kontrola logu (Backdoor virus) Vyřešeno

[farren]

Dobrý deň, ako ste sa dozvedeli z názvu témy niekto sa mi hackol do môjho notebooku. Hladal som spôsob ako zvýšiť fps v cs:go aspoň o pár fps a stiahol som súbor v ktorom bol backdoor virus. Môj antivirus ho odstránil dokonca som dal kontrolovať PC a nič sa nenašlo ale ajtak to nepomohlo. Pred hodinou som šiel kukať telku a ked som prišiel na steame som mal otvorený chat s cudzím človekom a aj Trade okno. Dotyčný človek sa mi pravdepodobne vdaka tomu výrusu hackol do notebooku a poslal si moje itemy (hodnota okolo 60 eur) na svoj účet. Pred tým ako to budem riešiť so steam supportom by som chcel vedieť, ako sa tomu brániť? Môže sa mi do PC znova hacknúť?
Prosím nepíšte mi že som dem*** že som ten súbor stiahol, ľudia robia chyby...
Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:37:57, on 4. 7. 2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe
C:\Program Files (x86)\Opera\22.0.1471.70\opera_crashreporter.exe
C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe
C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe
C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe
C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe
C:\Program Files (x86)\Opera\22.0.1471.70\opera.exe
C:\Users\Marek\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Desura] C:\Program Files (x86)\Desura\desura.exe -autostart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = Marek\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Sledovat výstrahy inkoustu - HP Deskjet 2540 series.lnk = ?
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/s ... wflash.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AODService - Unknown owner - C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
O23 - Service: Desura Install Service - Desura Net Pty Ltd - C:\Program Files (x86)\Common Files\Desura\desura_service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7374 bytes

[Reklama]

[farren]

Práve sa mi znova asi hackol na pc, otvoril nejaký chat a začal mi písať že je na mojom PC

[guest]

Musíš mít trpělivost než ti to někdo zkontroluje.

[diahex]

Steam support ti na tohle řekne něco ve smyslu "Uživatel bude potrestán, ale vaše předměty nebudou navráceny".

[farren]

Steam support by mi tie itemy mal vrátiť ak sa mi to stalo 1. krát. Po druhý krát sa na mna vykašlú... Kamoša tiež takto okradli o skiny, napísal na support a vrátili mu ich.

[jaro3]

Platform: Windows 7 ----------no jo , když nemáš ani SP1 a aktualizace!

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.


Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni AdwCleaner (by Xplode)
http://www.bleepingcomputer.com/download/adwcleaner/

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

[farren]

Používam Operu, keď som v ATF Cleaneri vybral select all a klikol na empty selected vyskočila mi správa že neboli vymazané žiadne súbory.

AdwCleaner log:
# AdwCleaner v3.214 - Report created 04/07/2014 at 20:02:19
# Updated 29/06/2014 by Xplode
# Operating System : Windows 7 Ultimate (64 bits)
# Username : Marek - MAREK-PC
# Running from : C:\Users\Marek\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385


*************************

AdwCleaner[R0].txt - [500 octets] - [04/07/2014 20:02:19]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [559 octets] ##########


Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4. 7. 2014
Scan Time: 20:08:54
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.04.08
Rootkit Database: v2014.07.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7
CPU: x64
File System: NTFS
User: Marek

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 266857
Time Elapsed: 13 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
Malware.Trace, HKU\S-1-5-21-1827989254-952982605-280499943-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DC3_FEXEC, , [abddf8a3304b8bab01954b2f768d2bd5],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
Stolen.Data, C:\Users\Marek\AppData\Roaming\dclogs, , [c8c06b30116a7eb8025221880201c838],

Files: 1
Stolen.Data, C:\Users\Marek\AppData\Roaming\dclogs\2014-07-04-6.dc, , [c8c06b30116a7eb8025221880201c838],

Physical Sectors: 0
(No malicious items detected)


(end)

[jaro3]

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Vymazat-Clean“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

[farren]

# AdwCleaner v3.214 - Report created 05/07/2014 at 10:13:51
# Updated 29/06/2014 by Xplode
# Operating System : Windows 7 Ultimate (64 bits)
# Username : Marek - MAREK-PC
# Running from : C:\Users\Marek\Desktop\AdwCleaner.exe
# Option : Clean

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Marek on so 05. 07. 2014 at 10:20:11,76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 05. 07. 2014 at 10:26:18,01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\END

