Trojan "Policie"

Migu3L · Příspěvekod **Migu3L** » 29 lis 2013 15:03

Ahoj,
mam nasledujici problem ... jedna se okno prohlizece s hlaskou od policie, ktere nejde zavrit.
Pocitac v celku pracuje "normalne", mam pristup vsude mozne, jen mi muj vychozi prohlizec vyhazuje to to okno s policii.

Zde nize zasilag log z HiJackThis, system(Win 7) spusten v nouzovem rezimu ... predem diky za pomoc

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:55:53, on 29.11.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16736)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?barid=&src=10&
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IMPI Helper - {17E113E6-CD0E-4045-B154-65F0E57959EF} - C:\Program Files\IMPI\Extension32.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\national instruments\shared\mdns responder\nimdnsnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Úložná technologie Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IMPI Updater - Unknown owner - C:\Program Files\IMPI\ExtensionUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8127 bytes

Reklama

Příspěvekod **Žbeky** » 29 lis 2013 18:21

Fixni:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?barid=&src=10&
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.

Stáhni AdwCleaner
Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Migu3L · Příspěvekod **Migu3L** » 29 lis 2013 18:44

Log z Malwarebytes' Anti-Malware

Malwarebytes Anti-Malware 1.75.0.1300
http://www.malwarebytes.org

Verze: v2013.11.29.04

Windows 7 Service Pack 1 x64 NTFS (Nouzový režim s podporou sítě)
Internet Explorer 10.0.9200.16736
Migu3L :: GALLIFREY [administrátor]

29.11.2013 18:35:18
MBAM-log-2013-11-29 (18-39-51).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 208317
Uplynulý čas: 3 minut, 53 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 5
HKCU\SOFTWARE\WNLT (PUP.Optional.InstallBrain.A) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Google\Chrome\Extensions\gflandjopdloblmlcoiidmncpinmmacn (PUP.Optional.Zulagames.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT (PUP.Optional.InstallBrain.A) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 3
HKCU\SOFTWARE\WNLT|URL (PUP.Optional.InstallBrain.A) -> Data: SWEETIM -> Nebyla provedena žádná instrukce.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {E7CD820A-0842-11E2-AF9E-1C75085053AC} -> Nebyla provedena žádná instrukce.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {E7CD820A-0842-11E2-AF9E-1C75085053AC} -> Nebyla provedena žádná instrukce.

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 9
C:\ProgramData\IBUpdaterService (Adware.InstallBrain) -> Nebyla provedena žádná instrukce.
C:\Users\Migu3L\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Nebyla provedena žádná instrukce.
C:\Users\Migu3L\AppData\Roaming\SpeedAnalysis2 (PUP.Optional.SpeedAnalysis.A) -> Nebyla provedena žádná instrukce.
C:\Users\Migu3L\AppData\Roaming\zulagames (PUP.Optional.Zulagames.A) -> Nebyla provedena žádná instrukce.
C:\Users\Migu3L\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\Users\Migu3L\AppData\Roaming\OpenCandy\3BEA74EE4FC54EF49EA39C5EEB4F24E3 (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\Users\Migu3L\AppData\Roaming\File Scout (PUP.Optional.FileScout.A) -> Nebyla provedena žádná instrukce.
C:\Windows\System32\WNLT\Installation (PUP.Optional.InstallBrain.A) -> Nebyla provedena žádná instrukce.
C:\Windows\SysWOW64\WNLT\Installation (PUP.Optional.InstallBrain.A) -> Nebyla provedena žádná instrukce.

Nalezené soubory: 21
C:\ProgramData\DSearchLink\DSearchLink.exe (PUP.Optional.Delta.A) -> Nebyla provedena žádná instrukce.
C:\Users\Migu3L\AppData\Roaming\File Scout\filescout.exe (PUP.Optional.FileScout.A) -> Nebyla provedena žádná instrukce.
C:\Users\Migu3L\AppData\Local\Application Data\Bundled software uninstaller\bi_client.exe (PUP.Optional.Somoto.A) -> Nebyla provedena žádná instrukce.
C:\ProgramData\IBUpdaterService\repository.xml (Adware.InstallBrain) -> Nebyla provedena žádná instrukce.
C:\Users\Migu3L\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Nebyla provedena žádná instrukce.
C:\Users\Migu3L\AppData\Roaming\SpeedAnalysis2\speedanalysis.crx (PUP.Optional.SpeedAnalysis.A) -> Nebyla provedena žádná instrukce.
C:\Users\Migu3L\AppData\Roaming\speedanalysis.ico (PUP.Optional.SpeedAnalysis2.A) -> Nebyla provedena žádná instrukce.
C:\Users\Migu3L\AppData\Roaming\zulagames\zulagames.crx (PUP.Optional.Zulagames.A) -> Nebyla provedena žádná instrukce.
C:\Users\Migu3L\AppData\Roaming\zulagames\icon.ico (PUP.Optional.Zulagames.A) -> Nebyla provedena žádná instrukce.
C:\Users\Migu3L\AppData\Roaming\OpenCandy\3BEA74EE4FC54EF49EA39C5EEB4F24E3\TuneUpUtilities2013-2200329_cs-CZ.exe (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\Users\Migu3L\AppData\Roaming\File Scout\uninst.exe (PUP.Optional.FileScout.A) -> Nebyla provedena žádná instrukce.
C:\Windows\System32\WNLT\Installation\Config.bin (PUP.Optional.InstallBrain.A) -> Nebyla provedena žádná instrukce.
C:\Windows\System32\WNLT\Installation\NTSetup.exe (PUP.Optional.InstallBrain.A) -> Nebyla provedena žádná instrukce.
C:\Windows\System32\WNLT\Installation\SKSetup.exe (PUP.Optional.InstallBrain.A) -> Nebyla provedena žádná instrukce.
C:\Windows\System32\WNLT\Installation\uninstaller.exe (PUP.Optional.InstallBrain.A) -> Nebyla provedena žádná instrukce.
C:\Windows\System32\WNLT\Installation\WSSetup.exe (PUP.Optional.InstallBrain.A) -> Nebyla provedena žádná instrukce.
C:\Windows\SysWOW64\WNLT\Installation\Config.bin (PUP.Optional.InstallBrain.A) -> Nebyla provedena žádná instrukce.
C:\Windows\SysWOW64\WNLT\Installation\NTSetup.exe (PUP.Optional.InstallBrain.A) -> Nebyla provedena žádná instrukce.
C:\Windows\SysWOW64\WNLT\Installation\SKSetup.exe (PUP.Optional.InstallBrain.A) -> Nebyla provedena žádná instrukce.
C:\Windows\SysWOW64\WNLT\Installation\uninstaller.exe (PUP.Optional.InstallBrain.A) -> Nebyla provedena žádná instrukce.
C:\Windows\SysWOW64\WNLT\Installation\WSSetup.exe (PUP.Optional.InstallBrain.A) -> Nebyla provedena žádná instrukce.

(konec)

Log z AdwCleaner

# AdwCleaner v3.013 - Report created 29/11/2013 at 18:40:39
# Updated 24/11/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Migu3L - GALLIFREY
# Running from : C:\Users\Migu3L\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Users\Migu3L\AppData\Roaming\Mozilla\Firefox\Profiles\6scvkob9.default\searchplugins\SweetIM Search.xml
File Found : C:\Users\Migu3L\AppData\Roaming\Mozilla\Firefox\Profiles\6scvkob9.default\searchplugins\SweetIm.xml
File Found : C:\Users\Migu3L\AppData\Roaming\Mozilla\Firefox\Profiles\6scvkob9.default\user.js
File Found : C:\Users\Migu3L\AppData\Roaming\speedanalysis.ico
File Found : C:\Windows\System32\dmwu.exe
File Found : C:\Windows\System32\ImhxxpComm.dll
File Found : C:\Windows\System32\roboot64.exe
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\boost_interprocess
Folder Found C:\ProgramData\DSearchLink
Folder Found C:\ProgramData\IBUpdaterService
Folder Found C:\Users\Migu3L\AppData\Roaming\Babylon
Folder Found C:\Users\Migu3L\AppData\Roaming\file scout
Folder Found C:\Users\Migu3L\AppData\Roaming\OpenCandy
Folder Found C:\Users\Migu3L\AppData\Roaming\PerformerSoft
Folder Found C:\Users\Migu3L\AppData\Roaming\SeeSimilar02
Folder Found C:\Users\Migu3L\AppData\Roaming\SpeedAnalysis2
Folder Found C:\Users\Migu3L\AppData\Roaming\zulagames
Folder Found C:\Windows\System32\ljkb
Folder Found C:\Windows\SysWOW64\ARFC
Folder Found C:\Windows\SysWOW64\jmdp
Folder Found C:\Windows\SysWOW64\WNLT

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\BI
Key Found : HKCU\Software\filescout
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\wnlt
Key Found : HKCU\Software\wscontb
Key Found : [x64] HKCU\Software\BI
Key Found : [x64] HKCU\Software\filescout
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\ImInstaller
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\wnlt
Key Found : [x64] HKCU\Software\wscontb
Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\gflandjopdloblmlcoiidmncpinmmacn
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wnlt
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Found : [x64] HKLM\SOFTWARE\wnlt

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736

-\\ Mozilla Firefox v25.0.1 (cs)

[ File : C:\Users\Migu3L\AppData\Roaming\Mozilla\Firefox\Profiles\6scvkob9.default\prefs.js ]

Line Found : user_pref("browser.newtab.url", "hxxp://home.sweetim.com/?barid=&src=97&");
Line Found : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=6&barid=&&q=");

-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\Migu3L\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : icon_url
Found : search_url
Found : keyword

*************************

AdwCleaner[R0].txt - [5775 octets] - [29/11/2013 18:40:39]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5835 octets] ##########

Příspěvekod **jaro3** » 30 lis 2013 09:19

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
Klikni na „ Vymazat-Clean“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit nový log z MbAM.

