Flashdisk nenaběhne - vir??

BiScHop · Příspěvekod **BiScHop** » 24 dub 2012 00:24

Ahoj, dostal se mi na flašku vir z počítače ze školy, hlásilo to problém se souborem autorun, po dnešku je fleška mrtvá, dioda na ní se ani nerozsvítí, ale občas mi počítač napíše že zařízení nebylo možné rozpoznat.

Zde je log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:23:11, on 24.4.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Users\Kuba\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
F:\Programy\Total Commander\TOTALCMD.EXE
C:\Users\Kuba\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kuba\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kuba\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kuba\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kuba\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kuba\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kuba\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Kuba\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kuba\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kuba\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kuba\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kuba\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kuba\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kuba\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kuba\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kuba\AppData\Local\Google\Chrome\Application\chrome.exe
F:\DOWNLOADS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss ... 4619b96e4c
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = Kuba\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{813565E6-4680-4A00-80A2-BDDA8BC2BE48}: NameServer = 77.98.40.10,77.95.42.102
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Stavová služba ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Úložná technologie Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Acer ODD Power Service (ODDPwrSvc) - Acer Incorporated - C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13090 bytes

Reklama

Příspěvekod **jaro3** » 24 dub 2012 01:00

Nech flash disk zapojený.

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss ... 4619b96e4c
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

BiScHop · Příspěvekod **BiScHop** » 24 dub 2012 10:51

tady je log

Malwarebytes' Anti-Malware 1.41
Verze databáze: 2775
Windows 6.1.7601 Service Pack 1

24.4.2012 10:50:58
mbam-log-2012-04-24 (10-50-53).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 85182
Uplynulý čas: 3 minute(s), 47 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 1
Infikované soubory: 30

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
C:\Windows\System32\System32 (Trojan.Agent) -> No action taken.

Infikované soubory:
C:\Windows\System32\System32\3DAudio.ax (Trojan.Agent) -> No action taken.
C:\Windows\System32\System32\avrt.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\System32\cis-2.4.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\System32\issacapi_bs-2.3.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\System32\issacapi_pe-2.3.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\System32\issacapi_se-2.3.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\System32\MACXMLProto.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\System32\MaDRM.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\System32\MaJGUILib.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\System32\MAMACExtract.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\System32\MASetupCleaner.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\System32\MaXMLProto.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\System32\mfplat.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\System32\MK_Lyric.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\System32\MSCLib.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\System32\MSFLib.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\System32\MSLUR71.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\System32\msvcp60.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\System32\MTTELECHIP.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\System32\MTXSYNCICON.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\System32\muzaf1.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\System32\muzapp.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\System32\muzapp.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\System32\muzdecode.ax (Trojan.Agent) -> No action taken.
C:\Windows\System32\System32\muzeffect.ax (Trojan.Agent) -> No action taken.
C:\Windows\System32\System32\muzmp4sp.ax (Trojan.Agent) -> No action taken.
C:\Windows\System32\System32\muzmpgsp.ax (Trojan.Agent) -> No action taken.
C:\Windows\System32\System32\muzoggsp.ax (Trojan.Agent) -> No action taken.
C:\Windows\System32\System32\muzwmts.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\System32\psapi.dll (Trojan.Agent) -> No action taken.

Příspěvekod **Žbeky** » 24 dub 2012 12:14

Znovu spusť MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

BiScHop · Příspěvekod **BiScHop** » 24 dub 2012 13:12

MBAM

Malwarebytes' Anti-Malware 1.41
Verze databáze: 2775
Windows 6.1.7601 Service Pack 1

24.4.2012 12:49:26
mbam-log-2012-04-24 (12-49-26).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 85208
Uplynulý čas: 4 minute(s), 26 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 1
Infikované soubory: 30

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
C:\Windows\System32\System32 (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované soubory:
C:\Windows\System32\System32\3DAudio.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\avrt.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\cis-2.4.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\issacapi_bs-2.3.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\issacapi_pe-2.3.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\issacapi_se-2.3.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\MACXMLProto.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\MaDRM.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\MaJGUILib.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\MAMACExtract.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\MASetupCleaner.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\MaXMLProto.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\mfplat.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\MK_Lyric.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\MSCLib.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\MSFLib.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\MSLUR71.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\msvcp60.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\MTTELECHIP.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\MTXSYNCICON.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\muzaf1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\muzapp.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\muzapp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\muzdecode.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\muzeffect.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\muzmp4sp.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\muzmpgsp.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\muzoggsp.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\muzwmts.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\System32\psapi.dll (Trojan.Agent) -> Quarantined and deleted successfully.

