107552]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\mtrnka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Jádro Plánovače úloh SolidWorks.lnk - c:\program files\SolidWorks Corp\SolidWorks\swScheduler\swBOEngine.exe [2012-1-20 968264]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SolidWorks Nástroj pro stahování na pozadí.lnk - c:\program files (x86)\Common Files\Manažer instalací SolidWorks\BackgroundDownloading\sldBgDwld.exe [2012-7-2 1855080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-12-07 19:36 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-04 136176]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2012-01-20 89160]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2009-10-21 40760]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2009-12-07 362040]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-02-21 1431888]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-04 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 OxPPort;OxPPort;c:\windows\system32\DRIVERS\OxPPort.sys [2008-07-31 98304]
R3 Remote Solver for Flow Simulation 2011;Remote Solver for Flow Simulation 2011;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2011-01-17 110344]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-04 1255736]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 26704]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2011-03-16 37456]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2011-01-07 304720]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-03-01 41552]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2011-04-04 377936]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-03-04 254528]
S1 RsvLock;RsvLock; [x]
S2 ABBYY.Licensing.FineReader.Professional.11.0;ABBYY FineReader 11 PE Licensing Service;c:\program files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [2011-08-18 819976]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-08-29 204288]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-01-12 36864]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-08-21 92216]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-02 281192]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-12-12 297984]
S2 PDMWorks Workgroup Server;SolidWorks Workgroup PDM Server;c:\program files (x86)\PDMWorks Workgroup\Vault\pdmwService.exe [2012-06-08 3308032]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-08-15 935008]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-08-29 9978880]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-08-29 309248]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-27 118864]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 29264]
S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-02-02 704512]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-20 349800]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-04 09:09]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-04 09:09]
.
2012-08-14 c:\windows\Tasks\HPCeeScheduleForHP_PRO3130_001$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-08-08 c:\windows\Tasks\HPCeeScheduleFormtrnka.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-07 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-07 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-07 413208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bing.com?pc=CMDTDF
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: Interfaces\{997BD4E3-3846-494B-BA86-11953D80B980}: NameServer = 192.168.1.3,192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\mtrnka\AppData\Roaming\Mozilla\Firefox\Profiles\97xz14lm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bcc ... &sap=ku&q=
FF - prefs.js: network.proxy.ftp - 192.168.1.1
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 192.168.1.1
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 192.168.1.1
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 192.168.1.1
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 192.168.1.1
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-xp-AntiSpy - c:\program files (x86)\xp-AntiSpy\Uninstall.exe
AddRemove-{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8} - c:\program files (x86)\InstallShield Installation Information\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}\setup.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\AVG\AVG10\avgam.exe
c:\program files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Common Files\Manac:\program files\SolidWorks Corp\SolidWorks\swScheduler\swBOEngine.exe
c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
c:\program files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
.
**************************************************************************
.
Celkový čas: 2012-08-15 08:18:49 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-08-15 06:18
.
Před spuštěním: Volných bajtů: 215 308 369 920
Po spuštění: Volných bajtů: 214 764 367 872
.
- - End Of File - - BB4032253F2B1C624DD21B0A5FABA514

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
File::
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files (x86)\Google\Update

Driver::
gupdate
gupdatem

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

FF - prefs.js: network.proxy.ftp - 192.168.1.1
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 192.168.1.1
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 192.168.1.1
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 192.168.1.1
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 192.168.1.1
FF - prefs.js: network.proxy.ssl_port - 3128
Ty porty sis povoloval sám??

Kde je ten log z TDSSKilleru??

[profic]

ComboFix

ComboFix 12-08-14.05 - mtrnka 15.08.2012 13:12:25.2.8 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.8151.6247 [GMT 2:00]
Spuštěný z: c:\users\mtrnka\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\mtrnka\Desktop\CFScript.txt
AV: AVG Anti-Virus 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\Google\Update\GoogleUpdate.exe"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Update
c:\program files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe
c:\program files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler64.exe
c:\program files (x86)\Google\Update\1.3.21.115\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.21.115\GoogleUpdateBroker.exe
c:\program files (x86)\Google\Update\1.3.21.115\GoogleUpdateHelper.msi
c:\program files (x86)\Google\Update\1.3.21.115\GoogleUpdateOnDemand.exe
c:\program files (x86)\Google\Update\1.3.21.115\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\1.3.21.115\goopdate.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_am.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_ar.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_bg.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_bn.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_ca.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_cs.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_da.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_de.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_el.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_en-GB.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_en.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_es-419.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_es.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_et.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_fa.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_fi.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_fil.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_fr.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_gu.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_hi.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_hr.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_hu.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_id.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_is.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_it.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_iw.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_ja.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_kn.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_ko.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_lt.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_lv.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_ml.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_mr.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_ms.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_nl.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_no.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_pl.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_pt-BR.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_pt-PT.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_ro.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_ru.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_sk.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_sl.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_sr.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_sv.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_sw.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_ta.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_te.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_th.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_tr.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_uk.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_ur.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_vi.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_zh-CN.dll
c:\program files (x86)\Google\Update\1.3.21.115\goopdateres_zh-TW.dll
c:\program files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
c:\program files (x86)\Google\Update\1.3.21.115\psmachine.dll
c:\program files (x86)\Google\Update\1.3.21.115\psuser.dll
c:\program files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.115\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\21.0.1180.79\21.0.1180.79_21.0.1180.77_chrome_updater.exe
c:\program files (x86)\Google\Update\Download\{9174BA00-599F-4A10-8625-A63F6DC7AAF4}\GoogleUpdateSetup.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-15 do 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-08-15 11:16 . 2012-08-15 11:16 -------- d-----w- c:\users\uzivatel\AppData\Local\temp
2012-08-15 11:16 . 2012-08-15 11:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-15 08:36 . 2012-08-15 08:36 -------- d-----w- c:\users\mtrnka\AppData\Local\Adobe
2012-08-15 05:58 . 2012-08-15 05:58 -------- d-----w- c:\users\mtrnka\AppData\Local\AVG Secure Search
2012-08-15 05:57 . 2012-08-15 05:57 -------- d-----w- c:\users\mtrnka\AppData\Local\ATI
2012-08-14 12:55 . 2012-08-14 12:55 -------- d-----w- c:\programdata\Nokia
2012-08-14 08:42 . 2012-08-14 08:42 388096 ----a-r- c:\users\mtrnka\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-14 08:42 . 2012-08-14 08:42 -------- d-----w- c:\program files (x86)\Trend Micro
2012-08-14 08:17 . 2012-08-14 08:17 -------- d-----w- c:\users\mtrnka\AppData\Roaming\Malwarebytes
2012-08-14 08:16 . 2012-08-14 08:16 -------- d-----w- c:\programdata\Malwarebytes
2012-08-14 08:03 . 2012-08-14 08:03 -------- d-----w- C:\inetpub
2012-08-14 07:50 . 2012-08-14 07:50 -------- d-----w- c:\users\mtrnka\AppData\Local\Supremus Corporation
2012-08-14 07:50 . 2012-08-14 07:50 -------- d-----w- c:\program files\Windows Updates Downloader
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-15_06.14.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-15 11:16 . 2012-08-15 11:16 13585 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-08-15 06:12 . 2012-08-15 06:12 13585 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2011-03-04 07:49 . 2012-08-15 08:02 56822 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-15 08:02 34664 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-04 10:46 . 2012-08-15 08:02 20098 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2015035442-512669389-2570835100-1002_UserData.bin
- 2012-08-15 06:13 . 2012-08-15 06:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-15 11:17 . 2012-08-15 11:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-15 06:13 . 2012-08-15 06:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-15 11:17 . 2012-08-15 11:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-08-15 11:16 505332 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-15 06:12 505332 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-03-04 07:23 . 2012-08-15 06:12 2742712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-03-04 07:23 . 2012-08-15 11:16 2742712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-10-11 12:59 . 2012-08-15 07:57 2545887 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2015035442-512669389-2570835100-1002-12288.dat
- 2011-10-11 12:59 . 2012-08-14 09:22 2545887 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2015035442-512669389-2570835100-1002-12288.dat
- 2009-07-14 02:34 . 2012-08-15 06:09 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-08-15 08:10 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2011-05-06 13:00 . 2012-08-14 13:01 19391760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2015035442-512669389-2570835100-1002-8192.dat
+ 2011-05-06 13:00 . 2012-08-15 11:16 19391760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2015035442-512669389-2570835100-1002-8192.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-15 05:30 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-08-15 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2010-02-11 710656]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-09 2068992]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-12-12 11265536]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-01-17 2339168]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-08-29 343168]
"Bonus.SSR.FR11"="c:\program files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" [2011-08-18 925960]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-08-15 1107552]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\mtrnka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Jádro Plánovače úloh SolidWorks.lnk - c:\program files\SolidWorks Corp\SolidWorks\swScheduler\swBOEngine.exe [2012-1-20 968264]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SolidWorks Nástroj pro stahování na pozadí.lnk - c:\program files (x86)\Common Files\Manažer instalací SolidWorks\BackgroundDownloading\sldBgDwld.exe [2012-7-2 1855080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-12-07 19:36 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2012-01-20 89160]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2009-10-21 40760]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2009-12-07 362040]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-02-21 1431888]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 OxPPort;OxPPort;c:\windows\system32\DRIVERS\OxPPort.sys [2008-07-31 98304]
R3 Remote Solver for Flow Simulation 2011;Remote Solver for Flow Simulation 2011;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2011-01-17 110344]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-04 1255736]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 26704]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2011-03-16 37456]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2011-01-07 304720]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-03-01 41552]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2011-04-04 377936]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-03-04 254528]
S1 RsvLock;RsvLock; [x]
S2 ABBYY.Licensing.FineReader.Professional.11.0;ABBYY FineReader 11 PE Licensing Service;c:\program files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [2011-08-18 819976]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-08-29 204288]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-01-12 36864]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-08-21 92216]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-02 281192]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-12-12 297984]
S2 PDMWorks Workgroup Server;SolidWorks Workgroup PDM Server;c:\program files (x86)\PDMWorks Workgroup\Vault\pdmwService.exe [2012-06-08 3308032]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-08-15 935008]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-08-29 9978880]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-08-29 309248]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-27 118864]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 29264]
S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-02-02 704512]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-20 349800]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-08-14 c:\windows\Tasks\HPCeeScheduleForHP_PRO3130_001$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-08-08 c:\windows\Tasks\HPCeeScheduleFormtrnka.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-07 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-07 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-07 413208]
"combofix"="c:\combofix\CF10579.3XE" [2009-07-14 344576]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bing.com?pc=CMDTDF
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: Interfaces\{997BD4E3-3846-494B-BA86-11953D80B980}: NameServer = 192.168.1.3,192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\mtrnka\AppData\Roaming\Mozilla\Firefox\Profiles\97xz14lm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bcc ... &sap=ku&q=
FF - prefs.js: network.proxy.ftp - 192.168.1.1
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 192.168.1.1
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 192.168.1.1
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 192.168.1.1
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 192.168.1.1
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\AVG\AVG10\avgam.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Common Files\Manac:\program files\SolidWorks Corp\SolidWorks\swScheduler\swBOEngine.exe
c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
.
**************************************************************************
.
Celkový čas: 2012-08-15 13:21:30 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-08-15 11:21
ComboFix2.txt 2012-08-15 06:18
.
Před spuštěním: Volných bajtů: 214 524 526 592
Po spuštění: Volných bajtů: 213 993 652 224
.
- - End Of File - - EDE59D22E9494942B25230B54874B585

HiJackThis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:23:53, on 15.8.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Common Files\Manažer instalací SolidWorks\BackgroundDownloading\sldBgDwld.exe
C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\swBOEngine.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMDTDF
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
O4 - HKLM\..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
O4 - HKLM\..\Run: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Bonus.SSR.FR11] "C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - Startup: Jádro Plánovače úloh SolidWorks.lnk = C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\swBOEngine.exe
O4 - Global Startup: SolidWorks Nástroj pro stahování na pozadí.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{997BD4E3-3846-494B-BA86-11953D80B980}: NameServer = 192.168.1.3,192.168.1.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: ABBYY FineReader 11 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.11.0) - ABBYY - C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systemes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
O23 - Service: DEBridge - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\Windows\SysWOW64\flcdlock.exe
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SolidWorks Workgroup PDM Server (PDMWorks Workgroup Server) - Dassault Systemes SolidWorks Corp. - C:\Program Files (x86)\PDMWorks Workgroup\Vault\pdmwService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Remote Solver for Flow Simulation 2011 - Mentor Graphics Corporation - C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13408 bytes

aswMBR
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-15 13:29:28
-----------------------------
13:29:28.856 OS Version: Windows x64 6.1.7600
13:29:28.856 Number of processors: 8 586 0x1E05
13:29:28.856 ComputerName: HP_PRO3130_001 UserName: mtrnka
13:29:29.432 Initialize success
13:29:52.945 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:29:52.945 Disk 0 Vendor: SAMSUNG_ 1AR1 Size: 305245MB BusType: 3
13:29:52.961 Disk 0 MBR read successfully
13:29:52.961 Disk 0 MBR scan
13:29:52.961 Disk 0 unknown MBR code
13:29:52.977 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:29:52.977 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 293306 MB offset 206848
13:29:53.008 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11837 MB offset 600897536
13:29:53.039 Disk 0 scanning C:\Windows\system32\drivers
13:29:57.859 Service scanning
13:30:05.909 Service SafeBoot C:\Windows\System32\Drivers\SafeBoot.sys **LOCKED** 32
13:30:09.793 Modules scanning
13:30:09.793 Disk 0 trace - called modules:
13:30:09.825 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
13:30:09.825 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007bc8060]
13:30:09.840 3 CLASSPNP.SYS[fffff88001b4343f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007814050]
13:30:09.856 Scan finished successfully
13:30:19.294 Disk 0 MBR has been saved successfully to "C:\Users\mtrnka\Desktop\MBR.dat"
13:30:19.294 The log file has been saved successfully to "C:\Users\mtrnka\Desktop\aswMBR.txt"

Porty
Pouze jsem nastavil proxy pro přístup na internet (192.168.1.1:3128) v prohlížečích. Momentálně ale přistupuju na internet přímo bez proxy.