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

Migu3L · Příspěvekod **Migu3L** » 30 lis 2013 11:34

AdwCleaner

# AdwCleaner v3.013 - Report created 30/11/2013 at 11:02:48
# Updated 24/11/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Migu3L - GALLIFREY
# Running from : C:\Users\Migu3L\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\DSearchLink
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\Windows\SysWOW64\ARFC
Folder Deleted : C:\Windows\SysWOW64\jmdp
Folder Deleted : C:\Windows\SysWOW64\WNLT
Folder Deleted : C:\Windows\System32\ljkb
Folder Deleted : C:\Users\Migu3L\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Migu3L\AppData\Roaming\file scout
Folder Deleted : C:\Users\Migu3L\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Migu3L\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Migu3L\AppData\Roaming\SeeSimilar02
Folder Deleted : C:\Users\Migu3L\AppData\Roaming\SpeedAnalysis2
Folder Deleted : C:\Users\Migu3L\AppData\Roaming\zulagames
File Deleted : C:\Windows\System32\dmwu.exe
File Deleted : C:\Windows\System32\ImhxxpComm.dll
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Migu3L\AppData\Roaming\speedanalysis.ico
File Deleted : C:\Users\Migu3L\AppData\Roaming\Mozilla\Firefox\Profiles\6scvkob9.default\searchplugins\SweetIM Search.xml
File Deleted : C:\Users\Migu3L\AppData\Roaming\Mozilla\Firefox\Profiles\6scvkob9.default\searchplugins\SweetIm.xml
File Deleted : C:\Users\Migu3L\AppData\Roaming\Mozilla\Firefox\Profiles\6scvkob9.default\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gflandjopdloblmlcoiidmncpinmmacn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\wnlt
Key Deleted : HKCU\Software\wscontb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wnlt
Key Deleted : [x64] HKLM\SOFTWARE\wnlt

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736

-\\ Mozilla Firefox v25.0.1 (cs)

[ File : C:\Users\Migu3L\AppData\Roaming\Mozilla\Firefox\Profiles\6scvkob9.default\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "hxxp://home.sweetim.com/?barid=&src=97&");
Line Deleted : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=6&barid=&&q=");

-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\Migu3L\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url
Deleted : search_url
Deleted : keyword

*************************

AdwCleaner[R0].txt - [6003 octets] - [29/11/2013 18:40:39]
AdwCleaner[R1].txt - [6063 octets] - [30/11/2013 11:02:06]
AdwCleaner[S0].txt - [5595 octets] - [30/11/2013 11:02:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5655 octets] ##########