ComboFix
ComboFix 12-04-24.01 - Kuba 24.04.2012 13:02:27.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2871.1843 [GMT 2:00]
Spuštěný z: f:\downloads\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\ujf3vmpr.default\weave\toFetch
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\ST6UNST.000
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\urttemp
c:\windows\SysWow64\urttemp\regtlib.exe
c:\windows\SysWow64\zlibwapi.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-24 do 2012-04-24 )))))))))))))))))))))))))))))))
.
.
2012-04-24 11:09 . 2012-04-24 11:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-24 10:28 . 2012-04-24 10:28 -------- d-----w- c:\users\Kuba\AppData\Local\CrashDumps
2012-04-24 09:00 . 2012-04-24 09:00 -------- d-----w- c:\users\Kuba\AppData\Local\Broadcom
2012-04-24 08:45 . 2012-04-24 08:45 -------- d-----w- c:\users\Kuba\AppData\Local\ATI
2012-04-23 22:12 . 2012-04-23 22:12 -------- d-----w- c:\windows\74224F8D4A1748169EDB7BB854DE532C.TMP
2012-04-20 11:32 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{226EA97A-9697-41ED-BCAC-B8AFFF0324A4}\mpengine.dll
2012-04-16 15:33 . 2012-04-16 15:35 -------- d-----w- C:\IL2 Sturmovik Kompletní edice
2012-04-16 15:22 . 2012-04-16 15:33 -------- d-----w- C:\IL-2 Sturmovik 1946
2012-04-12 01:07 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 01:07 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 01:07 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 01:02 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 01:02 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 01:02 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 01:02 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 01:02 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 01:02 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 01:02 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-10 08:43 . 2012-04-16 17:41 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-04-10 08:43 . 2012-04-10 08:43 -------- d-----w- c:\windows\SysWow64\xlive
2012-04-09 15:43 . 2012-04-09 15:43 -------- d-----w- c:\users\Public\Roaming
2012-04-08 20:49 . 2011-10-20 13:05 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2012-04-08 20:49 . 2011-10-20 13:04 25920 ----a-w- c:\windows\system32\authuitu.dll
2012-04-08 20:49 . 2011-10-20 13:04 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-04-08 20:49 . 2012-04-08 20:49 -------- d-----w- c:\users\Kuba\AppData\Roaming\TuneUp Software
2012-04-08 20:48 . 2012-04-08 20:49 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2012
2012-04-08 20:47 . 2012-04-08 20:49 -------- d-----w- c:\programdata\TuneUp Software
2012-04-08 20:47 . 2012-04-08 20:47 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-04-01 20:56 . 2012-04-01 20:56 -------- d-----w- c:\windows\SysWow64\Shaders
2012-04-01 20:42 . 2012-04-08 21:22 -------- d-----w- c:\program files (x86)\Rockstar Games
2012-04-01 12:45 . 2002-01-10 01:01 110592 ----a-w- c:\windows\SysWow64\tsccvid.dll
2012-04-01 11:26 . 2003-06-03 14:42 76288 ----a-w- c:\windows\SysWow64\drivers\SENTINEL.SYS
2012-04-01 11:26 . 2003-06-03 14:42 18432 ----a-w- c:\windows\SysWow64\RNBOVDD.DLL
2012-04-01 11:26 . 2003-06-03 14:42 50176 ----a-w- c:\windows\SysWow64\SNTI386.DLL
2012-04-01 11:26 . 2012-04-01 11:26 -------- d-----w- c:\windows\SysWow64\RNBOSENT
2012-04-01 11:26 . 2003-06-03 14:42 26120 ----a-w- c:\windows\SysWow64\drivers\SNTNLUSB.SYS
2012-04-01 11:26 . 2012-04-01 11:26 45056 ----a-r- c:\users\Kuba\AppData\Roaming\Microsoft\Installer\{F97B91CC-109C-499C-A95E-52FDE078DF87}\KnShPM.exe
2012-04-01 11:26 . 2012-04-01 11:26 45056 ----a-r- c:\users\Kuba\AppData\Roaming\Microsoft\Installer\{F97B91CC-109C-499C-A95E-52FDE078DF87}\KnShDesktop.exe
2012-04-01 11:24 . 2012-04-01 11:36 -------- d-----w- c:\program files (x86)\Automation Studio 5.0
2012-04-01 11:09 . 2012-04-01 11:09 -------- d-----w- c:\users\Kuba\Examples
2012-03-29 15:58 . 2012-03-29 15:58 -------- d-----w- c:\users\Kuba\AppData\Roaming\Nokia
2012-03-29 15:56 . 2012-03-29 15:56 -------- d-----w- c:\program files (x86)\Common Files\Nokia
2012-03-29 15:55 . 2008-08-28 09:44 25600 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys
2012-03-29 15:55 . 2012-03-29 15:55 -------- d-----w- c:\program files (x86)\PC Connectivity Solution
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-12 01:34 . 2012-01-08 10:59 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-03-22 05:13 . 2012-01-12 05:36 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-03-22 05:13 . 2012-01-08 10:59 484176 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-03-19 21:18 . 2011-09-12 19:17 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-14 18:54 . 2012-03-14 18:56 953142 ----a-w- C:\Camera.zip
2012-03-12 10:24 . 2012-03-12 10:24 65536 ----a-r- c:\users\Kuba\AppData\Roaming\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut5_3293C06B003F40278380FFD79E38167D.exe
2012-03-12 10:24 . 2012-03-12 10:24 61440 ----a-r- c:\users\Kuba\AppData\Roaming\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut3_3293C06B003F40278380FFD79E38167D.exe
2012-03-12 10:24 . 2012-03-12 10:24 61440 ----a-r- c:\users\Kuba\AppData\Roaming\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut2_3293C06B003F40278380FFD79E38167D_1.exe
2012-03-12 10:24 . 2012-03-12 10:24 57344 ----a-r- c:\users\Kuba\AppData\Roaming\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\ARPPRODUCTICON.exe
2012-03-03 08:57 . 2011-09-12 22:42 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-03 08:56 . 2012-02-11 09:49 484176 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-02-24 08:44 . 2011-09-12 22:15 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-02-24 08:44 . 2011-09-12 22:15 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-02-23 08:18 . 2011-09-12 19:22 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 04:41 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 06:38 . 2012-03-14 04:41 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 04:41 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 04:41 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 04:41 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 22:24 . 2012-02-15 22:24 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-02-10 06:36 . 2012-03-14 04:41 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 04:41 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 04:42 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-29 21:56 . 2012-01-07 18:22 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Kuba\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Kuba\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Kuba\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Kuba\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-02-25 1289296]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-23 284696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-09 343168]
"Malwarebytes Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
.
c:\users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Kuba\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-25 1129760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664]
R4 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-05-25 47776]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-02-25 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-02-05 865824]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336]
S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-04-22 171040]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-10-20 2072896]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-20 11856]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3235405325-3058188748-1764560730-1000Core.job
- c:\users\Kuba\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-05 13:00]
.
2012-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3235405325-3058188748-1764560730-1000UA.job
- c:\users\Kuba\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-05 13:00]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Kuba\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Kuba\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Kuba\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Kuba\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-05 860192]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2010-04-22 223264]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-05-25 585376]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-05-25 354464]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "f:\programy\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{813565E6-4680-4A00-80A2-BDDA8BC2BE48}\75966696: NameServer = 77.98.40.10,77.95.42.102
FF - ProfilePath - c:\users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\ujf3vmpr.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbar ... 9b96e4c&q=
FF - user.js: extensions.BabylonToolbar_i.id - 7cba4226000000000000c44619b96e4c
FF - user.js: extensions.BabylonToolbar_i.hardId - 7cba4226000000000000c44619b96e4c
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15385
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:55
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110482
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-Rainbow Sentinel Driver - c:\windows\SYSTEM32\RNBOSENT\SETUPX86.EXE
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-04-24 13:11:24
ComboFix-quarantined-files.txt 2012-04-24 11:11
.
Před spuštěním: Volných bajtů: 16 107 974 656
Po spuštění: Volných bajtů: 15 830 941 696
.
- - End Of File - - 34A3DC32DB5CA789074A388A70290E9F

Příspěvekod **jaro3** » 24 dub 2012 15:11

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

KillAll::
File::
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3235405325-3058188748-1764560730-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3235405325-3058188748-1764560730-1000UA.job
c:\users\Kuba\AppData\Local\Google\Update\GoogleUpdate.exe

Firefox::
FF - ProfilePath - c:\users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\ujf3vmpr.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbar ... 9b96e4c&q=
FF - user.js: extensions.BabylonToolbar_i.id - 7cba4226000000000000c44619b96e4c
FF - user.js: extensions.BabylonToolbar_i.hardId - 7cba4226000000000000c44619b96e4c
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15385
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:55
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110482
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
RegNull::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\users\Kuba\AppData\Roaming\Microsoft\Installer\{F97B91CC-109C-499C-A95E-52FDE078DF87}\KnShPM.exe
c:\users\Kuba\AppData\Roaming\Microsoft\Installer\{F97B91CC-109C-499C-A95E-52FDE078DF87}\KnShDesktop.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Stáhni si TDSSKiller

Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

//TCP: Interfaces\{813565E6-4680-4A00-80A2-BDDA8BC2BE48}\75966696: NameServer = 77.98.40.10,77.95.42.102
to Ti něco říká??