[profic]

TDSSKiller rozdělený do dvou příspěvků

07:55:50.0278 3968 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
07:55:50.0622 3968 ============================================================
07:55:50.0622 3968 Current date / time: 2012/08/15 07:55:50.0622
07:55:50.0622 3968 SystemInfo:
07:55:50.0622 3968
07:55:50.0622 3968 OS Version: 6.1.7600 ServicePack: 0.0
07:55:50.0622 3968 Product type: Workstation
07:55:50.0622 3968 ComputerName: HP_PRO3130_001
07:55:50.0622 3968 UserName: mtrnka
07:55:50.0622 3968 Windows directory: C:\Windows
07:55:50.0622 3968 System windows directory: C:\Windows
07:55:50.0622 3968 Running under WOW64
07:55:50.0622 3968 Processor architecture: Intel x64
07:55:50.0622 3968 Number of processors: 8
07:55:50.0622 3968 Page size: 0x1000
07:55:50.0622 3968 Boot type: Normal boot
07:55:50.0622 3968 ============================================================
07:55:50.0934 3968 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:55:50.0965 3968 ============================================================
07:55:50.0965 3968 \Device\Harddisk0\DR0:
07:55:50.0965 3968 MBR partitions:
07:55:50.0965 3968 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
07:55:50.0965 3968 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x23CDD000
07:55:50.0965 3968 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23D0F800, BlocksNum 0x171E800
07:55:50.0965 3968 ============================================================
07:55:50.0980 3968 C: <-> \Device\Harddisk0\DR0\Partition2
07:55:51.0027 3968 D: <-> \Device\Harddisk0\DR0\Partition3
07:55:51.0027 3968 ============================================================
07:55:51.0027 3968 Initialize success
07:55:51.0027 3968 ============================================================
07:55:53.0710 5172 ============================================================
07:55:53.0710 5172 Scan started
07:55:53.0710 5172 Mode: Manual;
07:55:53.0710 5172 ============================================================
07:55:53.0991 5172 ================ Scan services =============================
07:55:54.0132 5172 [ 1b00662092f9f9568b995902f0cc40d5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
07:55:54.0132 5172 1394ohci - ok
07:55:54.0272 5172 [ 656f06850d02baed19f0e2e72b047ce2 ] ABBYY.Licensing.FineReader.Professional.11.0 C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
07:55:54.0288 5172 ABBYY.Licensing.FineReader.Professional.11.0 - ok
07:55:54.0303 5172 [ 6f11e88748cdefd2f76aa215f97ddfe5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
07:55:54.0303 5172 ACPI - ok
07:55:54.0334 5172 [ 63b05a0420ce4bf0e4af6dcc7cada254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
07:55:54.0334 5172 AcpiPmi - ok
07:55:54.0381 5172 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
07:55:54.0397 5172 adp94xx - ok
07:55:54.0428 5172 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
07:55:54.0428 5172 adpahci - ok
07:55:54.0444 5172 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
07:55:54.0444 5172 adpu320 - ok
07:55:54.0475 5172 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
07:55:54.0475 5172 AeLookupSvc - ok
07:55:54.0537 5172 [ db9d6c6b2cd95a9ca414d045b627422e ] AFD C:\Windows\system32\drivers\afd.sys
07:55:54.0553 5172 AFD - ok
07:55:54.0568 5172 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
07:55:54.0584 5172 agp440 - ok
07:55:54.0600 5172 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
07:55:54.0600 5172 ALG - ok
07:55:54.0631 5172 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
07:55:54.0631 5172 aliide - ok
07:55:54.0693 5172 [ f3dea783500dda66eb18c339f3f8d91e ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
07:55:54.0693 5172 AMD External Events Utility - ok
07:55:54.0724 5172 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\DRIVERS\amdide.sys
07:55:54.0724 5172 amdide - ok
07:55:54.0724 5172 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
07:55:54.0724 5172 AmdK8 - ok
07:55:54.0912 5172 [ f01b30d0ca3ffc553e11f52e11ce0066 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
07:55:55.0005 5172 amdkmdag - ok
07:55:55.0068 5172 [ 3c7788972746b1273c678078780ad27f ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
07:55:55.0068 5172 amdkmdap - ok
07:55:55.0083 5172 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
07:55:55.0099 5172 AmdPPM - ok
07:55:55.0115 5172 [ ec7ebab00a4d8448bab68d1e49b4beb9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
07:55:55.0130 5172 amdsata - ok
07:55:55.0130 5172 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
07:55:55.0146 5172 amdsbs - ok
07:55:55.0146 5172 [ db27766102c7bf7e95140a2aa81d042e ] amdxata C:\Windows\system32\drivers\amdxata.sys
07:55:55.0161 5172 amdxata - ok
07:55:55.0224 5172 [ 03fbb7c5ea4ef153f10282614b9771cb ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
07:55:55.0224 5172 AppHostSvc - ok
07:55:55.0239 5172 [ 42fd751b27fa0e9c69bb39f39e409594 ] AppID C:\Windows\system32\drivers\appid.sys
07:55:55.0239 5172 AppID - ok
07:55:55.0271 5172 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
07:55:55.0271 5172 AppIDSvc - ok
07:55:55.0286 5172 [ d065be66822847b7f127d1f90158376e ] Appinfo C:\Windows\System32\appinfo.dll
07:55:55.0286 5172 Appinfo - ok
07:55:55.0317 5172 [ 4aba3e75a76195a3e38ed2766c962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
07:55:55.0317 5172 AppMgmt - ok
07:55:55.0317 5172 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\DRIVERS\arc.sys
07:55:55.0317 5172 arc - ok
07:55:55.0349 5172 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
07:55:55.0349 5172 arcsas - ok
07:55:55.0442 5172 [ 9217d874131ae6ff8f642f124f00a555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
07:55:55.0442 5172 aspnet_state - ok
07:55:55.0473 5172 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
07:55:55.0473 5172 AsyncMac - ok
07:55:55.0489 5172 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\DRIVERS\atapi.sys
07:55:55.0489 5172 atapi - ok
07:55:55.0536 5172 [ e02b26650acc2f4901342d4a66774ad7 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
07:55:55.0551 5172 AtiHDAudioService - ok
07:55:55.0583 5172 [ 07721a77180edd4d39ccb865bf63c7fd ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:55:55.0583 5172 AudioEndpointBuilder - ok
07:55:55.0598 5172 [ 07721a77180edd4d39ccb865bf63c7fd ] AudioSrv C:\Windows\System32\Audiosrv.dll
07:55:55.0614 5172 AudioSrv - ok
07:55:55.0739 5172 [ d45b7995761253a92ab071d576114f28 ] AVG Security Toolbar Service C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
07:55:55.0739 5172 AVG Security Toolbar Service - ok
07:55:55.0848 5172 [ 7a0f6a3e0e41425b9ba54616b482668a ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
07:55:55.0910 5172 AVGIDSAgent - ok
07:55:55.0926 5172 [ e6671e90d38c88764412e07c9d9b3d63 ] AVGIDSDriver C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
07:55:55.0926 5172 AVGIDSDriver - ok
07:55:55.0957 5172 [ 1553b388e0f0462c25ad8f30c3c29e83 ] AVGIDSEH C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
07:55:55.0957 5172 AVGIDSEH - ok
07:55:55.0973 5172 [ dca426a66739e75f51a72160dfb945ad ] AVGIDSFilter C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
07:55:55.0988 5172 AVGIDSFilter - ok
07:55:55.0988 5172 [ ff7383388a7d2283dae5831abc2b0720 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
07:55:56.0004 5172 Avgldx64 - ok
07:55:56.0004 5172 [ 997d002827d3e3dcbbb25bf46db161ab ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
07:55:56.0004 5172 Avgmfx64 - ok
07:55:56.0051 5172 [ bccfe3374c887075cde2ac8fdb1cb2f8 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
07:55:56.0051 5172 Avgrkx64 - ok
07:55:56.0066 5172 [ 0d49adcebe243b79366ea523b647519a ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
07:55:56.0082 5172 Avgtdia - ok
07:55:56.0097 5172 [ fc2bc51120a945f7c70376495e4e7737 ] avgwd C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
07:55:56.0113 5172 avgwd - ok
07:55:56.0129 5172 [ b20b5fa5ca050e9926e4d1db81501b32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
07:55:56.0129 5172 AxInstSV - ok
07:55:56.0160 5172 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
07:55:56.0160 5172 b06bdrv - ok
07:55:56.0207 5172 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
07:55:56.0207 5172 b57nd60a - ok
07:55:56.0222 5172 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
07:55:56.0238 5172 BDESVC - ok
07:55:56.0238 5172 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
07:55:56.0238 5172 Beep - ok
07:55:56.0269 5172 [ 4992c609a6315671463e30f6512bc022 ] BFE C:\Windows\System32\bfe.dll
07:55:56.0285 5172 BFE - ok
07:55:56.0316 5172 [ 7f0c323fe3da28aa4aa1bda3f575707f ] BITS C:\Windows\System32\qmgr.dll
07:55:56.0316 5172 BITS - ok
07:55:56.0347 5172 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
07:55:56.0347 5172 blbdrive - ok
07:55:56.0378 5172 [ 19d20159708e152267e53b66677a4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
07:55:56.0378 5172 bowser - ok
07:55:56.0394 5172 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:55:56.0394 5172 BrFiltLo - ok
07:55:56.0394 5172 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:55:56.0394 5172 BrFiltUp - ok
07:55:56.0409 5172 [ 94fbc06f294d58d02361918418f996e3 ] Browser C:\Windows\System32\browser.dll
07:55:56.0409 5172 Browser - ok
07:55:56.0425 5172 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
07:55:56.0441 5172 Brserid - ok
07:55:56.0441 5172 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
07:55:56.0441 5172 BrSerWdm - ok
07:55:56.0441 5172 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
07:55:56.0441 5172 BrUsbMdm - ok
07:55:56.0456 5172 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
07:55:56.0456 5172 BrUsbSer - ok
07:55:56.0472 5172 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
07:55:56.0472 5172 BTHMODEM - ok
07:55:56.0503 5172 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
07:55:56.0503 5172 bthserv - ok
07:55:56.0519 5172 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
07:55:56.0519 5172 cdfs - ok
07:55:56.0550 5172 [ 83d2d75e1efb81b3450c18131443f7db ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
07:55:56.0565 5172 cdrom - ok
07:55:56.0565 5172 [ 312e2f82af11e79906898ac3e3d58a1f ] CertPropSvc C:\Windows\System32\certprop.dll
07:55:56.0565 5172 CertPropSvc - ok
07:55:56.0597 5172 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\DRIVERS\circlass.sys
07:55:56.0597 5172 circlass - ok
07:55:56.0628 5172 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys
07:55:56.0628 5172 CLFS - ok
07:55:56.0690 5172 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:55:56.0690 5172 clr_optimization_v2.0.50727_32 - ok
07:55:56.0737 5172 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:55:56.0737 5172 clr_optimization_v2.0.50727_64 - ok
07:55:56.0784 5172 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:55:56.0784 5172 clr_optimization_v4.0.30319_32 - ok
07:55:56.0799 5172 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:55:56.0799 5172 clr_optimization_v4.0.30319_64 - ok
07:55:56.0815 5172 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