Junkware Removal Tool

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x64
Ran by Migu3L on so 30.11.2013 at 11:08:21,69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3632442824-87725181-26142350-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim

~~~ Files

Successfully deleted: [File] "C:\Users\Migu3L\appdata\locallow\SkwConfig.bin"

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\Migu3L\AppData\Roaming\mozilla\firefox\profiles\6scvkob9.default\minidumps [24 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 30.11.2013 at 11:14:18,40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

MbAM

Malwarebytes Anti-Malware 1.75.0.1300
http://www.malwarebytes.org

Verze: v2013.11.29.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Migu3L :: GALLIFREY [administrátor]

30.11.2013 11:19:09
mbam-log-2013-11-30 (11-19-09).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 208775
Uplynulý čas: 3 minut, 44 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 1
C:\Users\Migu3L\AppData\Local\Application Data\Bundled software uninstaller\bi_client.exe (PUP.Optional.Somoto.A) -> Přesun do karantény a smazání se zdařilo.

(konec)

RogueKiller

RogueKiller V8.7.9 _x64_ [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Migu3L [Práva správce]
Mód : Kontrola -- Datum : 11/30/2013 11:30:09
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 6 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> NALEZENO
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5000BEVT-24A0RT0 +++++
--- User ---
[MBR] f2e1ed5557a258a7d02b5c316c62648b
[BSP] 5f84f652ae0b15a45cd14c92d81d1b50 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 100000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 205211648 | Size: 361630 Mo
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 945829888 | Size: 15109 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_S_11302013_113009.txt >>

Příspěvekod **jaro3** » 30 lis 2013 12:12

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller. 2.8.16.0_(datum)_log.txt , vlož sem prosím celý obsah logu.

Migu3L · Příspěvekod **Migu3L** » 30 lis 2013 17:29

RKreport[0]_D_11302013_172111

RogueKiller V8.7.9 _x64_ [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno v : Normální režim
Uživatel : Migu3L [Práva správce]
Mód : Odebrat -- Datum : 11/30/2013 17:21:11
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 6 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> VYMAZÁNO
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] Systém nemůže nalézt uvedený soubor.
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5000BEVT-24A0RT0 +++++
--- User ---
[MBR] f2e1ed5557a258a7d02b5c316c62648b
[BSP] 5f84f652ae0b15a45cd14c92d81d1b50 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 100000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 205211648 | Size: 361630 Mo
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 945829888 | Size: 15109 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_D_11302013_172111.txt >>
RKreport[0]_S_11302013_113009.txt;RKreport[0]_S_11302013_172109.txt

Migu3L · Příspěvekod **Migu3L** » 30 lis 2013 17:31

TDSS log (part 1)

17:22:17.0028 3744 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:22:17.0044 3744 ============================================================
17:22:17.0044 3744 Current date / time: 2013/11/30 17:22:17.0044
17:22:17.0044 3744 SystemInfo:
17:22:17.0044 3744
17:22:17.0044 3744 OS Version: 6.1.7601 ServicePack: 1.0
17:22:17.0044 3744 Product type: Workstation
17:22:17.0044 3744 ComputerName: GALLIFREY
17:22:17.0044 3744 UserName: Migu3L
17:22:17.0044 3744 Windows directory: C:\Windows
17:22:17.0044 3744 System windows directory: C:\Windows
17:22:17.0044 3744 Running under WOW64
17:22:17.0044 3744 Processor architecture: Intel x64
17:22:17.0044 3744 Number of processors: 2
17:22:17.0044 3744 Page size: 0x1000
17:22:17.0044 3744 Boot type: Normal boot
17:22:17.0044 3744 ============================================================
17:22:17.0465 3744 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:22:17.0465 3744 ============================================================
17:22:17.0465 3744 \Device\Harddisk0\DR0:
17:22:17.0465 3744 MBR partitions:
17:22:17.0465 3744 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
17:22:17.0465 3744 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0xC350000
17:22:17.0465 3744 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC3B4800, BlocksNum 0x2C24F000
17:22:17.0465 3744 ============================================================
17:22:17.0496 3744 C: <-> \Device\Harddisk0\DR0\Partition2
17:22:17.0527 3744 D: <-> \Device\Harddisk0\DR0\Partition3
17:22:17.0527 3744 ============================================================
17:22:17.0527 3744 Initialize success
17:22:17.0527 3744 ============================================================
17:22:21.0771 3340 ============================================================
17:22:21.0771 3340 Scan started
17:22:21.0771 3340 Mode: Manual;
17:22:21.0771 3340 ============================================================
17:22:21.0927 3340 ================ Scan system memory ========================
17:22:21.0927 3340 System memory - ok
17:22:21.0927 3340 ================ Scan services =============================
17:22:22.0129 3340 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:22:22.0129 3340 1394ohci - ok
17:22:22.0161 3340 [ E0A8525A951ADDB4655BC2068566407D ] 61883 C:\Windows\system32\DRIVERS\61883.sys
17:22:22.0161 3340 61883 - ok
17:22:22.0207 3340 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:22:22.0223 3340 ACPI - ok
17:22:22.0239 3340 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:22:22.0239 3340 AcpiPmi - ok
17:22:22.0270 3340 [ DC201246A14CB3B274DF59FAF539AB07 ] ACPIVPC C:\Windows\system32\DRIVERS\AcpiVpc.sys
17:22:22.0270 3340 ACPIVPC - ok
17:22:22.0363 3340 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:22:22.0363 3340 AdobeARMservice - ok
17:22:22.0457 3340 [ 438F31336B3DC248ABC632F1C8F34A24 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:22:22.0457 3340 AdobeFlashPlayerUpdateSvc - ok
17:22:22.0519 3340 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:22:22.0535 3340 adp94xx - ok
17:22:22.0566 3340 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:22:22.0566 3340 adpahci - ok
17:22:22.0582 3340 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:22:22.0582 3340 adpu320 - ok
17:22:22.0629 3340 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:22:22.0629 3340 AeLookupSvc - ok
17:22:22.0691 3340 [ 79059559E89D06E8B80CE2944BE20228 ] AFD C:\Windows\system32\drivers\afd.sys
17:22:22.0707 3340 AFD - ok
17:22:22.0738 3340 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:22:22.0738 3340 agp440 - ok
17:22:22.0785 3340 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:22:22.0800 3340 ALG - ok
17:22:22.0847 3340 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:22:22.0847 3340 aliide - ok
17:22:22.0878 3340 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:22:22.0878 3340 amdide - ok
17:22:22.0925 3340 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:22:22.0925 3340 AmdK8 - ok
17:22:22.0941 3340 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:22:22.0956 3340 AmdPPM - ok
17:22:22.0987 3340 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:22:22.0987 3340 amdsata - ok
17:22:23.0019 3340 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:22:23.0019 3340 amdsbs - ok
17:22:23.0050 3340 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:22:23.0050 3340 amdxata - ok
17:22:23.0065 3340 [ 9C59BF508C5D408BB348254E0BA2EE30 ] androidusb C:\Windows\system32\Drivers\smhwadb.sys
17:22:23.0065 3340 androidusb - ok
17:22:23.0175 3340 [ 0D1E15010057B8426583A99CB179A6C4 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:22:23.0190 3340 AntiVirSchedulerService - ok
17:22:23.0253 3340 [ FDE9C7030FB1E9E2715E113EE6A10F90 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:22:23.0253 3340 AntiVirService - ok
17:22:23.0284 3340 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:22:23.0284 3340 AppID - ok
17:22:23.0331 3340 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:22:23.0331 3340 AppIDSvc - ok
17:22:23.0362 3340 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
17:22:23.0362 3340 Appinfo - ok
17:22:23.0424 3340 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
17:22:23.0440 3340 AppMgmt - ok
17:22:23.0471 3340 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
17:22:23.0471 3340 arc - ok
17:22:23.0502 3340 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:22:23.0502 3340 arcsas - ok
17:22:23.0627 3340 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:22:23.0627 3340 aspnet_state - ok
17:22:23.0658 3340 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:22:23.0658 3340 AsyncMac - ok
17:22:23.0689 3340 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:22:23.0689 3340 atapi - ok
17:22:23.0767 3340 [ D6CAD7E5B05055BB8226BDCB1644DA27 ] athr C:\Windows\system32\DRIVERS\athrx.sys
17:22:23.0767 3340 athr - ok
17:22:23.0830 3340 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:22:23.0830 3340 AudioEndpointBuilder - ok
17:22:23.0845 3340 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:22:23.0861 3340 AudioSrv - ok
17:22:23.0892 3340 [ 16FABE84916623D0607E4A975544032C ] Avc C:\Windows\system32\DRIVERS\avc.sys
17:22:23.0892 3340 Avc - ok
17:22:24.0001 3340 [ 0909E9AD4019AFF25C58E0DFFDCD744E ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
17:22:24.0001 3340 avgntflt - ok
17:22:24.0048 3340 [ DBAB18B20FDA2542EEF8C588D878B7B5 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
17:22:24.0048 3340 avipbb - ok
17:22:24.0095 3340 [ 390184FAD8FCC1B6DA25AEBAE928C3B6 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
17:22:24.0095 3340 avkmgr - ok
17:22:24.0157 3340 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:22:24.0157 3340 AxInstSV - ok
17:22:24.0220 3340 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:22:24.0220 3340 b06bdrv - ok
17:22:24.0267 3340 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:22:24.0267 3340 b57nd60a - ok
17:22:24.0329 3340 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:22:24.0329 3340 BDESVC - ok
17:22:24.0376 3340 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:22:24.0376 3340 Beep - ok
17:22:24.0438 3340 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
17:22:24.0454 3340 BFE - ok
17:22:24.0485 3340 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
17:22:24.0485 3340 BITS - ok
17:22:24.0516 3340 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:22:24.0532 3340 blbdrive - ok
17:22:24.0563 3340 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:22:24.0563 3340 bowser - ok
17:22:24.0594 3340 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:22:24.0594 3340 BrFiltLo - ok
17:22:24.0610 3340 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:22:24.0610 3340 BrFiltUp - ok