BiScHop · Příspěvekod **BiScHop** » 24 dub 2012 17:18

Combofix

ComboFix 12-04-24.01 - Kuba 24.04.2012 16:36:44.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.2871.1416 [GMT 2:00]
Spuštěný z: f:\downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Kuba\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Kuba\AppData\Local\Google\Update\GoogleUpdate.exe"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3235405325-3058188748-1764560730-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3235405325-3058188748-1764560730-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kuba\AppData\Local\Google\Update\GoogleUpdate.exe
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3235405325-3058188748-1764560730-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3235405325-3058188748-1764560730-1000UA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-24 do 2012-04-24 )))))))))))))))))))))))))))))))
.
.
2012-04-24 14:45 . 2012-04-24 14:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-24 11:09 . 2012-04-24 11:09 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{226EA97A-9697-41ED-BCAC-B8AFFF0324A4}\offreg.dll
2012-04-24 10:28 . 2012-04-24 10:28 -------- d-----w- c:\users\Kuba\AppData\Local\CrashDumps
2012-04-24 09:00 . 2012-04-24 09:00 -------- d-----w- c:\users\Kuba\AppData\Local\Broadcom
2012-04-24 08:59 . 2012-04-24 08:59 -------- d-----w- c:\users\Kuba\AppData\Local\BMExplorer
2012-04-24 08:45 . 2012-04-24 08:45 -------- d-----w- c:\users\Kuba\AppData\Local\ATI
2012-04-23 22:12 . 2012-04-23 22:12 -------- d-----w- c:\windows\74224F8D4A1748169EDB7BB854DE532C.TMP
2012-04-20 11:32 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{226EA97A-9697-41ED-BCAC-B8AFFF0324A4}\mpengine.dll
2012-04-16 15:33 . 2012-04-16 15:35 -------- d-----w- C:\IL2 Sturmovik Kompletní edice
2012-04-16 15:22 . 2012-04-16 15:33 -------- d-----w- C:\IL-2 Sturmovik 1946
2012-04-12 01:07 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 01:07 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 01:07 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 01:02 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 01:02 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 01:02 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 01:02 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 01:02 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 01:02 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 01:02 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-10 08:43 . 2012-04-16 17:41 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-04-10 08:43 . 2012-04-10 08:43 -------- d-----w- c:\windows\SysWow64\xlive
2012-04-09 15:43 . 2012-04-09 15:43 -------- d-----w- c:\users\Public\Roaming
2012-04-08 20:49 . 2011-10-20 13:05 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2012-04-08 20:49 . 2011-10-20 13:04 25920 ----a-w- c:\windows\system32\authuitu.dll
2012-04-08 20:49 . 2011-10-20 13:04 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-04-08 20:49 . 2012-04-08 20:49 -------- d-----w- c:\users\Kuba\AppData\Roaming\TuneUp Software
2012-04-08 20:48 . 2012-04-08 20:49 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2012
2012-04-08 20:47 . 2012-04-08 20:49 -------- d-----w- c:\programdata\TuneUp Software
2012-04-08 20:47 . 2012-04-08 20:47 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-04-01 20:56 . 2012-04-01 20:56 -------- d-----w- c:\windows\SysWow64\Shaders
2012-04-01 20:42 . 2012-04-08 21:22 -------- d-----w- c:\program files (x86)\Rockstar Games
2012-04-01 12:45 . 2002-01-10 01:01 110592 ----a-w- c:\windows\SysWow64\tsccvid.dll
2012-04-01 11:26 . 2003-06-03 14:42 76288 ----a-w- c:\windows\SysWow64\drivers\SENTINEL.SYS
2012-04-01 11:26 . 2003-06-03 14:42 18432 ----a-w- c:\windows\SysWow64\RNBOVDD.DLL
2012-04-01 11:26 . 2003-06-03 14:42 50176 ----a-w- c:\windows\SysWow64\SNTI386.DLL
2012-04-01 11:26 . 2012-04-01 11:26 -------- d-----w- c:\windows\SysWow64\RNBOSENT
2012-04-01 11:26 . 2003-06-03 14:42 26120 ----a-w- c:\windows\SysWow64\drivers\SNTNLUSB.SYS
2012-04-01 11:26 . 2012-04-01 11:26 45056 ----a-r- c:\users\Kuba\AppData\Roaming\Microsoft\Installer\{F97B91CC-109C-499C-A95E-52FDE078DF87}\KnShPM.exe
2012-04-01 11:26 . 2012-04-01 11:26 45056 ----a-r- c:\users\Kuba\AppData\Roaming\Microsoft\Installer\{F97B91CC-109C-499C-A95E-52FDE078DF87}\KnShDesktop.exe
2012-04-01 11:24 . 2012-04-01 11:36 -------- d-----w- c:\program files (x86)\Automation Studio 5.0
2012-04-01 11:09 . 2012-04-01 11:09 -------- d-----w- c:\users\Kuba\Examples
2012-03-29 15:58 . 2012-03-29 15:58 -------- d-----w- c:\users\Kuba\AppData\Roaming\Nokia
2012-03-29 15:56 . 2012-03-29 15:56 -------- d-----w- c:\program files (x86)\Common Files\Nokia
2012-03-29 15:55 . 2008-08-28 09:44 25600 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys
2012-03-29 15:55 . 2012-03-29 15:55 -------- d-----w- c:\program files (x86)\PC Connectivity Solution
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-12 01:34 . 2012-01-08 10:59 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-03-22 05:13 . 2012-01-12 05:36 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-03-22 05:13 . 2012-01-08 10:59 484176 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-03-19 21:18 . 2011-09-12 19:17 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-14 18:54 . 2012-03-14 18:56 953142 ----a-w- C:\Camera.zip
2012-03-12 10:24 . 2012-03-12 10:24 65536 ----a-r- c:\users\Kuba\AppData\Roaming\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut5_3293C06B003F40278380FFD79E38167D.exe
2012-03-12 10:24 . 2012-03-12 10:24 61440 ----a-r- c:\users\Kuba\AppData\Roaming\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut3_3293C06B003F40278380FFD79E38167D.exe
2012-03-12 10:24 . 2012-03-12 10:24 61440 ----a-r- c:\users\Kuba\AppData\Roaming\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\NewShortcut2_3293C06B003F40278380FFD79E38167D_1.exe
2012-03-12 10:24 . 2012-03-12 10:24 57344 ----a-r- c:\users\Kuba\AppData\Roaming\Microsoft\Installer\{3293C06B-003F-4027-8380-FFD79E38167D}\ARPPRODUCTICON.exe
2012-03-03 08:57 . 2011-09-12 22:42 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-03 08:56 . 2012-02-11 09:49 484176 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-02-24 08:44 . 2011-09-12 22:15 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-02-24 08:44 . 2011-09-12 22:15 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-02-23 08:18 . 2011-09-12 19:22 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 04:41 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 06:38 . 2012-03-14 04:41 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 04:41 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 04:41 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 04:41 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 22:24 . 2012-02-15 22:24 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-02-10 06:36 . 2012-03-14 04:41 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 04:41 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 04:42 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-29 21:56 . 2012-01-07 18:22 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-24_11.09.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-04-24 14:29 31294 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-12 13:15 . 2012-04-24 14:29 12000 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3235405325-3058188748-1764560730-1000_UserData.bin
+ 2011-09-25 11:08 . 2012-04-24 14:46 17291 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2011-09-25 11:08 . 2012-04-24 08:54 17291 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2012-04-24 14:46 . 2012-04-24 14:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-24 08:59 . 2012-04-24 08:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-24 14:46 . 2012-04-24 14:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-24 08:59 . 2012-04-24 08:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-13 08:15 . 2012-04-24 14:02 395824 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-04-24 10:23 664216 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-24 14:38 664216 c:\windows\system32\perfh009.dat
+ 2009-07-14 15:18 . 2012-04-24 14:38 678788 c:\windows\system32\perfh005.dat
- 2009-07-14 15:18 . 2012-04-24 10:23 678788 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2012-04-24 14:38 126346 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-24 10:23 126346 c:\windows\system32\perfc009.dat
- 2009-07-14 15:18 . 2012-04-24 10:23 146646 c:\windows\system32\perfc005.dat
+ 2009-07-14 15:18 . 2012-04-24 14:38 146646 c:\windows\system32\perfc005.dat
- 2012-04-13 21:17 . 2012-04-24 08:54 268480 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-04-13 21:17 . 2012-04-24 14:46 268480 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-04-24 08:54 475700 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-24 14:46 475700 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-09 08:24 . 2012-04-24 14:26 8689824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3235405325-3058188748-1764560730-1000-12288.dat
- 2011-11-09 08:24 . 2012-04-20 17:38 8689824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3235405325-3058188748-1764560730-1000-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Kuba\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Kuba\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Kuba\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Kuba\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-02-25 1289296]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-23 284696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-11-09 343168]
"Malwarebytes Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
.
c:\users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Kuba\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-25 1129760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664]
R4 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-05-25 47776]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-02-25 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-02-05 865824]
S2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336]
S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-04-22 171040]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-10-20 2072896]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-20 11856]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Kuba\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Kuba\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Kuba\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Kuba\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-02-05 860192]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2010-04-22 223264]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-05-25 585376]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-05-25 354464]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "f:\programy\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: Interfaces\{813565E6-4680-4A00-80A2-BDDA8BC2BE48}\75966696: NameServer = 77.98.40.10,77.95.42.102
FF - ProfilePath - c:\users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\ujf3vmpr.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
.
**************************************************************************
.
Celkový čas: 2012-04-24 16:53:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-24 14:53
ComboFix2.txt 2012-04-24 11:11
.
Před spuštěním: Volných bajtů: 15 697 346 560
Po spuštění: Volných bajtů: 15 614 996 480
.
- - End Of File - - A68D91D38CDE0759AB9F44D9988DF24B