07:55:56.0815 5172 CmBatt - ok
07:55:56.0831 5172 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
07:55:56.0831 5172 cmdide - ok
07:55:56.0877 5172 [ 937beb186a735aca91d717044a49d17e ] CNG C:\Windows\system32\Drivers\cng.sys
07:55:56.0893 5172 CNG - ok
07:55:56.0924 5172 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
07:55:56.0924 5172 Compbatt - ok
07:55:56.0940 5172 [ f26b3a86f6fa87ca360b879581ab4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
07:55:56.0955 5172 CompositeBus - ok
07:55:56.0955 5172 COMSysApp - ok
07:55:57.0127 5172 [ 4fc12a217dda92c303b13a9c539d2b2e ] CoordinatorServiceHost C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
07:55:57.0127 5172 CoordinatorServiceHost - ok
07:55:57.0143 5172 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
07:55:57.0143 5172 crcdisk - ok
07:55:57.0189 5172 [ 8c57411b66282c01533cb776f98ad384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
07:55:57.0189 5172 CryptSvc - ok
07:55:57.0221 5172 [ 4a6173c2279b498cd8f57cae504564cb ] CSC C:\Windows\system32\drivers\csc.sys
07:55:57.0236 5172 CSC - ok
07:55:57.0252 5172 [ 873fbf927c06e5cee04dec617502f8fd ] CscService C:\Windows\System32\cscsvc.dll
07:55:57.0267 5172 CscService - ok
07:55:57.0330 5172 [ 72794d112cbaff3bc0c29bf7350d4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
07:55:57.0330 5172 cvhsvc - ok
07:55:57.0377 5172 [ a8ba4da23ac20bda23ca15234d42a3fa ] DAMDrv C:\Windows\system32\DRIVERS\DAMDrv64.sys
07:55:57.0377 5172 DAMDrv - ok
07:55:57.0423 5172 [ 7266972e86890e2b30c0c322e906b027 ] DcomLaunch C:\Windows\system32\rpcss.dll
07:55:57.0423 5172 DcomLaunch - ok
07:55:57.0501 5172 [ e6e9610d76418357a7ec725989687cb4 ] DEBridge c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
07:55:57.0501 5172 DEBridge - ok
07:55:57.0533 5172 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
07:55:57.0533 5172 defragsvc - ok
07:55:57.0579 5172 [ 9c253ce7311ca60fc11c774692a13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
07:55:57.0595 5172 DfsC - ok
07:55:57.0611 5172 [ ce3b9562d997f69b330d181a8875960f ] Dhcp C:\Windows\system32\dhcpcore.dll
07:55:57.0626 5172 Dhcp - ok
07:55:57.0642 5172 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
07:55:57.0642 5172 discache - ok
07:55:57.0673 5172 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\DRIVERS\disk.sys
07:55:57.0673 5172 Disk - ok
07:55:57.0704 5172 [ 85cf424c74a1d5ec33533e1dbff9920a ] Dnscache C:\Windows\System32\dnsrslvr.dll
07:55:57.0704 5172 Dnscache - ok
07:55:57.0720 5172 [ 14452acdb09b70964c8c21bf80a13acb ] dot3svc C:\Windows\System32\dot3svc.dll
07:55:57.0720 5172 dot3svc - ok
07:55:57.0767 5172 [ 413d757fb6b447b892f2299ac42b7838 ] DpHost c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
07:55:57.0782 5172 DpHost - ok
07:55:57.0813 5172 [ 8c2ba6bea949ee6e68385f5692bafb94 ] DPS C:\Windows\system32\dps.dll
07:55:57.0813 5172 DPS - ok
07:55:57.0829 5172 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
07:55:57.0845 5172 drmkaud - ok
07:55:57.0876 5172 [ fb9bef3401ee5ecc2603311b9c64f44a ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
07:55:57.0876 5172 dtsoftbus01 - ok
07:55:57.0907 5172 [ 1633b9abf52784a1331476397a48cbef ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
07:55:57.0923 5172 DXGKrnl - ok
07:55:57.0938 5172 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
07:55:57.0938 5172 EapHost - ok
07:55:58.0016 5172 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
07:55:58.0047 5172 ebdrv - ok
07:55:58.0079 5172 [ 156f6159457d0aa7e59b62681b56eb90 ] EFS C:\Windows\System32\lsass.exe
07:55:58.0094 5172 EFS - ok
07:55:58.0141 5172 [ 47c071994c3f649f23d9cd075ac9304a ] ehRecvr C:\Windows\ehome\ehRecvr.exe
07:55:58.0157 5172 ehRecvr - ok
07:55:58.0172 5172 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
07:55:58.0172 5172 ehSched - ok
07:55:58.0203 5172 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
07:55:58.0203 5172 elxstor - ok
07:55:58.0219 5172 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
07:55:58.0219 5172 ErrDev - ok
07:55:58.0266 5172 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
07:55:58.0266 5172 EventSystem - ok
07:55:58.0313 5172 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
07:55:58.0313 5172 exfat - ok
07:55:58.0328 5172 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
07:55:58.0344 5172 fastfat - ok
07:55:58.0375 5172 [ d607b2f1bee3992aa6c2c92c0a2f0855 ] Fax C:\Windows\system32\fxssvc.exe
07:55:58.0391 5172 Fax - ok
07:55:58.0406 5172 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\DRIVERS\fdc.sys
07:55:58.0422 5172 fdc - ok
07:55:58.0437 5172 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
07:55:58.0437 5172 fdPHost - ok
07:55:58.0469 5172 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
07:55:58.0469 5172 FDResPub - ok
07:55:58.0515 5172 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
07:55:58.0515 5172 FileInfo - ok
07:55:58.0547 5172 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
07:55:58.0547 5172 Filetrace - ok
07:55:58.0609 5172 [ 614b050875190ffe7abbaf0cbb4fbbba ] FLCDLOCK c:\Windows\SysWOW64\flcdlock.exe
07:55:58.0625 5172 FLCDLOCK - ok
07:55:58.0656 5172 [ 73081cf28f0ae20a52ca4f67cee6e6b0 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
07:55:58.0656 5172 FLEXnet Licensing Service - ok
07:55:58.0734 5172 [ 5cee6cd43ae5844c49300ea0b1e557ee ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
07:55:58.0765 5172 FLEXnet Licensing Service 64 - ok
07:55:58.0796 5172 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
07:55:58.0796 5172 flpydisk - ok
07:55:58.0827 5172 [ f7866af72abbaf84b1fa5aa195378c59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
07:55:58.0827 5172 FltMgr - ok
07:55:58.0874 5172 [ cb5e4b9c319e3c6bb363eb7e58a4a051 ] FontCache C:\Windows\system32\FntCache.dll
07:55:58.0890 5172 FontCache - ok
07:55:58.0952 5172 [ 8d89e3131c27fdd6932189cb785e1b7a ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:55:58.0952 5172 FontCache3.0.0.0 - ok
07:55:58.0968 5172 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
07:55:58.0968 5172 FsDepends - ok
07:55:58.0999 5172 [ e95ef8547de20cf0603557c0cf7a9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
07:55:58.0999 5172 Fs_Rec - ok
07:55:59.0061 5172 [ ae87ba80d0ec3b57126ed2cdc15b24ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
07:55:59.0061 5172 fvevol - ok
07:55:59.0093 5172 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
07:55:59.0093 5172 gagp30kx - ok
07:55:59.0139 5172 [ d154305de6090e6e84e525f84bb08a06 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
07:55:59.0139 5172 GameConsoleService - ok
07:55:59.0171 5172 [ fe5ab4525bc2ec68b9119a6e5d40128b ] gpsvc C:\Windows\System32\gpsvc.dll
07:55:59.0186 5172 gpsvc - ok
07:55:59.0233 5172 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:55:59.0233 5172 gupdate - ok
07:55:59.0249 5172 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:55:59.0264 5172 gupdatem - ok
07:55:59.0280 5172 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
07:55:59.0280 5172 hcw85cir - ok
07:55:59.0311 5172 [ 6410f6f415b2a5a9037224c41da8bf12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:55:59.0311 5172 HdAudAddService - ok
07:55:59.0342 5172 [ 0a49913402747a0b67de940fb42cbdbb ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
07:55:59.0342 5172 HDAudBus - ok
07:55:59.0373 5172 [ b6ac71aaa2b10848f57fc49d55a651af ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
07:55:59.0389 5172 HECIx64 - ok
07:55:59.0405 5172 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
07:55:59.0405 5172 HidBatt - ok
07:55:59.0405 5172 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
07:55:59.0420 5172 HidBth - ok
07:55:59.0451 5172 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
07:55:59.0451 5172 HidIr - ok
07:55:59.0467 5172 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\system32\hidserv.dll
07:55:59.0467 5172 hidserv - ok
07:55:59.0498 5172 [ b3bf6b5b50006def50b66306d99fcf6f ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
07:55:59.0498 5172 HidUsb - ok
07:55:59.0529 5172 [ efa58ede58dd74388ffd04cb32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
07:55:59.0529 5172 hkmsvc - ok
07:55:59.0545 5172 [ 046b2673767ca626e2cfb7fdf735e9e8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
07:55:59.0561 5172 HomeGroupListener - ok
07:55:59.0576 5172 [ 06a7422224d9865a5613710a089987df ] HomeGroupProvider C:\Windows\system32\provsvc.dll
07:55:59.0576 5172 HomeGroupProvider - ok
07:55:59.0654 5172 [ 37965381364b2e106e1dd7d74cdcaa43 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
07:55:59.0654 5172 HP Health Check Service - ok
07:55:59.0717 5172 [ 2666cfc4a063d75fe3d87bc334d7ecf5 ] HP ProtectTools Service c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
07:55:59.0717 5172 HP ProtectTools Service - ok
07:55:59.0748 5172 [ a48a151d3fa7cb032a51453f087221c7 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
07:55:59.0748 5172 HPDrvMntSvc.exe - ok
07:55:59.0779 5172 [ 5afb3f9b74553bd933555e1c800d2ce1 ] HpFkCryptService c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
07:55:59.0779 5172 HpFkCryptService - ok
07:55:59.0826 5172 [ c9d858e20ae696e7a0d9a05b595f850a ] HPFSService c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
07:55:59.0826 5172 HPFSService - ok
07:55:59.0857 5172 [ 71bd8a611e0677175d3938c9cea7339a ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
07:55:59.0873 5172 hpqwmiex - ok
07:55:59.0919 5172 [ 0886d440058f203eba0e1825e4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
07:55:59.0919 5172 HpSAMD - ok
07:55:59.0951 5172 [ cee049cac4efa7f4e1e4ad014414a5d4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
07:55:59.0966 5172 HTTP - ok
07:55:59.0966 5172 [ f17766a19145f111856378df337a5d79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
07:55:59.0966 5172 hwpolicy - ok
07:55:59.0997 5172 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
07:56:00.0013 5172 i8042prt - ok
07:56:00.0029 5172 [ abbf174cb394f5c437410a788b7e404a ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
07:56:00.0044 5172 iaStor - ok
07:56:00.0075 5172 [ b75e45c564e944a2657167d197ab29da ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
07:56:00.0075 5172 iaStorV - ok
07:56:00.0122 5172 [ 2f2be70d3e02b6fa877921ab9516d43c ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:56:00.0138 5172 idsvc - ok
07:56:00.0294 5172 [ 2a22ab054f4630d2ef4bab2853f6d5f6 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
07:56:00.0372 5172 igfx - ok
07:56:00.0403 5172 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
07:56:00.0403 5172 iirsp - ok
07:56:00.0434 5172 [ c5b4683680df085b57bc53e5ef34861f ] IKEEXT C:\Windows\System32\ikeext.dll
07:56:00.0434 5172 IKEEXT - ok
07:56:00.0465 5172 [ dd587a55390ed2295bce6d36ad567da9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
07:56:00.0465 5172 Impcd - ok
07:56:00.0528 5172 [ 3c4b4ee54febb09f7e9f58776de96dca ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
07:56:00.0559 5172 IntcAzAudAddService - ok
