Nejde spustit hijackthis

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Odpovědět
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43292
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Nejde spustit hijackthis

Příspěvekod jaro3 » 27 zář 2013 09:17

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab


1) Klikni na následující odkaz pro stažení LSPFix na Tvou pracovní plochu.
http://www.cexx.org/LSPFix.exe

nebo
http://www.cexx.org/lspfix.htm

2) Poté, co se exe soubor na ploše ukáže, poklikej na něj.
3) V levém sloupci se objeví soubor fcn32.dll. Kliknutím na něj se odkaz zvýrazní, potom klikni na šipku uprostřed obrazovky, která ukazuje na pravou stranu .
Tím se přesune soubor do správného sloupce označeném Odebrat (Remove)

POZNÁMKA: Pokud je šipka je šedá a neumožňuje, abys kliknul, je potřeba zaškrtnout políčko označené "Já vím, co mám dělat" (I know what..)

4) Poté, co byl soubor převeden na Odstranit( remove) sloupce, klepni na tlačítko Dokončit( Finnish) v dolní části obrazovky. Budeš informován na obrazovce že soubor byl odstraněn z Winsock záznamu v registru.Potom zavři LSPFix program .

5) Spusť Hijackthis a vstup pro tento soubor by měl být nyní pryč ze seznamu.

Jsou nějaké problémy?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
Reklama
Top
BohousUL
nováček
Příspěvky: 28
Registrován: listopad 07
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Nejde spustit hijackthis

Příspěvekod BohousUL » 27 zář 2013 10:02

Zdravím, fixnutí jsem provedl a v druhém programu jsem soubor fcn32.dll nenašel. NTB mi začal normálním režimu zamrzat.
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43292
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Nejde spustit hijackthis

Příspěvekod jaro3 » 27 zář 2013 10:23

Dej nový log z HJT

+
Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller. 2.8.16.0_(datum)_log.txt , vlož sem prosím celý obsah logu.

+
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
BohousUL
nováček
Příspěvky: 28
Registrován: listopad 07
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Nejde spustit hijackthis

Příspěvekod BohousUL » 27 zář 2013 11:53

Tak už to nemůžu naject ani NZ
Nahoru
BohousUL
nováček
Příspěvky: 28
Registrován: listopad 07
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Nejde spustit hijackthis

Příspěvekod BohousUL » 27 zář 2013 11:56

Zůstává mi jenom šipka od myši s kterou mohu hýbat jinak nejde nic ani při normálním najetí.
Nahoru
BohousUL
nováček
Příspěvky: 28
Registrován: listopad 07
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Nejde spustit hijackthis

Příspěvekod BohousUL » 27 zář 2013 13:17

Tak se to zase nějakým záhadným způsobem rozjelo, ale zamrzá to pořád, jen pokaždý jindy.

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 12:42:36, on 27.9.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)


Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
C:\Program Files\Qualcomm Atheros\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\DllHost.exe
C:\Users\Mamka a taťka\Desktop\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\listicka.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AtherosBtStack] "C:\Program Files\Qualcomm Atheros\Bluetooth Suite\btvstack.exe"
O4 - HKLM\..\Run: [AthBtTray] "C:\Program Files\Qualcomm Atheros\Bluetooth Suite\athbttray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\Mamka a taťka\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mamka a taťka\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra 'Tools' menuitem: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Program Files\Seznam.cz\listicka.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Broken Internet access because of LSP chain gap (#33 in chain of 37 missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