BiScHop · Příspěvekod **BiScHop** » 24 dub 2012 17:18

TDSS

17:00:02.0468 3404 TDSS rootkit removing tool 2.7.32.0 Apr 23 2012 19:12:34
17:00:02.0702 3404 ============================================================
17:00:02.0702 3404 Current date / time: 2012/04/24 17:00:02.0702
17:00:02.0702 3404 SystemInfo:
17:00:02.0702 3404
17:00:02.0702 3404 OS Version: 6.1.7601 ServicePack: 1.0
17:00:02.0702 3404 Product type: Workstation
17:00:02.0702 3404 ComputerName: KUBA-PC
17:00:02.0702 3404 UserName: Kuba
17:00:02.0702 3404 Windows directory: C:\Windows
17:00:02.0702 3404 System windows directory: C:\Windows
17:00:02.0702 3404 Running under WOW64
17:00:02.0702 3404 Processor architecture: Intel x64
17:00:02.0702 3404 Number of processors: 4
17:00:02.0702 3404 Page size: 0x1000
17:00:02.0702 3404 Boot type: Normal boot
17:00:02.0702 3404 ============================================================
17:00:04.0465 3404 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:00:04.0481 3404 Drive \Device\Harddisk1\DR1 - Size: 0xEB800000 (3.68 Gb), SectorSize: 0x200, Cylinders: 0x1E0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:00:04.0481 3404 ============================================================
17:00:04.0481 3404 \Device\Harddisk0\DR0:
17:00:04.0481 3404 MBR partitions:
17:00:04.0481 3404 \Device\Harddisk1\DR1:
17:00:04.0481 3404 MBR partitions:
17:00:04.0481 3404 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x75A000
17:00:04.0481 3404 ============================================================
17:00:04.0481 3404 Initialize success
17:00:04.0481 3404 ============================================================
17:00:17.0382 0764 ============================================================
17:00:17.0382 0764 Scan started
17:00:17.0382 0764 Mode: Manual;
17:00:17.0382 0764 ============================================================
17:00:17.0460 0764 1394ohci - ok
17:00:17.0475 0764 ACPI - ok
17:00:17.0475 0764 AcpiPmi - ok
17:00:17.0491 0764 AdobeARMservice - ok
17:00:17.0507 0764 adp94xx - ok
17:00:17.0522 0764 adpahci - ok
17:00:17.0522 0764 adpu320 - ok
17:00:17.0538 0764 AeLookupSvc - ok
17:00:17.0553 0764 AFD - ok
17:00:17.0553 0764 agp440 - ok
17:00:17.0553 0764 ALG - ok
17:00:17.0569 0764 aliide - ok
17:00:17.0585 0764 AMD External Events Utility - ok
17:00:17.0600 0764 amdide - ok
17:00:17.0600 0764 AmdK8 - ok
17:00:17.0600 0764 amdkmdag - ok
17:00:17.0616 0764 amdkmdap - ok
17:00:17.0631 0764 AmdPPM - ok
17:00:17.0631 0764 amdsata - ok
17:00:17.0631 0764 amdsbs - ok
17:00:17.0647 0764 amdxata - ok
17:00:17.0678 0764 AmUStor - ok
17:00:17.0678 0764 AntiVirSchedulerService - ok
17:00:17.0678 0764 AntiVirService - ok
17:00:17.0709 0764 AppID - ok
17:00:17.0709 0764 AppIDSvc - ok
17:00:17.0709 0764 Appinfo - ok
17:00:17.0725 0764 Apple Mobile Device - ok
17:00:17.0741 0764 AppMgmt - ok
17:00:17.0756 0764 arc - ok
17:00:17.0756 0764 arcsas - ok
17:00:17.0803 0764 aspnet_state - ok
17:00:17.0803 0764 AsyncMac - ok
17:00:17.0819 0764 atapi - ok
17:00:17.0834 0764 AthBTPort - ok
17:00:17.0850 0764 AtherosSvc - ok
17:00:17.0881 0764 AtiHDAudioService - ok
17:00:17.0897 0764 AudioEndpointBuilder - ok
17:00:17.0897 0764 AudioSrv - ok
17:00:17.0912 0764 avgntflt - ok
17:00:17.0912 0764 avipbb - ok
17:00:17.0928 0764 AxInstSV - ok
17:00:17.0943 0764 b06bdrv - ok
17:00:17.0959 0764 b57nd60a - ok
17:00:17.0975 0764 BCM43XX - ok
17:00:17.0975 0764 BDESVC - ok
17:00:17.0975 0764 Beep - ok
17:00:18.0006 0764 BFE - ok
17:00:18.0006 0764 BITS - ok
17:00:18.0021 0764 blbdrive - ok
17:00:18.0037 0764 Bonjour Service - ok
17:00:18.0037 0764 bowser - ok
17:00:18.0053 0764 BrFiltLo - ok
17:00:18.0068 0764 BrFiltUp - ok
17:00:18.0084 0764 BridgeMP - ok
17:00:18.0084 0764 Browser - ok
17:00:18.0099 0764 Brserid - ok
17:00:18.0099 0764 BrSerWdm - ok
17:00:18.0099 0764 BrUsbMdm - ok
17:00:18.0115 0764 BrUsbSer - ok
17:00:18.0131 0764 BTATH_A2DP - ok
17:00:18.0131 0764 BTATH_BUS - ok
17:00:18.0146 0764 BTATH_HCRP - ok
17:00:18.0146 0764 BTATH_LWFLT - ok
17:00:18.0146 0764 BTATH_RCP - ok
17:00:18.0177 0764 BthEnum - ok
17:00:18.0177 0764 BTHMODEM - ok
17:00:18.0177 0764 BthPan - ok
17:00:18.0209 0764 BTHPORT - ok
17:00:18.0209 0764 bthserv - ok
17:00:18.0224 0764 BTHUSB - ok
17:00:18.0240 0764 btwampfl - ok
17:00:18.0255 0764 btwaudio - ok
17:00:18.0271 0764 btwavdt - ok