17:22:24.0657 3340 [ 34F786535F9245E4028C57B28248C9D8 ] Bridge0 C:\Windows\system32\drivers\WDBridge.sys
17:22:24.0657 3340 Bridge0 - ok
17:22:24.0703 3340 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:22:24.0703 3340 BridgeMP - ok
17:22:24.0735 3340 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
17:22:24.0735 3340 Browser - ok
17:22:24.0766 3340 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:22:24.0766 3340 Brserid - ok
17:22:24.0781 3340 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:22:24.0781 3340 BrSerWdm - ok
17:22:24.0813 3340 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:22:24.0813 3340 BrUsbMdm - ok
17:22:24.0844 3340 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:22:24.0844 3340 BrUsbSer - ok
17:22:24.0906 3340 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
17:22:24.0906 3340 BthEnum - ok
17:22:24.0937 3340 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:22:24.0937 3340 BTHMODEM - ok
17:22:24.0953 3340 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
17:22:24.0953 3340 BthPan - ok
17:22:25.0015 3340 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
17:22:25.0015 3340 BTHPORT - ok
17:22:25.0062 3340 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:22:25.0062 3340 bthserv - ok
17:22:25.0078 3340 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
17:22:25.0078 3340 BTHUSB - ok
17:22:25.0140 3340 [ 6E04458E98DAF28826482E41A7A62DF5 ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
17:22:25.0140 3340 btusbflt - ok
17:22:25.0156 3340 [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
17:22:25.0156 3340 btwaudio - ok
17:22:25.0203 3340 [ 82DC8B7C626E526681C1BEBED2BC3FF9 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
17:22:25.0203 3340 btwavdt - ok
17:22:25.0296 3340 [ C73EB036BFC5A27B9CB87B29F7ED88C3 ] btwdins C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
17:22:25.0312 3340 btwdins - ok
17:22:25.0343 3340 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
17:22:25.0343 3340 btwl2cap - ok
17:22:25.0374 3340 [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
17:22:25.0374 3340 btwrchid - ok
17:22:25.0421 3340 catchme - ok
17:22:25.0437 3340 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:22:25.0437 3340 cdfs - ok
17:22:25.0499 3340 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:22:25.0499 3340 cdrom - ok
17:22:25.0546 3340 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:22:25.0546 3340 CertPropSvc - ok
17:22:25.0577 3340 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:22:25.0577 3340 circlass - ok
17:22:25.0624 3340 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:22:25.0639 3340 CLFS - ok
17:22:25.0686 3340 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:22:25.0686 3340 clr_optimization_v2.0.50727_32 - ok
17:22:25.0717 3340 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:22:25.0733 3340 clr_optimization_v2.0.50727_64 - ok
17:22:25.0780 3340 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:22:25.0780 3340 clr_optimization_v4.0.30319_32 - ok
17:22:25.0811 3340 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:22:25.0811 3340 clr_optimization_v4.0.30319_64 - ok
17:22:25.0842 3340 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:22:25.0842 3340 CmBatt - ok
17:22:25.0873 3340 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:22:25.0873 3340 cmdide - ok
17:22:25.0920 3340 [ EBF28856F69CF094A902F884CF989706 ] CNG C:\Windows\system32\Drivers\cng.sys
17:22:25.0936 3340 CNG - ok
17:22:25.0983 3340 [ 7247A4D0875F5F28919E0787E11B7B57 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
17:22:25.0983 3340 CnxtHdAudService - ok
17:22:26.0029 3340 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:22:26.0029 3340 Compbatt - ok
17:22:26.0061 3340 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:22:26.0061 3340 CompositeBus - ok
17:22:26.0076 3340 COMSysApp - ok
17:22:26.0107 3340 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:22:26.0107 3340 crcdisk - ok
17:22:26.0139 3340 [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:22:26.0139 3340 CryptSvc - ok
17:22:26.0170 3340 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
17:22:26.0185 3340 CSC - ok
17:22:26.0201 3340 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
17:22:26.0217 3340 CscService - ok
17:22:26.0248 3340 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:22:26.0263 3340 DcomLaunch - ok
17:22:26.0295 3340 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:22:26.0295 3340 defragsvc - ok
17:22:26.0341 3340 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:22:26.0341 3340 DfsC - ok
17:22:26.0373 3340 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:22:26.0388 3340 Dhcp - ok
17:22:26.0419 3340 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:22:26.0419 3340 discache - ok
17:22:26.0451 3340 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:22:26.0466 3340 Disk - ok
17:22:26.0497 3340 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:22:26.0497 3340 Dnscache - ok
17:22:26.0529 3340 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:22:26.0529 3340 dot3svc - ok
17:22:26.0575 3340 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:22:26.0575 3340 DPS - ok
17:22:26.0607 3340 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:22:26.0607 3340 drmkaud - ok
17:22:26.0653 3340 [ 6A0E850DDCB136AA3D2FB7234382DF12 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:22:26.0669 3340 dtsoftbus01 - ok
17:22:26.0716 3340 [ 88612F1CE3BF42256913BF6E61C70D52 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:22:26.0716 3340 DXGKrnl - ok
17:22:26.0763 3340 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:22:26.0763 3340 EapHost - ok
17:22:26.0887 3340 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:22:26.0903 3340 ebdrv - ok
17:22:26.0934 3340 [ 4D71227301DD8D09097B9E4CC6527E5A ] EFS C:\Windows\System32\lsass.exe
17:22:26.0934 3340 EFS - ok
17:22:26.0997 3340 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:22:27.0012 3340 ehRecvr - ok
17:22:27.0043 3340 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:22:27.0043 3340 ehSched - ok
17:22:27.0106 3340 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:22:27.0106 3340 elxstor - ok
17:22:27.0137 3340 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:22:27.0137 3340 ErrDev - ok
17:22:27.0184 3340 [ FB558CEBEA17A6B63205985DFF39E662 ] ETD C:\Windows\system32\DRIVERS\ETD.sys
17:22:27.0184 3340 ETD - ok
17:22:27.0246 3340 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:22:27.0246 3340 EventSystem - ok
17:22:27.0277 3340 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:22:27.0277 3340 exfat - ok
17:22:27.0309 3340 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:22:27.0309 3340 fastfat - ok
17:22:27.0355 3340 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:22:27.0355 3340 Fax - ok
17:22:27.0387 3340 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:22:27.0387 3340 fdc - ok
17:22:27.0418 3340 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:22:27.0418 3340 fdPHost - ok
17:22:27.0433 3340 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:22:27.0433 3340 FDResPub - ok
17:22:27.0465 3340 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:22:27.0465 3340 FileInfo - ok
17:22:27.0465 3340 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:22:27.0465 3340 Filetrace - ok
17:22:27.0496 3340 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:22:27.0496 3340 flpydisk - ok
17:22:27.0527 3340 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:22:27.0527 3340 FltMgr - ok
17:22:27.0574 3340 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
17:22:27.0605 3340 FontCache - ok
17:22:27.0667 3340 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:22:27.0667 3340 FontCache3.0.0.0 - ok
17:22:27.0699 3340 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:22:27.0699 3340 FsDepends - ok
17:22:27.0714 3340 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:22:27.0714 3340 Fs_Rec - ok
17:22:27.0761 3340 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:22:27.0761 3340 fvevol - ok
17:22:27.0808 3340 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:22:27.0808 3340 gagp30kx - ok
17:22:27.0886 3340 GGSAFERDriver - ok
17:22:27.0933 3340 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:22:27.0933 3340 gpsvc - ok
17:22:28.0026 3340 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:22:28.0042 3340 gupdate - ok
17:22:28.0042 3340 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:22:28.0057 3340 gupdatem - ok
17:22:28.0089 3340 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:22:28.0089 3340 gusvc - ok
17:22:28.0135 3340 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
17:22:28.0135 3340 hamachi - ok
17:22:28.0167 3340 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:22:28.0167 3340 hcw85cir - ok
17:22:28.0245 3340 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:22:28.0245 3340 HdAudAddService - ok
17:22:28.0260 3340 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:22:28.0260 3340 HDAudBus - ok
17:22:28.0291 3340 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
17:22:28.0291 3340 HECIx64 - ok
17:22:28.0323 3340 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:22:28.0323 3340 HidBatt - ok
17:22:28.0338 3340 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:22:28.0338 3340 HidBth - ok
17:22:28.0354 3340 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:22:28.0354 3340 HidIr - ok
17:22:28.0385 3340 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
17:22:28.0401 3340 hidserv - ok
17:22:28.0463 3340 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
17:22:28.0463 3340 HidUsb - ok
17:22:28.0494 3340 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:22:28.0494 3340 hkmsvc - ok
17:22:28.0510 3340 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:22:28.0510 3340 HomeGroupListener - ok
17:22:28.0541 3340 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:22:28.0541 3340 HomeGroupProvider - ok
17:22:28.0588 3340 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:22:28.0588 3340 HpSAMD - ok
17:22:28.0635 3340 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:22:28.0650 3340 HTTP - ok
17:22:28.0681 3340 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:22:28.0681 3340 hwpolicy - ok
17:22:28.0728 3340 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:22:28.0728 3340 i8042prt - ok
17:22:28.0775 3340 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
17:22:28.0775 3340 iaStor - ok
17:22:28.0837 3340 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
17:22:28.0853 3340 IAStorDataMgrSvc - ok
17:22:28.0900 3340 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:22:28.0900 3340 iaStorV - ok
17:22:28.0962 3340 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:22:28.0978 3340 idsvc - ok