--
End of file - 6546 bytes


13:00:04.0179 2396 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
13:00:04.0179 2396 ============================================================
13:00:04.0179 2396 Current date / time: 2013/09/27 13:00:04.0179
13:00:04.0179 2396 SystemInfo:
13:00:04.0179 2396
13:00:04.0179 2396 OS Version: 6.1.7601 ServicePack: 1.0
13:00:04.0179 2396 Product type: Workstation
13:00:04.0179 2396 ComputerName: MILAN-PC
13:00:04.0179 2396 UserName: Mamka a taťka
13:00:04.0179 2396 Windows directory: C:\Windows
13:00:04.0179 2396 System windows directory: C:\Windows
13:00:04.0179 2396 Processor architecture: Intel x86
13:00:04.0179 2396 Number of processors: 2
13:00:04.0179 2396 Page size: 0x1000
13:00:04.0179 2396 Boot type: Normal boot
13:00:04.0179 2396 ============================================================
13:00:04.0834 2396 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:00:04.0850 2396 Drive \Device\Harddisk1\DR2 - Size: 0x3B98FA000 (14.90 Gb), SectorSize: 0x200, Cylinders: 0x798, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:00:04.0881 2396 Initialize success
13:00:07.0174 1948 ============================================================
13:00:07.0174 1948 Scan started
13:00:07.0174 1948 Mode: Manual;
13:00:07.0174 1948 ============================================================
13:00:09.0234 1948 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
13:00:09.0249 1948 1394ohci - ok
13:00:09.0577 1948 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
13:00:09.0592 1948 ACPI - ok
13:00:09.0858 1948 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
13:00:09.0889 1948 AcpiPmi - ok
13:00:10.0232 1948 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
13:00:10.0263 1948 adp94xx - ok
13:00:10.0560 1948 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
13:00:10.0591 1948 adpahci - ok
13:00:10.0856 1948 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
13:00:10.0887 1948 adpu320 - ok
13:00:11.0246 1948 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
13:00:11.0246 1948 AFD - ok
13:00:11.0574 1948 AgereSoftModem (1cfeba39fc613e45b49d3eddfbcda289) C:\Windows\system32\DRIVERS\AGRSM.sys
13:00:11.0589 1948 AgereSoftModem - ok
13:00:11.0776 1948 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
13:00:11.0792 1948 agp440 - ok
13:00:11.0854 1948 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
13:00:11.0870 1948 aic78xx - ok
13:00:11.0901 1948 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
13:00:11.0901 1948 amdagp - ok
13:00:12.0088 1948 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
13:00:12.0088 1948 amdide - ok
13:00:12.0151 1948 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
13:00:12.0151 1948 AmdK8 - ok
13:00:12.0182 1948 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
13:00:12.0182 1948 AmdPPM - ok
13:00:12.0229 1948 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
13:00:12.0244 1948 amdsata - ok
13:00:12.0416 1948 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
13:00:12.0416 1948 amdsbs - ok
13:00:12.0447 1948 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
13:00:12.0447 1948 amdxata - ok
13:00:12.0525 1948 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
13:00:12.0525 1948 AppID - ok
13:00:12.0728 1948 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
13:00:12.0728 1948 arc - ok
13:00:12.0775 1948 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
13:00:12.0775 1948 arcsas - ok
13:00:12.0900 1948 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys
13:00:12.0915 1948 ASMMAP - ok
13:00:13.0087 1948 Asushwio - ok
13:00:13.0165 1948 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
13:00:13.0165 1948 AsyncMac - ok
13:00:13.0368 1948 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
13:00:13.0383 1948 atapi - ok
13:00:13.0446 1948 AthBTPort (e803ea470339354b613586aa618f819a) C:\Windows\system32\DRIVERS\btath_flt.sys
13:00:13.0446 1948 AthBTPort - ok
13:00:13.0695 1948 athr (cfe432e8eeacbcea3dbf53ea76978a65) C:\Windows\system32\DRIVERS\athr.sys
13:00:13.0789 1948 athr - ok
13:00:13.0992 1948 ATSwpWDF (befe54e9bc648a3c79c917a63b6ee7da) C:\Windows\system32\Drivers\ATSwpWDF.sys
13:00:13.0992 1948 ATSwpWDF - ok
13:00:14.0194 1948 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
13:00:14.0210 1948 b06bdrv - ok
13:00:14.0241 1948 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
13:00:14.0241 1948 b57nd60x - ok
13:00:14.0444 1948 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
13:00:14.0444 1948 Beep - ok
13:00:14.0522 1948 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
13:00:14.0522 1948 blbdrive - ok
13:00:14.0740 1948 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
13:00:14.0740 1948 bowser - ok
13:00:14.0803 1948 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:00:14.0803 1948 BrFiltLo - ok
13:00:14.0834 1948 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:00:14.0834 1948 BrFiltUp - ok
13:00:15.0068 1948 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
13:00:15.0068 1948 BridgeMP - ok
13:00:15.0130 1948 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
13:00:15.0130 1948 Brserid - ok
13:00:15.0146 1948 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
13:00:15.0146 1948 BrSerWdm - ok
13:00:15.0333 1948 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:00:15.0333 1948 BrUsbMdm - ok
13:00:15.0364 1948 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
13:00:15.0364 1948 BrUsbSer - ok
13:00:15.0442 1948 BTATH_A2DP (412fd865813c711eed563f5ca97e1d79) C:\Windows\system32\drivers\btath_a2dp.sys
13:00:15.0458 1948 BTATH_A2DP - ok
13:00:15.0645 1948 btath_avdt (7020af96cdd137673c3f2c7f470da8d7) C:\Windows\system32\drivers\btath_avdt.sys
13:00:15.0645 1948 btath_avdt - ok
13:00:15.0692 1948 BTATH_BUS (042825bcaca3d00ed30286c64a8cbc53) C:\Windows\system32\DRIVERS\btath_bus.sys
13:00:15.0692 1948 BTATH_BUS - ok
13:00:15.0864 1948 BTATH_HCRP (88a4b7bc1a09cdb7f7fd2874cd0047d5) C:\Windows\system32\DRIVERS\btath_hcrp.sys
13:00:15.0879 1948 BTATH_HCRP - ok
13:00:15.0926 1948 BTATH_LWFLT (50e43437255cdff19437ea9fd37dc184) C:\Windows\system32\DRIVERS\btath_lwflt.sys
13:00:15.0926 1948 BTATH_LWFLT - ok
13:00:16.0113 1948 BTATH_RCP (6ff0237dab4edcd833181ff8f7358ab2) C:\Windows\system32\DRIVERS\btath_rcp.sys
13:00:16.0113 1948 BTATH_RCP - ok
13:00:16.0207 1948 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
13:00:16.0207 1948 BthEnum - ok
13:00:16.0394 1948 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
13:00:16.0394 1948 BTHMODEM - ok
13:00:16.0456 1948 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
13:00:16.0472 1948 BthPan - ok
13:00:16.0550 1948 BTHPORT (1153de2e4f5941e10c399cb5592f78a1) C:\Windows\System32\Drivers\BTHport.sys
13:00:16.0550 1948 BTHPORT - ok
13:00:16.0768 1948 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\system32\drivers\BTHUSB.sys
13:00:16.0768 1948 BTHUSB - ok
13:00:16.0815 1948 btwaudio (f2f7342742180d5060285499dee50f99) C:\Windows\system32\drivers\btwaudio.sys
13:00:16.0815 1948 btwaudio - ok
13:00:16.0987 1948 btwavdt (32f59f26a30cfc508da11db3ea0f8b77) C:\Windows\system32\drivers\btwavdt.sys
13:00:17.0002 1948 btwavdt - ok
13:00:17.0034 1948 btwl2cap (ecb98391c756a7b9cfbae89d9d1235e1) C:\Windows\system32\DRIVERS\btwl2cap.sys
13:00:17.0034 1948 btwl2cap - ok
13:00:17.0205 1948 btwrchid (03658734ef7d0f3b3f4636d3e8a38964) C:\Windows\system32\DRIVERS\btwrchid.sys
13:00:17.0205 1948 btwrchid - ok
13:00:17.0283 1948 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
13:00:17.0283 1948 cdfs - ok
13:00:17.0486 1948 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
13:00:17.0486 1948 cdrom - ok
13:00:17.0548 1948 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
13:00:17.0548 1948 circlass - ok
13:00:17.0751 1948 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
13:00:17.0751 1948 CLFS - ok
13:00:18.0016 1948 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
13:00:18.0016 1948 CmBatt - ok
13:00:18.0094 1948 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
13:00:18.0110 1948 CNG - ok
13:00:18.0297 1948 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
13:00:18.0297 1948 Compbatt - ok
13:00:18.0375 1948 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
13:00:18.0375 1948 CompositeBus - ok
13:00:18.0406 1948 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
13:00:18.0406 1948 crcdisk - ok
13:00:18.0625 1948 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
13:00:18.0640 1948 DfsC - ok
13:00:18.0718 1948 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
13:00:18.0718 1948 discache - ok
13:00:18.0906 1948 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
13:00:18.0906 1948 Disk - ok
13:00:19.0015 1948 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
13:00:19.0015 1948 drmkaud - ok
13:00:19.0093 1948 DXGKrnl (16498ebc04ae9dd07049a8884b205c05) C:\Windows\System32\drivers\dxgkrnl.sys
13:00:19.0093 1948 DXGKrnl - ok
13:00:19.0358 1948 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
13:00:19.0483 1948 ebdrv - ok
13:00:19.0701 1948 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
13:00:19.0701 1948 elxstor - ok
13:00:19.0748 1948 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
13:00:19.0748 1948 ErrDev - ok
13:00:19.0795 1948 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
13:00:19.0795 1948 exfat - ok
13:00:19.0998 1948 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
13:00:19.0998 1948 fastfat - ok
13:00:20.0013 1948 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
13:00:20.0013 1948 fdc - ok
13:00:20.0060 1948 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
13:00:20.0060 1948 FileInfo - ok
13:00:20.0076 1948 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
13:00:20.0076 1948 Filetrace - ok
13:00:20.0278 1948 FlashUSB (5575ee5823de1558f8486eb4e33ffa99) C:\Windows\system32\DRIVERS\FlashUSB.sys
13:00:20.0278 1948 FlashUSB - ok
13:00:20.0341 1948 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
13:00:20.0341 1948 flpydisk - ok
13:00:20.0388 1948 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
13:00:20.0388 1948 FltMgr - ok
13:00:20.0590 1948 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
13:00:20.0590 1948 FsDepends - ok
13:00:20.0653 1948 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
13:00:20.0653 1948 Fs_Rec - ok
13:00:20.0746 1948 fvevol (e306a24d9694c724fa2491278bf50fdb) C:\Windows\system32\DRIVERS\fvevol.sys
13:00:20.0746 1948 fvevol - ok
13:00:20.0934 1948 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:00:20.0949 1948 gagp30kx - ok
13:00:21.0199 1948 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
13:00:21.0199 1948 hcw85cir - ok