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385


*************************

AdwCleaner[R0].txt - [638 octets] - [04/07/2014 20:02:19]
AdwCleaner[R1].txt - [697 octets] - [05/07/2014 10:12:23]
AdwCleaner[S0].txt - [621 octets] - [05/07/2014 10:13:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [680 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Marek on so 05. 07. 2014 at 10:20:11,76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 05. 07. 2014 at 10:26:18,01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5. 7. 2014
Scan Time: 10:27:36
Logfile: log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.05.04
Rootkit Database: v2014.07.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7
CPU: x64
File System: NTFS
User: Marek

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 275907
Time Elapsed: 17 min, 1 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
Malware.Trace, HKU\S-1-5-21-1827989254-952982605-280499943-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DC3_FEXEC, Quarantined, [32b6396298e3bb7bec047cfefc0760a0],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
Stolen.Data, C:\Users\Marek\AppData\Roaming\dclogs, Quarantined, [58902a715a213ef8436b5158c43fee12],

Files: 1
Stolen.Data, C:\Users\Marek\AppData\Roaming\dclogs\2014-07-04-6.dc, Quarantined, [58902a715a213ef8436b5158c43fee12],

Physical Sectors: 0
(No malicious items detected)


(end)

RogueKiller V9.1.0.0 (x64) [Jun 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 7 (6.1.7600 ) 64 bits version
Spuštěno v : Normální režim
Uživatel : Marek [Práva správce]
Mód : Kontrola -- Datum : 07/05/2014 10:55:53

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 11 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FairplayKD -> NALEZENO
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FairplayKD -> NALEZENO
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\FairplayKD -> NALEZENO
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1827989254-952982605-280499943-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NALEZENO
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1827989254-952982605-280499943-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NALEZENO
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1827989254-952982605-280499943-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NALEZENO
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1827989254-952982605-280499943-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NALEZENO
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NALEZENO
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NALEZENO
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NALEZENO
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NALEZENO

¤¤¤ naplánované úlohy : 1 ¤¤¤
[Suspicious.Path] \\{CD40423E-5A92-45B5-BE20-F167D97FE6E1} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Marek\Desktop\Texture Hack V1.6 by War3zdude92's Texture Hacking Team\Autoinstaller\TextureHackInstallerV1.exe" -d "C:\Users\Marek\Desktop\Texture Hack V1.6 by War3zdude92's Texture Hacking Team\Autoinstaller") -> NALEZENO

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST9500325AS ATA Device +++++
--- User ---
[MBR] 46a79d463aa678ea69c20ae4a4e42b4c
[BSP] ec0a2099ea6e5c251ac77ec5e891ab95 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB
User = LL1 ... OK
User = LL2 ... OK

[Orcus]

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje " Mazání dokončeno "
- Klikni na "Zpráva" a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

====================================================

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Pokud se log nevejde do jedné zprávy, rozděl jej na více částí.

[farren]

RogueKiller V9.1.0.0 (x64) [Jun 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows 7 (6.1.7600 ) 64 bits version
Spuštěno v : Normální režim
Uživatel : Marek [Práva správce]
Mód : Odebrat -- Datum : 07/05/2014 16:53:24

¤¤¤ Škodlivé procesy: : 3 ¤¤¤
[Suspicious.Path] Dream Mu.exe -- C:\Users\Marek\Desktop\MU online\Dream Mu.exe[-] -> SMAZÁNO [TermProc]
[Suspicious.Path] Dream Mu.exe -- C:\Users\Marek\Desktop\MU online\Dream Mu.exe[-] -> SMAZÁNO [TermProc]
[Suspicious.Path] Dream Mu.exe -- C:\Users\Marek\Desktop\MU online\Dream Mu.exe[-] -> SMAZÁNO [TermProc]

¤¤¤ ¤¤¤ Záznamy Registrů: : 11 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FairplayKD -> NEVYBRÁNO
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FairplayKD -> NEVYBRÁNO
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\FairplayKD -> NEVYBRÁNO
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1827989254-952982605-280499943-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NEVYBRÁNO
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-1827989254-952982605-280499943-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NEVYBRÁNO
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1827989254-952982605-280499943-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NEVYBRÁNO
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-1827989254-952982605-280499943-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NEVYBRÁNO
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NEVYBRÁNO
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NEVYBRÁNO
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NEVYBRÁNO
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NEVYBRÁNO