07:56:00.0559 5172 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\DRIVERS\intelide.sys
07:56:00.0559 5172 intelide - ok
07:56:00.0590 5172 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
07:56:00.0590 5172 intelppm - ok
07:56:00.0590 5172 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
07:56:00.0606 5172 IPBusEnum - ok
07:56:00.0606 5172 [ 722dd294df62483cecaae6e094b4d695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:56:00.0606 5172 IpFilterDriver - ok
07:56:00.0637 5172 [ f8e058d17363ec580e4b7232778b6cb5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
07:56:00.0653 5172 iphlpsvc - ok
07:56:00.0668 5172 [ e2b4a4494db7cb9b89b55ca268c337c5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
07:56:00.0668 5172 IPMIDRV - ok
07:56:00.0684 5172 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
07:56:00.0684 5172 IPNAT - ok
07:56:00.0715 5172 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
07:56:00.0715 5172 IRENUM - ok
07:56:00.0715 5172 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
07:56:00.0715 5172 isapnp - ok
07:56:00.0746 5172 [ fa4d2557de56d45b0a346f93564be6e1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
07:56:00.0746 5172 iScsiPrt - ok
07:56:00.0777 5172 [ 213822072085b5bbad9af30ab577d817 ] IviRegMgr C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
07:56:00.0793 5172 IviRegMgr - ok
07:56:00.0809 5172 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
07:56:00.0809 5172 kbdclass - ok
07:56:00.0809 5172 [ 6def98f8541e1b5dceb2c822a11f7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
07:56:00.0809 5172 kbdhid - ok
07:56:00.0840 5172 [ 156f6159457d0aa7e59b62681b56eb90 ] KeyIso C:\Windows\system32\lsass.exe
07:56:00.0840 5172 KeyIso - ok
07:56:00.0871 5172 [ 16c1b906fc5ead84769f90b736b6bf0e ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
07:56:00.0871 5172 KSecDD - ok
07:56:00.0887 5172 [ 0b711550c56444879d71c7daabda6c83 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
07:56:00.0887 5172 KSecPkg - ok
07:56:00.0918 5172 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
07:56:00.0918 5172 ksthunk - ok
07:56:00.0949 5172 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
07:56:00.0965 5172 KtmRm - ok
07:56:00.0996 5172 [ 81f1d04d4d0e433099365127375fd501 ] LanmanServer C:\Windows\system32\srvsvc.dll
07:56:01.0011 5172 LanmanServer - ok
07:56:01.0027 5172 [ 27026eac8818e8a6c00a1cad2f11d29a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:56:01.0043 5172 LanmanWorkstation - ok
07:56:01.0074 5172 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
07:56:01.0074 5172 lltdio - ok
07:56:01.0105 5172 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
07:56:01.0105 5172 lltdsvc - ok
07:56:01.0136 5172 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
07:56:01.0136 5172 lmhosts - ok
07:56:01.0199 5172 [ e38775922d4a4c05b5d96733ab4ce169 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
07:56:01.0199 5172 LMS - ok
07:56:01.0230 5172 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
07:56:01.0230 5172 LSI_FC - ok
07:56:01.0230 5172 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
07:56:01.0230 5172 LSI_SAS - ok
07:56:01.0245 5172 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:56:01.0245 5172 LSI_SAS2 - ok
07:56:01.0261 5172 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:56:01.0261 5172 LSI_SCSI - ok
07:56:01.0277 5172 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
07:56:01.0277 5172 luafv - ok
07:56:01.0323 5172 [ f84c8f1000bc11e3b7b23cbd3baff111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
07:56:01.0339 5172 Mcx2Svc - ok
07:56:01.0339 5172 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
07:56:01.0339 5172 megasas - ok
07:56:01.0370 5172 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
07:56:01.0370 5172 MegaSR - ok
07:56:01.0401 5172 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
07:56:01.0401 5172 MMCSS - ok
07:56:01.0417 5172 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
07:56:01.0417 5172 Modem - ok
07:56:01.0448 5172 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
07:56:01.0448 5172 monitor - ok
07:56:01.0464 5172 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
07:56:01.0479 5172 mouclass - ok
07:56:01.0511 5172 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
07:56:01.0511 5172 mouhid - ok
07:56:01.0542 5172 [ 791af66c4d0e7c90a3646066386fb571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
07:56:01.0542 5172 mountmgr - ok
07:56:01.0557 5172 [ 609d1d87649ecc19796f4d76d4c15cea ] mpio C:\Windows\system32\DRIVERS\mpio.sys
07:56:01.0573 5172 mpio - ok
07:56:01.0589 5172 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
07:56:01.0589 5172 mpsdrv - ok
07:56:01.0604 5172 [ aecab449567d1846dad63ece49e893e3 ] MpsSvc C:\Windows\system32\mpssvc.dll
07:56:01.0620 5172 MpsSvc - ok
07:56:01.0635 5172 [ 30524261bb51d96d6fcbac20c810183c ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
07:56:01.0635 5172 MRxDAV - ok
07:56:01.0667 5172 [ 040d62a9d8ad28922632137acdd984f2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
07:56:01.0682 5172 mrxsmb - ok
07:56:01.0698 5172 [ f0067552f8f9b33d7c59403ab808a3cb ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:56:01.0698 5172 mrxsmb10 - ok
07:56:01.0713 5172 [ 3c142d31de9f2f193218a53fe2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:56:01.0729 5172 mrxsmb20 - ok
07:56:01.0745 5172 [ 2ba4ff3d5eb68587dd662a896f649c7d ] msahci C:\Windows\system32\DRIVERS\msahci.sys
07:56:01.0760 5172 msahci - ok
07:56:01.0791 5172 [ 8d27b597229aed79430fb9db3bcbfbd0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
07:56:01.0791 5172 msdsm - ok
07:56:01.0807 5172 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
07:56:01.0807 5172 MSDTC - ok
07:56:01.0823 5172 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
07:56:01.0823 5172 Msfs - ok
07:56:01.0854 5172 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
07:56:01.0854 5172 mshidkmdf - ok
07:56:01.0869 5172 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
07:56:01.0869 5172 msisadrv - ok
07:56:01.0916 5172 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
07:56:01.0916 5172 MSiSCSI - ok
07:56:01.0916 5172 msiserver - ok
07:56:01.0947 5172 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
07:56:01.0947 5172 MSKSSRV - ok
07:56:01.0963 5172 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
07:56:01.0963 5172 MSPCLOCK - ok
07:56:01.0979 5172 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
07:56:01.0979 5172 MSPQM - ok
07:56:02.0010 5172 [ 89cb141aa8616d8c6a4610fa26c60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
07:56:02.0010 5172 MsRPC - ok
07:56:02.0025 5172 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
07:56:02.0025 5172 mssmbios - ok
07:56:02.0041 5172 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
07:56:02.0041 5172 MSTEE - ok
07:56:02.0057 5172 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
07:56:02.0057 5172 MTConfig - ok
07:56:02.0088 5172 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
07:56:02.0088 5172 Mup - ok
07:56:02.0119 5172 [ 4987e079a4530fa737a128be54b63b12 ] napagent C:\Windows\system32\qagentRT.dll
07:56:02.0119 5172 napagent - ok
07:56:02.0135 5172 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
07:56:02.0150 5172 NativeWifiP - ok
07:56:02.0181 5172 [ cad515dbd07d082bb317d9928ce8962c ] NDIS C:\Windows\system32\drivers\ndis.sys
07:56:02.0197 5172 NDIS - ok
07:56:02.0213 5172 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
07:56:02.0213 5172 NdisCap - ok
07:56:02.0244 5172 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
07:56:02.0244 5172 NdisTapi - ok
07:56:02.0259 5172 [ f105ba1e22bf1f2ee8f005d4305e4bec ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
07:56:02.0259 5172 Ndisuio - ok
07:56:02.0291 5172 [ 557dfab9ca1fcb036ac77564c010dad3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
07:56:02.0291 5172 NdisWan - ok
07:56:02.0306 5172 [ 659b74fb74b86228d6338d643cd3e3cf ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
07:56:02.0306 5172 NDProxy - ok
07:56:02.0353 5172 [ 2334dc48997ba203b794df3ee70521db ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
07:56:02.0369 5172 Net Driver HPZ12 - ok
07:56:02.0384 5172 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
07:56:02.0384 5172 NetBIOS - ok
07:56:02.0400 5172 [ 9162b273a44ab9dce5b44362731d062a ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
07:56:02.0400 5172 NetBT - ok
07:56:02.0431 5172 [ 156f6159457d0aa7e59b62681b56eb90 ] Netlogon C:\Windows\system32\lsass.exe
07:56:02.0431 5172 Netlogon - ok
07:56:02.0462 5172 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
07:56:02.0462 5172 Netman - ok
07:56:02.0525 5172 [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:56:02.0525 5172 NetMsmqActivator - ok
07:56:02.0540 5172 [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:56:02.0540 5172 NetPipeActivator - ok
07:56:02.0556 5172 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
07:56:02.0571 5172 netprofm - ok
07:56:02.0571 5172 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:56:02.0571 5172 NetTcpActivator - ok
07:56:02.0571 5172 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:56:02.0587 5172 NetTcpPortSharing - ok
07:56:02.0603 5172 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
07:56:02.0603 5172 nfrd960 - ok
07:56:02.0634 5172 [ d9a0ce66046d6efa0c61baa885cba0a8 ] NlaSvc C:\Windows\System32\nlasvc.dll
07:56:02.0634 5172 NlaSvc - ok
07:56:02.0649 5172 [ 903681bab213d5f84717c0fc42afb28a ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys
07:56:02.0649 5172 nmwcd - ok
07:56:02.0681 5172 [ ec4c5ebd003e0395bf4ea5a2efd13ce6 ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys
07:56:02.0696 5172 nmwcdc - ok
07:56:02.0712 5172 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
07:56:02.0712 5172 Npfs - ok
07:56:02.0743 5172 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
07:56:02.0743 5172 nsi - ok
07:56:02.0759 5172 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
07:56:02.0759 5172 nsiproxy - ok
07:56:02.0821 5172 [ 378e0e0dfea67d98ae6ea53adbbd76bc ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
07:56:02.0837 5172 Ntfs - ok
07:56:02.0852 5172 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
07:56:02.0868 5172 Null - ok
07:56:02.0883 5172 [ a4d9c9a608a97f59307c2f2600edc6a4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
07:56:02.0883 5172 nvraid - ok
07:56:02.0915 5172 [ 6c1d5f70e7a6a3fd1c90d840edc048b9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
07:56:02.0915 5172 nvstor - ok
07:56:02.0946 5172 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
07:56:02.0946 5172 nv_agp - ok
07:56:03.0008 5172 [ 1f0e05dff4f5a833168e49be1256f002 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:56:03.0024 5172 odserv - ok
07:56:03.0039 5172 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
07:56:03.0055 5172 ohci1394 - ok
07:56:03.0086 5172 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:56:03.0086 5172 ose - ok
07:56:03.0211 5172 [ 61bffb5f57ad12f83ab64b7181829b34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