17:00:18.0287 0764 btwdins - ok
17:00:18.0287 0764 btwl2cap - ok
17:00:18.0302 0764 btwrchid - ok
17:00:18.0333 0764 catchme - ok
17:00:18.0333 0764 cdfs - ok
17:00:18.0349 0764 cdrom - ok
17:00:18.0365 0764 CertPropSvc - ok
17:00:18.0380 0764 circlass - ok
17:00:18.0380 0764 CLFS - ok
17:00:18.0396 0764 clr_optimization_v2.0.50727_32 - ok
17:00:18.0396 0764 clr_optimization_v2.0.50727_64 - ok
17:00:18.0411 0764 clr_optimization_v4.0.30319_32 - ok
17:00:18.0427 0764 clr_optimization_v4.0.30319_64 - ok
17:00:18.0427 0764 CmBatt - ok
17:00:18.0427 0764 cmdide - ok
17:00:18.0443 0764 CNG - ok
17:00:18.0458 0764 Compbatt - ok
17:00:18.0458 0764 CompositeBus - ok
17:00:18.0474 0764 COMSysApp - ok
17:00:18.0489 0764 crcdisk - ok
17:00:18.0505 0764 CryptSvc - ok
17:00:18.0505 0764 CSC - ok
17:00:18.0521 0764 CscService - ok
17:00:18.0536 0764 DcomLaunch - ok
17:00:18.0536 0764 defragsvc - ok
17:00:18.0552 0764 DfsC - ok
17:00:18.0567 0764 dgderdrv - ok
17:00:18.0599 0764 dg_ssudbus - ok
17:00:18.0614 0764 Dhcp - ok
17:00:18.0614 0764 discache - ok
17:00:18.0645 0764 Disk - ok
17:00:18.0645 0764 Dnscache - ok
17:00:18.0645 0764 dot3svc - ok
17:00:18.0661 0764 DPS - ok
17:00:18.0661 0764 drmkaud - ok
17:00:18.0677 0764 DsiWMIService - ok
17:00:18.0692 0764 dtsoftbus01 - ok
17:00:18.0692 0764 DXGKrnl - ok
17:00:18.0708 0764 EapHost - ok
17:00:18.0708 0764 ebdrv - ok
17:00:18.0723 0764 EFS - ok
17:00:18.0739 0764 ehRecvr - ok
17:00:18.0739 0764 ehSched - ok
17:00:18.0739 0764 elxstor - ok
17:00:18.0755 0764 ePowerSvc - ok
17:00:18.0755 0764 ErrDev - ok
17:00:18.0770 0764 EventSystem - ok
17:00:18.0770 0764 EvtEng - ok
17:00:18.0786 0764 exfat - ok
17:00:18.0786 0764 fastfat - ok
17:00:18.0786 0764 Fax - ok
17:00:18.0801 0764 fdc - ok
17:00:18.0801 0764 fdPHost - ok
17:00:18.0801 0764 FDResPub - ok
17:00:18.0817 0764 FileInfo - ok
17:00:18.0817 0764 Filetrace - ok
17:00:18.0833 0764 flpydisk - ok
17:00:18.0833 0764 FltMgr - ok
17:00:18.0833 0764 FontCache - ok
17:00:18.0848 0764 FontCache3.0.0.0 - ok
17:00:18.0848 0764 FsDepends - ok
17:00:18.0848 0764 Fs_Rec - ok
17:00:18.0864 0764 fvevol - ok
17:00:18.0864 0764 gagp30kx - ok
17:00:18.0879 0764 GEARAspiWDM - ok
17:00:18.0879 0764 gpsvc - ok
17:00:18.0879 0764 hcw85cir - ok
17:00:18.0895 0764 HdAudAddService - ok
17:00:18.0895 0764 HDAudBus - ok
17:00:18.0911 0764 HECIx64 - ok
17:00:18.0911 0764 HidBatt - ok
17:00:18.0926 0764 HidBth - ok
17:00:18.0926 0764 HidIr - ok
17:00:18.0942 0764 hidserv - ok
17:00:18.0973 0764 HidUsb - ok
17:00:18.0989 0764 hkmsvc - ok
17:00:18.0989 0764 HomeGroupListener - ok
17:00:18.0989 0764 HomeGroupProvider - ok
17:00:19.0004 0764 HpSAMD - ok
17:00:19.0035 0764 HTTP - ok
17:00:19.0035 0764 hwpolicy - ok
17:00:19.0035 0764 i8042prt - ok
17:00:19.0051 0764 iaStor - ok
17:00:19.0051 0764 IAStorDataMgrSvc - ok
17:00:19.0051 0764 iaStorV - ok
17:00:19.0067 0764 idsvc - ok
17:00:19.0082 0764 iirsp - ok
17:00:19.0082 0764 IKEEXT - ok
17:00:19.0082 0764 intelide - ok
17:00:19.0098 0764 intelkmd - ok
17:00:19.0113 0764 intelppm - ok
17:00:19.0129 0764 IPBusEnum - ok
17:00:19.0129 0764 IpFilterDriver - ok
17:00:19.0129 0764 iphlpsvc - ok
17:00:19.0145 0764 IPMIDRV - ok
17:00:19.0145 0764 IPNAT - ok
17:00:19.0160 0764 iPod Service - ok
17:00:19.0160 0764 IRENUM - ok
17:00:19.0176 0764 isapnp - ok
17:00:19.0176 0764 iScsiPrt - ok
17:00:19.0176 0764 kbdclass - ok
17:00:19.0191 0764 kbdhid - ok
17:00:19.0191 0764 KeyIso - ok
17:00:19.0207 0764 KSecDD - ok
17:00:19.0207 0764 KSecPkg - ok
17:00:19.0207 0764 ksthunk - ok
17:00:19.0223 0764 KtmRm - ok
17:00:19.0223 0764 L1C - ok
17:00:19.0238 0764 LanmanServer - ok
17:00:19.0254 0764 LanmanWorkstation - ok
17:00:19.0254 0764 LkCitadelServer - ok
17:00:19.0269 0764 lkClassAds - ok
17:00:19.0269 0764 lkTimeSync - ok
17:00:19.0285 0764 lltdio - ok
17:00:19.0285 0764 lltdsvc - ok
17:00:19.0301 0764 lmhosts - ok
17:00:19.0316 0764 LMS - ok
17:00:19.0332 0764 LSI_FC - ok
17:00:19.0332 0764 LSI_SAS - ok
17:00:19.0347 0764 LSI_SAS2 - ok
17:00:19.0347 0764 LSI_SCSI - ok
17:00:19.0347 0764 luafv - ok
17:00:19.0363 0764 Mcx2Svc - ok
17:00:19.0363 0764 megasas - ok
17:00:19.0363 0764 MegaSR - ok
17:00:19.0394 0764 Microsoft SharePoint Workspace Audit Service - ok
17:00:19.0410 0764 MMCSS - ok
17:00:19.0410 0764 Modem - ok
17:00:19.0425 0764 monitor - ok
17:00:19.0441 0764 mouclass - ok
