PC-HELP.CZ

Prosím o kontrolu logu z HT.
PC maže dll. soubory.

log:

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 8:49:38, on 24.11.2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16520)

FIREFOX: 14.0.1 (en-US)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Nekut Karel\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qvo6.com/web/?utm_source= ... 1375603366
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.qvo6.com/web/?utm_source= ... 1375603366
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\npwinext.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\677fb541-f079-4b27-b049-ecdbc18a9191.exe /check
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Detekce zařízení) - http://www.logitech.com/devicedetector/ ... tion32.cab
O18 - Protocol: linkscanner - (no CLSID) - (no file)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Desk 365 service (desksvc) - Unknown owner - C:\Program Files\Desk 365\deskSvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files\Tunngle\TnglCtrl.exe

--
End of file - 8810 bytes

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.


Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

log z AdwCleaner :

# AdwCleaner v3.013 - Report created 24/11/2013 at 12:40:45
# Updated 24/11/2013 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Nekut Karel - NEKUTKAREL-PC
# Running from : C:\Users\Nekut Karel\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : desksvc

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\GadgetBox
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\ProgramData\Uniblue\DriverScanner
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desk 365
Folder Deleted : C:\Program Files\Windows Sidebar\Shared Gadgets\gadgetbox.gadget
Folder Deleted : C:\Users\Nekut Karel\AppData\Local\eSupport.com
Folder Deleted : C:\Users\Nekut Karel\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Nekut Karel\AppData\LocalLow\Mail.Ru
Folder Deleted : C:\Users\Nekut Karel\AppData\Roaming\eIntaller
Folder Deleted : C:\Users\Nekut Karel\AppData\Roaming\ExpressFiles
Folder Deleted : C:\Users\Nekut Karel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch
Folder Deleted : C:\Users\Kája\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Nekut Karel\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\Extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Users\Nekut Karel\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\Extensions\plugin@getwebcake.com
Folder Deleted : C:\Users\Nekut Karel\AppData\Roaming\Mozilla\Firefox\Profiles\wsp66ecb.default\Extensions\plugin@getwebcake.com
Folder Deleted : C:\Users\Nekut Karel\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\Extensions\plugin@yontoo.com
File Deleted : C:\Users\Nekut Karel\AppData\Roaming\Mozilla\Firefox\Profiles\wsp66ecb.default\Extensions\gophoto@gophoto.it.xpi
File Deleted : C:\Users\Nekut Karel\AppData\Roaming\Mozilla\Firefox\Profiles\wsp66ecb.default\Extensions\plugin@yontoo.com.xpi
File Deleted : C:\Users\Nekut Karel\AppData\Roaming\Mozilla\Firefox\Profiles\wsp66ecb.default\Extensions\trtv3@trtv.com.xpi
File Deleted : C:\Users\NEKUTK~1\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Nekut Karel\AppData\Roaming\Mozilla\Firefox\Profiles\wsp66ecb.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Nekut Karel\AppData\Roaming\Mozilla\Firefox\Profiles\wsp66ecb.default\bprotector_prefs.js
File Deleted : C:\Users\Nekut Karel\AppData\Roaming\Mozilla\Firefox\Profiles\wsp66ecb.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Nekut Karel\AppData\Roaming\Mozilla\Firefox\Profiles\wsp66ecb.default\searchplugins\Babylon.xml
File Deleted : C:\Users\Nekut Karel\AppData\Roaming\Mozilla\Firefox\Profiles\wsp66ecb.default\searchplugins\browsemngr.xml
File Deleted : C:\Users\Nekut Karel\AppData\Roaming\Mozilla\Firefox\Profiles\wsp66ecb.default\searchplugins\BrowserProtect.xml
File Deleted : C:\Users\Nekut Karel\AppData\Roaming\Mozilla\Firefox\Profiles\wsp66ecb.default\searchplugins\GadgetBox.xml
File Deleted : C:\Users\Nekut Karel\AppData\Roaming\Mozilla\Firefox\Profiles\wsp66ecb.default\searchplugins\search.xml
File Deleted : C:\Users\Nekut Karel\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
File Deleted : C:\Users\Nekut Karel\AppData\Roaming\Mozilla\Firefox\Profiles\wsp66ecb.default\user.js
File Deleted : C:\Windows\System32\Tasks\Express FilesUpdate
File Deleted : C:\Windows\System32\Tasks\YourFile Update

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{85D2C92F-93BE-4EBE-B74C-32E3FDDDBAB7}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85D2C92F-93BE-4EBE-B74C-32E3FDDDBAB7}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{25E9CAE5-A049-435E-BC04-4A26A751FAD7}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25E9CAE5-A049-435E-BC04-4A26A751FAD7}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D470A3C8-3925-442E-AB2C-D2D172ACD946}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D470A3C8-3925-442E-AB2C-D2D172ACD946}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E4B69D73-DD48-4763-BD75-137A599B5C8E}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4B69D73-DD48-4763-BD75-137A599B5C8E}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{75958DC1-B920-473C-8AC0-60AB9BA5D180}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75958DC1-B920-473C-8AC0-60AB9BA5D180}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKCU\Software\d6d68bb43feb44
Key Deleted : HKLM\SOFTWARE\d6d68bb43feb44
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C2178B36-2955-479B-818C-A2AE8E500454}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36BCB13-778D-4A40-99C1-D686086D268F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CCA8F2AB-BE4E-41F0-A289-4D960CEA58EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Key Deleted : HKCU\Software\BFlix
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKLM\Software\ExpressFiles
Key Deleted : HKLM\Software\hdcode
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\V9
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{37476589-E48E-439E-A706-56189E2ED4C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{71277DC4-4217-462A-9FF4-62D7815B2C69}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Desk 365
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\torch
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16520

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]

-\\ Mozilla Firefox v14.0.1 (en-US)

[ File : C:\Users\Nekut Karel\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]


[ File : C:\Users\Nekut Karel\AppData\Roaming\Mozilla\Firefox\Profiles\wsp66ecb.default\prefs.js ]

Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("browser.newtab.url", "hxxp://www1.delta-search.com/?affID=122310&babsrc=HP_ss&mntrId=F08B00FFE87FA546");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.gboxapp.com/?pid=388&src=ff2&r=2013/03/18&hid=1735573178&lg=EN&cc=CZ&q=");
Line Deleted : user_pref("browser.search.order.1", "Delta Search");
Line Deleted : user_pref("browser.search.order.1,S", "GadgetBox");
Line Deleted : user_pref("browser.search.selectedEngine", "Delta Search");
Line Deleted : user_pref("browser.search.selectedEngine,S", "GadgetBox");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://www1.delta-search.com/?affID=122310&babsrc=HP_ss&mntrId=F08B00FFE87FA546");
Line Deleted : user_pref("extensions.5065665210b72.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.location.hostname)>-1) return;}c[...]
Line Deleted : user_pref("extensions.50795ba07d872.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.location.hostname)>-1) return;}c[...]
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=116780&tt=4312_6&babsrc=NT_ss&mntrId=f08b037500000000000000218537928c");
Line Deleted : user_pref("extensions.enabledAddons", "ascsurfingprotection@iobit.com:1.0,gadget@gadgetbox:1.6,plugin@yontoo.com:1.20.02,toolbar@ask.com:3.15.23.100013,{972ce4c6-7e08-4474-a285-3208198ce6fd}:14.0.1");
Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers");
Line Deleted : user_pref("extentions.y2layers.installId", "bda84135-2eb6-4713-92a1-8cb23ffea21f");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "GadgetBox");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://search.gboxapp.com/?pid=388&src=ff1&r=2013/03/18&hid=1735573178&lg=EN&cc=CZ");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.gboxapp.com/?pid=388&src=ff2&r=2013/03/18&hid=1735573178&lg=EN&cc=CZ&q=");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");

-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\Nekut Karel\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [14086 octets] - [24/11/2013 12:33:19]
AdwCleaner[S0].txt - [13786 octets] - [24/11/2013 12:40:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13847 octets] ##########

log z Malwarebytes Anti-Malware :

Malwarebytes Anti-Malware 1.75.0.1300
http://www.malwarebytes.org

Verze: v2013.11.24.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Nekut Karel :: NEKUTKAREL-PC [administrátor]

24.11.2013 14:28:09
MBAM-log-2013-11-24 (16-07-22).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 284169
Uplynulý čas: 1 hodin, 7 minut, 31 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E77B2837-D38B-44C7-BF44-C8D410BBD83D} (PUP.BFlix) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 2
C:\Windows\inf\ntvdm.inf (Malware.Trace) -> Nebyla provedena žádná instrukce.
C:\Users\Nekut Karel\SendTo\Desk 365.lnk (PUP.Optional.Desk365.A) -> Nebyla provedena žádná instrukce.

(konec)

V Mbam nech vše smazat a dodej log

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

Stáhni si Junkware Removal Tool

na svojí plochu.
Deaktivuj si svůj antivirový program.
Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

log z Malwarebytes Anti-Malware :

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2013.11.26.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Nekut Karel :: NEKUTKAREL-PC [administrátor]

Ochrana: Povolena

27.11.2013 16:01:45
mbam-log-2013-11-27 (16-01-45).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 284573
Uplynulý čas: 34 minut, 33 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E77B2837-D38B-44C7-BF44-C8D410BBD83D} (PUP.BFlix) -> Přesun do karantény a smazání se zdařilo.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 1
C:\Users\Nekut Karel\SendTo\Desk 365.lnk (PUP.Optional.Desk365.A) -> Přesun do karantény a smazání se zdařilo.