[profic]

TDSSKliier - pokračování

07:56:03.0242 5172 osppsvc - ok
07:56:03.0273 5172 [ dc3fa0b732b5ef07c0cde1682f6d0824 ] OxPPort C:\Windows\system32\DRIVERS\OxPPort.sys
07:56:03.0273 5172 OxPPort - ok
07:56:03.0305 5172 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
07:56:03.0305 5172 p2pimsvc - ok
07:56:03.0336 5172 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
07:56:03.0351 5172 p2psvc - ok
07:56:03.0383 5172 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
07:56:03.0383 5172 Parport - ok
07:56:03.0414 5172 [ 7daa117143316c4a1537e074a5a9eaf0 ] partmgr C:\Windows\system32\drivers\partmgr.sys
07:56:03.0414 5172 partmgr - ok
07:56:03.0445 5172 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
07:56:03.0445 5172 PcaSvc - ok
07:56:03.0476 5172 [ bc0018c2d29f655188a0ed3fa94fdb24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
07:56:03.0476 5172 pccsmcfd - ok
07:56:03.0507 5172 [ f36f6504009f2fb0dfd1b17a116ad74b ] pci C:\Windows\system32\DRIVERS\pci.sys
07:56:03.0507 5172 pci - ok
07:56:03.0539 5172 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\DRIVERS\pciide.sys
07:56:03.0539 5172 pciide - ok
07:56:03.0554 5172 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
07:56:03.0570 5172 pcmcia - ok
07:56:03.0585 5172 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
07:56:03.0585 5172 pcw - ok
07:56:03.0695 5172 [ b0d4fc1d3615eb7ed993a5e0ee5d70b4 ] PDMWorks Workgroup Server C:\Program Files (x86)\PDMWorks Workgroup\Vault\pdmwService.exe
07:56:03.0726 5172 PDMWorks Workgroup Server - ok
07:56:03.0741 5172 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
07:56:03.0757 5172 PEAUTH - ok
07:56:03.0788 5172 [ b9b0a4299dd2d76a4243f75fd54dc680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
07:56:03.0804 5172 PeerDistSvc - ok
07:56:03.0851 5172 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
07:56:03.0866 5172 PerfHost - ok
07:56:03.0913 5172 [ 557e9a86f65f0de18c9b6751dfe9d3f1 ] pla C:\Windows\system32\pla.dll
07:56:03.0944 5172 pla - ok
07:56:03.0991 5172 [ 98b1721b8718164293b9701b98c52d77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
07:56:04.0007 5172 PlugPlay - ok
07:56:04.0038 5172 [ ac78df349f0e4cfb8b667c0cfff83cce ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
07:56:04.0053 5172 Pml Driver HPZ12 - ok
07:56:04.0069 5172 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
07:56:04.0069 5172 PNRPAutoReg - ok
07:56:04.0085 5172 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
07:56:04.0085 5172 PNRPsvc - ok
07:56:04.0116 5172 [ 166eb40d1f5b47e615de3d0fffe5f243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
07:56:04.0116 5172 PolicyAgent - ok
07:56:04.0147 5172 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
07:56:04.0147 5172 Power - ok
07:56:04.0194 5172 [ 27cc19e81ba5e3403c48302127bda717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
07:56:04.0194 5172 PptpMiniport - ok
07:56:04.0209 5172 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\DRIVERS\processr.sys
07:56:04.0225 5172 Processor - ok
07:56:04.0241 5172 [ f381975e1f4346de875cb07339ce8d3a ] ProfSvc C:\Windows\system32\profsvc.dll
07:56:04.0256 5172 ProfSvc - ok
07:56:04.0256 5172 [ 156f6159457d0aa7e59b62681b56eb90 ] ProtectedStorage C:\Windows\system32\lsass.exe
07:56:04.0256 5172 ProtectedStorage - ok
07:56:04.0272 5172 [ ee992183bd8eaefd9973f352e587a299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
07:56:04.0272 5172 Psched - ok
07:56:04.0303 5172 [ f036cfb275d0c55f4e45fbbf5f98b3c8 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
07:56:04.0303 5172 PSI_SVC_2 - ok
07:56:04.0350 5172 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
07:56:04.0381 5172 ql2300 - ok
07:56:04.0381 5172 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
07:56:04.0381 5172 ql40xx - ok
07:56:04.0397 5172 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
07:56:04.0397 5172 QWAVE - ok
07:56:04.0412 5172 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
07:56:04.0412 5172 QWAVEdrv - ok
07:56:04.0428 5172 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
07:56:04.0428 5172 RasAcd - ok
07:56:04.0443 5172 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
07:56:04.0443 5172 RasAgileVpn - ok
07:56:04.0459 5172 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
07:56:04.0459 5172 RasAuto - ok
07:56:04.0475 5172 [ 87a6e852a22991580d6d39adc4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
07:56:04.0475 5172 Rasl2tp - ok
07:56:04.0506 5172 [ 47394ed3d16d053f5906efe5ab51cc83 ] RasMan C:\Windows\System32\rasmans.dll
07:56:04.0506 5172 RasMan - ok
07:56:04.0521 5172 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
07:56:04.0521 5172 RasPppoe - ok
07:56:04.0537 5172 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
07:56:04.0537 5172 RasSstp - ok
07:56:04.0553 5172 [ 3bac8142102c15d59a87757c1d41dce5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
07:56:04.0553 5172 rdbss - ok
07:56:04.0568 5172 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
07:56:04.0568 5172 rdpbus - ok
07:56:04.0599 5172 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
07:56:04.0599 5172 RDPCDD - ok
07:56:04.0631 5172 [ 9706b84dbabfc4b4ca46c5a82b14dfa3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
07:56:04.0631 5172 RDPDR - ok
07:56:04.0646 5172 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
07:56:04.0646 5172 RDPENCDD - ok
07:56:04.0662 5172 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
07:56:04.0662 5172 RDPREFMP - ok
07:56:04.0693 5172 [ 074ac702d8b8b660b0e1371555995386 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
07:56:04.0693 5172 RDPWD - ok
07:56:04.0724 5172 [ 634b9a2181d98f15941236886164ec8b ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
07:56:04.0724 5172 rdyboost - ok
07:56:04.0802 5172 [ 69ff003dc593dea5dc166c971ffd4dc8 ] Remote Solver for Flow Simulation 2011 C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe
07:56:04.0802 5172 Remote Solver for Flow Simulation 2011 - ok
07:56:04.0833 5172 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
07:56:04.0833 5172 RemoteAccess - ok
07:56:04.0865 5172 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
07:56:04.0865 5172 RemoteRegistry - ok
07:56:04.0880 5172 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
07:56:04.0880 5172 RpcEptMapper - ok
07:56:04.0896 5172 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
07:56:04.0896 5172 RpcLocator - ok
07:56:04.0943 5172 [ 7266972e86890e2b30c0c322e906b027 ] RpcSs C:\Windows\system32\rpcss.dll
07:56:04.0958 5172 RpcSs - ok
07:56:04.0974 5172 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
07:56:04.0974 5172 rspndr - ok
07:56:05.0005 5172 [ 26e0d15fb1835f7ed638f157ccd2e04d ] RsvLock C:\Windows\system32\drivers\RsvLock.sys
07:56:05.0021 5172 RsvLock - ok
07:56:05.0067 5172 [ 47032c855ddcb5ad7236286689ede288 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
07:56:05.0067 5172 RTL8167 - ok
07:56:05.0099 5172 [ 88af6e02ab19df7fd07ecdf9c91e9af6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
07:56:05.0099 5172 s3cap - ok
07:56:05.0130 5172 [ 6ef8e5e3a079c97c70915cf740e89977 ] SafeBoot C:\Windows\system32\drivers\SafeBoot.sys
07:56:05.0130 5172 Suspicious file (NoAccess): C:\Windows\system32\drivers\SafeBoot.sys. md5: 6ef8e5e3a079c97c70915cf740e89977
07:56:05.0130 5172 SafeBoot ( LockedFile.Multi.Generic ) - warning
07:56:05.0130 5172 SafeBoot - detected LockedFile.Multi.Generic (1)
07:56:05.0161 5172 [ 156f6159457d0aa7e59b62681b56eb90 ] SamSs C:\Windows\system32\lsass.exe
07:56:05.0161 5172 SamSs - ok
07:56:05.0177 5172 [ fd8714a36c4646de22ddc7e36f6d09ef ] SbAlg C:\Windows\system32\drivers\SbAlg.sys
07:56:05.0177 5172 SbAlg - ok
07:56:05.0208 5172 [ 43027f1996f3ac6bd54b8a871996b7b3 ] SbFsLock C:\Windows\system32\drivers\SbFsLock.sys
07:56:05.0208 5172 SbFsLock - ok
07:56:05.0239 5172 [ e3bbb89983daf5622c1d50cf49f28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
07:56:05.0239 5172 sbp2port - ok
07:56:05.0286 5172 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
07:56:05.0286 5172 SCardSvr - ok
07:56:05.0317 5172 [ c94da20c7e3ba1dca269bc8460d98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
07:56:05.0317 5172 scfilter - ok
07:56:05.0364 5172 [ 624d0f5ff99428bb90a5b8a4123e918e ] Schedule C:\Windows\system32\schedsvc.dll
07:56:05.0379 5172 Schedule - ok
07:56:05.0395 5172 [ 312e2f82af11e79906898ac3e3d58a1f ] SCPolicySvc C:\Windows\System32\certprop.dll
07:56:05.0395 5172 SCPolicySvc - ok
07:56:05.0426 5172 [ 765a27c3279ce11d14cb9e4f5869fca5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
07:56:05.0426 5172 SDRSVC - ok
07:56:05.0457 5172 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
07:56:05.0457 5172 secdrv - ok
07:56:05.0489 5172 [ 463b386ebc70f98da5dff85f7e654346 ] seclogon C:\Windows\system32\seclogon.dll
07:56:05.0489 5172 seclogon - ok
07:56:05.0504 5172 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\System32\sens.dll
07:56:05.0504 5172 SENS - ok
07:56:05.0520 5172 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
07:56:05.0520 5172 SensrSvc - ok
07:56:05.0535 5172 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
07:56:05.0535 5172 Serenum - ok
07:56:05.0551 5172 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
07:56:05.0551 5172 Serial - ok
07:56:05.0567 5172 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
07:56:05.0567 5172 sermouse - ok
07:56:05.0613 5172 [ 12b41d84a4d058adc60853c365dbfcca ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
07:56:05.0629 5172 ServiceLayer - ok
07:56:05.0645 5172 [ c3bc61ce47ff6f4e88ab8a3b429a36af ] SessionEnv C:\Windows\system32\sessenv.dll
07:56:05.0660 5172 SessionEnv - ok
07:56:05.0676 5172 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
07:56:05.0676 5172 sffdisk - ok
07:56:05.0691 5172 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
07:56:05.0691 5172 sffp_mmc - ok
07:56:05.0707 5172 [ 178298f767fe638c9fedcbdef58bb5e4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
07:56:05.0707 5172 sffp_sd - ok
07:56:05.0707 5172 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
07:56:05.0707 5172 sfloppy - ok
07:56:05.0754 5172 [ c6cc9297bd53e5229653303e556aa539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
07:56:05.0769 5172 Sftfs - ok
07:56:05.0816 5172 [ 13693b6354dd6e72dc5131da7d764b90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
07:56:05.0816 5172 sftlist - ok
07:56:05.0847 5172 [ 390aa7bc52cee43f6790cdea1e776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
07:56:05.0847 5172 Sftplay - ok
07:56:05.0879 5172 [ 617e29a0b0a2807466560d4c4e338d3e ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
07:56:05.0879 5172 Sftredir - ok
07:56:05.0910 5172 [ 8f571f016fa1976f445147e9e6c8ae9b ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
07:56:05.0925 5172 Sftvol - ok
07:56:05.0941 5172 [ c3cddd18f43d44ab713cf8c4916f7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
07:56:05.0957 5172 sftvsa - ok
07:56:05.0988 5172 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll
07:56:05.0988 5172 SharedAccess - ok
07:56:06.0019 5172 [ 0298ac45d0efffb2db4baa7dd186e7bf ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:56:06.0019 5172 ShellHWDetection - ok
07:56:06.0050 5172 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:56:06.0066 5172 SiSRaid2 - ok
07:56:06.0066 5172 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
07:56:06.0066 5172 SiSRaid4 - ok
07:56:06.0097 5172 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
07:56:06.0113 5172 Smb - ok
07:56:06.0144 5172 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
07:56:06.0144 5172 SNMPTRAP - ok
07:56:06.0191 5172 [ 4945020bc094c322571184a6e8056b3a ] SolidWorks Licensing Service C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
07:56:06.0191 5172 SolidWorks Licensing Service - ok
07:56:06.0206 5172 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
07:56:06.0206 5172 spldr - ok
07:56:06.0237 5172 [ f8e1fa03cb70d54a9892ac88b91d1e7b ] Spooler C:\Windows\System32\spoolsv.exe
07:56:06.0253 5172 Spooler - ok
07:56:06.0331 5172 [ 913d843498553a1bc8f8dbad6358e49f ] sppsvc C:\Windows\system32\sppsvc.exe
07:56:06.0362 5172 sppsvc - ok
07:56:06.0362 5172 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
07:56:06.0362 5172 sppuinotify - ok
07:56:06.0393 5172 [ 2408c0366d96bcdf63e8f1c78e4a29c5 ] srv C:\Windows\system32\DRIVERS\srv.sys
07:56:06.0409 5172 srv - ok
07:56:06.0425 5172 [ 76548f7b818881b47d8d1ae1be9c11f8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
07:56:06.0425 5172 srv2 - ok
07:56:06.0456 5172 [ 0af6e19d39c70844c5caa8fb0183c36e ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
07:56:06.0456 5172 srvnet - ok
07:56:06.0487 5172 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
07:56:06.0487 5172 SSDPSRV - ok
07:56:06.0503 5172 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
07:56:06.0503 5172 SstpSvc - ok
07:56:06.0534 5172 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
07:56:06.0534 5172 stexstor - ok
07:56:06.0565 5172 [ 52d0e33b681bd0f33fdc08812fee4f7d ] stisvc C:\Windows\System32\wiaservc.dll
07:56:06.0565 5172 stisvc - ok
07:56:06.0596 5172 [ ffd7a6f15b14234b5b0e5d49e7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
07:56:06.0596 5172 storflt - ok
07:56:06.0612 5172 [ c40841817ef57d491f22eb103da587cc ] StorSvc C:\Windows\system32\storsvc.dll
07:56:06.0612 5172 StorSvc - ok