17:22:29.0056 3340 [ D951D20153E51928F9DB2227D6FF5C7A ] IGRS C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
17:22:29.0056 3340 IGRS - ok
17:22:29.0103 3340 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:22:29.0103 3340 iirsp - ok
17:22:29.0149 3340 [ 344789398EC3EE5A4E00C52B31847946 ] IKEEXT C:\Windows\System32\ikeext.dll
17:22:29.0196 3340 IKEEXT - ok
17:22:29.0274 3340 [ AF87012C22372CC982A1E5B597DEB5FA ] IMPI Updater C:\Program Files\IMPI\ExtensionUpdaterService.exe
17:22:29.0274 3340 IMPI Updater - ok
17:22:29.0321 3340 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:22:29.0321 3340 intelide - ok
17:22:29.0352 3340 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:22:29.0352 3340 intelppm - ok
17:22:29.0368 3340 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:22:29.0383 3340 IPBusEnum - ok
17:22:29.0415 3340 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:22:29.0415 3340 IpFilterDriver - ok
17:22:29.0461 3340 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:22:29.0477 3340 iphlpsvc - ok
17:22:29.0508 3340 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:22:29.0508 3340 IPMIDRV - ok
17:22:29.0524 3340 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:22:29.0524 3340 IPNAT - ok
17:22:29.0555 3340 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:22:29.0555 3340 IRENUM - ok
17:22:29.0571 3340 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:22:29.0571 3340 isapnp - ok
17:22:29.0602 3340 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:22:29.0602 3340 iScsiPrt - ok
17:22:29.0633 3340 [ E662CB468A1CFF3A57E120A212FADD57 ] johci C:\Windows\system32\DRIVERS\johci.sys
17:22:29.0633 3340 johci - ok
17:22:29.0649 3340 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
17:22:29.0649 3340 kbdclass - ok
17:22:29.0695 3340 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:22:29.0695 3340 kbdhid - ok
17:22:29.0711 3340 [ 4D71227301DD8D09097B9E4CC6527E5A ] KeyIso C:\Windows\system32\lsass.exe
17:22:29.0711 3340 KeyIso - ok
17:22:29.0742 3340 [ 8F489706472F7E9A06BAAA198703FA64 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:22:29.0742 3340 KSecDD - ok
17:22:29.0758 3340 [ 868A2CAAB12EFC7A021682BCA0EEC54C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:22:29.0758 3340 KSecPkg - ok
17:22:29.0789 3340 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:22:29.0789 3340 ksthunk - ok
17:22:29.0836 3340 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:22:29.0836 3340 KtmRm - ok
17:22:29.0883 3340 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:22:29.0898 3340 LanmanServer - ok
17:22:29.0929 3340 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:22:29.0929 3340 LanmanWorkstation - ok
17:22:29.0992 3340 [ 7FCB3EC66361F157BCD5B5C33CE2AC16 ] Lenovo ReadyComm AppSvc C:\Program Files (x86)\Lenovo\ReadyComm\AppSvc.exe
17:22:30.0007 3340 Lenovo ReadyComm AppSvc - ok
17:22:30.0039 3340 [ 04D9897EAAAE535C4B7DD61574F1A021 ] Lenovo ReadyComm ConnSvc C:\Program Files (x86)\Lenovo\ReadyComm\ConnSvc.exe
17:22:30.0054 3340 Lenovo ReadyComm ConnSvc - ok
17:22:30.0195 3340 [ 20CDB07017497C94A0BAD253C4BAFCBC ] LkCitadelServer C:\Windows\SysWOW64\lkcitdl.exe
17:22:30.0195 3340 LkCitadelServer - ok
17:22:30.0241 3340 [ 777E031B6C740148E935066F37B49AF8 ] lkClassAds C:\Windows\SysWOW64\lkads.exe
17:22:30.0241 3340 lkClassAds - ok
17:22:30.0273 3340 [ 23A07F37756F44ED738BCD931EBFFCED ] lkTimeSync C:\Windows\SysWOW64\lktsrv.exe
17:22:30.0273 3340 lkTimeSync - ok
17:22:30.0304 3340 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:22:30.0304 3340 lltdio - ok
17:22:30.0335 3340 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:22:30.0335 3340 lltdsvc - ok
17:22:30.0366 3340 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:22:30.0366 3340 lmhosts - ok
17:22:30.0460 3340 [ 1E2F802846EB944E0333EFEE7C9532A8 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
17:22:30.0475 3340 LMS - ok
17:22:30.0507 3340 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:22:30.0507 3340 LSI_FC - ok
17:22:30.0522 3340 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:22:30.0522 3340 LSI_SAS - ok
17:22:30.0538 3340 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:22:30.0538 3340 LSI_SAS2 - ok
17:22:30.0569 3340 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:22:30.0569 3340 LSI_SCSI - ok
17:22:30.0585 3340 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:22:30.0585 3340 luafv - ok
17:22:30.0647 3340 [ 024DA28053D57E9E32BEE52600576BBB ] MarvinBus C:\Windows\system32\DRIVERS\MarvinBus64.sys
17:22:30.0647 3340 MarvinBus - ok
17:22:30.0663 3340 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:22:30.0663 3340 Mcx2Svc - ok
17:22:30.0694 3340 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:22:30.0694 3340 megasas - ok
17:22:30.0725 3340 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:22:30.0725 3340 MegaSR - ok
17:22:30.0772 3340 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:22:30.0772 3340 MMCSS - ok
17:22:30.0803 3340 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:22:30.0803 3340 Modem - ok
17:22:30.0819 3340 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:22:30.0819 3340 monitor - ok
17:22:30.0865 3340 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:22:30.0865 3340 mouclass - ok
17:22:30.0897 3340 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:22:30.0897 3340 mouhid - ok
17:22:30.0928 3340 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:22:30.0928 3340 mountmgr - ok
17:22:30.0975 3340 [ 5E0686615A80A6279B2314E13CD23F6E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:22:30.0990 3340 MozillaMaintenance - ok
17:22:31.0006 3340 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:22:31.0006 3340 mpio - ok
17:22:31.0037 3340 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:22:31.0053 3340 mpsdrv - ok
17:22:31.0099 3340 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:22:31.0115 3340 MpsSvc - ok
17:22:31.0162 3340 [ 1A4F75E63C9FB84B85DFFC6B63FD5404 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:22:31.0162 3340 MRxDAV - ok
17:22:31.0193 3340 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:22:31.0193 3340 mrxsmb - ok
17:22:31.0209 3340 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:22:31.0209 3340 mrxsmb10 - ok
17:22:31.0240 3340 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:22:31.0240 3340 mrxsmb20 - ok
17:22:31.0271 3340 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:22:31.0271 3340 msahci - ok
17:22:31.0302 3340 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:22:31.0318 3340 msdsm - ok
17:22:31.0333 3340 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:22:31.0333 3340 MSDTC - ok
17:22:31.0380 3340 [ 72949A24D37A20A54B3D4D3DADBB55E9 ] MSDV C:\Windows\system32\DRIVERS\msdv.sys
17:22:31.0380 3340 MSDV - ok
17:22:31.0396 3340 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:22:31.0396 3340 Msfs - ok
17:22:31.0411 3340 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:22:31.0411 3340 mshidkmdf - ok
17:22:31.0427 3340 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:22:31.0427 3340 msisadrv - ok
17:22:31.0458 3340 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:22:31.0474 3340 MSiSCSI - ok
17:22:31.0474 3340 msiserver - ok
17:22:31.0505 3340 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:22:31.0505 3340 MSKSSRV - ok
17:22:31.0521 3340 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:22:31.0521 3340 MSPCLOCK - ok
17:22:31.0552 3340 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:22:31.0552 3340 MSPQM - ok
17:22:31.0583 3340 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:22:31.0583 3340 MsRPC - ok
17:22:31.0614 3340 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:22:31.0614 3340 mssmbios - ok
17:22:31.0645 3340 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:22:31.0645 3340 MSTEE - ok
17:22:31.0661 3340 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:22:31.0661 3340 MTConfig - ok
17:22:31.0677 3340 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:22:31.0677 3340 Mup - ok

Migu3L · Příspěvekod **Migu3L** » 30 lis 2013 17:32

TDSS log (part 2)

17:22:31.0755 3340 [ 68C5321CBC7BE2FA7278809A2D6544D0 ] mxssvr C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
17:22:31.0755 3340 mxssvr - ok
17:22:31.0801 3340 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:22:31.0801 3340 napagent - ok
17:22:31.0864 3340 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:22:31.0864 3340 NativeWifiP - ok
17:22:31.0911 3340 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:22:31.0911 3340 NDIS - ok
17:22:31.0942 3340 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:22:31.0942 3340 NdisCap - ok
17:22:31.0973 3340 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:22:31.0973 3340 NdisTapi - ok
17:22:32.0004 3340 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:22:32.0004 3340 Ndisuio - ok
17:22:32.0020 3340 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:22:32.0020 3340 NdisWan - ok
17:22:32.0051 3340 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:22:32.0051 3340 NDProxy - ok
17:22:32.0082 3340 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:22:32.0082 3340 NetBIOS - ok
17:22:32.0098 3340 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:22:32.0098 3340 NetBT - ok
17:22:32.0129 3340 [ 4D71227301DD8D09097B9E4CC6527E5A ] Netlogon C:\Windows\system32\lsass.exe
17:22:32.0129 3340 Netlogon - ok
17:22:32.0176 3340 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:22:32.0176 3340 Netman - ok
17:22:32.0238 3340 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:22:32.0254 3340 NetMsmqActivator - ok
17:22:32.0269 3340 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:22:32.0269 3340 NetPipeActivator - ok
17:22:32.0347 3340 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:22:32.0347 3340 netprofm - ok
17:22:32.0379 3340 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:22:32.0379 3340 NetTcpActivator - ok
17:22:32.0394 3340 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:22:32.0394 3340 NetTcpPortSharing - ok
17:22:32.0441 3340 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:22:32.0441 3340 nfrd960 - ok
17:22:32.0519 3340 [ 2FADAD2DED79972C0B25570394AA519C ] NIApplicationWebServer C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
17:22:32.0519 3340 NIApplicationWebServer - ok
17:22:32.0581 3340 [ B441512CE5E25B4DFF66AC5014F31EDF ] NIApplicationWebServer64 C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
17:22:32.0581 3340 NIApplicationWebServer64 - ok
17:22:32.0644 3340 [ 62E7B5EF6BEC714BC200C661BA940F54 ] NIDomainService C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
17:22:32.0644 3340 NIDomainService - ok
17:22:32.0706 3340 [ AA8896BCD689851665EFC02DC41181AC ] NILM License Manager C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe
17:22:32.0753 3340 NILM License Manager - ok