(konec)

log z rogue killer :

RogueKiller V8.7.9 [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Spuštěno v : Normální režim
Uživatel : Nekut Karel [Práva správce]
Mód : Kontrola -- Datum : 11/27/2013 15:55:07
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 5 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> NALEZENO
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> NALEZENO
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> NALEZENO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 7 ¤¤¤
[All Users][SUSP UNIC] Stronghold Crusader ??? zástupce.lnk : C:\Users\All Users\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stronghold Crusader ??? zástupce.lnk [x] -> NALEZENO
[Default][SUSP UNIC] Stronghold Crusader ??? zástupce.lnk : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stronghold Crusader ??? zástupce.lnk [x] -> NALEZENO
[Default User][SUSP UNIC] Stronghold Crusader ??? zástupce.lnk : C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stronghold Crusader ??? zástupce.lnk [x] -> NALEZENO
[desktop.ini][SUSP UNIC] Stronghold Crusader ??? zástupce.lnk : C:\Users\desktop.ini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stronghold Crusader ??? zástupce.lnk [x] -> NALEZENO
[Nekut][SUSP UNIC] Stronghold Crusader ??? zástupce.lnk : C:\Users\Nekut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stronghold Crusader ??? zástupce.lnk [x] -> NALEZENO
[Public][SUSP UNIC] Stronghold Crusader ??? zástupce.lnk : C:\Users\Public\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stronghold Crusader ??? zástupce.lnk [x] -> NALEZENO
[UpdatusUser][SUSP UNIC] Stronghold Crusader ??? zástupce.lnk : C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stronghold Crusader ??? zástupce.lnk [x] -> NALEZENO

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
[Address] IRP[IRP_MJ_CREATE] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0x8652A1F8)
[Address] IRP[IRP_MJ_CLOSE] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0x8652A1F8)
[Address] IRP[IRP_MJ_DEVICE_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0x8652A1F8)
[Address] IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0x8652A1F8)
[Address] IRP[IRP_MJ_POWER] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0x8652A1F8)
[Address] IRP[IRP_MJ_SYSTEM_CONTROL] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0x8652A1F8)
[Address] IRP[IRP_MJ_PNP] : C:\Windows\System32\drivers\mountmgr.sys -> HOOKED (Unknown @ 0x8652A1F8)
[Inline] EAT @explorer.exe (FwDoNothingOnObject) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35F1A966)
[Inline] EAT @explorer.exe (FwEnableMemTracing) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35F1A966)
[Inline] EAT @explorer.exe (FwSetMemLeakPolicy) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35F1A966)

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 eu.actual.battle.net
127.0.0.1 us.actual.battle.net


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3500320AS ATA Device +++++
--- User ---
[MBR] 12eb0d23bebc67f06c359bfbd4febcb4
[BSP] fff040ae739b45c3f139f0a85e35e386 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_S_11272013_155507.txt >>

log z JRT :

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Nekut Karel on st 27.11.2013 at 17:19:10,31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on st 27.11.2013 at 17:30:27,11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller. 2.8.16.0_(datum)_log.txt , vlož sem prosím celý obsah logu.

log z rogue killer :

RogueKiller V8.7.9 [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Spuštěno v : Normální režim
Uživatel : Nekut Karel [Práva správce]
Mód : Odebrat -- Datum : 11/27/2013 17:57:34
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 5 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> VYMAZÁNO
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> NAHRAZENO (0)
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> NAHRAZENO (0)

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 7 ¤¤¤
[All Users][SUSP UNIC] Stronghold Crusader ??� zástupce.lnk : C:\Users\All Users\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stronghold Crusader ??� zástupce.lnk [x] ->
[Default][SUSP UNIC] Stronghold Crusader ??� zástupce.lnk : C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stronghold Crusader ??� zástupce.lnk [x] ->
[Default User][SUSP UNIC] Stronghold Crusader ??� zástupce.lnk : C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stronghold Crusader ??� zástupce.lnk [x] ->
[desktop.ini][SUSP UNIC] Stronghold Crusader ??� zástupce.lnk : C:\Users\desktop.ini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stronghold Crusader ??� zástupce.lnk [x] ->
[Nekut][SUSP UNIC] Stronghold Crusader ??� zástupce.lnk : C:\Users\Nekut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stronghold Crusader ??� zástupce.lnk [x] ->
[Public][SUSP UNIC] Stronghold Crusader ??� zástupce.lnk : C:\Users\Public\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stronghold Crusader ??� zástupce.lnk [x] ->
[UpdatusUser][SUSP UNIC] Stronghold Crusader ??� zástupce.lnk : C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stronghold Crusader ??� zástupce.lnk [x] ->

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
[Inline] EAT @explorer.exe (FwDoNothingOnObject) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35F1A966)
[Inline] EAT @explorer.exe (FwEnableMemTracing) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35F1A966)
[Inline] EAT @explorer.exe (FwSetMemLeakPolicy) : FirewallAPI.dll -> HOOKED (Unknown @ 0x35F1A966)

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 eu.actual.battle.net
127.0.0.1 us.actual.battle.net


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3500320AS ATA Device +++++
--- User ---
[MBR] 12eb0d23bebc67f06c359bfbd4febcb4
[BSP] fff040ae739b45c3f139f0a85e35e386 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_D_11272013_175734.txt >>
RKreport[0]_S_11272013_175636.txt

log z tdsskiller :