13:00:21.0277 1948 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
13:00:21.0277 1948 HdAudAddService - ok
13:00:21.0339 1948 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
13:00:21.0339 1948 HDAudBus - ok
13:00:21.0526 1948 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
13:00:21.0526 1948 HidBatt - ok
13:00:21.0573 1948 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
13:00:21.0573 1948 HidBth - ok
13:00:21.0620 1948 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
13:00:21.0620 1948 HidIr - ok
13:00:21.0682 1948 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
13:00:21.0714 1948 HidUsb - ok
13:00:21.0885 1948 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
13:00:21.0885 1948 HpSAMD - ok
13:00:21.0963 1948 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
13:00:21.0979 1948 HTTP - ok
13:00:22.0182 1948 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
13:00:22.0182 1948 hwpolicy - ok
13:00:22.0260 1948 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
13:00:22.0260 1948 i8042prt - ok
13:00:22.0306 1948 iaStor (9f1220113a3a7f4f08042c699324d073) C:\Windows\system32\DRIVERS\iaStor.sys
13:00:22.0306 1948 iaStor - ok
13:00:22.0525 1948 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
13:00:22.0525 1948 iaStorV - ok
13:00:23.0742 1948 igfx (1ec36a3ca56b0a31b4920399ee6d77eb) C:\Windows\system32\DRIVERS\igdkmd32.sys
13:00:23.0976 1948 igfx - ok
13:00:24.0147 1948 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
13:00:24.0163 1948 iirsp - ok
13:00:24.0459 1948 IntcAzAudAddService (f42f2f88017a2e2b6f783acef6c2c149) C:\Windows\system32\drivers\RTKVHDA.sys
13:00:24.0506 1948 IntcAzAudAddService - ok
13:00:24.0693 1948 IntcHdmiAddService (81486f0eb4238b65c317f97de246c4ac) C:\Windows\system32\drivers\IntcHdmi.sys
13:00:24.0693 1948 IntcHdmiAddService - ok
13:00:24.0771 1948 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
13:00:24.0771 1948 intelide - ok
13:00:24.0834 1948 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
13:00:24.0834 1948 intelppm - ok
13:00:25.0036 1948 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:00:25.0036 1948 IpFilterDriver - ok
13:00:25.0083 1948 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
13:00:25.0083 1948 IPMIDRV - ok
13:00:25.0114 1948 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
13:00:25.0114 1948 IPNAT - ok
13:00:25.0146 1948 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
13:00:25.0146 1948 IRENUM - ok
13:00:25.0333 1948 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
13:00:25.0348 1948 isapnp - ok
13:00:25.0395 1948 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
13:00:25.0411 1948 iScsiPrt - ok
13:00:25.0614 1948 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
13:00:25.0614 1948 kbdclass - ok
13:00:25.0676 1948 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
13:00:25.0676 1948 kbdhid - ok
13:00:25.0738 1948 kbfiltr (cc2a86d7bbf14977340dca61bbcba771) C:\Windows\system32\DRIVERS\kbfiltr.sys
13:00:25.0738 1948 kbfiltr - ok
13:00:25.0801 1948 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
13:00:25.0801 1948 KSecDD - ok
13:00:26.0019 1948 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
13:00:26.0019 1948 KSecPkg - ok
13:00:26.0097 1948 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
13:00:26.0097 1948 lltdio - ok
13:00:26.0144 1948 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:00:26.0144 1948 LSI_FC - ok
13:00:26.0331 1948 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:00:26.0331 1948 LSI_SAS - ok
13:00:26.0362 1948 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:00:26.0362 1948 LSI_SAS2 - ok
13:00:26.0394 1948 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:00:26.0394 1948 LSI_SCSI - ok
13:00:26.0596 1948 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
13:00:26.0612 1948 luafv - ok
13:00:26.0643 1948 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
13:00:26.0643 1948 megasas - ok
13:00:26.0674 1948 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
13:00:26.0674 1948 MegaSR - ok
13:00:26.0706 1948 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
13:00:26.0706 1948 Modem - ok
13:00:26.0908 1948 MODEMCSA (25483f9d590d5f00bd951e1181453ec2) C:\Windows\system32\drivers\MODEMCSA.sys
13:00:26.0908 1948 MODEMCSA - ok
13:00:26.0971 1948 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
13:00:26.0971 1948 monitor - ok
13:00:27.0049 1948 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
13:00:27.0049 1948 mouclass - ok
13:00:27.0205 1948 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
13:00:27.0220 1948 mouhid - ok
13:00:27.0267 1948 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
13:00:27.0267 1948 mountmgr - ok
13:00:27.0345 1948 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
13:00:27.0345 1948 mpio - ok
13:00:27.0548 1948 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
13:00:27.0548 1948 mpsdrv - ok
13:00:27.0610 1948 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
13:00:27.0626 1948 MRxDAV - ok
13:00:27.0829 1948 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:00:27.0829 1948 mrxsmb - ok
13:00:27.0891 1948 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:00:27.0907 1948 mrxsmb10 - ok
13:00:28.0110 1948 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:00:28.0110 1948 mrxsmb20 - ok
13:00:28.0172 1948 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
13:00:28.0172 1948 msahci - ok
13:00:28.0234 1948 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
13:00:28.0234 1948 msdsm - ok
13:00:28.0468 1948 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
13:00:28.0468 1948 Msfs - ok
13:00:28.0500 1948 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
13:00:28.0500 1948 mshidkmdf - ok
13:00:28.0546 1948 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
13:00:28.0546 1948 msisadrv - ok
13:00:28.0578 1948 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
13:00:28.0578 1948 MSKSSRV - ok
13:00:28.0765 1948 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
13:00:28.0765 1948 MSPCLOCK - ok
13:00:28.0796 1948 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
13:00:28.0796 1948 MSPQM - ok
13:00:28.0827 1948 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
13:00:28.0827 1948 MsRPC - ok
13:00:28.0921 1948 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
13:00:28.0921 1948 mssmbios - ok
13:00:29.0092 1948 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
13:00:29.0092 1948 MSTEE - ok
13:00:29.0124 1948 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
13:00:29.0124 1948 MTConfig - ok
13:00:29.0202 1948 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
13:00:29.0202 1948 MTsensor - ok
13:00:29.0217 1948 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
13:00:29.0217 1948 Mup - ok
13:00:29.0436 1948 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
13:00:29.0451 1948 NativeWifiP - ok
13:00:29.0529 1948 NDIS (8c9c922d71f1cd4def73f186416b7896) C:\Windows\system32\drivers\ndis.sys
13:00:29.0545 1948 NDIS - ok
13:00:29.0716 1948 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
13:00:29.0716 1948 NdisCap - ok
13:00:29.0763 1948 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
13:00:29.0763 1948 NdisTapi - ok
13:00:29.0810 1948 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
13:00:29.0826 1948 Ndisuio - ok
13:00:30.0013 1948 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
13:00:30.0013 1948 NdisWan - ok
13:00:30.0075 1948 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
13:00:30.0075 1948 NDProxy - ok
13:00:30.0153 1948 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
13:00:30.0153 1948 NetBIOS - ok
13:00:30.0340 1948 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
13:00:30.0340 1948 NetBT - ok
13:00:30.0418 1948 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
13:00:30.0418 1948 nfrd960 - ok
13:00:30.0621 1948 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
13:00:30.0637 1948 Npfs - ok
13:00:30.0715 1948 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
13:00:30.0715 1948 nsiproxy - ok
13:00:30.0793 1948 Ntfs (5e43d2b0ee64123d4880dfa6626defde) C:\Windows\system32\drivers\Ntfs.sys
13:00:30.0824 1948 Ntfs - ok
13:00:30.0996 1948 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
13:00:30.0996 1948 Null - ok
13:00:31.0058 1948 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
13:00:31.0058 1948 nvraid - ok
13:00:31.0089 1948 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
13:00:31.0089 1948 nvstor - ok
13:00:31.0152 1948 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
13:00:31.0152 1948 nv_agp - ok
13:00:31.0386 1948 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
13:00:31.0386 1948 ohci1394 - ok
13:00:31.0464 1948 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
13:00:31.0464 1948 Parport - ok
13:00:31.0510 1948 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
13:00:31.0526 1948 partmgr - ok
13:00:31.0542 1948 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
13:00:31.0542 1948 Parvdm - ok
13:00:31.0729 1948 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
13:00:31.0729 1948 pci - ok
13:00:31.0807 1948 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
13:00:31.0807 1948 pciide - ok
13:00:31.0869 1948 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
13:00:31.0869 1948 pcmcia - ok
13:00:32.0072 1948 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
13:00:32.0072 1948 pcw - ok
13:00:32.0134 1948 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
13:00:32.0150 1948 PEAUTH - ok
13:00:32.0368 1948 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
13:00:32.0368 1948 PptpMiniport - ok
13:00:32.0400 1948 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
13:00:32.0400 1948 Processor - ok
13:00:32.0618 1948 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
13:00:32.0618 1948 Psched - ok
13:00:32.0680 1948 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
13:00:32.0712 1948 ql2300 - ok
13:00:32.0883 1948 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
13:00:32.0883 1948 ql40xx - ok
13:00:32.0914 1948 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
13:00:32.0914 1948 QWAVEdrv - ok
13:00:32.0930 1948 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
13:00:32.0946 1948 RasAcd - ok
13:00:33.0148 1948 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:00:33.0148 1948 RasAgileVpn - ok
13:00:33.0226 1948 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:00:33.0226 1948 Rasl2tp - ok
13:00:33.0414 1948 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
13:00:33.0429 1948 RasPppoe - ok
13:00:33.0445 1948 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
13:00:33.0445 1948 RasSstp - ok