17:22:32.0831 3340 [ 902A9B8EC25EAC8C8DD5594F5866F80C ] nimDNSResponder C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
17:22:32.0831 3340 nimDNSResponder - ok
17:22:32.0878 3340 [ DF0AB139C5C5ADEF39A88D7FE51F0CB4 ] NINetworkDiscovery C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
17:22:32.0878 3340 NINetworkDiscovery - ok
17:22:32.0909 3340 [ D66D5FCC4911646347F9F5CD8C3F0000 ] niSvcLoc C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
17:22:32.0909 3340 niSvcLoc - ok
17:22:32.0956 3340 [ 30B05E4E963E663E2A7D110048FD1A02 ] NITaggerService C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
17:22:32.0971 3340 NITaggerService - ok
17:22:33.0049 3340 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:22:33.0049 3340 NlaSvc - ok
17:22:33.0081 3340 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:22:33.0081 3340 Npfs - ok
17:22:33.0112 3340 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:22:33.0112 3340 nsi - ok
17:22:33.0127 3340 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:22:33.0127 3340 nsiproxy - ok
17:22:33.0190 3340 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:22:33.0205 3340 Ntfs - ok
17:22:33.0237 3340 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:22:33.0237 3340 Null - ok
17:22:33.0283 3340 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
17:22:33.0283 3340 NVHDA - ok
17:22:33.0564 3340 [ B8A1174BFD21AF0379B4807BFC85FA66 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:22:33.0627 3340 nvlddmkm - ok
17:22:33.0673 3340 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:22:33.0673 3340 nvraid - ok
17:22:33.0705 3340 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:22:33.0705 3340 nvstor - ok
17:22:33.0751 3340 [ 8C639660B1CB88A966674FC13B8F43A2 ] nvsvc C:\Windows\system32\nvvsvc.exe
17:22:33.0751 3340 nvsvc - ok
17:22:33.0814 3340 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:22:33.0814 3340 nv_agp - ok
17:22:33.0829 3340 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:22:33.0829 3340 ohci1394 - ok
17:22:33.0892 3340 [ 4B46978A6C6793312E39E0A41496E75E ] OpcEnum C:\Windows\SysWOW64\Opcenum.exe
17:22:33.0892 3340 OpcEnum - ok
17:22:33.0939 3340 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:22:33.0939 3340 p2pimsvc - ok
17:22:33.0985 3340 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:22:34.0001 3340 p2psvc - ok
17:22:34.0017 3340 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:22:34.0017 3340 Parport - ok
17:22:34.0048 3340 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:22:34.0048 3340 partmgr - ok
17:22:34.0063 3340 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:22:34.0063 3340 PcaSvc - ok
17:22:34.0095 3340 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:22:34.0095 3340 pci - ok
17:22:34.0126 3340 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:22:34.0126 3340 pciide - ok
17:22:34.0157 3340 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:22:34.0157 3340 pcmcia - ok
17:22:34.0157 3340 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:22:34.0157 3340 pcw - ok
17:22:34.0188 3340 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:22:34.0188 3340 PEAUTH - ok
17:22:34.0251 3340 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
17:22:34.0297 3340 PeerDistSvc - ok
17:22:34.0329 3340 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:22:34.0329 3340 PerfHost - ok
17:22:34.0407 3340 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:22:34.0453 3340 pla - ok
17:22:34.0485 3340 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:22:34.0485 3340 PlugPlay - ok
17:22:34.0500 3340 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:22:34.0516 3340 PNRPAutoReg - ok
17:22:34.0531 3340 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:22:34.0531 3340 PNRPsvc - ok
17:22:34.0563 3340 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:22:34.0578 3340 PolicyAgent - ok
17:22:34.0609 3340 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:22:34.0609 3340 Power - ok
17:22:34.0641 3340 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:22:34.0641 3340 PptpMiniport - ok
17:22:34.0656 3340 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:22:34.0656 3340 Processor - ok
17:22:34.0719 3340 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:22:34.0719 3340 ProfSvc - ok
17:22:34.0734 3340 [ 4D71227301DD8D09097B9E4CC6527E5A ] ProtectedStorage C:\Windows\system32\lsass.exe
17:22:34.0734 3340 ProtectedStorage - ok
17:22:34.0781 3340 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:22:34.0781 3340 Psched - ok
17:22:34.0797 3340 PS_MDP - ok
17:22:34.0859 3340 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:22:34.0875 3340 ql2300 - ok
17:22:34.0890 3340 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:22:34.0890 3340 ql40xx - ok
17:22:34.0921 3340 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:22:34.0921 3340 QWAVE - ok
17:22:34.0937 3340 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:22:34.0937 3340 QWAVEdrv - ok
17:22:34.0999 3340 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
17:22:34.0999 3340 RapiMgr - ok
17:22:35.0031 3340 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:22:35.0031 3340 RasAcd - ok
17:22:35.0062 3340 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:22:35.0062 3340 RasAgileVpn - ok
17:22:35.0093 3340 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:22:35.0093 3340 RasAuto - ok
17:22:35.0124 3340 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:22:35.0124 3340 Rasl2tp - ok
17:22:35.0171 3340 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:22:35.0171 3340 RasMan - ok
17:22:35.0202 3340 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:22:35.0202 3340 RasPppoe - ok
17:22:35.0202 3340 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:22:35.0202 3340 RasSstp - ok
17:22:35.0249 3340 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:22:35.0249 3340 rdbss - ok
17:22:35.0249 3340 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:22:35.0249 3340 rdpbus - ok
17:22:35.0265 3340 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:22:35.0265 3340 RDPCDD - ok
17:22:35.0311 3340 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
17:22:35.0311 3340 RDPDR - ok
17:22:35.0327 3340 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:22:35.0327 3340 RDPENCDD - ok
17:22:35.0343 3340 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:22:35.0343 3340 RDPREFMP - ok
17:22:35.0389 3340 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:22:35.0389 3340 RdpVideoMiniport - ok
17:22:35.0421 3340 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:22:35.0421 3340 RDPWD - ok
17:22:35.0467 3340 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:22:35.0483 3340 rdyboost - ok
17:22:35.0499 3340 ReadyComm.DirectRouter - ok
17:22:35.0530 3340 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:22:35.0530 3340 RemoteAccess - ok
17:22:35.0561 3340 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:22:35.0561 3340 RemoteRegistry - ok
17:22:35.0608 3340 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
17:22:35.0608 3340 RFCOMM - ok
17:22:35.0623 3340 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:22:35.0623 3340 RpcEptMapper - ok
17:22:35.0670 3340 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:22:35.0670 3340 RpcLocator - ok
17:22:35.0701 3340 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
17:22:35.0701 3340 RpcSs - ok
17:22:35.0748 3340 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:22:35.0748 3340 rspndr - ok
17:22:35.0779 3340 [ 5AAB4808E8CCAE8C2ECDA5B791260616 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
17:22:35.0779 3340 RSUSBSTOR - ok
17:22:35.0826 3340 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
17:22:35.0826 3340 RTL8167 - ok
17:22:35.0857 3340 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
17:22:35.0857 3340 s3cap - ok
17:22:35.0889 3340 [ 4D71227301DD8D09097B9E4CC6527E5A ] SamSs C:\Windows\system32\lsass.exe
17:22:35.0889 3340 SamSs - ok
17:22:35.0904 3340 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:22:35.0904 3340 sbp2port - ok
17:22:35.0935 3340 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:22:35.0935 3340 SCardSvr - ok
17:22:35.0982 3340 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:22:35.0982 3340 scfilter - ok
17:22:36.0045 3340 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:22:36.0076 3340 Schedule - ok
17:22:36.0107 3340 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:22:36.0107 3340 SCPolicySvc - ok
17:22:36.0138 3340 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:22:36.0138 3340 SDRSVC - ok
17:22:36.0169 3340 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:22:36.0185 3340 secdrv - ok
17:22:36.0201 3340 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:22:36.0201 3340 seclogon - ok
17:22:36.0247 3340 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
17:22:36.0247 3340 SENS - ok
17:22:36.0263 3340 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:22:36.0263 3340 SensrSvc - ok
17:22:36.0294 3340 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:22:36.0294 3340 Serenum - ok
17:22:36.0325 3340 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:22:36.0325 3340 Serial - ok
17:22:36.0341 3340 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:22:36.0341 3340 sermouse - ok
17:22:36.0388 3340 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:22:36.0388 3340 SessionEnv - ok
17:22:36.0419 3340 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:22:36.0419 3340 sffdisk - ok
17:22:36.0435 3340 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:22:36.0435 3340 sffp_mmc - ok
17:22:36.0450 3340 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:22:36.0450 3340 sffp_sd - ok
17:22:36.0481 3340 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:22:36.0481 3340 sfloppy - ok
17:22:36.0528 3340 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:22:36.0528 3340 SharedAccess - ok
17:22:36.0559 3340 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:22:36.0575 3340 ShellHWDetection - ok
17:22:36.0606 3340 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:22:36.0606 3340 SiSRaid2 - ok
17:22:36.0637 3340 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:22:36.0637 3340 SiSRaid4 - ok
17:22:36.0731 3340 [ 3E587DBBDFF938DDE5D4CE4047BE9041 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:22:36.0731 3340 SkypeUpdate - ok
17:22:36.0762 3340 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:22:36.0762 3340 Smb - ok
17:22:36.0825 3340 [ D6A7B4B28FA50EFEBC67168FAA23F158 ] smhwdev C:\Windows\system32\DRIVERS\smhwdev.sys
17:22:36.0825 3340 smhwdev - ok
17:22:36.0871 3340 [ 9122A68375D990280644DF33973B506A ] smhwser C:\Windows\system32\DRIVERS\smhwser.sys
17:22:36.0871 3340 smhwser - ok
17:22:36.0918 3340 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:22:36.0918 3340 SNMPTRAP - ok
17:22:36.0934 3340 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:22:36.0934 3340 spldr - ok