17:59:49.0877 2144 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:59:51.0884 2144 ============================================================
17:59:51.0884 2144 Current date / time: 2013/11/27 17:59:51.0884
17:59:51.0884 2144 SystemInfo:
17:59:51.0884 2144
17:59:51.0884 2144 OS Version: 6.0.6002 ServicePack: 2.0
17:59:51.0884 2144 Product type: Workstation
17:59:51.0884 2144 ComputerName: NEKUTKAREL-PC
17:59:51.0884 2144 UserName: Nekut Karel
17:59:51.0884 2144 Windows directory: C:\Windows
17:59:51.0884 2144 System windows directory: C:\Windows
17:59:51.0884 2144 Processor architecture: Intel x86
17:59:51.0884 2144 Number of processors: 2
17:59:51.0884 2144 Page size: 0x1000
17:59:51.0884 2144 Boot type: Normal boot
17:59:51.0884 2144 ============================================================
17:59:52.0713 2144 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:59:52.0715 2144 ============================================================
17:59:52.0715 2144 \Device\Harddisk0\DR0:
17:59:52.0715 2144 MBR partitions:
17:59:52.0715 2144 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
17:59:52.0715 2144 ============================================================
17:59:52.0733 2144 C: <-> \Device\Harddisk0\DR0\Partition1
17:59:52.0733 2144 ============================================================
17:59:52.0733 2144 Initialize success
17:59:52.0733 2144 ============================================================
17:59:55.0313 0572 ============================================================
17:59:55.0313 0572 Scan started
17:59:55.0313 0572 Mode: Manual;
17:59:55.0313 0572 ============================================================
17:59:56.0135 0572 ================ Scan system memory ========================
17:59:56.0136 0572 System memory - ok
17:59:56.0136 0572 ================ Scan services =============================
17:59:56.0213 0572 1394hub - ok
17:59:56.0269 0572 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
17:59:56.0270 0572 ACDaemon - ok
17:59:56.0297 0572 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
17:59:56.0299 0572 ACPI - ok
17:59:56.0332 0572 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:59:56.0334 0572 AdobeARMservice - ok
17:59:56.0394 0572 [ 438F31336B3DC248ABC632F1C8F34A24 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:59:56.0396 0572 AdobeFlashPlayerUpdateSvc - ok
17:59:56.0434 0572 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:59:56.0438 0572 adp94xx - ok
17:59:56.0451 0572 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:59:56.0452 0572 adpahci - ok
17:59:56.0470 0572 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
17:59:56.0472 0572 adpu160m - ok
17:59:56.0489 0572 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:59:56.0490 0572 adpu320 - ok
17:59:56.0512 0572 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:59:56.0513 0572 AeLookupSvc - ok
17:59:56.0537 0572 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
17:59:56.0540 0572 AFD - ok
17:59:56.0553 0572 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:59:56.0554 0572 agp440 - ok
17:59:56.0571 0572 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
17:59:56.0572 0572 aic78xx - ok
17:59:56.0592 0572 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
17:59:56.0594 0572 ALG - ok
17:59:56.0606 0572 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
17:59:56.0607 0572 aliide - ok
17:59:56.0622 0572 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
17:59:56.0624 0572 amdagp - ok
17:59:56.0637 0572 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
17:59:56.0638 0572 amdide - ok
17:59:56.0649 0572 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
17:59:56.0650 0572 AmdK7 - ok
17:59:56.0668 0572 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:59:56.0669 0572 AmdK8 - ok
17:59:56.0692 0572 [ AD8FA28D8ED0D0A689A0559085CE0F18 ] AmdLLD C:\Windows\system32\DRIVERS\AmdLLD.sys
17:59:56.0693 0572 AmdLLD - ok
17:59:56.0702 0572 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
17:59:56.0703 0572 Appinfo - ok
17:59:56.0723 0572 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
17:59:56.0724 0572 arc - ok
17:59:56.0744 0572 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:59:56.0745 0572 arcsas - ok
17:59:56.0867 0572 [ 2FE0D5DB69014980A970D3BF9A85D2B1 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:59:56.0869 0572 aspnet_state - ok
17:59:56.0902 0572 [ B9FE438B3CAD82B2014710349A2022F7 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
17:59:56.0904 0572 aswFsBlk - ok
17:59:56.0970 0572 [ AE5549DD21F6DE06406031EF1D51ACC3 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
17:59:56.0971 0572 aswMonFlt - ok
17:59:57.0000 0572 [ D084D0A7A66619FC29776CBBB9D5FA55 ] AswRdr C:\Windows\system32\drivers\AswRdr.sys
17:59:57.0001 0572 AswRdr - ok
17:59:57.0030 0572 [ FA72FA503F580C3C628DD8C7D7622E37 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
17:59:57.0030 0572 aswRvrt - ok
17:59:57.0062 0572 [ 4D53349D848C6BADB3D4ACBE98C27676 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
17:59:57.0068 0572 aswSnx - ok
17:59:57.0093 0572 [ 813024DFD54A41B3AFAE2B1E2796CB80 ] aswSP C:\Windows\system32\drivers\aswSP.sys
17:59:57.0096 0572 aswSP - ok
17:59:57.0111 0572 [ 5E18413310134130D7772F0668698CB7 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
17:59:57.0111 0572 aswTdi - ok
17:59:57.0132 0572 [ A5F637D61719D37A5B4868C385E363C0 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
17:59:57.0134 0572 aswVmm - ok
17:59:57.0157 0572 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:59:57.0158 0572 AsyncMac - ok
17:59:57.0180 0572 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
17:59:57.0180 0572 atapi - ok
17:59:57.0218 0572 [ F0D933B42CD0594048E4D5200AE9E417 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
17:59:57.0220 0572 atksgt - ok
17:59:57.0239 0572 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:59:57.0241 0572 AudioEndpointBuilder - ok
17:59:57.0248 0572 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
17:59:57.0251 0572 Audiosrv - ok
17:59:57.0315 0572 [ 9330941C8F6DF417F6DBBE998DB6687E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:59:57.0316 0572 avast! Antivirus - ok
17:59:57.0365 0572 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
17:59:57.0365 0572 Beep - ok
17:59:57.0395 0572 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
17:59:57.0400 0572 BFE - ok
17:59:57.0429 0572 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
17:59:57.0437 0572 BITS - ok
17:59:57.0442 0572 blbdrive - ok
17:59:57.0467 0572 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:59:57.0468 0572 bowser - ok
17:59:57.0488 0572 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
17:59:57.0489 0572 BrFiltLo - ok
17:59:57.0500 0572 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
17:59:57.0502 0572 BrFiltUp - ok
17:59:57.0518 0572 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
17:59:57.0521 0572 Browser - ok
17:59:57.0533 0572 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
17:59:57.0534 0572 Brserid - ok
17:59:57.0552 0572 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
17:59:57.0553 0572 BrSerWdm - ok
17:59:57.0567 0572 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
17:59:57.0568 0572 BrUsbMdm - ok
17:59:57.0580 0572 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
17:59:57.0580 0572 BrUsbSer - ok
17:59:57.0600 0572 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
17:59:57.0601 0572 BTHMODEM - ok
17:59:57.0608 0572 catchme - ok
17:59:57.0617 0572 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:59:57.0618 0572 cdfs - ok
17:59:57.0650 0572 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:59:57.0651 0572 cdrom - ok
17:59:57.0667 0572 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
17:59:57.0670 0572 CertPropSvc - ok
17:59:57.0679 0572 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
17:59:57.0680 0572 circlass - ok
17:59:57.0698 0572 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
17:59:57.0700 0572 CLFS - ok
17:59:57.0747 0572 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:59:57.0776 0572 clr_optimization_v2.0.50727_32 - ok
17:59:57.0807 0572 [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:59:57.0809 0572 clr_optimization_v4.0.30319_32 - ok
17:59:57.0827 0572 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:59:57.0827 0572 cmdide - ok
17:59:57.0845 0572 [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
17:59:57.0846 0572 Compbatt - ok
17:59:57.0850 0572 COMSysApp - ok
17:59:57.0858 0572 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:59:57.0859 0572 crcdisk - ok
17:59:57.0872 0572 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
17:59:57.0873 0572 Crusoe - ok
17:59:57.0902 0572 [ 684C130BBC6DB681BAD4920A4C944AA5 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:59:57.0904 0572 CryptSvc - ok
17:59:57.0931 0572 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:59:57.0939 0572 DcomLaunch - ok
17:59:57.0945 0572 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:59:57.0946 0572 DfsC - ok
17:59:58.0006 0572 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
17:59:58.0047 0572 DFSR - ok
17:59:58.0080 0572 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
17:59:58.0083 0572 Dhcp - ok
17:59:58.0111 0572 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
17:59:58.0112 0572 disk - ok
17:59:58.0140 0572 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:59:58.0142 0572 Dnscache - ok
17:59:58.0153 0572 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:59:58.0156 0572 dot3svc - ok
17:59:58.0193 0572 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
17:59:58.0196 0572 DPS - ok
17:59:58.0219 0572 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:59:58.0220 0572 drmkaud - ok
17:59:58.0246 0572 [ 651554E483712B708EDE864D0CA1AA73 ] DrvAgent32 C:\Windows\system32\Drivers\DrvAgent32.sys
17:59:58.0247 0572 DrvAgent32 - ok
17:59:58.0277 0572 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:59:58.0279 0572 dtsoftbus01 - ok
17:59:58.0305 0572 [ 988670D8343EF9835FB3659DB71B2EFA ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:59:58.0309 0572 DXGKrnl - ok
17:59:58.0325 0572 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
17:59:58.0326 0572 E1G60 - ok
17:59:58.0332 0572 EagleNT - ok
17:59:58.0370 0572 [ FB37BFB8D0295E3186F5BD8EFB6840C8 ] EagleXNt C:\Windows\system32\drivers\EagleXNt.sys
17:59:58.0374 0572 EagleXNt - ok
17:59:58.0396 0572 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
17:59:58.0399 0572 EapHost - ok
17:59:58.0415 0572 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
17:59:58.0417 0572 Ecache - ok
17:59:58.0448 0572 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:59:58.0453 0572 ehRecvr - ok
17:59:58.0472 0572 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
17:59:58.0476 0572 ehSched - ok
17:59:58.0487 0572 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
17:59:58.0488 0572 ehstart - ok
17:59:58.0509 0572 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:59:58.0511 0572 elxstor - ok
17:59:58.0539 0572 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
17:59:58.0544 0572 EMDMgmt - ok
17:59:58.0583 0572 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
17:59:58.0586 0572 EventSystem - ok
17:59:58.0608 0572 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
17:59:58.0610 0572 exfat - ok
17:59:58.0628 0572 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:59:58.0630 0572 fastfat - ok
17:59:58.0640 0572 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:59:58.0641 0572 fdc - ok
17:59:58.0669 0572 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
17:59:58.0671 0572 fdPHost - ok
17:59:58.0696 0572 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
17:59:58.0699 0572 FDResPub - ok
17:59:58.0710 0572 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:59:58.0711 0572 FileInfo - ok
17:59:58.0724 0572 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:59:58.0725 0572 Filetrace - ok
17:59:58.0746 0572 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:59:58.0761 0572 flpydisk - ok
17:59:58.0788 0572 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:59:58.0790 0572 FltMgr - ok
17:59:58.0812 0572 [ 93F7E288350460E4BAE8807283DD4E6E ] FlyPCI C:\Windows\system32\drivers\FlyPCI.sys
17:59:58.0814 0572 FlyPCI - ok
17:59:58.0863 0572 [ 2AFA3A46986AE935DAECEBC7E66314CF ] FontCache C:\Windows\system32\FntCache.dll
17:59:58.0874 0572 FontCache - ok
17:59:58.0935 0572 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:59:58.0937 0572 FontCache3.0.0.0 - ok
17:59:58.0968 0572 [ D909075FA72C090F27AA926C32CB4612 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
17:59:58.0968 0572 fssfltr - ok
17:59:59.0059 0572 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
17:59:59.0092 0572 fsssvc - ok
17:59:59.0117 0572 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:59:59.0117 0572 Fs_Rec - ok
17:59:59.0137 0572 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:59:59.0138 0572 gagp30kx - ok
17:59:59.0179 0572 [ FE4D369172AC1CC19C876BDB5BDC31A3 ] gfiark C:\Windows\system32\drivers\gfiark.sys
17:59:59.0180 0572 gfiark - ok
17:59:59.0209 0572 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