¤¤¤ naplánované úlohy : 1 ¤¤¤
[Suspicious.Path] \\{CD40423E-5A92-45B5-BE20-F167D97FE6E1} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Marek\Desktop\Texture Hack V1.6 by War3zdude92's Texture Hacking Team\Autoinstaller\TextureHackInstallerV1.exe" -d "C:\Users\Marek\Desktop\Texture Hack V1.6 by War3zdude92's Texture Hacking Team\Autoinstaller") -> VYMAZÁNO

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 22 ¤¤¤
[EAT:Addr] (explorer.exe) MsftEdit.dll - DllCanUnloadNow : C:\Windows\system32\imapi2.dll @ 0x7fef5dd6edc
[EAT:Addr] (explorer.exe) MsftEdit.dll - DllGetClassObject : C:\Windows\system32\imapi2.dll @ 0x7fef5dd2164
[EAT:Addr] (explorer.exe) MsftEdit.dll - DllRegisterServer : C:\Windows\system32\imapi2.dll @ 0x7fef5e112e0
[EAT:Addr] (explorer.exe) MsftEdit.dll - DllUnregisterServer : C:\Windows\system32\imapi2.dll @ 0x7fef5e1146c
[EAT:Addr] (explorer.exe) cryptnet.dll - BeginFileMapEnumeration : C:\Windows\system32\sfc_os.DLL @ 0x7fef8fd4cc0
[EAT:Addr] (explorer.exe) cryptnet.dll - CloseFileMapEnumeration : C:\Windows\system32\sfc_os.DLL @ 0x7fef8fd4dd8
[EAT:Addr] (explorer.exe) cryptnet.dll - GetNextFileMapContent : C:\Windows\system32\sfc_os.DLL @ 0x7fef8fd4d1c
[EAT:Addr] (explorer.exe) cryptnet.dll - SRSetRestorePointA : C:\Windows\system32\sfc_os.DLL @ 0x7fef8fd4e3c
[EAT:Addr] (explorer.exe) cryptnet.dll - SRSetRestorePointW : C:\Windows\system32\sfc_os.DLL @ 0x7fef8fd4ecc
[EAT:Addr] (explorer.exe) cryptnet.dll - SfcClose : C:\Windows\system32\sfc_os.DLL @ 0x7fef8fd331c
[EAT:Addr] (explorer.exe) cryptnet.dll - SfcConnectToServer : C:\Windows\system32\sfc_os.DLL @ 0x7fef8fd4f5c
[EAT:Addr] (explorer.exe) cryptnet.dll - SfcFileException : C:\Windows\system32\sfc_os.DLL @ 0x7fef8fd4f5c
[EAT:Addr] (explorer.exe) cryptnet.dll - SfcGetNextProtectedFile : C:\Windows\system32\sfc_os.DLL @ 0x7fef8fd4c40
[EAT:Addr] (explorer.exe) cryptnet.dll - SfcInitProt : C:\Windows\system32\sfc_os.DLL @ 0x7fef8fd4e08
[EAT:Addr] (explorer.exe) cryptnet.dll - SfcInitiateScan : C:\Windows\system32\sfc_os.DLL @ 0x7fef8fd4f5c
[EAT:Addr] (explorer.exe) cryptnet.dll - SfcInstallProtectedFiles : C:\Windows\system32\sfc_os.DLL @ 0x7fef8fd4f5c
[EAT:Addr] (explorer.exe) cryptnet.dll - SfcIsFileProtected : C:\Windows\system32\sfc_os.DLL @ 0x7fef8fd16f0
[EAT:Addr] (explorer.exe) cryptnet.dll - SfcIsKeyProtected : C:\Windows\system32\sfc_os.DLL @ 0x7fef8fd1110
[EAT:Addr] (explorer.exe) cryptnet.dll - SfcTerminateWatcherThread : C:\Windows\system32\sfc_os.DLL @ 0x7fef8fd331c
[EAT:Addr] (explorer.exe) cryptnet.dll - SfpDeleteCatalog : C:\Windows\system32\sfc_os.DLL @ 0x7fef8fd4e08
[EAT:Addr] (explorer.exe) cryptnet.dll - SfpInstallCatalog : C:\Windows\system32\sfc_os.DLL @ 0x7fef8fd4e08
[EAT:Addr] (explorer.exe) cryptnet.dll - SfpVerifyFile : C:\Windows\system32\sfc_os.DLL @ 0x7fef8fd4e20