17:00:19.0457 0764 mouhid - ok
17:00:19.0457 0764 mountmgr - ok
17:00:19.0457 0764 mpio - ok
17:00:19.0472 0764 mpsdrv - ok
17:00:19.0472 0764 MpsSvc - ok
17:00:19.0472 0764 MRxDAV - ok
17:00:19.0488 0764 mrxsmb - ok
17:00:19.0488 0764 mrxsmb10 - ok
17:00:19.0488 0764 mrxsmb20 - ok
17:00:19.0503 0764 msahci - ok
17:00:19.0503 0764 msdsm - ok
17:00:19.0519 0764 MSDTC - ok
17:00:19.0519 0764 Msfs - ok
17:00:19.0535 0764 mshidkmdf - ok
17:00:19.0535 0764 msisadrv - ok
17:00:19.0535 0764 MSiSCSI - ok
17:00:19.0550 0764 msiserver - ok
17:00:19.0566 0764 MSKSSRV - ok
17:00:19.0581 0764 MSPCLOCK - ok
17:00:19.0581 0764 MSPQM - ok
17:00:19.0581 0764 MsRPC - ok
17:00:19.0597 0764 mssmbios - ok
17:00:19.0597 0764 MSTEE - ok
17:00:19.0597 0764 MTConfig - ok
17:00:19.0613 0764 Mup - ok
17:00:19.0628 0764 MyWiFiDHCPDNS - ok
17:00:19.0628 0764 napagent - ok
17:00:19.0644 0764 NativeWifiP - ok
17:00:19.0659 0764 NDIS - ok
17:00:19.0659 0764 NdisCap - ok
17:00:19.0675 0764 NdisTapi - ok
17:00:19.0675 0764 Ndisuio - ok
17:00:19.0691 0764 NdisWan - ok
17:00:19.0691 0764 NDProxy - ok
17:00:19.0706 0764 NetBIOS - ok
17:00:19.0706 0764 NetBT - ok
17:00:19.0706 0764 Netlogon - ok
17:00:19.0722 0764 Netman - ok
17:00:19.0737 0764 NetMsmqActivator - ok
17:00:19.0737 0764 NetPipeActivator - ok
17:00:19.0737 0764 netprofm - ok
17:00:19.0753 0764 NetTcpActivator - ok
17:00:19.0769 0764 NetTcpPortSharing - ok
17:00:19.0769 0764 nfrd960 - ok
17:00:19.0784 0764 NIDomainService - ok
17:00:19.0784 0764 NILM License Manager - ok
17:00:19.0800 0764 niSvcLoc - ok
17:00:19.0800 0764 NlaSvc - ok
17:00:19.0815 0764 NMIndexingService - ok
17:00:19.0831 0764 Npfs - ok
17:00:19.0831 0764 nsi - ok
17:00:19.0831 0764 nsiproxy - ok
17:00:19.0847 0764 Ntfs - ok
17:00:19.0847 0764 Null - ok
17:00:19.0862 0764 nvraid - ok
17:00:19.0862 0764 nvstor - ok
17:00:19.0878 0764 nv_agp - ok
17:00:19.0893 0764 ODDPwrSvc - ok
17:00:19.0893 0764 ohci1394 - ok
17:00:19.0893 0764 ose64 - ok
17:00:19.0909 0764 osppsvc - ok
17:00:19.0909 0764 p2pimsvc - ok
17:00:19.0925 0764 p2psvc - ok
17:00:19.0925 0764 Parport - ok
17:00:19.0925 0764 partmgr - ok
17:00:19.0940 0764 PcaSvc - ok
17:00:19.0956 0764 pccsmcfd - ok
17:00:19.0956 0764 pci - ok
17:00:19.0956 0764 pciide - ok
17:00:19.0971 0764 pcmcia - ok
17:00:19.0971 0764 pcw - ok
17:00:19.0971 0764 PEAUTH - ok
17:00:19.0987 0764 PeerDistSvc - ok
17:00:19.0987 0764 PerfHost - ok
17:00:20.0003 0764 pla - ok
17:00:20.0018 0764 PlugPlay - ok
17:00:20.0018 0764 PnkBstrA - ok
17:00:20.0034 0764 PNRPAutoReg - ok
17:00:20.0034 0764 PNRPsvc - ok
17:00:20.0034 0764 PolicyAgent - ok
17:00:20.0049 0764 Power - ok
17:00:20.0049 0764 PptpMiniport - ok
17:00:20.0065 0764 Processor - ok
17:00:20.0065 0764 ProfSvc - ok
17:00:20.0081 0764 ProtectedStorage - ok
17:00:20.0096 0764 Psched - ok
17:00:20.0096 0764 ql2300 - ok
17:00:20.0096 0764 ql40xx - ok
17:00:20.0112 0764 QWAVE - ok
17:00:20.0112 0764 QWAVEdrv - ok
17:00:20.0112 0764 RasAcd - ok
17:00:20.0127 0764 RasAgileVpn - ok
17:00:20.0127 0764 RasAuto - ok
17:00:20.0143 0764 Rasl2tp - ok
17:00:20.0143 0764 RasMan - ok
17:00:20.0159 0764 RasPppoe - ok
17:00:20.0159 0764 RasSstp - ok
17:00:20.0159 0764 rdbss - ok
17:00:20.0174 0764 rdpbus - ok
17:00:20.0174 0764 RDPCDD - ok
17:00:20.0190 0764 RDPDR - ok
17:00:20.0190 0764 RDPENCDD - ok
17:00:20.0205 0764 RDPREFMP - ok
17:00:20.0205 0764 RdpVideoMiniport - ok
17:00:20.0221 0764 RDPWD - ok
17:00:20.0221 0764 rdyboost - ok
17:00:20.0237 0764 RegSrvc - ok
17:00:20.0237 0764 RemoteAccess - ok
17:00:20.0252 0764 RemoteRegistry - ok
17:00:20.0252 0764 RFCOMM - ok
17:00:20.0268 0764 RMCAST - ok
17:00:20.0268 0764 RpcEptMapper - ok
17:00:20.0283 0764 RpcLocator - ok
17:00:20.0283 0764 RpcSs - ok
17:00:20.0299 0764 rspndr - ok
17:00:20.0315 0764 RTL2832UBDA - ok
17:00:20.0330 0764 RTL2832UUSB - ok
17:00:20.0330 0764 s3cap - ok
17:00:20.0346 0764 SamSs - ok
17:00:20.0346 0764 sbp2port - ok
17:00:20.0346 0764 SCardSvr - ok
17:00:20.0361 0764 scfilter - ok
17:00:20.0361 0764 Schedule - ok
17:00:20.0377 0764 SCPolicySvc - ok
17:00:20.0377 0764 SDRSVC - ok
17:00:20.0393 0764 secdrv - ok
17:00:20.0393 0764 seclogon - ok
17:00:20.0393 0764 SENS - ok
17:00:20.0408 0764 SensrSvc - ok
17:00:20.0424 0764 Sentinel - ok
17:00:20.0424 0764 Serenum - ok
17:00:20.0439 0764 Serial - ok
17:00:20.0455 0764 sermouse - ok
17:00:20.0471 0764 ServiceLayer - ok