17:59:59.0215 0572 gpsvc - ok
17:59:59.0244 0572 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
17:59:59.0246 0572 gupdate - ok
17:59:59.0252 0572 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
17:59:59.0253 0572 gupdatem - ok
17:59:59.0283 0572 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\Windows\system32\drivers\hamachi.sys
17:59:59.0284 0572 hamachi - ok
17:59:59.0318 0572 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:59:59.0321 0572 HdAudAddService - ok
17:59:59.0457 0572 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:59:59.0462 0572 HDAudBus - ok
17:59:59.0497 0572 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:59:59.0498 0572 HidBth - ok
17:59:59.0575 0572 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
17:59:59.0576 0572 HidIr - ok
17:59:59.0595 0572 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
17:59:59.0597 0572 hidserv - ok
17:59:59.0621 0572 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:59:59.0621 0572 HidUsb - ok
17:59:59.0642 0572 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:59:59.0647 0572 hkmsvc - ok
17:59:59.0662 0572 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
17:59:59.0663 0572 HpCISSs - ok
17:59:59.0689 0572 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:59:59.0692 0572 HTTP - ok
17:59:59.0708 0572 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
17:59:59.0709 0572 i2omp - ok
17:59:59.0737 0572 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:59:59.0738 0572 i8042prt - ok
17:59:59.0755 0572 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
17:59:59.0758 0572 iaStorV - ok
17:59:59.0811 0572 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:59:59.0814 0572 IDriverT - ok
17:59:59.0873 0572 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:59:59.0884 0572 idsvc - ok
17:59:59.0898 0572 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:59:59.0899 0572 iirsp - ok
17:59:59.0941 0572 [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78 ] IKEEXT C:\Windows\System32\ikeext.dll
17:59:59.0946 0572 IKEEXT - ok
18:00:00.0020 0572 [ F42F2F88017A2E2B6F783ACEF6C2C149 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
18:00:00.0038 0572 IntcAzAudAddService - ok
18:00:00.0076 0572 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
18:00:00.0077 0572 intelide - ok
18:00:00.0099 0572 [ CE44CC04262F28216DD4341E9E36A16F ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:00:00.0100 0572 intelppm - ok
18:00:00.0154 0572 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:00:00.0158 0572 IPBusEnum - ok
18:00:00.0171 0572 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:00:00.0172 0572 IpFilterDriver - ok
18:00:00.0201 0572 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:00:00.0204 0572 iphlpsvc - ok
18:00:00.0209 0572 IpInIp - ok
18:00:00.0224 0572 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
18:00:00.0225 0572 IPMIDRV - ok
18:00:00.0237 0572 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
18:00:00.0239 0572 IPNAT - ok
18:00:00.0253 0572 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:00:00.0253 0572 IRENUM - ok
18:00:00.0287 0572 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:00:00.0288 0572 isapnp - ok
18:00:00.0317 0572 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:00:00.0318 0572 iScsiPrt - ok
18:00:00.0331 0572 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
18:00:00.0332 0572 iteatapi - ok
18:00:00.0346 0572 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
18:00:00.0347 0572 iteraid - ok
18:00:00.0372 0572 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:00:00.0372 0572 kbdclass - ok
18:00:00.0394 0572 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:00:00.0394 0572 kbdhid - ok
18:00:00.0416 0572 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
18:00:00.0418 0572 KeyIso - ok
18:00:00.0443 0572 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:00:00.0447 0572 KSecDD - ok
18:00:00.0470 0572 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
18:00:00.0476 0572 KtmRm - ok
18:00:00.0489 0572 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
18:00:00.0494 0572 LanmanServer - ok
18:00:00.0512 0572 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:00:00.0519 0572 LanmanWorkstation - ok
18:00:00.0546 0572 [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
18:00:00.0546 0572 lirsgt - ok
18:00:00.0560 0572 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:00:00.0561 0572 lltdio - ok
18:00:00.0580 0572 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:00:00.0585 0572 lltdsvc - ok
18:00:00.0614 0572 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:00:00.0617 0572 lmhosts - ok
18:00:00.0641 0572 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:00:00.0642 0572 LSI_FC - ok
18:00:00.0660 0572 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:00:00.0661 0572 LSI_SAS - ok
18:00:00.0684 0572 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:00:00.0685 0572 LSI_SCSI - ok
18:00:00.0712 0572 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
18:00:00.0713 0572 luafv - ok
18:00:00.0741 0572 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:00:00.0743 0572 MBAMProtector - ok
18:00:00.0796 0572 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:00:00.0800 0572 MBAMScheduler - ok
18:00:00.0822 0572 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:00:00.0827 0572 MBAMService - ok
18:00:00.0868 0572 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:00:00.0873 0572 Mcx2Svc - ok
18:00:00.0897 0572 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
18:00:00.0898 0572 megasas - ok
18:00:00.0920 0572 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
18:00:00.0923 0572 MMCSS - ok
18:00:00.0940 0572 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
18:00:00.0941 0572 Modem - ok
18:00:00.0971 0572 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:00:00.0973 0572 monitor - ok
18:00:00.0993 0572 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:00:00.0994 0572 mouclass - ok
18:00:01.0004 0572 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:00:01.0004 0572 mouhid - ok
18:00:01.0025 0572 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
18:00:01.0027 0572 MountMgr - ok
18:00:01.0047 0572 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
18:00:01.0048 0572 mpio - ok
18:00:01.0064 0572 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:00:01.0065 0572 mpsdrv - ok
18:00:01.0093 0572 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
18:00:01.0104 0572 MpsSvc - ok
18:00:01.0119 0572 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
18:00:01.0120 0572 Mraid35x - ok
18:00:01.0149 0572 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:00:01.0151 0572 MRxDAV - ok
18:00:01.0185 0572 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:00:01.0187 0572 mrxsmb - ok
18:00:01.0205 0572 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:00:01.0207 0572 mrxsmb10 - ok
18:00:01.0216 0572 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:00:01.0217 0572 mrxsmb20 - ok
18:00:01.0240 0572 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
18:00:01.0241 0572 msahci - ok
18:00:01.0258 0572 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:00:01.0259 0572 msdsm - ok
18:00:01.0280 0572 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
18:00:01.0287 0572 MSDTC - ok
18:00:01.0319 0572 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:00:01.0320 0572 Msfs - ok
18:00:01.0336 0572 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:00:01.0337 0572 msisadrv - ok
18:00:01.0353 0572 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:00:01.0357 0572 MSiSCSI - ok
18:00:01.0364 0572 msiserver - ok
18:00:01.0377 0572 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:00:01.0378 0572 MSKSSRV - ok
18:00:01.0400 0572 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:00:01.0401 0572 MSPCLOCK - ok
18:00:01.0420 0572 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:00:01.0421 0572 MSPQM - ok
18:00:01.0440 0572 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:00:01.0442 0572 MsRPC - ok
18:00:01.0460 0572 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:00:01.0462 0572 mssmbios - ok
18:00:01.0481 0572 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:00:01.0482 0572 MSTEE - ok
18:00:01.0495 0572 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
18:00:01.0496 0572 Mup - ok
18:00:01.0536 0572 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
18:00:01.0542 0572 napagent - ok
18:00:01.0560 0572 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:00:01.0562 0572 NativeWifiP - ok
18:00:01.0584 0572 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:00:01.0588 0572 NDIS - ok
18:00:01.0618 0572 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:00:01.0619 0572 NdisTapi - ok
18:00:01.0637 0572 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:00:01.0639 0572 Ndisuio - ok
18:00:01.0660 0572 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:00:01.0662 0572 NdisWan - ok
18:00:01.0687 0572 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:00:01.0688 0572 NDProxy - ok
18:00:01.0710 0572 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:00:01.0712 0572 NetBIOS - ok
18:00:01.0735 0572 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
18:00:01.0737 0572 netbt - ok
18:00:01.0757 0572 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
18:00:01.0760 0572 Netlogon - ok
18:00:01.0778 0572 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
18:00:01.0784 0572 Netman - ok
18:00:01.0840 0572 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:00:01.0843 0572 NetMsmqActivator - ok
18:00:01.0851 0572 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:00:01.0853 0572 NetPipeActivator - ok
18:00:01.0909 0572 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
18:00:01.0916 0572 netprofm - ok
18:00:01.0924 0572 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:00:01.0927 0572 NetTcpActivator - ok
18:00:01.0936 0572 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:00:01.0938 0572 NetTcpPortSharing - ok
18:00:01.0966 0572 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:00:01.0967 0572 nfrd960 - ok
18:00:01.0982 0572 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:00:01.0988 0572 NlaSvc - ok
18:00:01.0999 0572 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:00:02.0000 0572 Npfs - ok
18:00:02.0007 0572 npggsvc - ok
18:00:02.0037 0572 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
18:00:02.0041 0572 nsi - ok
18:00:02.0053 0572 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:00:02.0054 0572 nsiproxy - ok
18:00:02.0105 0572 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:00:02.0113 0572 Ntfs - ok
18:00:02.0157 0572 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
18:00:02.0158 0572 ntrigdigi - ok
18:00:02.0204 0572 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
18:00:02.0205 0572 Null - ok
18:00:02.0417 0572 [ FD5A76AF84FC210CD15548C701243A3F ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:00:02.0491 0572 nvlddmkm - ok
18:00:02.0518 0572 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:00:02.0520 0572 nvraid - ok
18:00:02.0554 0572 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:00:02.0555 0572 nvstor - ok
18:00:02.0659 0572 [ 6004D55C0434E15CE98A4CF2A6A4BE94 ] nvsvc C:\Windows\system32\nvvsvc.exe
18:00:02.0668 0572 nvsvc - ok
18:00:02.0776 0572 [ CB2A68104E6E21EB30155F081768065A ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:00:02.0971 0572 nvUpdatusService - ok
18:00:03.0007 0572 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:00:03.0009 0572 nv_agp - ok
18:00:03.0017 0572 NwlnkFlt - ok
18:00:03.0025 0572 NwlnkFwd - ok
18:00:03.0042 0572 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:00:03.0044 0572 ohci1394 - ok
18:00:03.0092 0572 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:00:03.0096 0572 ose - ok
18:00:03.0162 0572 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
18:00:03.0206 0572 p2pimsvc - ok
18:00:03.0248 0572 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
18:00:03.0257 0572 p2psvc - ok
18:00:03.0290 0572 [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:00:03.0292 0572 Parport - ok
18:00:03.0325 0572 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:00:03.0326 0572 partmgr - ok
18:00:03.0332 0572 [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
18:00:03.0333 0572 Parvdm - ok
18:00:03.0359 0572 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
18:00:03.0363 0572 PcaSvc - ok
18:00:03.0397 0572 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
18:00:03.0399 0572 pci - ok
18:00:03.0420 0572 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
18:00:03.0421 0572 pciide - ok
18:00:03.0454 0572 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:00:03.0456 0572 pcmcia - ok
18:00:03.0490 0572 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:00:03.0496 0572 PEAUTH - ok
18:00:03.0568 0572 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
18:00:03.0588 0572 pla - ok
18:00:03.0609 0572 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:00:03.0615 0572 PlugPlay - ok
18:00:03.0639 0572 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
18:00:03.0646 0572 PNRPAutoReg - ok