17:22:36.0981 3340 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
17:22:36.0981 3340 Spooler - ok
17:22:37.0090 3340 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:22:37.0105 3340 sppsvc - ok
17:22:37.0152 3340 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:22:37.0152 3340 sppuinotify - ok
17:22:37.0183 3340 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:22:37.0183 3340 srv - ok
17:22:37.0199 3340 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:22:37.0199 3340 srv2 - ok
17:22:37.0199 3340 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:22:37.0199 3340 srvnet - ok
17:22:37.0246 3340 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:22:37.0246 3340 SSDPSRV - ok
17:22:37.0261 3340 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:22:37.0277 3340 SstpSvc - ok
17:22:37.0293 3340 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:22:37.0293 3340 stexstor - ok
17:22:37.0339 3340 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:22:37.0339 3340 stisvc - ok
17:22:37.0371 3340 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
17:22:37.0371 3340 storflt - ok
17:22:37.0386 3340 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
17:22:37.0386 3340 StorSvc - ok
17:22:37.0417 3340 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
17:22:37.0417 3340 storvsc - ok
17:22:37.0449 3340 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
17:22:37.0449 3340 swenum - ok
17:22:37.0480 3340 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:22:37.0495 3340 swprv - ok
17:22:37.0573 3340 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:22:37.0620 3340 SysMain - ok
17:22:37.0636 3340 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:22:37.0651 3340 TabletInputService - ok
17:22:37.0667 3340 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:22:37.0667 3340 TapiSrv - ok
17:22:37.0714 3340 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:22:37.0714 3340 TBS - ok
17:22:37.0776 3340 [ 40AF23633D197905F03AB5628C558C51 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:22:37.0792 3340 Tcpip - ok
17:22:37.0854 3340 [ 40AF23633D197905F03AB5628C558C51 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:22:37.0870 3340 TCPIP6 - ok
17:22:37.0901 3340 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:22:37.0901 3340 tcpipreg - ok
17:22:37.0948 3340 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:22:37.0948 3340 TDPIPE - ok
17:22:37.0963 3340 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:22:37.0963 3340 TDTCP - ok
17:22:38.0010 3340 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:22:38.0010 3340 tdx - ok
17:22:38.0057 3340 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:22:38.0057 3340 TermDD - ok
17:22:38.0104 3340 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:22:38.0119 3340 TermService - ok
17:22:38.0135 3340 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:22:38.0135 3340 Themes - ok
17:22:38.0166 3340 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:22:38.0166 3340 THREADORDER - ok
17:22:38.0197 3340 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:22:38.0197 3340 TrkWks - ok
17:22:38.0244 3340 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:22:38.0260 3340 TrustedInstaller - ok
17:22:38.0291 3340 [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:22:38.0291 3340 tssecsrv - ok
17:22:38.0322 3340 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:22:38.0338 3340 TsUsbFlt - ok
17:22:38.0447 3340 [ DC612EF358AB3E1D369D9E46420D2610 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
17:22:38.0463 3340 TuneUp.UtilitiesSvc - ok
17:22:38.0494 3340 [ 7BC3381C0713F613B31ACDE38B71CB53 ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys
17:22:38.0494 3340 TuneUpUtilitiesDrv - ok
17:22:38.0525 3340 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:22:38.0525 3340 tunnel - ok
17:22:38.0572 3340 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:22:38.0572 3340 uagp35 - ok
17:22:38.0603 3340 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:22:38.0619 3340 udfs - ok
17:22:38.0650 3340 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:22:38.0665 3340 UI0Detect - ok
17:22:38.0697 3340 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:22:38.0697 3340 uliagpkx - ok
17:22:38.0728 3340 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
17:22:38.0728 3340 umbus - ok
17:22:38.0759 3340 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:22:38.0759 3340 UmPass - ok
17:22:38.0775 3340 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
17:22:38.0790 3340 UmRdpService - ok
17:22:38.0884 3340 [ AF905F4966CFC8B973623AB150CD4B2B ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
17:22:38.0915 3340 UNS - ok
17:22:38.0946 3340 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:22:38.0946 3340 upnphost - ok
17:22:38.0977 3340 [ ACCEA6BC68D0C9A78EB97EE159028B4E ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:22:38.0977 3340 usbccgp - ok
17:22:39.0024 3340 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:22:39.0024 3340 usbcir - ok
17:22:39.0040 3340 [ 311C1DD1088E55BEAE15954D17F50646 ] usbehci C:\Windows\system32\drivers\usbehci.sys
17:22:39.0040 3340 usbehci - ok
17:22:39.0071 3340 [ 280E90CBF4B2DDD169F0728CB44D726F ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:22:39.0071 3340 usbhub - ok
17:22:39.0087 3340 [ 9406D801042FAF859CF81B2C886413DC ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:22:39.0087 3340 usbohci - ok
17:22:39.0118 3340 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:22:39.0118 3340 usbprint - ok
17:22:39.0149 3340 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:22:39.0149 3340 USBSTOR - ok
17:22:39.0165 3340 [ A83D0EC9AE4C31704442099D40BA2471 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:22:39.0165 3340 usbuhci - ok
17:22:39.0211 3340 [ 1F775DA4CF1A3A1834207E975A72E9D7 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
17:22:39.0211 3340 usbvideo - ok
17:22:39.0243 3340 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:22:39.0243 3340 UxSms - ok
17:22:39.0258 3340 [ 4D71227301DD8D09097B9E4CC6527E5A ] VaultSvc C:\Windows\system32\lsass.exe
17:22:39.0258 3340 VaultSvc - ok
17:22:39.0305 3340 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:22:39.0305 3340 vdrvroot - ok
17:22:39.0352 3340 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:22:39.0367 3340 vds - ok
17:22:39.0399 3340 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:22:39.0399 3340 vga - ok
17:22:39.0414 3340 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:22:39.0414 3340 VgaSave - ok
17:22:39.0461 3340 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:22:39.0461 3340 vhdmp - ok
17:22:39.0492 3340 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:22:39.0492 3340 viaide - ok
17:22:39.0523 3340 [ 4D7427E0212D98CACB81C919E777B909 ] vm331avs C:\Windows\system32\Drivers\vm331avs.sys
17:22:39.0523 3340 vm331avs - ok
17:22:39.0555 3340 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
17:22:39.0555 3340 vmbus - ok
17:22:39.0570 3340 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
17:22:39.0586 3340 VMBusHID - ok
17:22:39.0586 3340 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:22:39.0586 3340 volmgr - ok
17:22:39.0617 3340 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:22:39.0617 3340 volmgrx - ok
17:22:39.0617 3340 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:22:39.0617 3340 volsnap - ok
17:22:39.0695 3340 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:22:39.0695 3340 vsmraid - ok
17:22:39.0773 3340 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:22:39.0820 3340 VSS - ok
17:22:39.0835 3340 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:22:39.0835 3340 vwifibus - ok
17:22:39.0867 3340 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:22:39.0867 3340 vwififlt - ok
17:22:39.0898 3340 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:22:39.0898 3340 W32Time - ok
17:22:39.0929 3340 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:22:39.0929 3340 WacomPen - ok
17:22:39.0945 3340 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:22:39.0960 3340 WANARP - ok
17:22:39.0960 3340 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:22:39.0960 3340 Wanarpv6 - ok
17:22:40.0023 3340 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:22:40.0069 3340 WatAdminSvc - ok
17:22:40.0132 3340 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:22:40.0179 3340 wbengine - ok
17:22:40.0210 3340 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:22:40.0225 3340 WbioSrvc - ok
17:22:40.0257 3340 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
17:22:40.0272 3340 WcesComm - ok
17:22:40.0303 3340 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:22:40.0303 3340 wcncsvc - ok
17:22:40.0319 3340 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:22:40.0335 3340 WcsPlugInService - ok
17:22:40.0350 3340 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:22:40.0350 3340 Wd - ok
17:22:40.0397 3340 [ E2C933EDBC389386EBE6D2BA953F43D8 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:22:40.0397 3340 Wdf01000 - ok
17:22:40.0428 3340 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:22:40.0428 3340 WdiServiceHost - ok
17:22:40.0428 3340 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:22:40.0428 3340 WdiSystemHost - ok
17:22:40.0459 3340 [ 2A444ACF7DD446505BCC801F8F6AE5FD ] wdmirror C:\Windows\system32\DRIVERS\WDMirror.sys
17:22:40.0459 3340 wdmirror - ok
17:22:40.0491 3340 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D ] WebClient C:\Windows\System32\webclnt.dll
17:22:40.0491 3340 WebClient - ok
17:22:40.0522 3340 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:22:40.0522 3340 Wecsvc - ok
17:22:40.0537 3340 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:22:40.0537 3340 wercplsupport - ok
17:22:40.0569 3340 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:22:40.0569 3340 WerSvc - ok
17:22:40.0615 3340 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:22:40.0615 3340 WfpLwf - ok
17:22:40.0631 3340 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:22:40.0631 3340 WIMMount - ok
17:22:40.0662 3340 WinDefend - ok
17:22:40.0693 3340 WinHttpAutoProxySvc - ok
17:22:40.0756 3340 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:22:40.0756 3340 Winmgmt - ok
17:22:40.0834 3340 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:22:40.0927 3340 WinRM - ok
17:22:40.0974 3340 [ FE88B288356E7B47B74B13372ADD906D ] WINUSB C:\Windows\system32\drivers\WinUSB.SYS
17:22:40.0974 3340 WINUSB - ok
17:22:41.0021 3340 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:22:41.0052 3340 Wlansvc - ok
17:22:41.0083 3340 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:22:41.0083 3340 WmiAcpi - ok
17:22:41.0115 3340 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:22:41.0115 3340 wmiApSrv - ok
17:22:41.0146 3340 WMPNetworkSvc - ok