13:00:33.0523 1948 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
13:00:33.0538 1948 rdbss - ok
13:00:33.0710 1948 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
13:00:33.0710 1948 rdpbus - ok
13:00:33.0788 1948 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:00:33.0788 1948 RDPCDD - ok
13:00:33.0804 1948 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
13:00:33.0804 1948 RDPENCDD - ok
13:00:33.0819 1948 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
13:00:33.0835 1948 RDPREFMP - ok
13:00:33.0897 1948 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
13:00:33.0897 1948 RDPWD - ok
13:00:34.0100 1948 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
13:00:34.0100 1948 rdyboost - ok
13:00:34.0178 1948 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
13:00:34.0178 1948 RFCOMM - ok
13:00:34.0225 1948 rimmptsk (ea885e7a56f1be1f14c372337c42fe48) C:\Windows\system32\DRIVERS\rimmptsk.sys
13:00:34.0225 1948 rimmptsk - ok
13:00:34.0381 1948 rimsptsk (d7e09bc852684a7b1fc0f74fe090d45a) C:\Windows\system32\DRIVERS\rimsptsk.sys
13:00:34.0381 1948 rimsptsk - ok
13:00:34.0412 1948 rismxdp (b0a7494a9ba7909efac64e05d3f160db) C:\Windows\system32\DRIVERS\rixdptsk.sys
13:00:34.0412 1948 rismxdp - ok
13:00:34.0490 1948 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
13:00:34.0506 1948 rspndr - ok
13:00:34.0646 1948 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys
13:00:34.0662 1948 RTL8167 - ok
13:00:34.0708 1948 RTL8169 (2fc33077f85d7dc0d03678c06d43898c) C:\Windows\system32\DRIVERS\Rtlh86.sys
13:00:34.0708 1948 RTL8169 - ok
13:00:34.0880 1948 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
13:00:34.0896 1948 sbp2port - ok
13:00:34.0942 1948 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
13:00:34.0958 1948 scfilter - ok
13:00:35.0176 1948 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
13:00:35.0192 1948 sdbus - ok
13:00:35.0239 1948 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:00:35.0239 1948 secdrv - ok
13:00:35.0270 1948 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
13:00:35.0270 1948 Serenum - ok
13:00:35.0301 1948 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
13:00:35.0301 1948 Serial - ok
13:00:35.0488 1948 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
13:00:35.0488 1948 sermouse - ok
13:00:35.0598 1948 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
13:00:35.0598 1948 sffdisk - ok
13:00:35.0785 1948 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
13:00:35.0785 1948 sffp_mmc - ok
13:00:35.0816 1948 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
13:00:35.0816 1948 sffp_sd - ok
13:00:35.0878 1948 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
13:00:35.0878 1948 sfloppy - ok
13:00:36.0081 1948 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
13:00:36.0081 1948 sisagp - ok
13:00:36.0128 1948 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:00:36.0128 1948 SiSRaid2 - ok
13:00:36.0175 1948 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
13:00:36.0190 1948 SiSRaid4 - ok
13:00:36.0393 1948 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
13:00:36.0393 1948 Smb - ok
13:00:36.0487 1948 SNP2UVC (0302bc619d4a723317e7f8eb0c362bd3) C:\Windows\system32\DRIVERS\snp2uvc.sys
13:00:36.0518 1948 SNP2UVC - ok
13:00:36.0705 1948 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
13:00:36.0705 1948 spldr - ok
13:00:36.0814 1948 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
13:00:36.0814 1948 srv - ok
13:00:37.0002 1948 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
13:00:37.0002 1948 srv2 - ok
13:00:37.0048 1948 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
13:00:37.0048 1948 srvnet - ok
13:00:37.0251 1948 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys
13:00:37.0251 1948 StarOpen - ok
13:00:37.0314 1948 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
13:00:37.0314 1948 stexstor - ok
13:00:37.0392 1948 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
13:00:37.0392 1948 swenum - ok
13:00:37.0548 1948 SynTP (760e4f5a1e754bbe4a1bd2a0b54f6aa6) C:\Windows\system32\DRIVERS\SynTP.sys
13:00:37.0548 1948 SynTP - ok
13:00:37.0672 1948 Tcpip (4e8b9be71b807b3baedb7f4243f85e3c) C:\Windows\system32\drivers\tcpip.sys
13:00:37.0688 1948 Tcpip - ok
13:00:37.0906 1948 TCPIP6 (4e8b9be71b807b3baedb7f4243f85e3c) C:\Windows\system32\DRIVERS\tcpip.sys
13:00:37.0922 1948 TCPIP6 - ok
13:00:38.0125 1948 tcpipreg (3eebd3bd93da46a26e89893c7ab2ff3b) C:\Windows\system32\drivers\tcpipreg.sys
13:00:38.0125 1948 tcpipreg - ok
13:00:38.0203 1948 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
13:00:38.0203 1948 TDPIPE - ok
13:00:38.0265 1948 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
13:00:38.0265 1948 TDTCP - ok
13:00:38.0468 1948 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
13:00:38.0468 1948 tdx - ok
13:00:38.0546 1948 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
13:00:38.0546 1948 TermDD - ok
13:00:38.0608 1948 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
13:00:38.0608 1948 TPM - ok
13:00:38.0796 1948 tssecsrv (b37b08f2e5eeb1a37e448e09bace1101) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:00:38.0796 1948 tssecsrv - ok
13:00:38.0874 1948 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
13:00:38.0874 1948 tunnel - ok
13:00:38.0936 1948 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
13:00:38.0936 1948 uagp35 - ok
13:00:39.0139 1948 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
13:00:39.0139 1948 udfs - ok
13:00:39.0201 1948 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
13:00:39.0201 1948 uliagpkx - ok
13:00:39.0279 1948 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
13:00:39.0279 1948 umbus - ok
13:00:39.0466 1948 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
13:00:39.0466 1948 UmPass - ok
13:00:39.0513 1948 usbbus (9419faac6552a51542dbba02971c841c) C:\Windows\system32\DRIVERS\lgusbbus.sys
13:00:39.0513 1948 usbbus - ok
13:00:39.0576 1948 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
13:00:39.0576 1948 usbcir - ok
13:00:39.0763 1948 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\Windows\system32\DRIVERS\lgusbdiag.sys
13:00:39.0763 1948 UsbDiag - ok
13:00:39.0841 1948 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
13:00:39.0841 1948 usbehci - ok
13:00:39.0997 1948 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
13:00:40.0012 1948 usbhub - ok
13:00:40.0059 1948 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
13:00:40.0059 1948 usbohci - ok
13:00:40.0137 1948 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
13:00:40.0137 1948 usbprint - ok
13:00:40.0293 1948 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
13:00:40.0309 1948 usbscan - ok
13:00:40.0371 1948 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:00:40.0371 1948 USBSTOR - ok
13:00:40.0434 1948 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
13:00:40.0434 1948 usbuhci - ok
13:00:40.0621 1948 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
13:00:40.0621 1948 usbvideo - ok
13:00:40.0714 1948 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
13:00:40.0714 1948 vdrvroot - ok
13:00:40.0777 1948 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
13:00:40.0777 1948 vga - ok
13:00:40.0917 1948 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
13:00:40.0917 1948 VgaSave - ok
13:00:40.0964 1948 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
13:00:40.0964 1948 vhdmp - ok
13:00:41.0026 1948 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
13:00:41.0026 1948 viaagp - ok
13:00:41.0073 1948 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
13:00:41.0073 1948 ViaC7 - ok
13:00:41.0260 1948 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
13:00:41.0260 1948 viaide - ok
13:00:41.0323 1948 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
13:00:41.0323 1948 volmgr - ok
13:00:41.0401 1948 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
13:00:41.0401 1948 volmgrx - ok
13:00:41.0588 1948 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
13:00:41.0588 1948 volsnap - ok
13:00:41.0650 1948 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
13:00:41.0650 1948 vsmraid - ok
13:00:41.0682 1948 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
13:00:41.0682 1948 vwifibus - ok
13:00:41.0869 1948 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
13:00:41.0869 1948 vwififlt - ok
13:00:41.0884 1948 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
13:00:41.0884 1948 vwifimp - ok
13:00:41.0916 1948 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
13:00:41.0931 1948 WacomPen - ok
13:00:41.0978 1948 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:00:41.0978 1948 WANARP - ok
13:00:41.0994 1948 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:00:41.0994 1948 Wanarpv6 - ok
13:00:42.0212 1948 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
13:00:42.0212 1948 Wd - ok
13:00:42.0290 1948 Wdf01000 (a840213f1acdcc175b4d1d5aaeac0d7a) C:\Windows\system32\drivers\Wdf01000.sys
13:00:42.0306 1948 Wdf01000 - ok
13:00:42.0524 1948 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
13:00:42.0524 1948 WfpLwf - ok
13:00:42.0555 1948 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
13:00:42.0555 1948 WIMMount - ok
13:00:42.0649 1948 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
13:00:42.0664 1948 WinUsb - ok
13:00:42.0852 1948 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
13:00:42.0852 1948 WmiAcpi - ok
13:00:42.0914 1948 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
13:00:42.0930 1948 ws2ifsl - ok
13:00:43.0132 1948 WudfPf (06e6f32c8d0a3f66d956f57b43a2e070) C:\Windows\system32\drivers\WudfPf.sys
13:00:43.0148 1948 WudfPf - ok
13:00:43.0195 1948 WUDFRd (867c301e8b790040ae9cf6486e8041df) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:00:43.0195 1948 WUDFRd - ok
13:00:43.0242 1948 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:00:43.0288 1948 \Device\Harddisk0\DR0 - ok
13:00:43.0304 1948 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR2
13:00:43.0304 1948 \Device\Harddisk1\DR2 - ok
13:00:43.0304 1948 Boot (0x1200) (7fef768bc075cddf9f1b2882703962c9) \Device\Harddisk0\DR0\Partition0
13:00:43.0320 1948 \Device\Harddisk0\DR0\Partition0 - ok
13:00:43.0320 1948 Boot (0x1200) (88e97d1a9cb471f9e4e50dc2e0f2fa4e) \Device\Harddisk1\DR2\Partition0
13:00:43.0320 1948 \Device\Harddisk1\DR2\Partition0 - ok
13:00:43.0320 1948 ============================================================
13:00:43.0320 1948 Scan finished
13:00:43.0320 1948 ============================================================
13:00:43.0335 1796 Detected object count: 0
13:00:43.0335 1796 Actual detected object count: 0
13:01:17.0047 1236 Deinitialize success