druhá polovina logu z tdsskiller :

18:00:03.0659 0572 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
18:00:03.0668 0572 PNRPsvc - ok
18:00:03.0693 0572 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:00:03.0701 0572 PolicyAgent - ok
18:00:03.0726 0572 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:00:03.0727 0572 PptpMiniport - ok
18:00:03.0751 0572 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
18:00:03.0752 0572 Processor - ok
18:00:03.0785 0572 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
18:00:03.0790 0572 ProfSvc - ok
18:00:03.0796 0572 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
18:00:03.0798 0572 ProtectedStorage - ok
18:00:03.0812 0572 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
18:00:03.0813 0572 PSched - ok
18:00:03.0844 0572 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:00:03.0850 0572 ql2300 - ok
18:00:03.0860 0572 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:00:03.0862 0572 ql40xx - ok
18:00:03.0882 0572 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
18:00:03.0889 0572 QWAVE - ok
18:00:03.0898 0572 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:00:03.0899 0572 QWAVEdrv - ok
18:00:03.0951 0572 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
18:00:03.0963 0572 R300 - ok
18:00:03.0985 0572 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:00:03.0986 0572 RasAcd - ok
18:00:04.0001 0572 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
18:00:04.0008 0572 RasAuto - ok
18:00:04.0016 0572 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:00:04.0018 0572 Rasl2tp - ok
18:00:04.0043 0572 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
18:00:04.0049 0572 RasMan - ok
18:00:04.0063 0572 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:00:04.0064 0572 RasPppoe - ok
18:00:04.0071 0572 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:00:04.0073 0572 RasSstp - ok
18:00:04.0087 0572 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:00:04.0090 0572 rdbss - ok
18:00:04.0103 0572 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:00:04.0104 0572 RDPCDD - ok
18:00:04.0125 0572 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
18:00:04.0127 0572 rdpdr - ok
18:00:04.0133 0572 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:00:04.0134 0572 RDPENCDD - ok
18:00:04.0165 0572 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:00:04.0167 0572 RDPWD - ok
18:00:04.0232 0572 [ 96EFEC24346A8EB1157E80523079ADDC ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
18:00:04.0233 0572 RealNetworks Downloader Resolver Service - ok
18:00:04.0273 0572 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:00:04.0277 0572 RemoteAccess - ok
18:00:04.0290 0572 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:00:04.0295 0572 RemoteRegistry - ok
18:00:04.0311 0572 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
18:00:04.0315 0572 RpcLocator - ok
18:00:04.0337 0572 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
18:00:04.0345 0572 RpcSs - ok
18:00:04.0354 0572 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:00:04.0356 0572 rspndr - ok
18:00:04.0382 0572 [ 2D19A7469EA19993D0C12E627F4530BC ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
18:00:04.0385 0572 RTL8169 - ok
18:00:04.0401 0572 [ 1C768E8D6D89175FE0563C65E6747D53 ] SaiK1713 C:\Windows\system32\DRIVERS\SaiK1713.sys
18:00:04.0403 0572 SaiK1713 - ok
18:00:04.0426 0572 [ 054A8A51C88A2FDD336399442BC4F0AA ] SaiMini C:\Windows\system32\DRIVERS\SaiMini.sys
18:00:04.0427 0572 SaiMini - ok
18:00:04.0447 0572 [ 6B6C34C52C087B0618BDA4730D47FE26 ] SaiNtBus C:\Windows\system32\drivers\SaiBus.sys
18:00:04.0448 0572 SaiNtBus - ok
18:00:04.0461 0572 [ 2C64A424F990C7841A287A6B5D3E2C27 ] SaiU1713 C:\Windows\system32\DRIVERS\SaiU1713.sys
18:00:04.0463 0572 SaiU1713 - ok
18:00:04.0471 0572 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
18:00:04.0474 0572 SamSs - ok
18:00:04.0493 0572 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:00:04.0494 0572 sbp2port - ok
18:00:04.0499 0572 SBRE - ok
18:00:04.0522 0572 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:00:04.0527 0572 SCardSvr - ok
18:00:04.0559 0572 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
18:00:04.0568 0572 Schedule - ok
18:00:04.0664 0572 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:00:04.0665 0572 SCPolicySvc - ok
18:00:04.0708 0572 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:00:04.0745 0572 SDRSVC - ok
18:00:04.0810 0572 [ 331E7BDE228914574FC9AE6CD520DAFA ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
18:00:04.0812 0572 SeaPort - ok
18:00:04.0825 0572 SearchIndexer - ok
18:00:04.0843 0572 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:00:04.0844 0572 secdrv - ok
18:00:04.0869 0572 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
18:00:04.0874 0572 seclogon - ok
18:00:04.0896 0572 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
18:00:04.0901 0572 SENS - ok
18:00:04.0916 0572 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:00:04.0918 0572 Serenum - ok
18:00:04.0939 0572 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:00:04.0941 0572 Serial - ok
18:00:04.0975 0572 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:00:04.0976 0572 sermouse - ok
18:00:05.0017 0572 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
18:00:05.0025 0572 SessionEnv - ok
18:00:05.0049 0572 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:00:05.0051 0572 sffdisk - ok
18:00:05.0072 0572 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:00:05.0073 0572 sffp_mmc - ok
18:00:05.0087 0572 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:00:05.0088 0572 sffp_sd - ok
18:00:05.0106 0572 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:00:05.0107 0572 sfloppy - ok
18:00:05.0137 0572 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:00:05.0141 0572 SharedAccess - ok
18:00:05.0180 0572 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:00:05.0186 0572 ShellHWDetection - ok
18:00:05.0202 0572 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:00:05.0203 0572 sisagp - ok
18:00:05.0234 0572 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
18:00:05.0235 0572 SiSRaid2 - ok
18:00:05.0252 0572 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:00:05.0253 0572 SiSRaid4 - ok
18:00:05.0523 0572 [ 9F712B26EE3B0242DE997A42FD302E2C ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
18:00:05.0544 0572 Skype C2C Service - ok
18:00:05.0628 0572 [ F5BBEDF602C310B00036EB2DBF4348A5 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
18:00:05.0630 0572 SkypeUpdate - ok
18:00:05.0837 0572 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
18:00:05.0861 0572 slsvc - ok
18:00:05.0886 0572 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
18:00:05.0891 0572 SLUINotify - ok
18:00:05.0910 0572 [ 46B40982AF166BF89C3F51FB13E60D6D ] SmartDefragDriver C:\Windows\system32\Drivers\SmartDefragDriver.sys
18:00:05.0911 0572 SmartDefragDriver - ok
18:00:05.0923 0572 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:00:05.0924 0572 Smb - ok
18:00:05.0948 0572 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:00:05.0953 0572 SNMPTRAP - ok
18:00:05.0962 0572 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
18:00:05.0963 0572 spldr - ok
18:00:05.0983 0572 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
18:00:05.0988 0572 Spooler - ok
18:00:06.0016 0572 [ 68103A2B441BBF3908EBB587F0704D6C ] sptd C:\Windows\System32\Drivers\sptd.sys
18:00:06.0020 0572 sptd - ok
18:00:06.0037 0572 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:00:06.0040 0572 srv - ok
18:00:06.0063 0572 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:00:06.0065 0572 srv2 - ok
18:00:06.0081 0572 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:00:06.0083 0572 srvnet - ok
18:00:06.0108 0572 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:00:06.0113 0572 SSDPSRV - ok
18:00:06.0120 0572 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:00:06.0126 0572 SstpSvc - ok
18:00:06.0176 0572 [ DB0768632C680B7C0D3AA92D80416893 ] Steam Client Service C:\Program Files\Common Files\Steam\SteamService.exe
18:00:06.0184 0572 Steam Client Service - ok
18:00:06.0224 0572 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
18:00:06.0240 0572 stisvc - ok
18:00:06.0252 0572 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:00:06.0253 0572 swenum - ok
18:00:06.0275 0572 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
18:00:06.0284 0572 swprv - ok
18:00:06.0319 0572 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
18:00:06.0321 0572 Symc8xx - ok
18:00:06.0349 0572 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
18:00:06.0350 0572 Sym_hi - ok
18:00:06.0373 0572 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
18:00:06.0374 0572 Sym_u3 - ok
18:00:06.0530 0572 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
18:00:06.0540 0572 SysMain - ok
18:00:06.0565 0572 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:00:06.0572 0572 TabletInputService - ok
18:00:06.0614 0572 [ B7AEE68D2E867CBF69B649B18FCEDBBB ] tap0901t C:\Windows\system32\DRIVERS\tap0901t.sys
18:00:06.0615 0572 tap0901t - ok
18:00:06.0639 0572 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:00:06.0646 0572 TapiSrv - ok
18:00:06.0662 0572 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
18:00:06.0667 0572 TBS - ok
18:00:06.0700 0572 [ D18D53974FD715D50FC76F9FFE1C830D ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:00:06.0707 0572 Tcpip - ok
18:00:06.0727 0572 [ D18D53974FD715D50FC76F9FFE1C830D ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
18:00:06.0735 0572 Tcpip6 - ok
18:00:06.0776 0572 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:00:06.0781 0572 tcpipreg - ok
18:00:06.0866 0572 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:00:06.0867 0572 TDPIPE - ok
18:00:06.0883 0572 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:00:06.0885 0572 TDTCP - ok
18:00:06.0908 0572 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:00:06.0910 0572 tdx - ok
18:00:06.0930 0572 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:00:06.0931 0572 TermDD - ok
18:00:07.0006 0572 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
18:00:07.0012 0572 TermService - ok
18:00:07.0029 0572 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
18:00:07.0035 0572 Themes - ok
18:00:07.0049 0572 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
18:00:07.0053 0572 THREADORDER - ok
18:00:07.0074 0572 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
18:00:07.0079 0572 TrkWks - ok
18:00:07.0099 0572 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:00:07.0099 0572 TrustedInstaller - ok