17:22:41.0177 3340 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:22:41.0177 3340 WPCSvc - ok
17:22:41.0208 3340 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:22:41.0208 3340 WPDBusEnum - ok
17:22:41.0239 3340 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:22:41.0255 3340 ws2ifsl - ok
17:22:41.0286 3340 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
17:22:41.0286 3340 wscsvc - ok
17:22:41.0302 3340 WSearch - ok
17:22:41.0380 3340 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:22:41.0458 3340 wuauserv - ok
17:22:41.0489 3340 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:22:41.0489 3340 WudfPf - ok
17:22:41.0520 3340 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:22:41.0520 3340 WUDFRd - ok
17:22:41.0536 3340 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:22:41.0536 3340 wudfsvc - ok
17:22:41.0567 3340 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
17:22:41.0583 3340 WwanSvc - ok
17:22:41.0629 3340 ================ Scan global ===============================
17:22:41.0661 3340 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:22:41.0707 3340 [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
17:22:41.0723 3340 [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
17:22:41.0739 3340 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:22:41.0785 3340 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:22:41.0785 3340 [Global] - ok
17:22:41.0785 3340 ================ Scan MBR ==================================
17:22:41.0801 3340 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:22:42.0004 3340 \Device\Harddisk0\DR0 - ok
17:22:42.0004 3340 ================ Scan VBR ==================================
17:22:42.0004 3340 [ C3037A58A546AF6F4FE4552BF3E19070 ] \Device\Harddisk0\DR0\Partition1
17:22:42.0004 3340 \Device\Harddisk0\DR0\Partition1 - ok
17:22:42.0019 3340 [ 331D0D5ECD7C961198F3C42994909225 ] \Device\Harddisk0\DR0\Partition2
17:22:42.0019 3340 \Device\Harddisk0\DR0\Partition2 - ok
17:22:42.0035 3340 [ C3D1821A1AD03F236AD120876E0E972A ] \Device\Harddisk0\DR0\Partition3
17:22:42.0051 3340 \Device\Harddisk0\DR0\Partition3 - ok
17:22:42.0051 3340 ============================================================
17:22:42.0051 3340 Scan finished
17:22:42.0051 3340 ============================================================
17:22:42.0051 4468 Detected object count: 0
17:22:42.0051 4468 Actual detected object count: 0
17:22:48.0556 4580 Deinitialize success

Příspěvekod **jaro3** » 01 pro 2013 11:00

Logy vkládej normálně. Bez quote,

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Migu3L · Příspěvekod **Migu3L** » 04 pro 2013 16:32

ComboFix 13-12-04.02 - Migu3L 04.12.2013 16:20:42.4.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3959.2661 [GMT 1:00]
Spuštěný z: c:\users\Migu3L\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-11-04 do 2013-12-04 )))))))))))))))))))))))))))))))
.
.
2013-12-04 15:27 . 2013-12-04 15:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-04 02:57 . 2013-12-04 02:57 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{75EA57A6-2299-45B9-8C54-18C65E9C72E0}\offreg.dll
2013-12-04 02:07 . 2013-10-14 17:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-12-03 06:07 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{75EA57A6-2299-45B9-8C54-18C65E9C72E0}\mpengine.dll
2013-11-30 10:08 . 2013-11-30 10:08 -------- d-----w- c:\windows\ERUNT
2013-11-29 17:40 . 2013-11-30 10:02 -------- d-----w- C:\AdwCleaner
2013-11-29 17:33 . 2013-11-29 17:33 -------- d-----w- c:\users\Migu3L\AppData\Roaming\Malwarebytes
2013-11-29 17:32 . 2013-11-29 17:32 -------- d-----w- c:\programdata\Malwarebytes
2013-11-29 17:32 . 2013-11-29 17:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-11-29 17:32 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-29 13:35 . 2013-11-29 13:35 388096 ----a-r- c:\users\Migu3L\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-11-29 13:35 . 2013-11-29 13:35 -------- d-----w- c:\program files (x86)\Trend Micro
2013-11-29 11:25 . 2013-11-29 11:25 -------- d-----w- c:\program files (x86)\ESET
2013-11-14 08:10 . 2013-11-14 08:10 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2013-11-06 23:57 . 2013-11-06 23:57 -------- d-----w- c:\users\Migu3L\AppData\Local\National Instruments
2013-11-06 23:33 . 2013-11-06 23:33 -------- d-----w- c:\users\Migu3L\AppData\Local\Application Data
2013-11-06 23:33 . 2013-11-27 21:36 -------- d-----w- c:\program files (x86)\Seznam.cz
2013-11-06 23:32 . 2013-11-27 21:36 -------- d-----w- c:\users\Migu3L\AppData\Roaming\Seznam.cz
2013-11-06 23:32 . 2013-11-06 23:32 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-11-06 23:32 . 2013-11-06 23:38 -------- d-----w- c:\users\Migu3L\AppData\Roaming\DAEMON Tools Lite
2013-11-06 23:32 . 2013-11-06 23:32 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2013-11-06 23:31 . 2013-11-06 23:38 -------- d-----w- c:\programdata\DAEMON Tools Lite
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-26 13:34 . 2013-05-07 17:20 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-11-26 13:34 . 2013-03-30 22:32 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-11-26 13:34 . 2013-03-30 22:32 132600 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-11-26 13:34 . 2013-03-30 22:32 106904 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-11-16 18:07 . 2012-08-06 14:25 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-14 02:01 . 2012-08-06 16:14 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-11-11 04:50 . 2012-08-06 13:42 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-09-30 15:53 . 2013-06-02 19:03 829264 ----a-w- c:\windows\system32\msvcr100.dll
2013-09-30 15:53 . 2013-06-02 19:03 608080 ----a-w- c:\windows\system32\msvcp100.dll
2013-09-27 20:05 . 2013-09-27 20:05 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2013-09-27 20:05 . 2013-09-27 20:05 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-09-25 02:22 . 2013-11-13 21:11 340992 ----a-w- c:\windows\system32\schannel.dll
2013-09-25 01:57 . 2013-11-13 21:11 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-09-08 02:30 . 2013-10-09 23:04 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-09 23:04 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-09 23:04 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{17E113E6-CD0E-4045-B154-65F0E57959EF}]
2013-02-05 15:50 167424 ----a-w- c:\program files\IMPI\Extension32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"331BigDog"="c:\program files (x86)\USB Camera\VM331_STI.EXE" [2010-01-15 536576]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-11-26 683576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe"
"NI Update Service"="c:\program files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe" -startupTask
"SafeQ Client"="c:\program files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IMPI Updater;IMPI Updater;c:\program files\IMPI\ExtensionUpdaterService.exe;c:\program files\IMPI\ExtensionUpdaterService.exe [x]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe;c:\windows\SYSNATIVE\IgrsSvcs.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\smhwadb.sys;c:\windows\SYSNATIVE\Drivers\smhwadb.sys [x]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys;c:\windows\SYSNATIVE\drivers\WDBridge.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe;c:\windows\SYSNATIVE\IgrsSvcs.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 smhwdev;SmartPhone dummy USB PNP Device (Normal);c:\windows\system32\DRIVERS\smhwdev.sys;c:\windows\SYSNATIVE\DRIVERS\smhwdev.sys [x]
R3 smhwser;USB Device for Legacy Serial Communication (Normal);c:\windows\system32\DRIVERS\smhwser.sys;c:\windows\SYSNATIVE\DRIVERS\smhwser.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [x]
R4 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files (x86)\Lenovo\ReadyComm\AppSvc.exe;c:\program files (x86)\Lenovo\ReadyComm\AppSvc.exe [x]
R4 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files (x86)\Lenovo\ReadyComm\ConnSvc.exe;c:\program files (x86)\Lenovo\ReadyComm\ConnSvc.exe [x]
R4 NIApplicationWebServer;NI Application Web Server;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
R4 NIApplicationWebServer64;NI Application Web Server (64-bit);c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
R4 nimDNSResponder;NI mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [x]
R4 NINetworkDiscovery;NI Network Discovery;c:\program files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe;c:\program files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S0 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys;c:\windows\SYSNATIVE\DRIVERS\johci.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys;c:\windows\SYSNATIVE\DRIVERS\WDMirror.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
<NO NAME> REG_SZ
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-15 00:54 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-12-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-06 18:07]
.
2013-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-12 14:43]
.
2013-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-12 14:43]
.
2013-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3632442824-87725181-26142350-1000Core.job
- c:\users\Migu3L\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-31 22:07]
.
2013-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3632442824-87725181-26142350-1000UA.job
- c:\users\Migu3L\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-31 22:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-05-07 16416360]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2009-12-17 4367808]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2009-12-17 6988736]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 147.230.16.140 147.230.16.1
FF - ProfilePath - c:\users\Migu3L\AppData\Roaming\Mozilla\Firefox\Profiles\6scvkob9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-12-04 16:29:56
ComboFix-quarantined-files.txt 2013-12-04 15:29
ComboFix2.txt 2013-11-29 12:00
.
Před spuštěním: Volných bajtů: 20 944 277 504
Po spuštění: Volných bajtů: 20 882 591 744
.
- - End Of File - - 37EAD42A53129A43003B22203D3B8FC3

Příspěvekod **jaro3** » 05 pro 2013 09:35

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3632442824-87725181-26142350-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3632442824-87725181-26142350-1000UA.job

Folder::
c:\program files (x86)\ESET
c:\program files (x86)\Skype\Updater
c:\program files (x86)\Google\Update
c:\users\Migu3L\AppData\Local\Google\Update

Driver::
SkypeUpdate

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Trojan "Policie"

Trojan "Policie"

Re: Trojan "Policie"

Re: Trojan "Policie"

Re: Trojan "Policie"

Re: Trojan "Policie"

Re: Trojan "Policie"

Re: Trojan "Policie"

Re: Trojan "Policie"

Re: Trojan "Policie"

Re: Trojan "Policie"

Re: Trojan "Policie"

Re: Trojan "Policie"

Kdo je online