07:56:06.0627 5172 [ 8fccbefc5c440b3c23454656e551b09a ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
07:56:06.0627 5172 storvsc - ok
07:56:06.0643 5172 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
07:56:06.0643 5172 swenum - ok
07:56:06.0674 5172 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
07:56:06.0690 5172 swprv - ok
07:56:06.0721 5172 [ 3c1284516a62078fb68f768de4f1a7be ] SysMain C:\Windows\system32\sysmain.dll
07:56:06.0752 5172 SysMain - ok
07:56:06.0768 5172 [ 238935c3cf2854886dc7cbb2a0e2cc66 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:56:06.0768 5172 TabletInputService - ok
07:56:06.0783 5172 [ 884264ac597b690c5707c89723bb8e7b ] TapiSrv C:\Windows\System32\tapisrv.dll
07:56:06.0783 5172 TapiSrv - ok
07:56:06.0815 5172 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
07:56:06.0815 5172 TBS - ok
07:56:06.0877 5172 [ f18f56efc0bfb9c87ba01c37b27f4da5 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
07:56:06.0893 5172 Tcpip - ok
07:56:06.0908 5172 [ f18f56efc0bfb9c87ba01c37b27f4da5 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
07:56:06.0924 5172 TCPIP6 - ok
07:56:06.0924 5172 [ 76d078af6f587b162d50210f761eb9ed ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
07:56:06.0924 5172 tcpipreg - ok
07:56:06.0939 5172 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
07:56:06.0939 5172 TDPIPE - ok
07:56:06.0971 5172 [ 7518f7bcfd4b308abc9192bacaf6c970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
07:56:06.0971 5172 TDTCP - ok
07:56:06.0986 5172 [ 079125c4b17b01fcaeebce0bcb290c0f ] tdx C:\Windows\system32\DRIVERS\tdx.sys
07:56:06.0986 5172 tdx - ok
07:56:07.0002 5172 [ c448651339196c0e869a355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
07:56:07.0017 5172 TermDD - ok
07:56:07.0033 5172 [ 0f05ec2887bfe197ad82a13287d2f404 ] TermService C:\Windows\System32\termsrv.dll
07:56:07.0033 5172 TermService - ok
07:56:07.0049 5172 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
07:56:07.0049 5172 Themes - ok
07:56:07.0064 5172 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
07:56:07.0064 5172 THREADORDER - ok
07:56:07.0080 5172 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
07:56:07.0080 5172 TrkWks - ok
07:56:07.0127 5172 [ 840f7fb849f5887a49ba18c13b2da920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:56:07.0127 5172 TrustedInstaller - ok
07:56:07.0142 5172 [ 61b96c26131e37b24e93327a0bd1fb95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
07:56:07.0158 5172 tssecsrv - ok
07:56:07.0173 5172 [ 3836171a2cdf3af8ef10856db9835a70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
07:56:07.0173 5172 tunnel - ok
07:56:07.0189 5172 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
07:56:07.0205 5172 uagp35 - ok
07:56:07.0220 5172 [ d47baead86c65d4f4069d7ce0a4edceb ] udfs C:\Windows\system32\DRIVERS\udfs.sys
07:56:07.0220 5172 udfs - ok
07:56:07.0251 5172 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
07:56:07.0267 5172 UI0Detect - ok
07:56:07.0283 5172 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
07:56:07.0283 5172 uliagpkx - ok
07:56:07.0314 5172 [ eab6c35e62b1b0db0d1b48b671d3a117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
07:56:07.0314 5172 umbus - ok
07:56:07.0329 5172 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
07:56:07.0329 5172 UmPass - ok
07:56:07.0361 5172 [ af0ac98ee5077eb844413eb54287fde3 ] UmRdpService C:\Windows\System32\umrdp.dll
07:56:07.0361 5172 UmRdpService - ok
07:56:07.0454 5172 [ 02c298382359653bec4c737c2ab7f9c5 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
07:56:07.0485 5172 UNS - ok
07:56:07.0501 5172 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
07:56:07.0517 5172 upnphost - ok
07:56:07.0532 5172 [ 7168819f30fe9622284ea19bde7f8ab4 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
07:56:07.0532 5172 upperdev - ok
07:56:07.0579 5172 [ 7b6a127c93ee590e4d79a5f2a76fe46f ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
07:56:07.0579 5172 usbccgp - ok
07:56:07.0595 5172 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
07:56:07.0595 5172 usbcir - ok
07:56:07.0626 5172 [ 92969ba5ac44e229c55a332864f79677 ] usbehci C:\Windows\system32\drivers\usbehci.sys
07:56:07.0641 5172 usbehci - ok
07:56:07.0641 5172 [ e7df1cfd28ca86b35ef5add0735ceef3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
07:56:07.0657 5172 usbhub - ok
07:56:07.0673 5172 [ f1bb1e55f1e7a65c5839ccc7b36d773e ] usbohci C:\Windows\system32\drivers\usbohci.sys
07:56:07.0704 5172 usbohci - ok
07:56:07.0735 5172 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
07:56:07.0735 5172 usbprint - ok
07:56:07.0751 5172 [ 0f0c72a657c622286013788b886968ad ] usbser C:\Windows\system32\drivers\usbser.sys
07:56:07.0766 5172 usbser - ok
07:56:07.0782 5172 [ 66c25cb20b2974e0c0cfdab49fb72a02 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
07:56:07.0782 5172 UsbserFilt - ok
07:56:07.0797 5172 [ f39983647bc1f3e6100778ddfe9dce29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:56:07.0813 5172 USBSTOR - ok
07:56:07.0829 5172 [ bc3070350a491d84b518d7cca9abd36f ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
07:56:07.0829 5172 usbuhci - ok
07:56:07.0844 5172 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
07:56:07.0844 5172 UxSms - ok
07:56:07.0860 5172 [ 156f6159457d0aa7e59b62681b56eb90 ] VaultSvc C:\Windows\system32\lsass.exe
07:56:07.0860 5172 VaultSvc - ok
07:56:07.0875 5172 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
07:56:07.0875 5172 vdrvroot - ok
07:56:07.0891 5172 [ 44d73e0bbc1d3c8981304ba15135c2f2 ] vds C:\Windows\System32\vds.exe
07:56:07.0907 5172 vds - ok
07:56:07.0922 5172 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
07:56:07.0922 5172 vga - ok
07:56:07.0922 5172 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
07:56:07.0938 5172 VgaSave - ok
07:56:07.0953 5172 [ c82e748660f62a242b2dfac1442f22a4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
07:56:07.0969 5172 vhdmp - ok
07:56:08.0000 5172 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
07:56:08.0000 5172 viaide - ok
07:56:08.0031 5172 [ 1501699d7eda984abc4155a7da5738d1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
07:56:08.0031 5172 vmbus - ok
07:56:08.0047 5172 [ ae10c35761889e65a6f7176937c5592c ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
07:56:08.0047 5172 VMBusHID - ok
07:56:08.0063 5172 [ 2b1a3dae2b4e70dbba822b7a03fbd4a3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
07:56:08.0063 5172 volmgr - ok
07:56:08.0078 5172 [ 99b0cbb569ca79acaed8c91461d765fb ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
07:56:08.0078 5172 volmgrx - ok
07:56:08.0094 5172 [ 58f82eed8ca24b461441f9c3e4f0bf5c ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
07:56:08.0094 5172 volsnap - ok
07:56:08.0109 5172 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
07:56:08.0125 5172 vsmraid - ok
07:56:08.0156 5172 [ 787898bf9fb6d7bd87a36e2d95c899ba ] VSS C:\Windows\system32\vssvc.exe
07:56:08.0172 5172 VSS - ok
07:56:08.0281 5172 [ 8ed347bad8d1fb7c40b593bfb01786d2 ] vToolbarUpdater11.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
07:56:08.0281 5172 vToolbarUpdater11.2.0 - ok
07:56:08.0297 5172 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
07:56:08.0297 5172 vwifibus - ok
07:56:08.0343 5172 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
07:56:08.0359 5172 W32Time - ok
07:56:08.0359 5172 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
07:56:08.0359 5172 WacomPen - ok
07:56:08.0390 5172 [ 47ca49400643effd3f1c9a27e1d69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
07:56:08.0390 5172 WANARP - ok
07:56:08.0406 5172 [ 47ca49400643effd3f1c9a27e1d69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
07:56:08.0406 5172 Wanarpv6 - ok
07:56:08.0484 5172 [ 06d2b9bc146bb0f45f45ff7a296d50c4 ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
07:56:08.0499 5172 WAS - ok
07:56:08.0562 5172 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
07:56:08.0577 5172 WatAdminSvc - ok
07:56:08.0609 5172 [ 5ab1bb85bd8b5089cc5d64200dedae68 ] wbengine C:\Windows\system32\wbengine.exe
07:56:08.0640 5172 wbengine - ok
07:56:08.0640 5172 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
07:56:08.0655 5172 WbioSrvc - ok
07:56:08.0671 5172 [ dd1bae8ebfc653824d29ccf8c9054d68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
07:56:08.0671 5172 wcncsvc - ok
07:56:08.0687 5172 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:56:08.0687 5172 WcsPlugInService - ok
07:56:08.0718 5172 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\DRIVERS\wd.sys
07:56:08.0718 5172 Wd - ok
07:56:08.0733 5172 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
07:56:08.0749 5172 Wdf01000 - ok
07:56:08.0765 5172 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
07:56:08.0765 5172 WdiServiceHost - ok
07:56:08.0765 5172 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
07:56:08.0780 5172 WdiSystemHost - ok
07:56:08.0796 5172 [ 733006127f235be7c35354ebee7b9a7b ] WebClient C:\Windows\System32\webclnt.dll
07:56:08.0796 5172 WebClient - ok
07:56:08.0827 5172 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
07:56:08.0843 5172 Wecsvc - ok
07:56:08.0843 5172 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
07:56:08.0858 5172 wercplsupport - ok
07:56:08.0874 5172 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
07:56:08.0889 5172 WerSvc - ok
07:56:08.0889 5172 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
07:56:08.0889 5172 WfpLwf - ok
07:56:08.0905 5172 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
07:56:08.0905 5172 WIMMount - ok
07:56:08.0921 5172 WinDefend - ok
07:56:08.0936 5172 WinHttpAutoProxySvc - ok
07:56:08.0967 5172 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
07:56:08.0983 5172 Winmgmt - ok
07:56:09.0030 5172 [ 41fbb751936b387f9179e7f03a74fe29 ] WinRM C:\Windows\system32\WsmSvc.dll
07:56:09.0045 5172 WinRM - ok
07:56:09.0108 5172 [ 817eaff5d38674edd7713b9dfb8e9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
07:56:09.0108 5172 WinUsb - ok
07:56:09.0139 5172 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
07:56:09.0155 5172 Wlansvc - ok
07:56:09.0233 5172 [ 98f138897ef4246381d197cb81846d62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:56:09.0264 5172 wlidsvc - ok
07:56:09.0279 5172 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
07:56:09.0279 5172 WmiAcpi - ok
07:56:09.0311 5172 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
07:56:09.0311 5172 wmiApSrv - ok
07:56:09.0326 5172 WMPNetworkSvc - ok
07:56:09.0357 5172 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
07:56:09.0357 5172 WPCSvc - ok
07:56:09.0373 5172 [ 2e57ddf2880a7e52e76f41c7e96d327b ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
07:56:09.0373 5172 WPDBusEnum - ok
07:56:09.0389 5172 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
07:56:09.0389 5172 ws2ifsl - ok
07:56:09.0404 5172 [ 8f9f3969933c02da96eb0f84576db43e ] wscsvc C:\Windows\System32\wscsvc.dll
07:56:09.0404 5172 wscsvc - ok
07:56:09.0404 5172 WSearch - ok
07:56:09.0467 5172 [ 38340204a2d0228f1e87740fc5e554a7 ] wuauserv C:\Windows\system32\wuaueng.dll
07:56:09.0482 5172 wuauserv - ok
07:56:09.0498 5172 [ 7cadc74271dd6461c452c271b30bd378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
07:56:09.0498 5172 WudfPf - ok
07:56:09.0513 5172 [ 3b197af0fff08aa66b6b2241ca538d64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
07:56:09.0513 5172 WUDFRd - ok
07:56:09.0529 5172 [ b551d6637aa0e132c18ac6e504f7b79b ] wudfsvc C:\Windows\System32\WUDFSvc.dll
07:56:09.0529 5172 wudfsvc - ok
07:56:09.0545 5172 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll
07:56:09.0545 5172 WwanSvc - ok
07:56:09.0560 5172 ================ Scan global ===============================
07:56:09.0576 5172 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
07:56:09.0607 5172 (0cb6ebf4b461a6043353c570bd72a1e1) C:\Windows\system32\winsrv.dll
07:56:09.0623 5172 (0cb6ebf4b461a6043353c570bd72a1e1) C:\Windows\system32\winsrv.dll
07:56:09.0654 5172 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
07:56:09.0669 5172 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
07:56:09.0669 5172 [Global] - ok
07:56:09.0669 5172 ================ Scan MBR ==================================
07:56:09.0685 5172 MBR (0x1B8) (3835803f028168fcfe7db4eef5836b22) \Device\Harddisk0\DR0
07:56:09.0794 5172 \Device\Harddisk0\DR0 - ok
07:56:09.0794 5172 ================ Scan VBR ==================================
07:56:09.0794 5172 Boot (0x1200) (5a5704d8d9ed6016f3e1db44281ad9f3) \Device\Harddisk0\DR0\Partition1
07:56:09.0794 5172 \Device\Harddisk0\DR0\Partition1 - ok
07:56:09.0825 5172 Boot (0x1200) (282c91d5503aca19cbfa733d072e797a) \Device\Harddisk0\DR0\Partition2
07:56:09.0825 5172 \Device\Harddisk0\DR0\Partition2 - ok
07:56:09.0841 5172 Boot (0x1200) (4d36db6b252a5b20514cd90acffbdaa8) \Device\Harddisk0\DR0\Partition3
07:56:09.0841 5172 \Device\Harddisk0\DR0\Partition3 - ok
07:56:09.0857 5172 ============================================================
07:56:09.0857 5172 Scan finished
07:56:09.0857 5172 ============================================================
07:56:09.0857 5836 Detected object count: 1
07:56:09.0857 5836 Actual detected object count: 1
07:57:25.0918 5836 SafeBoot ( LockedFile.Multi.Generic ) - skipped by user
07:57:25.0919 5836 SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip
07:57:30.0068 6468 Deinitialize success