18:00:07.0132 0572 [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:00:07.0133 0572 tssecsrv - ok
18:00:07.0168 0572 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
18:00:07.0169 0572 tunmp - ok
18:00:07.0183 0572 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:00:07.0184 0572 tunnel - ok
18:00:07.0261 0572 [ C9FBAC084AB1D7005C950BC8DDA6BE7C ] TunngleService C:\Program Files\Tunngle\TnglCtrl.exe
18:00:07.0270 0572 TunngleService - ok
18:00:07.0304 0572 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:00:07.0306 0572 uagp35 - ok
18:00:07.0335 0572 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:00:07.0338 0572 udfs - ok
18:00:07.0350 0572 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:00:07.0356 0572 UI0Detect - ok
18:00:07.0396 0572 [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
18:00:07.0399 0572 UleadBurningHelper - ok
18:00:07.0419 0572 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:00:07.0421 0572 uliagpkx - ok
18:00:07.0439 0572 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
18:00:07.0442 0572 uliahci - ok
18:00:07.0462 0572 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
18:00:07.0463 0572 UlSata - ok
18:00:07.0481 0572 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
18:00:07.0482 0572 ulsata2 - ok
18:00:07.0516 0572 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:00:07.0518 0572 umbus - ok
18:00:07.0534 0572 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
18:00:07.0540 0572 upnphost - ok
18:00:07.0569 0572 [ 1114579556DB85E9FAF9590DBC64CD62 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:00:07.0571 0572 usbaudio - ok
18:00:07.0609 0572 [ AAB0B5F72D2D726FBFDC895A2902DE1D ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:00:07.0611 0572 usbccgp - ok
18:00:07.0651 0572 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:00:07.0652 0572 usbcir - ok
18:00:07.0689 0572 [ 153E8515CB86F8BB5D1A8B478EBF4BB2 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:00:07.0690 0572 usbehci - ok
18:00:07.0778 0572 [ 2AE6BCEBD85D31317E433733DAF25888 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:00:07.0780 0572 usbhub - ok
18:00:07.0821 0572 [ D457EBD0C3A8B3A3A144355B5EE91CBC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
18:00:07.0823 0572 usbohci - ok
18:00:07.0877 0572 [ D136F47607777CA35C1BBE157F16D0FB ] USBPNPA C:\Windows\system32\drivers\CM108.sys
18:00:07.0886 0572 USBPNPA - ok
18:00:07.0920 0572 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:00:07.0920 0572 usbprint - ok
18:00:07.0944 0572 [ 1D714B8497CD68307806D5D3F60A5169 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:00:07.0945 0572 usbscan - ok
18:00:07.0981 0572 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:00:07.0982 0572 USBSTOR - ok
18:00:08.0003 0572 [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:00:08.0003 0572 usbuhci - ok
18:00:08.0042 0572 [ 73FF24E21B690625A58109637DDA0DF7 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:00:08.0044 0572 usbvideo - ok
18:00:08.0075 0572 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
18:00:08.0080 0572 UxSms - ok
18:00:08.0099 0572 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
18:00:08.0109 0572 vds - ok
18:00:08.0128 0572 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:00:08.0129 0572 vga - ok
18:00:08.0149 0572 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
18:00:08.0150 0572 VgaSave - ok
18:00:08.0161 0572 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:00:08.0162 0572 viaagp - ok
18:00:08.0178 0572 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
18:00:08.0179 0572 ViaC7 - ok
18:00:08.0194 0572 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
18:00:08.0195 0572 viaide - ok
18:00:08.0227 0572 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:00:08.0228 0572 volmgr - ok
18:00:08.0247 0572 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:00:08.0249 0572 volmgrx - ok
18:00:08.0272 0572 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:00:08.0275 0572 volsnap - ok
18:00:08.0308 0572 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:00:08.0310 0572 vsmraid - ok
18:00:08.0341 0572 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
18:00:08.0367 0572 VSS - ok
18:00:08.0380 0572 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
18:00:08.0387 0572 W32Time - ok
18:00:08.0405 0572 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:00:08.0406 0572 WacomPen - ok
18:00:08.0442 0572 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
18:00:08.0443 0572 Wanarp - ok
18:00:08.0460 0572 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:00:08.0461 0572 Wanarpv6 - ok
18:00:08.0484 0572 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:00:08.0494 0572 wcncsvc - ok
18:00:08.0504 0572 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:00:08.0510 0572 WcsPlugInService - ok
18:00:08.0522 0572 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
18:00:08.0523 0572 Wd - ok
18:00:08.0567 0572 [ 25944D2CC49E0A6C581D02A74B7D6645 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:00:08.0571 0572 Wdf01000 - ok
18:00:08.0597 0572 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:00:08.0603 0572 WdiServiceHost - ok
18:00:08.0617 0572 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:00:08.0623 0572 WdiSystemHost - ok
18:00:08.0649 0572 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
18:00:08.0668 0572 WebClient - ok
18:00:08.0703 0572 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:00:08.0709 0572 Wecsvc - ok
18:00:08.0720 0572 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:00:08.0727 0572 wercplsupport - ok
18:00:08.0764 0572 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
18:00:08.0780 0572 WerSvc - ok
18:00:08.0800 0572 [ 0E507042CCEFC40B8BB5DDE75A7BD0C7 ] wfcxacap C:\Windows\system32\DRIVERS\wfcxacap.sys
18:00:08.0801 0572 wfcxacap - ok
18:00:08.0815 0572 [ B8ACB6B48F928FF5E58B1A2DC3FA628C ] wfcxatun C:\Windows\system32\drivers\wfcxatun.sys
18:00:08.0816 0572 wfcxatun - ok
18:00:08.0829 0572 [ E32EEEAC4ED0249474A2C9B71F1D5A73 ] wfcxdtun C:\Windows\system32\drivers\wfcxdtun.sys
18:00:08.0830 0572 wfcxdtun - ok
18:00:08.0837 0572 [ FC4F80B8C23DBF4D23A9A4DED38CF430 ] wfcxtcap C:\Windows\system32\drivers\wfcxtcap.sys
18:00:08.0838 0572 wfcxtcap - ok
18:00:08.0889 0572 [ E9905845ABC7B3521F642F9C8D08A03E ] WFCXVCAP C:\Windows\system32\drivers\wfcxvcap.sys
18:00:08.0891 0572 WFCXVCAP - ok
18:00:08.0904 0572 [ 0AED0D6F83ADE999FA6A8E485830E4C5 ] wfcxxbar C:\Windows\system32\drivers\wfcxxbar.sys
18:00:08.0905 0572 wfcxxbar - ok
18:00:08.0944 0572 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:00:08.0947 0572 WinDefend - ok
18:00:08.0957 0572 WinHttpAutoProxySvc - ok
18:00:08.0988 0572 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:00:08.0990 0572 Winmgmt - ok
18:00:08.0994 0572 WinRing0_1_2_0 - ok
18:00:09.0055 0572 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
18:00:09.0080 0572 WinRM - ok
18:00:09.0150 0572 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:00:09.0161 0572 Wlansvc - ok
18:00:09.0220 0572 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:00:09.0222 0572 wlcrasvc - ok
18:00:09.0281 0572 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:00:09.0291 0572 wlidsvc - ok
18:00:09.0313 0572 [ 5D410936831F7FB58EFF941EAC3F6D3D ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys
18:00:09.0314 0572 WmBEnum - ok
18:00:09.0374 0572 [ 7A13CFDE92956CA61A0927D766C5AD4F ] WmFilter C:\Windows\system32\drivers\WmFilter.sys
18:00:09.0376 0572 WmFilter - ok
18:00:09.0403 0572 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:00:09.0405 0572 WmiAcpi - ok
18:00:09.0420 0572 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:00:09.0423 0572 wmiApSrv - ok
18:00:09.0459 0572 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:00:09.0465 0572 WMPNetworkSvc - ok
18:00:09.0481 0572 [ 6F04646BC690F8BBFC344BE32A60796D ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys
18:00:09.0482 0572 WmVirHid - ok
18:00:09.0495 0572 [ 1D6CA43D562333F4DFB40BCEF2453F3A ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys
18:00:09.0497 0572 WmXlCore - ok
18:00:09.0534 0572 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:00:09.0541 0572 WPCSvc - ok
18:00:09.0553 0572 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:00:09.0559 0572 WPDBusEnum - ok
18:00:09.0586 0572 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
18:00:09.0588 0572 WpdUsb - ok
18:00:09.0677 0572 [ FFB823D0043D93F3CF3BFFBA6CA355B1 ] WPFFontCache_v0400 c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:00:09.0703 0572 WPFFontCache_v0400 - ok
18:00:09.0741 0572 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:00:09.0742 0572 ws2ifsl - ok
18:00:09.0758 0572 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
18:00:09.0765 0572 wscsvc - ok
18:00:09.0769 0572 WSearch - ok
18:00:10.0040 0572 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
18:00:10.0056 0572 wuauserv - ok
18:00:10.0075 0572 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:00:10.0077 0572 WudfPf - ok
18:00:10.0093 0572 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:00:10.0095 0572 WUDFRd - ok
18:00:10.0122 0572 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:00:10.0127 0572 wudfsvc - ok
18:00:10.0159 0572 [ 9EEA6D029FEF5F3016D089B1A603837D ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys
18:00:10.0163 0572 xnacc - ok
18:00:10.0183 0572 [ F5E5F944E63A9B5F6E76C2EBB2AC462F ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
18:00:10.0184 0572 xusb21 - ok
18:00:10.0198 0572 ================ Scan global ===============================
18:00:10.0266 0572 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
18:00:10.0293 0572 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
18:00:10.0310 0572 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
18:00:10.0336 0572 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
18:00:10.0342 0572 [Global] - ok
18:00:10.0342 0572 ================ Scan MBR ==================================
18:00:10.0354 0572 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
18:00:10.0741 0572 \Device\Harddisk0\DR0 - ok
18:00:10.0741 0572 ================ Scan VBR ==================================
18:00:10.0746 0572 [ C1D416F583734A79C936A206534B7EB9 ] \Device\Harddisk0\DR0\Partition1
18:00:10.0749 0572 \Device\Harddisk0\DR0\Partition1 - ok
18:00:10.0750 0572 ============================================================
18:00:10.0750 0572 Scan finished
18:00:10.0750 0572 ============================================================
18:00:10.0762 0960 Detected object count: 0
18:00:10.0762 0960 Actual detected object count: 0
18:00:27.0666 6124 Deinitialize success