ComboFix ještě běží....
Nahoru
BohousUL
nováček
Příspěvky: 28
Registrován: listopad 07
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Nejde spustit hijackthis

Příspěvekod BohousUL » 27 zář 2013 13:53

ComboFix 13-09-26.03 - Mamka a taťka 27.09.2013 13:14:28.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2013.1278 [GMT 2:00]
Spuštěný z: c:\users\Mamka a taŁka\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0405.exe
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-27 do 2013-09-27 )))))))))))))))))))))))))))))))
.
.
2013-09-27 11:36 . 2013-09-27 11:42 -------- d-----w- c:\users\Mamka a taťka\AppData\Local\temp
2013-09-27 11:36 . 2013-09-27 11:36 -------- d-----w- c:\users\Milan\AppData\Local\temp
2013-09-27 11:36 . 2013-09-27 11:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-27 11:28 . 2013-09-27 11:28 -------- d-----w- c:\users\Mamka a taťka\AppData\Local\CrashDumps
2013-09-27 11:07 . 2013-09-27 11:07 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1161A4C9-A6A0-4F4C-81FB-4390E13691AB}\offreg.dll
2013-09-27 06:40 . 2013-09-27 06:43 -------- d-----w- C:\dmp
2013-09-27 04:55 . 2013-09-27 04:55 -------- d-----w- c:\windows\LastGood
2013-09-27 04:02 . 2013-09-27 04:02 -------- d-----w- c:\users\Mamka a taťka\AppData\Roaming\Atheros
2013-09-26 11:37 . 2013-09-26 11:37 -------- d-----w- c:\users\Milan\AppData\Local\BMExplorer
2013-09-26 11:08 . 2012-06-13 23:18 2957312 ----a-w- c:\windows\system32\drivers\athr.sys
2013-09-26 10:52 . 2009-03-01 21:05 139776 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2013-09-26 10:33 . 2013-09-26 11:37 -------- d-----w- c:\programdata\Atheros
2013-09-26 10:22 . 2013-09-26 10:22 -------- d-----w- c:\users\Milan\AppData\Roaming\Atheros
2013-09-26 10:22 . 2013-09-26 10:22 -------- d-----w- c:\program files\Common Files\Atheros
2013-09-26 10:20 . 2013-09-26 10:23 -------- d-----w- c:\program files\Qualcomm Atheros
2013-09-26 10:20 . 2013-09-26 10:20 -------- d-----w- c:\programdata\Qualcomm Atheros
2013-09-26 09:15 . 2013-09-26 11:33 -------- d-----w- C:\SWSetup
2013-09-26 08:14 . 2013-09-26 08:14 -------- d-----w- c:\users\Milan\AppData\Local\GHISLER
2013-09-26 07:51 . 2013-09-26 07:51 -------- d-----w- c:\users\Milan\AppData\Local\AOL
2013-09-26 03:52 . 2013-09-26 03:52 -------- d-----w- c:\windows\ERUNT
2013-09-25 09:58 . 2013-09-25 09:58 -------- d-----w- c:\users\Mamka a taťka\AppData\Local\Programs
2013-09-25 04:15 . 2013-09-26 07:46 -------- d-----w- C:\AdwCleaner
2013-09-24 08:19 . 2013-09-24 08:19 -------- d-----w- c:\program files\trend micro
2013-09-24 08:19 . 2013-09-24 08:19 -------- d-----w- C:\rsit
2013-09-24 08:17 . 2013-09-24 08:17 -------- d-----w- c:\users\Mamka a taťka\AppData\Local\ElevatedDiagnostics
2013-09-24 04:20 . 2013-09-24 04:20 -------- d-----w- c:\users\Mamka a taťka\AppData\Roaming\Malwarebytes
2013-09-23 11:17 . 2013-09-23 11:17 -------- d-----w- c:\users\Mamka a taťka\AppData\Local\GHISLER
2013-09-23 10:33 . 2013-09-23 10:33 -------- d-----w- c:\program files\CCleaner
2013-09-23 08:17 . 2013-09-23 08:17 -------- d-----w- c:\users\Milan\AppData\Roaming\Malwarebytes
2013-09-23 08:17 . 2013-09-23 08:17 -------- d-----w- c:\programdata\Malwarebytes
2013-09-23 08:17 . 2013-09-23 08:17 -------- d-----w- c:\users\Milan\AppData\Local\Programs
2013-09-19 19:18 . 2013-09-19 19:18 1409 ----a-w- c:\windows\QTFont.for
2013-09-17 07:49 . 2013-09-05 05:02 7328304 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1161A4C9-A6A0-4F4C-81FB-4390E13691AB}\mpengine.dll
2013-09-11 16:19 . 2013-08-05 01:56 133056 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-09-05 14:04 . 2013-09-05 14:04 209272 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2013-08-29 09:01 . 2013-08-29 09:01 -------- d-----w- c:\users\Mamka a taťka\AppData\Roaming\Real
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-26 10:22 . 2012-06-28 12:21 246804 ----a-w- c:\windows\system32\drivers\AtherosBt.bin
2013-09-13 06:09 . 2012-06-09 19:48 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-13 06:09 . 2012-03-26 06:57 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-27 12:08 . 2013-09-26 11:07 77528 ----a-w- c:\windows\system32\RtNicProp32.dll
2013-08-27 12:08 . 2013-09-26 11:07 102104 ----a-w- c:\windows\system32\RTNUninst32.dll
2013-08-10 03:59 . 2013-09-12 04:35 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-08-10 02:17 . 2013-09-12 04:35 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-08-08 01:03 . 2013-09-11 16:19 2348544 ----a-w- c:\windows\system32\win32k.sys
2013-08-07 02:22 . 2009-10-03 07:08 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-08-02 01:50 . 2013-09-11 16:19 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-07-25 08:57 . 2013-08-15 14:31 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-19 01:41 . 2013-08-15 14:30 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-09 05:03 . 2013-08-15 14:31 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-09 05:03 . 2013-08-15 14:31 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-09 04:53 . 2013-08-15 14:30 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-07-09 04:52 . 2013-08-15 14:31 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 04:50 . 2013-08-15 14:31 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 04:46 . 2013-08-15 14:31 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 04:46 . 2013-08-15 14:31 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 04:46 . 2013-08-15 14:31 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-06 05:05 . 2013-08-15 14:31 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2008-02-01 61440]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-30 9210400]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-11-13 138784]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-11-13 172064]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-11-13 173600]
"AtherosBtStack"="c:\program files\Qualcomm Atheros\Bluetooth Suite\btvstack.exe" [2012-06-28 877696]
"AthBtTray"="c:\program files\Qualcomm Atheros\Bluetooth Suite\athbttray.exe" [2012-06-28 696448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-10 752168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^Milan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk]
path=c:\users\Milan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk
backup=c:\windows\pss\Nikon Monitor.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Milan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\Milan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
2008-01-23 13:34 7766016 ----a-w- c:\program files\ATKOSD2\ATKOSD2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]
2012-03-28 00:53 404568 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-03-23 17:00 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-03-17 16:40 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18 133432 ----a-w- c:\program files\ICQ7.1\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2009-11-25 19:42 95632 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2012-11-13 13:43 173600 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 05:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-07-25 06:58 20684656 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-09-20 20:23 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-03-01 13:24 857648 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
R2 gupdate1ca751658db5904;Služba Google Update (gupdate1ca751658db5904);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-04 133104]
R3 Asushwio;Asushwio;c:\windows\system32\drivers\Asushwio.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2012-06-28 299648]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2012-06-28 98432]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
R3 FlashUSB;FlashUSB;c:\windows\system32\DRIVERS\FlashUSB.sys [2010-05-12 16896]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-18 1343400]
S2 AtherosSvc;AtherosSvc;c:\program files\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [2012-06-28 105600]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-06-28 35968]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2012-06-28 25728]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2012-06-28 148096]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2012-06-28 60544]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2012-06-28 264448]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-15 127488]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-04 02:02 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-09-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 06:09]
.
2013-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce830f2f4fcf43.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-04 19:16]
.
2013-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-04 19:16]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Mamka a taťka\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Mamka a taťka\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 10.27.154.1 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-86063553.sys
MSConfigStartUp-DriverScanner - c:\program files\Uniblue\DriverScanner\launcher.exe
AddRemove-Adobe Photoshop 7.0 CE - c:\windows\ISUN0405.EXE
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AdobeARMservice]
"ImagePath"="\"c:\prograrddiskvolume1\Program Files\Google\Google Earth"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Device Parameters]
"NodeID"=hex:8d,b3,b5,1f,56,f3,e1,11,a7,79,00,22,43,c1,64,ab
"Identity"=hex:53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,56,00,4f,00,4c,
00,55,00,4d,00,45,00,23,00,5f,00,3f,00,3f,00,5f,00,53,00,44,00,23,00,56,00,\
"EnableLegacySupport"=dword:00000003
"AutoPlaySourceOnly"=dword:00000000
"UseExtendedWmdm"=dword:00000001
"WMDMSPCLSID"="{77F7F122-20B0-4117-A2FB-059D1FC88256}"
"OptimalTransferSize"=dword:00040000
"PortableDeviceIsMassStorage"=dword:00000001
"ConvertSerialNumberToANSI"=dword:00000001
"PortableDeviceType"=dword:00000000
"Icons"=multi:"%SystemRoot%\\system32\\wpdshext.dll,-701\00\00"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\00007000\00000000]
"Type"=hex:11,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\00000003\00000000]
"Type"=hex:07,00,00,00
"Data"=hex:02,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\00000003\00000000]
"Type"=hex:12,00,00,00
"Data"=hex:77,00,70,00,64,00,66,00,73,00,2e,00,69,00,6e,00,66,00,3a,00,4d,00,
69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,2e,00,4e,00,54,00,78,00,38,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\00000064\00000000]
"Type"=hex:10,00,00,00
"Data"=hex:f0,03,50,9e,05,13,cc,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\00000065\00000000]
"Type"=hex:10,00,00,00
"Data"=hex:f0,03,50,9e,05,13,cc,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000002\00000000]
"Type"=hex:10,00,00,00
"Data"=hex:00,80,8c,a3,c5,94,c6,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000003\00000000]
"Type"=hex:12,00,00,00
"Data"=hex:36,00,2e,00,31,00,2e,00,37,00,36,00,30,00,30,00,2e,00,31,00,36,00,
33,00,38,00,35,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000004\00000000]
"Type"=hex:12,00,00,00
"Data"=hex:4f,00,76,00,6c,00,61,00,64,00,61,00,0d,01,20,00,73,00,76,00,61,00,
7a,00,6b,00,75,00,20,00,73,00,6f,00,75,00,62,00,6f,00,72,00,6f,00,76,00,e9,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000005\00000000]
"Type"=hex:12,00,00,00
"Data"=hex:77,00,70,00,64,00,66,00,73,00,2e,00,69,00,6e,00,66,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000006\00000000]
"Type"=hex:12,00,00,00
"Data"=hex:42,00,61,00,73,00,69,00,63,00,5f,00,49,00,6e,00,73,00,74,00,61,00,
6c,00,6c,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000008\00000000]
"Type"=hex:12,00,00,00
"Data"=hex:77,00,70,00,64,00,62,00,75,00,73,00,65,00,6e,00,75,00,6d,00,5c,00,
66,00,73,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000009\00000000]
"Type"=hex:12,00,00,00
"Data"=hex:4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0000000b\00000000]
"Type"=hex:12,20,00,00
"Data"=hex:57,00,55,00,44,00,46,00,43,00,6f,00,49,00,6e,00,73,00,74,00,61,00,
6c,00,6c,00,65,00,72,00,2e,00,64,00,6c,00,6c,00,00,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0000000e\00000000]
"Type"=hex:07,00,00,00
"Data"=hex:00,20,ff,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000011\00000000]
"Type"=hex:11,00,00,00
"Data"=hex:ff
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{c4f6821f-52d5-44c5-a674-4a07f1b60d4c}\00000003\00000000]
"Type"=hex:11,00,00,00
"Data"=hex:ff
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{e5c2ac63-e4d6-4d35-9c5e-53e9dc6003af}\00000001\00000000]
"Data"=hex:5c,00,5c,00,3f,00,5c,00,73,00,74,00,6f,00,72,00,61,00,67,00,65,00,
23,00,76,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,5f,00,3f,00,3f,00,5f,00,73,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(2900)
c:\windows\system32\btmmhook.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\windows\system32\conhost.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Celkový čas: 2013-09-27 13:47:56 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-09-27 11:47
.
Před spuštěním: Volných bajtů: 18 051 645 440
Po spuštění: Volných bajtů: 17 977 507 840
.
- - End Of File - - 49ED3549B6E2B056FDDE86C81E10A0C9
A36C5E4F47E84449FF07ED3517B43A31
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43292
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Nejde spustit hijackthis

Příspěvekod jaro3 » 27 zář 2013 19:36

Odinstaluj:
c:\program files\Seznam.cz


Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce830f2f4fcf43.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files\Google\Update

Driver::
gupdate1ca751658db5904

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
http://files.avast.com/files/rootkit-scanner/aswmbr.exe
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

Stáhni si a nainstaluj WhoCrashed
otevři ho a klikni na Analyze.
Program vytvoří zprávu , zkopíruj celou a vlož prosím sem.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
BohousUL
nováček
Příspěvky: 28
Registrován: listopad 07
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Nejde spustit hijackthis