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMDTDF
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)


Aktualizuj javu:
Java SE Runtime Environment 7

Klikni na Accept License Agreement
Vyber si OS (Windows nebo Windows x64, Offline Installation)
jre-7-windows-i586-p.exe nebo
jre-7-windows-x64.exe
Stáhni ( download) a nainstaluj.
Ostatní javy odeber v přidat/odebrat programy.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
File::
c:\windows\system32\drivers\57500126.sys
c:\program files\Skype\Updater\Updater.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
C:\TDSSKiller_Quarantine
c:\program files\asktoolbar4
c:\documents and settings\Pecka\Data aplikací\asktoolbar4
c:\program files\Google\Update
c:\program files\Skype\Updater

Driver::
SkypeUpdate
gupdate
PanService
711bon.sys
gupdatem

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"=-
"52344:TCP"=-

Firefox::
FF - ProfilePath - c:\documents and settings\Pecka\Data aplikací\Mozilla\Firefox\Profiles\xp22het1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Po vyčištění si aktualizuj AVG Anti-Virus 2011 na AVG Anti-Virus 2012.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\system32\drivers\atapi.sys
C:\Windows\System32\Drivers\SafeBoot.sys

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

[profic]

Combofix

ComboFix 12-08-14.05 - mtrnka 16.08.2012 11:07:31.3.8 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.8151.6175 [GMT 2:00]
Spuštěný z: c:\users\mtrnka\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\mtrnka\Desktop\CFScript.txt
AV: AVG Anti-Virus 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\Google\Update\GoogleUpdate.exe"
"c:\program files\Skype\Updater\Updater.exe"
"c:\windows\system32\drivers\57500126.sys"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-16 do 2012-08-16 )))))))))))))))))))))))))))))))
.
.
2012-08-16 09:12 . 2012-08-16 09:12 -------- d--h--w- c:\windows\AxInstSV
2012-08-16 09:11 . 2012-08-16 09:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-16 09:11 . 2012-08-16 09:11 -------- d-----w- c:\users\uzivatel\AppData\Local\temp
2012-08-16 09:01 . 2012-08-16 09:00 627600 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-16 09:01 . 2012-08-16 09:00 252296 ----a-w- c:\windows\system32\javaws.exe
2012-08-16 09:01 . 2012-08-16 09:00 188808 ----a-w- c:\windows\system32\javaw.exe
2012-08-16 09:01 . 2012-08-16 09:00 188808 ----a-w- c:\windows\system32\java.exe
2012-08-16 09:00 . 2012-08-16 09:00 -------- d-----w- c:\program files\Java
2012-08-15 08:36 . 2012-08-16 07:46 -------- d-----w- c:\users\mtrnka\AppData\Local\Adobe
2012-08-15 05:58 . 2012-08-15 05:58 -------- d-----w- c:\users\mtrnka\AppData\Local\AVG Secure Search
2012-08-15 05:57 . 2012-08-15 05:57 -------- d-----w- c:\users\mtrnka\AppData\Local\ATI
2012-08-14 12:55 . 2012-08-14 12:55 -------- d-----w- c:\programdata\Nokia
2012-08-14 08:42 . 2012-08-14 08:42 388096 ----a-r- c:\users\mtrnka\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-14 08:42 . 2012-08-14 08:42 -------- d-----w- c:\program files (x86)\Trend Micro
2012-08-14 08:17 . 2012-08-14 08:17 -------- d-----w- c:\users\mtrnka\AppData\Roaming\Malwarebytes
2012-08-14 08:16 . 2012-08-14 08:16 -------- d-----w- c:\programdata\Malwarebytes
2012-08-14 08:03 . 2012-08-14 08:03 -------- d-----w- C:\inetpub
2012-08-14 07:50 . 2012-08-14 07:50 -------- d-----w- c:\users\mtrnka\AppData\Local\Supremus Corporation
2012-08-14 07:50 . 2012-08-14 07:50 -------- d-----w- c:\program files\Windows Updates Downloader
2012-08-14 07:00 . 2012-08-14 07:00 -------- d-----w- c:\programdata\McAfee
2012-08-14 06:56 . 2012-08-14 06:56 -------- d-----w- c:\users\mtrnka\AppData\Local\ElevatedDiagnostics
2012-08-13 10:19 . 2012-08-13 10:19 -------- d-----w- c:\users\mtrnka\AppData\Roaming\GDL Technology
2012-08-13 10:18 . 2012-08-13 10:18 -------- d-----w- c:\program files (x86)\GRAPHISOFT
2012-08-13 10:18 . 2012-08-13 10:18 -------- d-----w- c:\program files\GRAPHISOFT
2012-08-13 10:17 . 2012-08-13 10:17 -------- d-----w- c:\users\mtrnka\AppData\Roaming\Install.GS
2012-08-13 10:17 . 2012-06-28 18:23 476976 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-13 10:17 . 2012-06-28 18:23 472880 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-15_06.14.19 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-08-15 06:12 . 2012-08-15 06:12 13585 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-08-16 09:11 . 2012-08-16 09:11 13585 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2009-07-14 04:54 . 2012-08-15 05:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-16 04:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-16 04:27 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-15 05:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-16 04:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-15 05:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-04 07:49 . 2012-08-16 09:14 57122 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-16 09:14 34866 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-04 10:46 . 2012-08-16 09:14 20366 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2015035442-512669389-2570835100-1002_UserData.bin
+ 2012-08-16 09:12 . 2012-08-16 09:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-15 06:13 . 2012-08-15 06:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-15 06:13 . 2012-08-15 06:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-16 09:12 . 2012-08-16 09:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-08-15 06:12 505332 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-16 09:11 505332 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-08-16 09:00 . 2012-08-16 09:00 973312 c:\windows\Installer\6a766c.msi
- 2011-03-04 07:23 . 2012-08-15 06:12 2742712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-03-04 07:23 . 2012-08-16 09:11 2742712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-10-11 12:59 . 2012-08-15 07:57 2545887 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2015035442-512669389-2570835100-1002-12288.dat
- 2011-10-11 12:59 . 2012-08-14 09:22 2545887 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2015035442-512669389-2570835100-1002-12288.dat
+ 2009-07-14 02:34 . 2012-08-16 07:15 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-08-15 06:09 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2011-05-06 13:00 . 2012-08-14 13:01 19391760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2015035442-512669389-2570835100-1002-8192.dat
+ 2011-05-06 13:00 . 2012-08-16 09:11 19391760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2015035442-512669389-2570835100-1002-8192.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-15 05:30 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-08-15 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2010-02-11 710656]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-09 2068992]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-12-12 11265536]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-01-17 2339168]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-08-29 343168]
"Bonus.SSR.FR11"="c:\program files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" [2011-08-18 925960]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-08-15 1107552]
.
c:\users\mtrnka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Jádro Plánovače úloh SolidWorks.lnk - c:\program files\SolidWorks Corp\SolidWorks\swScheduler\swBOEngine.exe [2012-1-20 968264]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SolidWorks Nástroj pro stahování na pozadí.lnk - c:\program files (x86)\Common Files\Manažer instalací SolidWorks\BackgroundDownloading\sldBgDwld.exe [2012-7-2 1855080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2012-01-20 89160]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2009-10-21 40760]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2009-12-07 362040]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-02-21 1431888]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 OxPPort;OxPPort;c:\windows\system32\DRIVERS\OxPPort.sys [2008-07-31 98304]
R3 Remote Solver for Flow Simulation 2011;Remote Solver for Flow Simulation 2011;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2011-01-17 110344]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-04 1255736]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 26704]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2011-03-16 37456]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2011-01-07 304720]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-03-01 41552]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2011-04-04 377936]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-03-04 254528]
S1 RsvLock;RsvLock; [x]
S2 ABBYY.Licensing.FineReader.Professional.11.0;ABBYY FineReader 11 PE Licensing Service;c:\program files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [2011-08-18 819976]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-08-29 204288]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-01-12 36864]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-08-21 92216]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-02 281192]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-12-12 297984]
S2 PDMWorks Workgroup Server;SolidWorks Workgroup PDM Server;c:\program files (x86)\PDMWorks Workgroup\Vault\pdmwService.exe [2012-06-08 3308032]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-08-15 935008]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-08-29 9978880]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-08-29 309248]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-27 118864]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 29264]
S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-02-02 704512]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-20 349800]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-08-14 c:\windows\Tasks\HPCeeScheduleForHP_PRO3130_001$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-08-08 c:\windows\Tasks\HPCeeScheduleFormtrnka.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-07 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-07 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-07 413208]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: Interfaces\{997BD4E3-3846-494B-BA86-11953D80B980}: NameServer = 192.168.1.3,192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\mtrnka\AppData\Roaming\Mozilla\Firefox\Profiles\97xz14lm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bcc ... &sap=ku&q=
FF - prefs.js: network.proxy.ftp - 192.168.1.1
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 192.168.1.1
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 192.168.1.1
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 192.168.1.1
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 192.168.1.1
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\AVG\AVG10\avgam.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Common Files\Manac:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
c:\program files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
.
**************************************************************************
.
Celkový čas: 2012-08-16 11:17:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-08-16 09:17
ComboFix2.txt 2012-08-15 11:21
ComboFix3.txt 2012-08-15 06:18
.
Před spuštěním: Volných bajtů: 220 851 650 560
Po spuštění: Volných bajtů: 220 606 238 720
.
- - End Of File - - D41CA226D5CEF3FC89D7A495E5922B11