17:00:20.0471 0764 SessionEnv - ok
17:00:20.0486 0764 sffdisk - ok
17:00:20.0486 0764 sffp_mmc - ok
17:00:20.0486 0764 sffp_sd - ok
17:00:20.0502 0764 sfloppy - ok
17:00:20.0502 0764 SharedAccess - ok
17:00:20.0517 0764 ShellHWDetection - ok
17:00:20.0517 0764 SiSRaid2 - ok
17:00:20.0517 0764 SiSRaid4 - ok
17:00:20.0533 0764 Smb - ok
17:00:20.0549 0764 SNMPTRAP - ok
17:00:20.0564 0764 Sntnlusb - ok
17:00:20.0564 0764 spldr - ok
17:00:20.0580 0764 Spooler - ok
17:00:20.0580 0764 sppsvc - ok
17:00:20.0580 0764 sppuinotify - ok
17:00:20.0611 0764 sptd - ok
17:00:20.0627 0764 srv - ok
17:00:20.0627 0764 srv2 - ok
17:00:20.0627 0764 srvnet - ok
17:00:20.0642 0764 SSDPSRV - ok
17:00:20.0658 0764 SstpSvc - ok
17:00:20.0673 0764 ssudmdm - ok
17:00:20.0673 0764 StarOpen - ok
17:00:20.0705 0764 Steam Client Service - ok
17:00:20.0720 0764 stexstor - ok
17:00:20.0720 0764 stisvc - ok
17:00:20.0720 0764 storflt - ok
17:00:20.0736 0764 storvsc - ok
17:00:20.0736 0764 swenum - ok
17:00:20.0736 0764 SwitchBoard - ok
17:00:20.0751 0764 swprv - ok
17:00:20.0767 0764 Synth3dVsc - ok
17:00:20.0767 0764 SynTP - ok
17:00:20.0783 0764 SysMain - ok
17:00:20.0783 0764 TabletInputService - ok
17:00:20.0783 0764 TapiSrv - ok
17:00:20.0798 0764 TBS - ok
17:00:20.0798 0764 Tcpip - ok
17:00:20.0814 0764 TCPIP6 - ok
17:00:20.0814 0764 tcpipreg - ok
17:00:20.0829 0764 TDPIPE - ok
17:00:20.0829 0764 TDTCP - ok
17:00:20.0845 0764 tdx - ok
17:00:20.0861 0764 TermDD - ok
17:00:20.0861 0764 TermService - ok
17:00:20.0876 0764 Themes - ok
17:00:20.0876 0764 THREADORDER - ok
17:00:20.0876 0764 TrkWks - ok
17:00:20.0892 0764 TrustedInstaller - ok
17:00:20.0892 0764 tssecsrv - ok
17:00:20.0907 0764 TsUsbFlt - ok
17:00:20.0923 0764 tsusbhub - ok
17:00:20.0954 0764 TuneUp.UtilitiesSvc - ok
17:00:20.0970 0764 TuneUpUtilitiesDrv - ok
17:00:21.0048 0764 tunnel - ok
17:00:21.0048 0764 uagp35 - ok
17:00:21.0048 0764 udfs - ok
17:00:21.0063 0764 UI0Detect - ok
17:00:21.0079 0764 uliagpkx - ok
17:00:21.0095 0764 umbus - ok
17:00:21.0095 0764 UmPass - ok
17:00:21.0095 0764 UmRdpService - ok
17:00:21.0110 0764 UNS - ok
17:00:21.0110 0764 upnphost - ok
17:00:21.0126 0764 USBAAPL64 - ok
17:00:21.0126 0764 usbccgp - ok
17:00:21.0141 0764 usbcir - ok
17:00:21.0141 0764 usbehci - ok
17:00:21.0141 0764 usbhub - ok
17:00:21.0157 0764 usbohci - ok
17:00:21.0157 0764 usbprint - ok
17:00:21.0173 0764 usbscan - ok
17:00:21.0173 0764 USBSTOR - ok
17:00:21.0188 0764 usbuhci - ok
17:00:21.0188 0764 usbvideo - ok
17:00:21.0219 0764 usb_rndisx - ok
17:00:21.0219 0764 UxSms - ok
17:00:21.0235 0764 VaultSvc - ok
17:00:21.0235 0764 vdrvroot - ok
17:00:21.0251 0764 vds - ok
17:00:21.0251 0764 vga - ok
17:00:21.0266 0764 VgaSave - ok
17:00:21.0266 0764 VGPU - ok
17:00:21.0266 0764 vhdmp - ok
17:00:21.0282 0764 viaide - ok
17:00:21.0282 0764 vmbus - ok
17:00:21.0282 0764 VMBusHID - ok
17:00:21.0297 0764 volmgr - ok
17:00:21.0297 0764 volmgrx - ok
17:00:21.0297 0764 volsnap - ok
17:00:21.0313 0764 vsmraid - ok
17:00:21.0329 0764 VSS - ok
17:00:21.0329 0764 vwifibus - ok
17:00:21.0344 0764 VWiFiFlt - ok
17:00:21.0360 0764 vwifimp - ok
17:00:21.0360 0764 W32Time - ok
17:00:21.0375 0764 WacomPen - ok
17:00:21.0375 0764 WANARP - ok
17:00:21.0391 0764 Wanarpv6 - ok
17:00:21.0391 0764 WatAdminSvc - ok
17:00:21.0391 0764 wbengine - ok
17:00:21.0407 0764 WbioSrvc - ok
17:00:21.0407 0764 wcncsvc - ok
17:00:21.0422 0764 WcsPlugInService - ok
17:00:21.0422 0764 Wd - ok
17:00:21.0422 0764 Wdf01000 - ok
17:00:21.0438 0764 WdiServiceHost - ok
17:00:21.0438 0764 WdiSystemHost - ok
17:00:21.0438 0764 WebClient - ok
17:00:21.0453 0764 Wecsvc - ok
17:00:21.0453 0764 wercplsupport - ok
17:00:21.0469 0764 WerSvc - ok
17:00:21.0469 0764 WfpLwf - ok
17:00:21.0469 0764 WIMMount - ok
17:00:21.0485 0764 WinDefend - ok
17:00:21.0500 0764 WinHttpAutoProxySvc - ok
17:00:21.0500 0764 Winmgmt - ok
17:00:21.0500 0764 WinRM - ok
17:00:21.0531 0764 WinUsb - ok
17:00:21.0531 0764 Wlansvc - ok
17:00:21.0547 0764 wlidsvc - ok
17:00:21.0547 0764 WmiAcpi - ok
17:00:21.0563 0764 wmiApSrv - ok
17:00:21.0563 0764 WMPNetworkSvc - ok
17:00:21.0563 0764 WPCSvc - ok
17:00:21.0578 0764 WPDBusEnum - ok
17:00:21.0578 0764 ws2ifsl - ok
17:00:21.0594 0764 wscsvc - ok
17:00:21.0594 0764 WSearch - ok
17:00:21.0609 0764 wuauserv - ok
17:00:21.0609 0764 WudfPf - ok
17:00:21.0625 0764 WUDFRd - ok