Příspěvekod BohousUL » 27 zář 2013 21:38

ComboFix 13-09-26.03 - Mamka a taťka 27.09.2013 20:39:39.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2013.1275 [GMT 2:00]
Spuštěný z: c:\users\Mamka a taŁka\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Mamka a taŁka\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-27 do 2013-09-27 )))))))))))))))))))))))))))))))
.
.
2013-09-27 19:02 . 2013-09-27 19:02 -------- d-----w- c:\users\Milan\AppData\Local\temp
2013-09-27 19:02 . 2013-09-27 19:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-27 18:41 . 2013-09-27 18:41 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1161A4C9-A6A0-4F4C-81FB-4390E13691AB}\offreg.dll
2013-09-27 11:36 . 2013-09-27 19:07 -------- d-----w- c:\users\Mamka a taťka\AppData\Local\temp
2013-09-27 11:28 . 2013-09-27 11:28 -------- d-----w- c:\users\Mamka a taťka\AppData\Local\CrashDumps
2013-09-27 06:40 . 2013-09-27 06:43 -------- d-----w- C:\dmp
2013-09-27 04:02 . 2013-09-27 04:02 -------- d-----w- c:\users\Mamka a taťka\AppData\Roaming\Atheros
2013-09-26 11:37 . 2013-09-26 11:37 -------- d-----w- c:\users\Milan\AppData\Local\BMExplorer
2013-09-26 11:08 . 2012-06-13 23:18 2957312 ----a-w- c:\windows\system32\drivers\athr.sys
2013-09-26 11:07 . 2013-08-27 12:08 77528 ----a-w- c:\windows\system32\RtNicProp32.dll
2013-09-26 11:07 . 2013-08-27 12:08 102104 ----a-w- c:\windows\system32\RTNUninst32.dll
2013-09-26 10:52 . 2009-03-01 21:05 139776 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2013-09-26 10:33 . 2013-09-26 11:37 -------- d-----w- c:\programdata\Atheros
2013-09-26 10:22 . 2013-09-26 10:22 -------- d-----w- c:\users\Milan\AppData\Roaming\Atheros
2013-09-26 10:22 . 2013-09-26 10:22 -------- d-----w- c:\program files\Common Files\Atheros
2013-09-26 10:20 . 2013-09-26 10:23 -------- d-----w- c:\program files\Qualcomm Atheros
2013-09-26 10:20 . 2013-09-26 10:20 -------- d-----w- c:\programdata\Qualcomm Atheros
2013-09-26 09:15 . 2013-09-26 11:33 -------- d-----w- C:\SWSetup
2013-09-26 08:14 . 2013-09-26 08:14 -------- d-----w- c:\users\Milan\AppData\Local\GHISLER
2013-09-26 07:51 . 2013-09-26 07:51 -------- d-----w- c:\users\Milan\AppData\Local\AOL
2013-09-26 03:52 . 2013-09-26 03:52 -------- d-----w- c:\windows\ERUNT
2013-09-25 09:58 . 2013-09-25 09:58 -------- d-----w- c:\users\Mamka a taťka\AppData\Local\Programs
2013-09-25 04:15 . 2013-09-26 07:46 -------- d-----w- C:\AdwCleaner
2013-09-24 08:19 . 2013-09-24 08:19 -------- d-----w- c:\program files\trend micro
2013-09-24 08:19 . 2013-09-24 08:19 -------- d-----w- C:\rsit
2013-09-24 08:17 . 2013-09-24 08:17 -------- d-----w- c:\users\Mamka a taťka\AppData\Local\ElevatedDiagnostics
2013-09-24 04:20 . 2013-09-24 04:20 -------- d-----w- c:\users\Mamka a taťka\AppData\Roaming\Malwarebytes
2013-09-23 11:17 . 2013-09-23 11:17 -------- d-----w- c:\users\Mamka a taťka\AppData\Local\GHISLER
2013-09-23 10:33 . 2013-09-23 10:33 -------- d-----w- c:\program files\CCleaner
2013-09-23 08:17 . 2013-09-23 08:17 -------- d-----w- c:\users\Milan\AppData\Roaming\Malwarebytes
2013-09-23 08:17 . 2013-09-23 08:17 -------- d-----w- c:\programdata\Malwarebytes
2013-09-23 08:17 . 2013-09-23 08:17 -------- d-----w- c:\users\Milan\AppData\Local\Programs
2013-09-19 19:18 . 2013-09-19 19:18 1409 ----a-w- c:\windows\QTFont.for
2013-09-17 07:49 . 2013-09-05 05:02 7328304 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1161A4C9-A6A0-4F4C-81FB-4390E13691AB}\mpengine.dll
2013-09-05 14:04 . 2013-09-05 14:04 209272 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2013-08-29 09:01 . 2013-08-29 09:01 -------- d-----w- c:\users\Mamka a taťka\AppData\Roaming\Real
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-26 10:22 . 2012-06-28 12:21 246804 ----a-w- c:\windows\system32\drivers\AtherosBt.bin
2013-09-13 06:09 . 2012-06-09 19:48 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-13 06:09 . 2012-03-26 06:57 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-07 02:22 . 2009-10-03 07:08 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-07-25 08:57 . 2013-08-15 14:31 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-19 01:41 . 2013-08-15 14:30 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-09 05:03 . 2013-08-15 14:31 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-09 05:03 . 2013-08-15 14:31 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-09 04:53 . 2013-08-15 14:30 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-07-09 04:52 . 2013-08-15 14:31 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 04:50 . 2013-08-15 14:31 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 04:46 . 2013-08-15 14:31 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 04:46 . 2013-08-15 14:31 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 04:46 . 2013-08-15 14:31 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-06 05:05 . 2013-08-15 14:31 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2008-02-01 61440]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-30 9210400]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-11-13 138784]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-11-13 172064]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-11-13 173600]
"AtherosBtStack"="c:\program files\Qualcomm Atheros\Bluetooth Suite\btvstack.exe" [2012-06-28 877696]
"AthBtTray"="c:\program files\Qualcomm Atheros\Bluetooth Suite\athbttray.exe" [2012-06-28 696448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-10 752168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^Milan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk]
path=c:\users\Milan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk
backup=c:\windows\pss\Nikon Monitor.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Milan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\Milan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
2008-01-23 13:34 7766016 ----a-w- c:\program files\ATKOSD2\ATKOSD2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]
2012-03-28 00:53 404568 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-03-23 17:00 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-03-17 16:40 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18 133432 ----a-w- c:\program files\ICQ7.1\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2009-11-25 19:42 95632 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2012-11-13 13:43 173600 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 05:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-07-25 06:58 20684656 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-09-20 20:23 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-03-01 13:24 857648 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
R2 gupdate1ca751658db5904;Služba Google Update (gupdate1ca751658db5904);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-04 133104]
R3 Asushwio;Asushwio;c:\windows\system32\drivers\Asushwio.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2012-06-28 299648]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2012-06-28 98432]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
R3 FlashUSB;FlashUSB;c:\windows\system32\DRIVERS\FlashUSB.sys [2010-05-12 16896]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-18 1343400]
S2 AtherosSvc;AtherosSvc;c:\program files\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [2012-06-28 105600]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-06-28 35968]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2012-06-28 25728]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2012-06-28 148096]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2012-06-28 60544]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2012-06-28 264448]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-15 127488]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-04 02:02 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-09-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 06:09]
.
2013-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce830f2f4fcf43.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-04 19:16]
.
2013-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-04 19:16]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Mamka a taťka\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Mamka a taťka\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 10.27.154.1 192.168.0.1
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AdobeARMservice]
"ImagePath"="\"c:\prograrddiskvolume1\Program Files\Google\Google Earth"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Device Parameters]
"NodeID"=hex:8d,b3,b5,1f,56,f3,e1,11,a7,79,00,22,43,c1,64,ab
"Identity"=hex:53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,56,00,4f,00,4c,
00,55,00,4d,00,45,00,23,00,5f,00,3f,00,3f,00,5f,00,53,00,44,00,23,00,56,00,\
"EnableLegacySupport"=dword:00000003
"AutoPlaySourceOnly"=dword:00000000
"UseExtendedWmdm"=dword:00000001
"WMDMSPCLSID"="{77F7F122-20B0-4117-A2FB-059D1FC88256}"
"OptimalTransferSize"=dword:00040000
"PortableDeviceIsMassStorage"=dword:00000001
"ConvertSerialNumberToANSI"=dword:00000001
"PortableDeviceType"=dword:00000000
"Icons"=multi:"%SystemRoot%\\system32\\wpdshext.dll,-701\00\00"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\00007000\00000000]
"Type"=hex:11,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\00000003\00000000]
"Type"=hex:07,00,00,00
"Data"=hex:02,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\00000003\00000000]
"Type"=hex:12,00,00,00
"Data"=hex:77,00,70,00,64,00,66,00,73,00,2e,00,69,00,6e,00,66,00,3a,00,4d,00,
69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,2e,00,4e,00,54,00,78,00,38,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\00000064\00000000]
"Type"=hex:10,00,00,00
"Data"=hex:f0,03,50,9e,05,13,cc,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\00000065\00000000]
"Type"=hex:10,00,00,00
"Data"=hex:f0,03,50,9e,05,13,cc,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000002\00000000]
"Type"=hex:10,00,00,00
"Data"=hex:00,80,8c,a3,c5,94,c6,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000003\00000000]
"Type"=hex:12,00,00,00
"Data"=hex:36,00,2e,00,31,00,2e,00,37,00,36,00,30,00,30,00,2e,00,31,00,36,00,
33,00,38,00,35,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000004\00000000]
"Type"=hex:12,00,00,00
"Data"=hex:4f,00,76,00,6c,00,61,00,64,00,61,00,0d,01,20,00,73,00,76,00,61,00,
7a,00,6b,00,75,00,20,00,73,00,6f,00,75,00,62,00,6f,00,72,00,6f,00,76,00,e9,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000005\00000000]
"Type"=hex:12,00,00,00
"Data"=hex:77,00,70,00,64,00,66,00,73,00,2e,00,69,00,6e,00,66,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000006\00000000]
"Type"=hex:12,00,00,00
"Data"=hex:42,00,61,00,73,00,69,00,63,00,5f,00,49,00,6e,00,73,00,74,00,61,00,
6c,00,6c,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000008\00000000]
"Type"=hex:12,00,00,00
"Data"=hex:77,00,70,00,64,00,62,00,75,00,73,00,65,00,6e,00,75,00,6d,00,5c,00,
66,00,73,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000009\00000000]
"Type"=hex:12,00,00,00
"Data"=hex:4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0000000b\00000000]
"Type"=hex:12,20,00,00
"Data"=hex:57,00,55,00,44,00,46,00,43,00,6f,00,49,00,6e,00,73,00,74,00,61,00,
6c,00,6c,00,65,00,72,00,2e,00,64,00,6c,00,6c,00,00,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0000000e\00000000]
"Type"=hex:07,00,00,00
"Data"=hex:00,20,ff,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000011\00000000]
"Type"=hex:11,00,00,00
"Data"=hex:ff
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{c4f6821f-52d5-44c5-a674-4a07f1b60d4c}\00000003\00000000]
"Type"=hex:11,00,00,00
"Data"=hex:ff
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{e5c2ac63-e4d6-4d35-9c5e-53e9dc6003af}\00000001\00000000]
"Data"=hex:5c,00,5c,00,3f,00,5c,00,73,00,74,00,6f,00,72,00,61,00,67,00,65,00,
23,00,76,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,5f,00,3f,00,3f,00,5f,00,73,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(2724)
c:\windows\system32\btmmhook.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\system32\sppsvc.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\windows\system32\conhost.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Celkový čas: 2013-09-27 21:12:46 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-09-27 19:12
ComboFix2.txt 2013-09-27 11:47
.
Před spuštěním: Volných bajtů: 18 036 228 096
Po spuštění: Volných bajtů: 17 978 679 296
.
- - End Of File - - 6E1D24AACD86E5DE025679D311F2F0F1
A36C5E4F47E84449FF07ED3517B43A31