Combofix

ComboFix 12-08-14.05 - mtrnka 16.08.2012 11:07:31.3.8 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.8151.6175 [GMT 2:00]
Spuštěný z: c:\users\mtrnka\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\mtrnka\Desktop\CFScript.txt
AV: AVG Anti-Virus 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\Google\Update\GoogleUpdate.exe"
"c:\program files\Skype\Updater\Updater.exe"
"c:\windows\system32\drivers\57500126.sys"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-16 do 2012-08-16 )))))))))))))))))))))))))))))))
.
.
2012-08-16 09:12 . 2012-08-16 09:12 -------- d--h--w- c:\windows\AxInstSV
2012-08-16 09:11 . 2012-08-16 09:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-16 09:11 . 2012-08-16 09:11 -------- d-----w- c:\users\uzivatel\AppData\Local\temp
2012-08-16 09:01 . 2012-08-16 09:00 627600 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-16 09:01 . 2012-08-16 09:00 252296 ----a-w- c:\windows\system32\javaws.exe
2012-08-16 09:01 . 2012-08-16 09:00 188808 ----a-w- c:\windows\system32\javaw.exe
2012-08-16 09:01 . 2012-08-16 09:00 188808 ----a-w- c:\windows\system32\java.exe
2012-08-16 09:00 . 2012-08-16 09:00 -------- d-----w- c:\program files\Java
2012-08-15 08:36 . 2012-08-16 07:46 -------- d-----w- c:\users\mtrnka\AppData\Local\Adobe
2012-08-15 05:58 . 2012-08-15 05:58 -------- d-----w- c:\users\mtrnka\AppData\Local\AVG Secure Search
2012-08-15 05:57 . 2012-08-15 05:57 -------- d-----w- c:\users\mtrnka\AppData\Local\ATI
2012-08-14 12:55 . 2012-08-14 12:55 -------- d-----w- c:\programdata\Nokia
2012-08-14 08:42 . 2012-08-14 08:42 388096 ----a-r- c:\users\mtrnka\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-14 08:42 . 2012-08-14 08:42 -------- d-----w- c:\program files (x86)\Trend Micro
2012-08-14 08:17 . 2012-08-14 08:17 -------- d-----w- c:\users\mtrnka\AppData\Roaming\Malwarebytes
2012-08-14 08:16 . 2012-08-14 08:16 -------- d-----w- c:\programdata\Malwarebytes
2012-08-14 08:03 . 2012-08-14 08:03 -------- d-----w- C:\inetpub
2012-08-14 07:50 . 2012-08-14 07:50 -------- d-----w- c:\users\mtrnka\AppData\Local\Supremus Corporation
2012-08-14 07:50 . 2012-08-14 07:50 -------- d-----w- c:\program files\Windows Updates Downloader
2012-08-14 07:00 . 2012-08-14 07:00 -------- d-----w- c:\programdata\McAfee
2012-08-14 06:56 . 2012-08-14 06:56 -------- d-----w- c:\users\mtrnka\AppData\Local\ElevatedDiagnostics
2012-08-13 10:19 . 2012-08-13 10:19 -------- d-----w- c:\users\mtrnka\AppData\Roaming\GDL Technology
2012-08-13 10:18 . 2012-08-13 10:18 -------- d-----w- c:\program files (x86)\GRAPHISOFT
2012-08-13 10:18 . 2012-08-13 10:18 -------- d-----w- c:\program files\GRAPHISOFT
2012-08-13 10:17 . 2012-08-13 10:17 -------- d-----w- c:\users\mtrnka\AppData\Roaming\Install.GS
2012-08-13 10:17 . 2012-06-28 18:23 476976 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-13 10:17 . 2012-06-28 18:23 472880 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-15_06.14.19 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-08-15 06:12 . 2012-08-15 06:12 13585 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-08-16 09:11 . 2012-08-16 09:11 13585 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2009-07-14 04:54 . 2012-08-15 05:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-16 04:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-16 04:27 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-15 05:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-16 04:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-15 05:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-04 07:49 . 2012-08-16 09:14 57122 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-16 09:14 34866 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-04 10:46 . 2012-08-16 09:14 20366 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2015035442-512669389-2570835100-1002_UserData.bin
+ 2012-08-16 09:12 . 2012-08-16 09:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-15 06:13 . 2012-08-15 06:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-15 06:13 . 2012-08-15 06:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-16 09:12 . 2012-08-16 09:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-08-15 06:12 505332 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-16 09:11 505332 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-08-16 09:00 . 2012-08-16 09:00 973312 c:\windows\Installer\6a766c.msi
- 2011-03-04 07:23 . 2012-08-15 06:12 2742712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-03-04 07:23 . 2012-08-16 09:11 2742712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-10-11 12:59 . 2012-08-15 07:57 2545887 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2015035442-512669389-2570835100-1002-12288.dat
- 2011-10-11 12:59 . 2012-08-14 09:22 2545887 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2015035442-512669389-2570835100-1002-12288.dat
+ 2009-07-14 02:34 . 2012-08-16 07:15 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-08-15 06:09 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2011-05-06 13:00 . 2012-08-14 13:01 19391760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2015035442-512669389-2570835100-1002-8192.dat
+ 2011-05-06 13:00 . 2012-08-16 09:11 19391760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2015035442-512669389-2570835100-1002-8192.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-15 05:30 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-08-15 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2010-02-11 710656]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-09 2068992]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-12-12 11265536]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-01-17 2339168]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-08-29 343168]
"Bonus.SSR.FR11"="c:\program files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" [2011-08-18 925960]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-08-15 1107552]
.
c:\users\mtrnka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Jádro Plánovače úloh SolidWorks.lnk - c:\program files\SolidWorks Corp\SolidWorks\swScheduler\swBOEngine.exe [2012-1-20 968264]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SolidWorks Nástroj pro stahování na pozadí.lnk - c:\program files (x86)\Common Files\Manažer instalací SolidWorks\BackgroundDownloading\sldBgDwld.exe [2012-7-2 1855080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2012-01-20 89160]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2009-10-21 40760]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2009-12-07 362040]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-02-21 1431888]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 OxPPort;OxPPort;c:\windows\system32\DRIVERS\OxPPort.sys [2008-07-31 98304]
R3 Remote Solver for Flow Simulation 2011;Remote Solver for Flow Simulation 2011;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2011-01-17 110344]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-04 1255736]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 26704]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2011-03-16 37456]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2011-01-07 304720]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-03-01 41552]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2011-04-04 377936]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-03-04 254528]
S1 RsvLock;RsvLock; [x]
S2 ABBYY.Licensing.FineReader.Professional.11.0;ABBYY FineReader 11 PE Licensing Service;c:\program files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [2011-08-18 819976]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-08-29 204288]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-01-12 36864]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-08-21 92216]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-02 281192]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-12-12 297984]
S2 PDMWorks Workgroup Server;SolidWorks Workgroup PDM Server;c:\program files (x86)\PDMWorks Workgroup\Vault\pdmwService.exe [2012-06-08 3308032]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-08-15 935008]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-08-29 9978880]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-08-29 309248]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-27 118864]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 29264]
S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-02-02 704512]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-20 349800]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-08-14 c:\windows\Tasks\HPCeeScheduleForHP_PRO3130_001$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-08-08 c:\windows\Tasks\HPCeeScheduleFormtrnka.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-07 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-07 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-07 413208]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: Interfaces\{997BD4E3-3846-494B-BA86-11953D80B980}: NameServer = 192.168.1.3,192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\mtrnka\AppData\Roaming\Mozilla\Firefox\Profiles\97xz14lm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bcc ... &sap=ku&q=
FF - prefs.js: network.proxy.ftp - 192.168.1.1
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.gopher - 192.168.1.1
FF - prefs.js: network.proxy.gopher_port - 3128
FF - prefs.js: network.proxy.http - 192.168.1.1
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 192.168.1.1
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 192.168.1.1
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\AVG\AVG10\avgam.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Common Files\Manac:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
c:\program files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
.
**************************************************************************
.
Celkový čas: 2012-08-16 11:17:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-08-16 09:17
ComboFix2.txt 2012-08-15 11:21
ComboFix3.txt 2012-08-15 06:18
.
Před spuštěním: Volných bajtů: 220 851 650 560
Po spuštění: Volných bajtů: 220 606 238 720
.
- - End Of File - - D41CA226D5CEF3FC89D7A495E5922B11


HijackThis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:04:13, on 16.8.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Common Files\Manažer instalací SolidWorks\BackgroundDownloading\sldBgDwld.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE"
O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
O4 - HKLM\..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
O4 - HKLM\..\Run: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Bonus.SSR.FR11] "C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - Startup: Jádro Plánovače úloh SolidWorks.lnk = C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\swBOEngine.exe
O4 - Global Startup: SolidWorks Nástroj pro stahování na pozadí.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{997BD4E3-3846-494B-BA86-11953D80B980}: NameServer = 192.168.1.3,192.168.1.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
O23 - Service: ABBYY FineReader 11 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.11.0) - ABBYY - C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systemes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
O23 - Service: DEBridge - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\Windows\SysWOW64\flcdlock.exe
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SolidWorks Workgroup PDM Server (PDMWorks Workgroup Server) - Dassault Systemes SolidWorks Corp. - C:\Program Files (x86)\PDMWorks Workgroup\Vault\pdmwService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Remote Solver for Flow Simulation 2011 - Mentor Graphics Corporation - C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12785 bytes

SHA256: b014aed260e5e38d57ad32890ef229e39a5548b06dc6f7bf0908a53c745097c3
File name: SafeBoot.sys
Detection ratio: 0 / 42
Analysis date: 2012-08-16 09:51:18 UTC ( 0 minut ago )
00
More details
Antivirus Result Update
AhnLab-V3 - 20120815
AntiVir - 20120816
Antiy-AVL - 20120816
Avast - 20120815
AVG - 20120815
BitDefender - 20120816
ByteHero - 20120814
CAT-QuickHeal - 20120814
ClamAV - 20120816
Commtouch - 20120816
Comodo - 20120816
DrWeb - 20120816
Emsisoft - 20120816
eSafe - 20120816
ESET-NOD32 - 20120816
F-Prot - 20120815
F-Secure - 20120816
Fortinet - 20120816
GData - 20120816
Ikarus - 20120816
Jiangmin - 20120816
K7AntiVirus - 20120815
Kaspersky - 20120816
McAfee - 20120816
McAfee-GW-Edition - 20120816
Microsoft - 20120816
Norman - None
nProtect - 20120815
Panda - 20120815
PCTools - 20120813
Rising - 20120815
Sophos - 20120816
SUPERAntiSpyware - 20120816
Symantec - 20120816
TheHacker - 20120814
TotalDefense - 20120815
TrendMicro - 20120816
TrendMicro-HouseCall - 20120816
VBA32 - 20120814
VIPRE - 20120816
ViRobot - 20120816
VirusBuster - 20120815

SHA256: 0261683c6dc2706dce491a1cdc954ac9c9e649376ec30760bb4e225e18dc5273
File name: atapi.sys
Detection ratio: 0 / 42
Analysis date: 2012-08-16 10:02:25 UTC ( 1 minuta ago )
00
More details
Antivirus Result Update
AhnLab-V3 - 20120815
AntiVir - 20120816
Antiy-AVL - 20120816
Avast - 20120815
AVG - 20120815
BitDefender - 20120816
ByteHero - 20120814
CAT-QuickHeal - 20120814
ClamAV - 20120816
Commtouch - 20120816
Comodo - 20120816
DrWeb - 20120816
Emsisoft - 20120816
eSafe - 20120816
ESET-NOD32 - 20120816
F-Prot - 20120815
F-Secure - 20120816
Fortinet - 20120816
GData - 20120816
Ikarus - 20120816
Jiangmin - 20120816
K7AntiVirus - 20120815
Kaspersky - 20120816
McAfee - 20120816
McAfee-GW-Edition - 20120816
Microsoft - 20120816
Norman - 20120815
nProtect - 20120815
Panda - 20120815
PCTools - 20120813
Rising - 20120815
Sophos - 20120816
SUPERAntiSpyware - 20120816
Symantec - 20120816
TheHacker - 20120814
TotalDefense - 20120815
TrendMicro - 20120816
TrendMicro-HouseCall - 20120816
VBA32 - 20120814
VIPRE - 20120816
ViRobot - 20120816
VirusBuster - 20120815

K tomu atapi.sys. Ve vámi zadaném umístění se soubor nenachází. Otestoval jsem tedy soubor v cestě C:\Windows\erdnt\cache64

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj antivir a antispyware ,následně T-Cleaner smaž a zapni si znovu antivir a antispyware.


Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)

Stáhni si Security Check by screen317 z některého odkazu
http://screen317.spywareinfoforum.org/SecurityCheck.exe
http://screen317.changelog.fr/SecurityCheck.exe

ulož si ho na plochu, poklepej na něj a postupuj podle instrukcí v černém okně. Potom se automaticky otevře pozn. Blok, bude mít název checkup.txt. Jeho obsah sem prosím zkopíruj.

[profic]

Security Check

Results of screen317's Security Check version 0.99.44
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
AVG Anti-Virus 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
xp-AntiSpy 3.98-2
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (8.0.1)
Google Chrome 21.0.1180.77
Google Chrome 21.0.1180.79
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

[jaro3]

Windows 7 x64 (UAC is enabled)
Out of date service pack!! ----doinstaluj si SP1!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
AVG Anti-Virus 2012 ----aktualizuj AVG na verzi 2012!!
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
xp-AntiSpy 3.98-2
Adobe Flash Player 10 Flash Player out of Date! ----aktualizuj !!
Adobe Reader 9 Adobe Reader out of Date! --------aktualizuj!!!

Pak napiš , jak je to s Windows Update.