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST9500325AS ATA Device +++++
--- User ---
[MBR] 46a79d463aa678ea69c20ae4a4e42b4c
[BSP] ec0a2099ea6e5c251ac77ec5e891ab95 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_07052014_105553.log - RKreport_SCN_07052014_165236.log

[farren]

16:58:15.0361 0x0ce4 TDSS rootkit removing tool 3.0.0.39 Jun 5 2014 20:35:54
16:58:19.0541 0x0ce4 ============================================================
16:58:19.0541 0x0ce4 Current date / time: 2014/07/05 16:58:19.0541
16:58:19.0541 0x0ce4 SystemInfo:
16:58:19.0541 0x0ce4
16:58:19.0541 0x0ce4 OS Version: 6.1.7600 ServicePack: 0.0
16:58:19.0541 0x0ce4 Product type: Workstation
16:58:19.0541 0x0ce4 ComputerName: MAREK-PC
16:58:19.0541 0x0ce4 UserName: Marek
16:58:19.0541 0x0ce4 Windows directory: C:\Windows
16:58:19.0541 0x0ce4 System windows directory: C:\Windows
16:58:19.0541 0x0ce4 Running under WOW64
16:58:19.0541 0x0ce4 Processor architecture: Intel x64
16:58:19.0541 0x0ce4 Number of processors: 2
16:58:19.0541 0x0ce4 Page size: 0x1000
16:58:19.0541 0x0ce4 Boot type: Normal boot
16:58:19.0541 0x0ce4 ============================================================
16:58:22.0162 0x0ce4 KLMD registered as C:\Windows\system32\drivers\02331886.sys
16:58:22.0599 0x0ce4 System UUID: {4AEE6C96-0973-77A2-0345-5D38F54B5848}
16:58:23.0395 0x0ce4 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:58:23.0441 0x0ce4 ============================================================
16:58:23.0441 0x0ce4 \Device\Harddisk0\DR0:
16:58:23.0441 0x0ce4 MBR partitions:
16:58:23.0441 0x0ce4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:58:23.0441 0x0ce4 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
16:58:23.0441 0x0ce4 ============================================================
16:58:23.0457 0x0ce4 C: <-> \Device\Harddisk0\DR0\Partition2
16:58:23.0457 0x0ce4 ============================================================
16:58:23.0457 0x0ce4 Initialize success
16:58:23.0457 0x0ce4 ============================================================
16:58:29.0650 0x1378 ============================================================
16:58:29.0650 0x1378 Scan started
16:58:29.0650 0x1378 Mode: Manual;
16:58:29.0650 0x1378 ============================================================
16:58:29.0650 0x1378 KSN ping started
16:58:32.0521 0x1378 KSN ping finished: true
16:58:34.0018 0x1378 ================ Scan system memory ========================
16:58:34.0018 0x1378 System memory - ok
16:58:34.0018 0x1378 ================ Scan services =============================
16:58:34.0205 0x1378 [ 1B00662092F9F9568B995902F0CC40D5, D345014CF146FA57B2682C189D5E7F27D4C78F321F2723D912D623E777C2BB70 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
16:58:34.0221 0x1378 1394ohci - ok
16:58:34.0268 0x1378 [ 6F11E88748CDEFD2F76AA215F97DDFE5, BD0B3561EDCDE5EFD89372793CFD09DF879709BF469542F4A049705CBA9FD060 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
16:58:34.0268 0x1378 ACPI - ok
16:58:34.0315 0x1378 [ 63B05A0420CE4BF0E4AF6DCC7CADA254, 56BCC219D6B886FD42B7D335B4A7BBA3C9BC148220CBD99F8583FB505DAE63BF ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
16:58:34.0315 0x1378 AcpiPmi - ok
16:58:34.0361 0x1378 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:58:34.0377 0x1378 adp94xx - ok
16:58:34.0393 0x1378 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:58:34.0408 0x1378 adpahci - ok
16:58:34.0424 0x1378 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:58:34.0439 0x1378 adpu320 - ok
16:58:34.0502 0x1378 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:58:34.0502 0x1378 AeLookupSvc - ok