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

ComboFix 13-11-27.01 - Nekut Karel 28.11.2013 18:17:32.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3326.1841 [GMT 1:00]
Spuštěný z: c:\users\Nekut Karel\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Outdated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Nekut Karel\AppData\Roaming\Mozilla\Firefox\Profiles\wsp66ecb.default\extensions\5065665210ac1@5065665210afe.com
c:\users\Nekut Karel\AppData\Roaming\Mozilla\Firefox\Profiles\wsp66ecb.default\extensions\5065665210ac1@5065665210afe.com\bootstrap.js
c:\users\Nekut Karel\AppData\Roaming\Mozilla\Firefox\Profiles\wsp66ecb.default\extensions\5065665210ac1@5065665210afe.com\content\zy.xul
c:\users\Nekut Karel\AppData\Roaming\Mozilla\Firefox\Profiles\wsp66ecb.default\extensions\5065665210ac1@5065665210afe.com\chrome.manifest
c:\users\Nekut Karel\AppData\Roaming\Mozilla\Firefox\Profiles\wsp66ecb.default\extensions\5065665210ac1@5065665210afe.com\install.rdf
c:\users\Nekut Karel\AppData\Roaming\Mozilla\Firefox\Profiles\wsp66ecb.default\extensions\50795ba07d7c7@50795ba07d800.com
c:\users\Nekut Karel\AppData\Roaming\Mozilla\Firefox\Profiles\wsp66ecb.default\extensions\50795ba07d7c7@50795ba07d800.com\bootstrap.js
c:\users\Nekut Karel\AppData\Roaming\Mozilla\Firefox\Profiles\wsp66ecb.default\extensions\50795ba07d7c7@50795ba07d800.com\content\zy.xul
c:\users\Nekut Karel\AppData\Roaming\Mozilla\Firefox\Profiles\wsp66ecb.default\extensions\50795ba07d7c7@50795ba07d800.com\chrome.manifest
c:\users\Nekut Karel\AppData\Roaming\Mozilla\Firefox\Profiles\wsp66ecb.default\extensions\50795ba07d7c7@50795ba07d800.com\install.rdf
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-28 do 2013-11-28 )))))))))))))))))))))))))))))))
.
.
2013-11-28 17:29 . 2013-11-28 17:39 -------- d-----w- c:\users\Nekut Karel\AppData\Local\temp
2013-11-28 17:29 . 2013-11-28 17:29 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-11-28 17:29 . 2013-11-28 17:29 -------- d-----w- c:\users\Kája\AppData\Local\temp
2013-11-28 17:29 . 2013-11-28 17:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-28 17:12 . 2013-11-18 00:28 7772552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1150C34D-A0C8-4A52-A436-7CD6102255B4}\mpengine.dll
2013-11-27 16:48 . 2013-11-27 17:00 -------- d-----w- c:\users\Nekut Karel\AppData\Local\CrashDumps
2013-11-24 11:51 . 2013-11-24 11:51 -------- d-----w- c:\users\Nekut Karel\AppData\Roaming\Malwarebytes
2013-11-24 11:50 . 2013-11-24 11:50 -------- d-----w- c:\programdata\Malwarebytes
2013-11-24 11:50 . 2013-11-24 13:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-11-24 11:50 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-24 11:33 . 2013-11-24 11:40 -------- d-----w- C:\AdwCleaner
2013-11-23 21:29 . 2013-11-23 21:29 -------- d-----w- c:\windows\ERUNT
2013-11-23 20:28 . 2013-11-23 21:57 -------- d-----w- c:\program files\Assassin's Creed 4.Black Flag.Deluxe Edition.v 1.01
2013-11-18 21:06 . 2013-11-18 21:06 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-15 15:17 . 2013-10-03 12:45 297984 ----a-w- c:\windows\system32\gdi32.dll
2013-11-15 15:17 . 2013-10-03 12:45 993792 ----a-w- c:\windows\system32\crypt32.dll
2013-11-15 15:17 . 2013-10-11 02:08 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-15 15:17 . 2013-10-11 02:07 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-09 16:14 . 2013-02-08 14:34 84 ----a-w- c:\program files\update-DragonAge.bat
2013-11-09 15:50 . 2013-02-08 16:08 -------- d-----w- c:\program files\Dragon Age Origins
2013-11-03 14:40 . 2013-11-03 20:36 -------- d-----w- c:\program files\Total War ROME II
2013-11-02 13:35 . 2013-11-02 13:51 -------- d-----w- c:\users\Nekut
2013-11-02 09:31 . 2013-11-02 09:31 1153024 ----a-w- c:\windows\system32\icuuc44.dll
2013-11-02 08:44 . 2013-11-02 08:44 -------- d-----w- c:\program files\System.Data.SQLite
2013-10-31 21:28 . 2013-10-31 21:28 -------- d-----w- c:\users\Nekut Karel\Diablo-III-8370-enGB-Installer
2013-10-31 20:59 . 2013-10-31 20:59 -------- d-----w- c:\programdata\Battle.net
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-11 04:50 . 2010-08-12 09:56 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-10 19:31 . 2013-10-10 19:31 171008 ----a-w- c:\windows\system32\rld.dll
2013-10-10 19:24 . 2010-11-18 17:55 4178264 ----a-w- c:\windows\system32\d3dx9_41.dll
2013-09-27 22:23 . 2013-03-27 06:52 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-09-27 22:23 . 2013-03-27 06:52 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-09-12 08:51 . 2013-09-29 18:00 6329552 ----a-w- c:\windows\system32\nvopencl.dll
2013-09-12 08:51 . 2013-09-29 18:00 13628208 ----a-w- c:\windows\system32\nvwgf2um.dll
2013-09-12 08:51 . 2013-09-29 18:00 9253664 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-09-12 08:51 . 2013-09-29 18:00 22102304 ----a-w- c:\windows\system32\nvoglv32.dll
2013-09-12 08:51 . 2013-09-29 18:00 893728 ----a-w- c:\windows\system32\nvdispgenco3232723.dll
2013-09-12 08:51 . 2013-09-29 18:00 2789152 ----a-w- c:\windows\system32\nvcuvid.dll
2013-09-12 08:51 . 2013-09-29 18:00 2007328 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-09-12 08:51 . 2013-09-29 18:00 1049376 ----a-w- c:\windows\system32\nvdispco3232723.dll
2013-09-12 08:51 . 2013-09-29 18:00 7720576 ----a-w- c:\windows\system32\nvcuda.dll
2013-09-12 08:51 . 2013-09-29 18:00 17560352 ----a-w- c:\windows\system32\nvcompiler.dll
2013-09-12 08:51 . 2010-11-16 15:08 12947360 ----a-w- c:\windows\system32\nvd3dum.dll
2013-09-12 08:51 . 2010-11-16 15:08 2630304 ----a-w- c:\windows\system32\nvapi.dll
2013-09-12 06:28 . 2010-10-16 11:42 4265760 ----a-w- c:\windows\system32\nvcpl.dll
2013-09-12 06:28 . 2010-10-16 11:42 3006240 ----a-w- c:\windows\system32\nvsvc.dll
2013-09-12 06:28 . 2010-10-16 11:42 662816 ----a-w- c:\windows\system32\nvvsvc.exe
2013-09-12 06:28 . 2010-10-16 11:42 2555168 ----a-w- c:\windows\system32\nvsvcr.dll
2013-09-12 06:28 . 2010-04-03 16:27 62752 ----a-w- c:\windows\system32\nvshext.dll
2013-09-12 06:28 . 2010-10-16 11:42 209184 ----a-w- c:\windows\system32\nvmctray.dll
2010-08-03 09:11 819200 --sha-w- c:\windows\System32\xvidcore.dll
2010-08-03 09:11 180224 --sha-w- c:\windows\System32\xvidvfw.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2013-09-27 295512]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Nekut Karel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Nekut Karel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
backup=c:\windows\pss\Xfire.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Antivirus]
c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-11-06 10:46 3673728 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM]
2013-10-08 18:23 3551576 ----a-w- c:\program files\Origin\Origin.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-10-02 10:08 20472992 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2010-06-14 23:10 153672 ----a-w- c:\program files\Logitech\Gaming Software\LWEMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-10-30 19:25 1820584 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 05:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-09-27 22:23 295512 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
2009-03-11 16:22 2912256 ----a-w- c:\program files\WinFast\WFDTV\WFWIZ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
2009-10-02 13:17 90112 ----a-w- c:\program files\WinFast\WFDTV\DTVSchdl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3175436897-955967646-652882917-1001]
"EnableNotificationsRef"=dword:00000001
.
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2008-01-18 21504]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
SearchIndexer
SearchIndexer
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-17 12:38 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-11-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-18 21:06]
.
2013-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-09 07:41]
.
2013-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-09 07:41]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = 127.0.0.1:9421
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Search the Web
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-NtVdmSrv - c:\windows\inf\ntvdm.vbe
MSConfigStartUp-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe
MSConfigStartUp-vProt - c:\program files\AVG Secure Search\vprot.exe
AddRemove-Dll-Files Fixer_is1 - c:\program files\Dll-Files.com Fixer\unins001.exe
AddRemove-Gothic 3 Forsaken Gods - Enhanced Edition_is1 - c:\program files\Nordic Games\Gothic 3 Forsaken Gods - Enhanced Edition\unins000.exe
AddRemove-{33A22B2D-55BA-4508-B767-BF2E9C21A73F} - c:\program files (x86)\InstallShield Installation Information\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}\setup.exe
AddRemove-{43B51BFD-E95A-62EC-CFA6-C428C630131D}_is1 - c:\program files\FIFA 13 Crack\unins000.exe
AddRemove-{B45A9A00-4016-AC3-A973-5A8AB70A03DE}_is1 - c:\program files\Black_Box\Assassins Creed - Revelations\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-28 18:39
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3175436897-955967646-652882917-1000\*"!~