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 21:36:38, on 27.9.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)


Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
C:\Program Files\Qualcomm Atheros\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\DllHost.exe
C:\Users\Mamka a taťka\Desktop\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AtherosBtStack] "C:\Program Files\Qualcomm Atheros\Bluetooth Suite\btvstack.exe"
O4 - HKLM\..\Run: [AthBtTray] "C:\Program Files\Qualcomm Atheros\Bluetooth Suite\athbttray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\Mamka a taťka\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mamka a taťka\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Broken Internet access because of LSP chain gap (#33 in chain of 37 missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

--
End of file - 5581 bytes
Nahoru
BohousUL
nováček
Příspěvky: 28
Registrován: listopad 07
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Nejde spustit hijackthis

Příspěvekod BohousUL » 27 zář 2013 21:39

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-09-27 21:21:26
-----------------------------
21:21:26.751 OS Version: Windows 6.1.7601 Service Pack 1
21:21:26.751 Number of processors: 2 586 0xF0D
21:21:26.751 ComputerName: MILAN-PC UserName:
21:21:28.186 Initialize success
21:21:50.494 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:21:50.494 Disk 0 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 3
21:21:50.681 Disk 0 MBR read successfully
21:21:50.681 Disk 0 MBR scan
21:21:50.697 Disk 0 Windows 7 default MBR code
21:21:50.697 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305243 MB offset 2048
21:21:50.697 Disk 0 scanning sectors +625139712
21:21:50.775 Disk 0 scanning C:\Windows\system32\drivers
21:22:02.147 Service scanning
21:22:12.771 Modules scanning
21:22:29.868 Disk 0 trace - called modules:
21:22:29.884 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
21:22:29.884 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d3c4d8]
21:22:29.899 3 CLASSPNP.SYS[89b7d59e] -> nt!IofCallDriver -> [0x85fa9840]
21:22:29.899 5 ACPI.sys[894c43d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85f41028]
21:22:29.915 Scan finished successfully
21:23:20.537 Disk 0 MBR has been saved successfully to "C:\Users\Mamka a taťka\Desktop\MBR.dat"
21:23:20.537 The log file has been saved successfully to "C:\Users\Mamka a taťka\Desktop\aswMBR.txt"



--------------------------------------------------------------------------------
Welcome to WhoCrashed (HOME EDITION) v 4.02
--------------------------------------------------------------------------------

This program checks for drivers which have been crashing your computer. If your computer has displayed a blue screen of death, suddenly rebooted or shut down then this program will help you find the root cause and possibly a solution.

Whenever a computer suddenly reboots without displaying any notice or blue screen of death, the first thing that is often thought about is a hardware failure. In reality, on Windows most crashes are caused by malfunctioning device drivers and kernel modules. In case of a kernel error, many computers do not show a blue screen unless they are configured for this. Instead these systems suddenly reboot without any notice.

This program will analyze your crash dumps with the single click of a button. It will tell you what drivers are likely to be responsible for crashing your computer. It will report a conclusion which offers suggestions on how to proceed in any situation while the analysis report will display internet links which will help you further troubleshoot any detected problems.

To obtain technical support visit www.resplendence.com/support

Click here to check if you have the latest version or if an update is available.

Just click the Analyze button for a comprehensible report ...



--------------------------------------------------------------------------------
Home Edition Notice
--------------------------------------------------------------------------------

This version of WhoCrashed is free for use at home only. If you would like to use this software at work or in a commercial environment you should get the professional edition of WhoCrashed which also allows analysis of crashdumps on remote drives and computers on the network and offers a range of additional features.

Click here for more information on the professional edition.
Click here to buy the the professional edition of WhoCrashed.


--------------------------------------------------------------------------------
System Information (local)
--------------------------------------------------------------------------------

computer name: MILAN-PC
windows version: Windows 7 Service Pack 1, 6.1, build: 7601
windows dir: C:\Windows
CPU: GenuineIntel Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz Intel586, level: 6
2 logical processors, active mask: 3
RAM: 2110902272 total
VM: 2147352576, free: 1890803712




--------------------------------------------------------------------------------
Crash Dump Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.

No valid crash dumps have been found on your computer

--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

Crash dumps are enabled but no valid crash dumps have been found. It may be that there are problems which prevent crash dumps from being written out. Check out the following article for possible causes: If crash dumps are not written out.

In case your computer does experience sudden reboots it is likely these are caused by malfunctioning hardware, power failure or a thermal issue. To troubleshoot a thermal issue, check the temperature using your BIOS setup program, check for dust in CPU and motherboard fans and if your computer is portable make sure it's located on a hard surface. Otherwise it's suggested you contact the support department of the manufacturer of your system or test your system with a memory test utility for further investigation.

Check out the following articles for more information: Troubleshooting sudden resets and shut downs.

Read the topic general suggestions for troubleshooting system crashes for more information.

Note that it's not always possible to state with certainty whether a reported driver is actually responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43292
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Nejde spustit hijackthis

Příspěvekod jaro3 » 28 zář 2013 09:42

Stáhni si na svojí plochu StartupLite .exe by MalwareBytes

Tento program identifikuje a dává volbu k odstranění nepotřebných položek k vyprázdnění paměti.
Poklepej na ikonu StartupLite.exe (by MalwareBytes ) ke spuštění programu. Ve vistě a windows 7 spusť jako správce (pravým klik na ikonu a vyber-spustit jako správce).Vytvoří se list nepotřebných vstupů po spuštění. Nech všechny položky jako deaktivované a klikni na Continue . Restartuj PC.


Znovu a v nouz. režimu:

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

KillAll::
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce830f2f4fcf43.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files\Google\Update

Driver::
gupdate1ca751658db5904

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
BohousUL
nováček
Příspěvky: 28
Registrován: listopad 07
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Nejde spustit hijackthis