16:58:34.0517 0x1378 [ B9384E03479D2506BC924C16A3DB87BC, AB5FD2BC1F005E7D664F5DE3D5CB54499024A83B716DD52C56582DB7EFB4F01B ] AFD C:\Windows\system32\drivers\afd.sys
16:58:34.0533 0x1378 AFD - ok
16:58:34.0564 0x1378 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
16:58:34.0580 0x1378 agp440 - ok
16:58:34.0611 0x1378 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
16:58:34.0611 0x1378 ALG - ok
16:58:34.0611 0x1378 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
16:58:34.0627 0x1378 aliide - ok
16:58:34.0673 0x1378 [ 0A098B01D485E6978C596420C5179E98, 5CCF5918B74F03C539D6AADB391776F8C8BD2505BE0D043932757848D3A2F2C1 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:58:34.0673 0x1378 AMD External Events Utility - ok
16:58:34.0720 0x1378 AMD FUEL Service - ok
16:58:34.0751 0x1378 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
16:58:34.0751 0x1378 amdide - ok
16:58:34.0783 0x1378 [ 6A2EEB0C4133B20773BB3DD0B7B377B4, E4CB35C6937C70A145A13E5AE5B34A271B49101DA623171ACBFDA8601E5A70EA ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
16:58:34.0783 0x1378 amdiox64 - ok
16:58:34.0814 0x1378 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:58:34.0814 0x1378 AmdK8 - ok
16:58:35.0297 0x1378 [ B13F0B5859EA6CE01C1DD847E7E50C39, 35ED2D4C1E1EFD7885E91615D3F5E9C241B169BA7BA071BD6542D4CAF1501B50 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:58:35.0765 0x1378 amdkmdag - ok
16:58:35.0828 0x1378 [ 48C7EFC581E0E37DD967A5BCC0AB33EF, ADAA881DA6BFBA0918480E9DEA644D01D5B26E4BFB1C8491DECC973124E2F643 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
16:58:35.0828 0x1378 amdkmdap - ok
16:58:35.0859 0x1378 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:58:35.0859 0x1378 AmdPPM - ok
16:58:35.0890 0x1378 [ 7A4B413614C055935567CF88A9734D38, A3BB7CDF3EE0EEF67F89263E81145E73C7142EF5F0AF265375C2ECCE74F932C4 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
16:58:35.0890 0x1378 amdsata - ok
16:58:35.0906 0x1378 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:58:35.0906 0x1378 amdsbs - ok
16:58:35.0906 0x1378 [ B4AD0CACBAB298671DD6F6EF7E20679D, FB566C892D0A3DC0A523AE20F35011996958D670937DD5C1A1FCCD36AAC714D7 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
16:58:35.0921 0x1378 amdxata - ok
16:58:35.0953 0x1378 [ 5B25D1A753CC3A3EDB909BB759AC1098, 1B931342D8D36C8D177D6D9BFFFD8CDC0C6E6F82BA552DC8E5CDC1CAF528D0B0 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
16:58:35.0953 0x1378 AODDriver4.1 - ok
16:58:36.0077 0x1378 [ 1FDE3302A17928B999E6BBA6D346F7DB, 186029C1C62842F1FE21AAD445134A3DEDB978D2E27169D5016C3149FCC42E5C ] AODDriver4.3.0 C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys
16:58:36.0124 0x1378 AODDriver4.3.0 - ok
16:58:36.0187 0x1378 [ 24D5D2C9F24B9B7AF63182F5A444C3F9, 02D781C0FFADD355851D37B5401EFD8798F113BB5BC17A994AC5CF548360C3D2 ] AODService C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
16:58:36.0202 0x1378 AODService - ok
16:58:36.0265 0x1378 [ 42FD751B27FA0E9C69BB39F39E409594, DE349CAA570957868CA1CB0BE0FAF551CD4D44FD53EBC4391B9C1C7B9CF295D2 ] AppID C:\Windows\system32\drivers\appid.sys
16:58:36.0265 0x1378 AppID - ok
16:58:36.0311 0x1378 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:58:36.0311 0x1378 AppIDSvc - ok
16:58:36.0311 0x1378 [ D065BE66822847B7F127D1F90158376E, 20F911F390FF23C2C42361A449C4344DB59F1DC21EDD1E7EBC4E80914DEF7824 ] Appinfo C:\Windows\System32\appinfo.dll
16:58:36.0311 0x1378 Appinfo - ok
16:58:36.0374 0x1378 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
16:58:36.0389 0x1378 AppMgmt - ok
16:58:36.0405 0x1378 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
16:58:36.0421 0x1378 arc - ok
16:58:36.0421 0x1378 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:58:36.0421 0x1378 arcsas - ok