**]
@Allowed: (Read) (RestrictedCode)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\conime.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\DAEMON Tools Lite\DTShellHlp.exe
.
**************************************************************************
.
Celkový čas: 2013-11-28 18:43:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-11-28 17:43
ComboFix2.txt 2013-07-28 13:43
.
Před spuštěním: Volných bajtů: 25 607 000 064
Po spuštění: Volných bajtů: 25 888 223 232
.
- - End Of File - - 9C349551EF3DBADCBF8E63E3EFF13D8E
5C616939100B85E558DA92B899A0FC36

Odinstaluj :
McAfee Security Scan Plus
tímto:
http://answers.microsoft.com/en-us/wind ... 0da9f37d53

Ad-Aware Antivirus
tímto:
http://www.lavasoft.com/mylavasoft/supp ... -uninstall

pak nový Combofix.

ComboFix 13-11-27.01 - Nekut Karel 29.11.2013 16:59:04.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3326.2093 [GMT 1:00]
Spuštěný z: c:\users\Nekut Karel\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-28 do 2013-11-29 )))))))))))))))))))))))))))))))
.
.
2013-11-29 16:11 . 2013-11-29 16:11 -------- d-----w- c:\users\Nekut Karel\AppData\Local\temp
2013-11-29 16:11 . 2013-11-29 16:11 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-11-29 16:11 . 2013-11-29 16:11 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-11-29 16:11 . 2013-11-29 16:11 -------- d-----w- c:\users\Kája\AppData\Local\temp
2013-11-29 16:11 . 2013-11-29 16:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-29 15:38 . 2013-11-29 15:38 -------- d-----w- c:\users\Nekut Karel\AppData\Local\Avg2014
2013-11-29 15:20 . 2013-11-18 00:28 7772552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{78928E39-CABF-47AE-A18E-CB2E8B9D6D73}\mpengine.dll
2013-11-27 16:48 . 2013-11-27 17:00 -------- d-----w- c:\users\Nekut Karel\AppData\Local\CrashDumps
2013-11-24 11:51 . 2013-11-24 11:51 -------- d-----w- c:\users\Nekut Karel\AppData\Roaming\Malwarebytes
2013-11-24 11:50 . 2013-11-24 11:50 -------- d-----w- c:\programdata\Malwarebytes
2013-11-24 11:50 . 2013-11-24 13:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-11-24 11:50 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-24 11:33 . 2013-11-24 11:40 -------- d-----w- C:\AdwCleaner
2013-11-23 21:29 . 2013-11-23 21:29 -------- d-----w- c:\windows\ERUNT
2013-11-23 20:28 . 2013-11-23 21:57 -------- d-----w- c:\program files\Assassin's Creed 4.Black Flag.Deluxe Edition.v 1.01
2013-11-18 21:06 . 2013-11-18 21:06 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-15 15:17 . 2013-10-03 12:45 297984 ----a-w- c:\windows\system32\gdi32.dll
2013-11-15 15:17 . 2013-10-03 12:45 993792 ----a-w- c:\windows\system32\crypt32.dll
2013-11-15 15:17 . 2013-10-11 02:08 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-15 15:17 . 2013-10-11 02:07 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-09 16:14 . 2013-02-08 14:34 84 ----a-w- c:\program files\update-DragonAge.bat
2013-11-09 15:50 . 2013-02-08 16:08 -------- d-----w- c:\program files\Dragon Age Origins
2013-11-03 14:40 . 2013-11-03 20:36 -------- d-----w- c:\program files\Total War ROME II
2013-11-02 13:35 . 2013-11-28 17:43 -------- d-----w- c:\users\Nekut
2013-11-02 09:31 . 2013-11-02 09:31 1153024 ----a-w- c:\windows\system32\icuuc44.dll
2013-11-02 08:44 . 2013-11-02 08:44 -------- d-----w- c:\program files\System.Data.SQLite
2013-10-31 21:28 . 2013-10-31 21:28 -------- d-----w- c:\users\Nekut Karel\Diablo-III-8370-enGB-Installer
2013-10-31 20:59 . 2013-10-31 20:59 -------- d-----w- c:\programdata\Battle.net
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-11 04:50 . 2010-08-12 09:56 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-10 19:31 . 2013-10-10 19:31 171008 ----a-w- c:\windows\system32\rld.dll
2013-10-10 19:24 . 2010-11-18 17:55 4178264 ----a-w- c:\windows\system32\d3dx9_41.dll
2013-09-27 22:23 . 2013-03-27 06:52 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-09-27 22:23 . 2013-03-27 06:52 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-09-12 08:51 . 2013-09-29 18:00 6329552 ----a-w- c:\windows\system32\nvopencl.dll
2013-09-12 08:51 . 2013-09-29 18:00 13628208 ----a-w- c:\windows\system32\nvwgf2um.dll
2013-09-12 08:51 . 2013-09-29 18:00 9253664 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-09-12 08:51 . 2013-09-29 18:00 22102304 ----a-w- c:\windows\system32\nvoglv32.dll
2013-09-12 08:51 . 2013-09-29 18:00 893728 ----a-w- c:\windows\system32\nvdispgenco3232723.dll
2013-09-12 08:51 . 2013-09-29 18:00 2789152 ----a-w- c:\windows\system32\nvcuvid.dll
2013-09-12 08:51 . 2013-09-29 18:00 2007328 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-09-12 08:51 . 2013-09-29 18:00 1049376 ----a-w- c:\windows\system32\nvdispco3232723.dll
2013-09-12 08:51 . 2013-09-29 18:00 7720576 ----a-w- c:\windows\system32\nvcuda.dll
2013-09-12 08:51 . 2013-09-29 18:00 17560352 ----a-w- c:\windows\system32\nvcompiler.dll
2013-09-12 08:51 . 2010-11-16 15:08 12947360 ----a-w- c:\windows\system32\nvd3dum.dll
2013-09-12 08:51 . 2010-11-16 15:08 2630304 ----a-w- c:\windows\system32\nvapi.dll
2013-09-12 06:28 . 2010-10-16 11:42 4265760 ----a-w- c:\windows\system32\nvcpl.dll
2013-09-12 06:28 . 2010-10-16 11:42 3006240 ----a-w- c:\windows\system32\nvsvc.dll
2013-09-12 06:28 . 2010-10-16 11:42 662816 ----a-w- c:\windows\system32\nvvsvc.exe
2013-09-12 06:28 . 2010-10-16 11:42 2555168 ----a-w- c:\windows\system32\nvsvcr.dll
2013-09-12 06:28 . 2010-04-03 16:27 62752 ----a-w- c:\windows\system32\nvshext.dll
2013-09-12 06:28 . 2010-10-16 11:42 209184 ----a-w- c:\windows\system32\nvmctray.dll
2010-08-03 09:11 819200 --sha-w- c:\windows\System32\xvidcore.dll
2010-08-03 09:11 180224 --sha-w- c:\windows\System32\xvidvfw.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2013-09-27 295512]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-11-06 10:46 3673728 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM]
2013-10-08 18:23 3551576 ----a-w- c:\program files\Origin\Origin.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-10-02 10:08 20472992 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2010-06-14 23:10 153672 ----a-w- c:\program files\Logitech\Gaming Software\LWEMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-10-30 19:25 1820584 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 05:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-09-27 22:23 295512 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
2009-03-11 16:22 2912256 ----a-w- c:\program files\WinFast\WFDTV\WFWIZ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
2009-10-02 13:17 90112 ----a-w- c:\program files\WinFast\WFDTV\DTVSchdl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3175436897-955967646-652882917-1001]
"EnableNotificationsRef"=dword:00000001
.
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2008-01-18 21504]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
SearchIndexer
SearchIndexer
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-17 12:38 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-11-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-18 21:06]
.
2013-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-09 07:41]
.
2013-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-09 07:41]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = 127.0.0.1:9421
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Search the Web
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-29 17:11
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3175436897-955967646-652882917-1000\*"!~

**]
@Allowed: (Read) (RestrictedCode)
.
Celkový čas: 2013-11-29 17:14:19
ComboFix-quarantined-files.txt 2013-11-29 16:14
ComboFix2.txt 2013-11-28 17:43
ComboFix3.txt 2013-07-28 13:43
.
Před spuštěním: Volných bajtů: 25 078 059 008
Po spuštění: Volných bajtů: 25 510 862 848
.
- - End Of File - - 9DC7C72D1DEDAE6CEBC222AE4A006DC9
5C616939100B85E558DA92B899A0FC36