Příspěvekod BohousUL » 28 zář 2013 22:19

ComboFix 13-09-26.03 - Mamka a taťka 28.09.2013 17:57:13.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2013.1309 [GMT 2:00]
Spuštěný z: c:\users\Mamka a taŁka\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Mamka a taŁka\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-28 do 2013-09-28 )))))))))))))))))))))))))))))))
.
.
2013-09-28 16:20 . 2013-09-28 16:20 -------- d-----w- c:\users\Milan\AppData\Local\temp
2013-09-28 16:20 . 2013-09-28 16:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-28 16:05 . 2013-09-28 16:05 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1161A4C9-A6A0-4F4C-81FB-4390E13691AB}\offreg.dll
2013-09-27 19:24 . 2013-09-27 19:27 -------- d-----w- c:\program files\WhoCrashed
2013-09-27 11:36 . 2013-09-28 16:25 -------- d-----w- c:\users\Mamka a taťka\AppData\Local\temp
2013-09-27 11:28 . 2013-09-27 11:28 -------- d-----w- c:\users\Mamka a taťka\AppData\Local\CrashDumps
2013-09-27 06:40 . 2013-09-27 06:43 -------- d-----w- C:\dmp
2013-09-27 04:02 . 2013-09-27 04:02 -------- d-----w- c:\users\Mamka a taťka\AppData\Roaming\Atheros
2013-09-26 11:37 . 2013-09-26 11:37 -------- d-----w- c:\users\Milan\AppData\Local\BMExplorer
2013-09-26 11:07 . 2013-08-27 12:08 77528 ----a-w- c:\windows\system32\RtNicProp32.dll
2013-09-26 11:07 . 2013-08-27 12:08 102104 ----a-w- c:\windows\system32\RTNUninst32.dll
2013-09-26 10:52 . 2009-03-01 21:05 139776 ----a-w- c:\windows\system32\drivers\Rt86win7.sys
2013-09-26 10:33 . 2013-09-26 11:37 -------- d-----w- c:\programdata\Atheros
2013-09-26 10:22 . 2013-09-26 10:22 -------- d-----w- c:\users\Milan\AppData\Roaming\Atheros
2013-09-26 10:22 . 2013-09-26 10:22 -------- d-----w- c:\program files\Common Files\Atheros
2013-09-26 10:20 . 2013-09-26 10:23 -------- d-----w- c:\program files\Qualcomm Atheros
2013-09-26 10:20 . 2013-09-26 10:20 -------- d-----w- c:\programdata\Qualcomm Atheros
2013-09-26 09:15 . 2013-09-26 11:33 -------- d-----w- C:\SWSetup
2013-09-26 08:14 . 2013-09-26 08:14 -------- d-----w- c:\users\Milan\AppData\Local\GHISLER
2013-09-26 08:13 . 2013-05-23 08:00 3174912 ----a-w- c:\windows\system32\drivers\athr.sys
2013-09-26 07:51 . 2013-09-26 07:51 -------- d-----w- c:\users\Milan\AppData\Local\AOL
2013-09-26 03:52 . 2013-09-26 03:52 -------- d-----w- c:\windows\ERUNT
2013-09-25 09:58 . 2013-09-25 09:58 -------- d-----w- c:\users\Mamka a taťka\AppData\Local\Programs
2013-09-25 04:15 . 2013-09-26 07:46 -------- d-----w- C:\AdwCleaner
2013-09-24 08:19 . 2013-09-24 08:19 -------- d-----w- c:\program files\trend micro
2013-09-24 08:19 . 2013-09-24 08:19 -------- d-----w- C:\rsit
2013-09-24 08:17 . 2013-09-24 08:17 -------- d-----w- c:\users\Mamka a taťka\AppData\Local\ElevatedDiagnostics
2013-09-24 04:20 . 2013-09-24 04:20 -------- d-----w- c:\users\Mamka a taťka\AppData\Roaming\Malwarebytes
2013-09-23 11:17 . 2013-09-23 11:17 -------- d-----w- c:\users\Mamka a taťka\AppData\Local\GHISLER
2013-09-23 10:33 . 2013-09-23 10:33 -------- d-----w- c:\program files\CCleaner
2013-09-23 08:17 . 2013-09-23 08:17 -------- d-----w- c:\users\Milan\AppData\Roaming\Malwarebytes
2013-09-23 08:17 . 2013-09-23 08:17 -------- d-----w- c:\programdata\Malwarebytes
2013-09-23 08:17 . 2013-09-23 08:17 -------- d-----w- c:\users\Milan\AppData\Local\Programs
2013-09-19 19:18 . 2013-09-19 19:18 1409 ----a-w- c:\windows\QTFont.for
2013-09-17 07:49 . 2013-09-05 05:02 7328304 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1161A4C9-A6A0-4F4C-81FB-4390E13691AB}\mpengine.dll
2013-09-05 14:04 . 2013-09-05 14:04 209272 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-26 10:22 . 2012-06-28 12:21 246804 ----a-w- c:\windows\system32\drivers\AtherosBt.bin
2013-09-13 06:09 . 2012-06-09 19:48 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-13 06:09 . 2012-03-26 06:57 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-07 02:22 . 2009-10-03 07:08 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-07-25 08:57 . 2013-08-15 14:31 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-19 01:41 . 2013-08-15 14:30 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-09 05:03 . 2013-08-15 14:31 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-09 05:03 . 2013-08-15 14:31 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-07-09 04:53 . 2013-08-15 14:30 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-07-09 04:52 . 2013-08-15 14:31 175104 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 04:50 . 2013-08-15 14:31 652800 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 04:46 . 2013-08-15 14:31 1166848 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 04:46 . 2013-08-15 14:31 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 04:46 . 2013-08-15 14:31 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-06 05:05 . 2013-08-15 14:31 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2008-02-01 61440]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-30 9210400]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"AtherosBtStack"="c:\program files\Qualcomm Atheros\Bluetooth Suite\btvstack.exe" [2012-06-28 877696]
"AthBtTray"="c:\program files\Qualcomm Atheros\Bluetooth Suite\athbttray.exe" [2012-06-28 696448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-10 752168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^Milan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk]
path=c:\users\Milan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk
backup=c:\windows\pss\Nikon Monitor.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Milan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\Milan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
2008-01-23 13:34 7766016 ----a-w- c:\program files\ATKOSD2\ATKOSD2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]
2012-03-28 00:53 404568 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-03-23 17:00 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-03-17 16:40 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18 133432 ----a-w- c:\program files\ICQ7.1\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2009-11-25 19:42 95632 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2012-11-13 13:43 173600 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 05:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-07-25 06:58 20684656 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-09-20 20:23 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-03-01 13:24 857648 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
R2 gupdate1ca751658db5904;Služba Google Update (gupdate1ca751658db5904);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-04 133104]
R3 Asushwio;Asushwio;c:\windows\system32\drivers\Asushwio.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2012-06-28 299648]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2012-06-28 98432]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-01-29 29736]
R3 FlashUSB;FlashUSB;c:\windows\system32\DRIVERS\FlashUSB.sys [2010-05-12 16896]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-18 1343400]
S2 AtherosSvc;AtherosSvc;c:\program files\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [2012-06-28 105600]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-06-28 35968]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2012-06-28 25728]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2012-06-28 148096]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2012-06-28 60544]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2012-06-28 264448]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-15 127488]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-04 02:02 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-09-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 06:09]
.
2013-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce830f2f4fcf43.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-04 19:16]
.
2013-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-04 19:16]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Mamka a taťka\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Mamka a taťka\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 10.27.154.1 192.168.0.1
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AdobeARMservice]
"ImagePath"="\"c:\prograrddiskvolume1\Program Files\Google\Google Earth"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Device Parameters]
"NodeID"=hex:8d,b3,b5,1f,56,f3,e1,11,a7,79,00,22,43,c1,64,ab
"Identity"=hex:53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,56,00,4f,00,4c,
00,55,00,4d,00,45,00,23,00,5f,00,3f,00,3f,00,5f,00,53,00,44,00,23,00,56,00,\
"EnableLegacySupport"=dword:00000003
"AutoPlaySourceOnly"=dword:00000000
"UseExtendedWmdm"=dword:00000001
"WMDMSPCLSID"="{77F7F122-20B0-4117-A2FB-059D1FC88256}"
"OptimalTransferSize"=dword:00040000
"PortableDeviceIsMassStorage"=dword:00000001
"ConvertSerialNumberToANSI"=dword:00000001
"PortableDeviceType"=dword:00000000
"Icons"=multi:"%SystemRoot%\\system32\\wpdshext.dll,-701\00\00"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\00007000\00000000]
"Type"=hex:11,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\00000003\00000000]
"Type"=hex:07,00,00,00
"Data"=hex:02,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\00000003\00000000]
"Type"=hex:12,00,00,00
"Data"=hex:77,00,70,00,64,00,66,00,73,00,2e,00,69,00,6e,00,66,00,3a,00,4d,00,
69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,2e,00,4e,00,54,00,78,00,38,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\00000064\00000000]
"Type"=hex:10,00,00,00
"Data"=hex:f0,03,50,9e,05,13,cc,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\00000065\00000000]
"Type"=hex:10,00,00,00
"Data"=hex:f0,03,50,9e,05,13,cc,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000002\00000000]
"Type"=hex:10,00,00,00
"Data"=hex:00,80,8c,a3,c5,94,c6,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000003\00000000]
"Type"=hex:12,00,00,00
"Data"=hex:36,00,2e,00,31,00,2e,00,37,00,36,00,30,00,30,00,2e,00,31,00,36,00,
33,00,38,00,35,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000004\00000000]
"Type"=hex:12,00,00,00
"Data"=hex:4f,00,76,00,6c,00,61,00,64,00,61,00,0d,01,20,00,73,00,76,00,61,00,
7a,00,6b,00,75,00,20,00,73,00,6f,00,75,00,62,00,6f,00,72,00,6f,00,76,00,e9,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000005\00000000]
"Type"=hex:12,00,00,00
"Data"=hex:77,00,70,00,64,00,66,00,73,00,2e,00,69,00,6e,00,66,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000006\00000000]
"Type"=hex:12,00,00,00
"Data"=hex:42,00,61,00,73,00,69,00,63,00,5f,00,49,00,6e,00,73,00,74,00,61,00,
6c,00,6c,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000008\00000000]
"Type"=hex:12,00,00,00
"Data"=hex:77,00,70,00,64,00,62,00,75,00,73,00,65,00,6e,00,75,00,6d,00,5c,00,
66,00,73,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000009\00000000]
"Type"=hex:12,00,00,00
"Data"=hex:4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0000000b\00000000]
"Type"=hex:12,20,00,00
"Data"=hex:57,00,55,00,44,00,46,00,43,00,6f,00,49,00,6e,00,73,00,74,00,61,00,
6c,00,6c,00,65,00,72,00,2e,00,64,00,6c,00,6c,00,00,00,00,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0000000e\00000000]
"Type"=hex:07,00,00,00
"Data"=hex:00,20,ff,00
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\00000011\00000000]
"Type"=hex:11,00,00,00
"Data"=hex:ff
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{c4f6821f-52d5-44c5-a674-4a07f1b60d4c}\00000003\00000000]
"Type"=hex:11,00,00,00
"Data"=hex:ff
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186r*d*d*i*s*k*V*o*l*u*m*e*1*\*P*r*o*g*r*a*m* *F*i*l*e*s*\*W*I*D*C*O*M*M*\*B*l\Properties\{e5c2ac63-e4d6-4d35-9c5e-53e9dc6003af}\00000001\00000000]
"Data"=hex:5c,00,5c,00,3f,00,5c,00,73,00,74,00,6f,00,72,00,61,00,67,00,65,00,
23,00,76,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,5f,00,3f,00,3f,00,5f,00,73,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(3412)
c:\windows\system32\btmmhook.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\system32\sppsvc.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\windows\system32\conhost.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Celkový čas: 2013-09-28 18:30:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-09-28 16:30
ComboFix2.txt 2013-09-27 19:12
ComboFix3.txt 2013-09-27 11:47
.
Před spuštěním: Volných bajtů: 18 017 259 520
Po spuštění: Volných bajtů: 17 958 342 656
.
- - End Of File - - 76AB5CEC32A142922D3C72547164B327
A36C5E4F47E84449FF07ED3517B43A31


Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 18:43:12, on 28.9.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)


Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
C:\Program Files\Qualcomm Atheros\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Explorer.exe
C:\Users\Mamka a taťka\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [AtherosBtStack] "C:\Program Files\Qualcomm Atheros\Bluetooth Suite\btvstack.exe"
O4 - HKLM\..\Run: [AthBtTray] "C:\Program Files\Qualcomm Atheros\Bluetooth Suite\athbttray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\Mamka a taťka\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mamka a taťka\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Broken Internet access because of LSP chain gap (#33 in chain of 37 missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

--
End of file - 5248 bytes
Nahoru
Odpovědět

Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 114 hostů