16:58:36.0530 0x1378 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:58:36.0545 0x1378 aspnet_state - ok
16:58:36.0577 0x1378 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:58:36.0577 0x1378 AsyncMac - ok
16:58:36.0623 0x1378 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\DRIVERS\atapi.sys
16:58:36.0639 0x1378 atapi - ok
16:58:36.0733 0x1378 [ E857EEE6B92AAA473EBB3465ADD8F7E7, 1C7E4737E649A025B3C4974A4F7D1353EAB85561FC8ED54E5C22A777E1A189B3 ] athr C:\Windows\system32\DRIVERS\athrx.sys
16:58:36.0795 0x1378 athr - ok
16:58:36.0873 0x1378 [ B0790FF0E25B7A2674296052F2162C1A, 930D1A09E93117E081C532D6EDB1E870736AE3806D13AE7F0C7748FD4EAB3D89 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
16:58:36.0873 0x1378 AtiHDAudioService - ok
16:58:36.0951 0x1378 [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:58:36.0982 0x1378 AudioEndpointBuilder - ok
16:58:37.0029 0x1378 [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:58:37.0045 0x1378 AudioSrv - ok
16:58:37.0076 0x1378 [ B20B5FA5CA050E9926E4D1DB81501B32, 91B9038349BA07E32DE809E6798167EE44087809EB1174B84EC16580040F1BE0 ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:58:37.0076 0x1378 AxInstSV - ok
16:58:37.0169 0x1378 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
16:58:37.0201 0x1378 b06bdrv - ok
16:58:37.0263 0x1378 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:58:37.0263 0x1378 b57nd60a - ok
16:58:37.0325 0x1378 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
16:58:37.0325 0x1378 BDESVC - ok
16:58:37.0341 0x1378 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
16:58:37.0341 0x1378 Beep - ok
16:58:37.0372 0x1378 [ 4992C609A6315671463E30F6512BC022, 3020034556EAC25CD90F41D3BFFDD0BB2C3D1C5BAC4359F4B71B84A9FC404495 ] BFE C:\Windows\System32\bfe.dll
16:58:37.0403 0x1378 BFE - ok
16:58:37.0497 0x1378 [ 7F0C323FE3DA28AA4AA1BDA3F575707F, 7FF09CBC16A9E5F357A76FF79A3F0DD047957D474031F51A6BB4916C7911F005 ] BITS C:\Windows\System32\qmgr.dll
16:58:37.0544 0x1378 BITS - ok
16:58:37.0575 0x1378 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:58:37.0575 0x1378 blbdrive - ok
16:58:37.0606 0x1378 [ 19D20159708E152267E53B66677A4995, 6401FA5C3EFF26BED075FEC68F868CD8D0598FDB45EA9381810615F7252F7A9A ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:58:37.0606 0x1378 bowser - ok
16:58:37.0637 0x1378 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:58:37.0637 0x1378 BrFiltLo - ok
16:58:37.0637 0x1378 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:58:37.0637 0x1378 BrFiltUp - ok
16:58:37.0684 0x1378 [ 6B054C67AAA87843504E8E3C09102009, 284AA58625FBDBFECB851A35407331B40BAEC141F2DCEDB9F15733BAB22F5C81 ] Browser C:\Windows\System32\browser.dll
16:58:37.0700 0x1378 Browser - ok
16:58:37.0731 0x1378 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:58:37.0747 0x1378 Brserid - ok
16:58:37.0747 0x1378 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:58:37.0747 0x1378 BrSerWdm - ok
16:58:37.0762 0x1378 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:58:37.0762 0x1378 BrUsbMdm - ok
16:58:37.0762 0x1378 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:58:37.0762 0x1378 BrUsbSer - ok
16:58:37.0825 0x1378 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
16:58:37.0825 0x1378 BthEnum - ok
16:58:37.0840 0x1378 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:58:37.0840 0x1378 BTHMODEM - ok
16:58:37.0871 0x1378 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
16:58:37.0871 0x1378 BthPan - ok
16:58:37.0949 0x1378 [ A51FA9D0E85D5ADABEF72E67F386309C, 4F6F44D5E3A43239B50BCA75CBAA48FE40097E2AFF9360E1956F41ED52BD8183 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
16:58:37.0996 0x1378 BTHPORT - ok