17:00:21.0625 0764 wudfsvc - ok
17:00:21.0641 0764 WwanSvc - ok
17:00:21.0672 0764 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:00:21.0703 0764 \Device\Harddisk0\DR0 - ok
17:00:22.0374 0764 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
17:00:22.0421 0764 \Device\Harddisk1\DR1 - ok
17:00:22.0436 0764 Boot (0x1200) (38a0fb04c19701e5e3767a2c4bb50b84) \Device\Harddisk1\DR1\Partition0
17:00:22.0436 0764 \Device\Harddisk1\DR1\Partition0 - ok
17:00:22.0436 0764 ============================================================
17:00:22.0436 0764 Scan finished
17:00:22.0436 0764 ============================================================
17:00:22.0452 3756 Detected object count: 0
17:00:22.0452 3756 Actual detected object count: 0
17:00:34.0916 4976 ============================================================
17:00:34.0916 4976 Scan started
17:00:34.0916 4976 Mode: Manual;
17:00:34.0916 4976 ============================================================
17:00:34.0932 4976 1394ohci - ok
17:00:34.0932 4976 ACPI - ok
17:00:34.0947 4976 AcpiPmi - ok
17:00:34.0947 4976 AdobeARMservice - ok
17:00:34.0963 4976 adp94xx - ok
17:00:34.0963 4976 adpahci - ok
17:00:34.0963 4976 adpu320 - ok
17:00:34.0979 4976 AeLookupSvc - ok
17:00:34.0979 4976 AFD - ok
17:00:34.0994 4976 agp440 - ok
17:00:34.0994 4976 ALG - ok
17:00:34.0994 4976 aliide - ok
17:00:35.0010 4976 AMD External Events Utility - ok
17:00:35.0010 4976 amdide - ok
17:00:35.0010 4976 AmdK8 - ok
17:00:35.0025 4976 amdkmdag - ok
17:00:35.0025 4976 amdkmdap - ok
17:00:35.0025 4976 AmdPPM - ok
17:00:35.0041 4976 amdsata - ok
17:00:35.0041 4976 amdsbs - ok
17:00:35.0041 4976 amdxata - ok
17:00:35.0057 4976 AmUStor - ok
17:00:35.0057 4976 AntiVirSchedulerService - ok
17:00:35.0072 4976 AntiVirService - ok
17:00:35.0072 4976 AppID - ok
17:00:35.0072 4976 AppIDSvc - ok
17:00:35.0088 4976 Appinfo - ok
17:00:35.0088 4976 Apple Mobile Device - ok
17:00:35.0088 4976 AppMgmt - ok
17:00:35.0103 4976 arc - ok
17:00:35.0103 4976 arcsas - ok
17:00:35.0119 4976 aspnet_state - ok
17:00:35.0119 4976 AsyncMac - ok
17:00:35.0135 4976 atapi - ok
17:00:35.0135 4976 AthBTPort - ok
17:00:35.0150 4976 AtherosSvc - ok
17:00:35.0150 4976 AtiHDAudioService - ok
17:00:35.0166 4976 AudioEndpointBuilder - ok
17:00:35.0166 4976 AudioSrv - ok
17:00:35.0166 4976 avgntflt - ok
17:00:35.0181 4976 avipbb - ok
17:00:35.0181 4976 AxInstSV - ok
17:00:35.0181 4976 b06bdrv - ok
17:00:35.0197 4976 b57nd60a - ok
17:00:35.0197 4976 BCM43XX - ok
17:00:35.0213 4976 BDESVC - ok
17:00:35.0213 4976 Beep - ok
17:00:35.0213 4976 BFE - ok
17:00:35.0228 4976 BITS - ok
17:00:35.0228 4976 blbdrive - ok
17:00:35.0228 4976 Bonjour Service - ok
17:00:35.0244 4976 bowser - ok
17:00:35.0244 4976 BrFiltLo - ok
17:00:35.0244 4976 BrFiltUp - ok
17:00:35.0259 4976 BridgeMP - ok
17:00:35.0259 4976 Browser - ok
17:00:35.0275 4976 Brserid - ok
17:00:35.0275 4976 BrSerWdm - ok
17:00:35.0275 4976 BrUsbMdm - ok
17:00:35.0291 4976 BrUsbSer - ok
17:00:35.0291 4976 BTATH_A2DP - ok
17:00:35.0291 4976 BTATH_BUS - ok
17:00:35.0306 4976 BTATH_HCRP - ok
17:00:35.0306 4976 BTATH_LWFLT - ok
17:00:35.0306 4976 BTATH_RCP - ok
17:00:35.0322 4976 BthEnum - ok
17:00:35.0322 4976 BTHMODEM - ok
17:00:35.0337 4976 BthPan - ok
17:00:35.0337 4976 BTHPORT - ok
17:00:35.0353 4976 bthserv - ok
17:00:35.0353 4976 BTHUSB - ok
17:00:35.0353 4976 btwampfl - ok
17:00:35.0369 4976 btwaudio - ok
17:00:35.0369 4976 btwavdt - ok
17:00:35.0369 4976 btwdins - ok
17:00:35.0384 4976 btwl2cap - ok
17:00:35.0384 4976 btwrchid - ok
17:00:35.0384 4976 catchme - ok
17:00:35.0400 4976 cdfs - ok
17:00:35.0400 4976 cdrom - ok
17:00:35.0400 4976 CertPropSvc - ok
17:00:35.0415 4976 circlass - ok
17:00:35.0415 4976 CLFS - ok
17:00:35.0431 4976 clr_optimization_v2.0.50727_32 - ok
17:00:35.0431 4976 clr_optimization_v2.0.50727_64 - ok
17:00:35.0431 4976 clr_optimization_v4.0.30319_32 - ok
17:00:35.0447 4976 clr_optimization_v4.0.30319_64 - ok
17:00:35.0447 4976 CmBatt - ok
17:00:35.0447 4976 cmdide - ok
17:00:35.0462 4976 CNG - ok
17:00:35.0462 4976 Compbatt - ok
17:00:35.0462 4976 CompositeBus - ok
17:00:35.0478 4976 COMSysApp - ok
17:00:35.0478 4976 crcdisk - ok
17:00:35.0493 4976 CryptSvc - ok
17:00:35.0493 4976 CSC - ok
17:00:35.0493 4976 CscService - ok
17:00:35.0509 4976 DcomLaunch - ok
17:00:35.0509 4976 defragsvc - ok
17:00:35.0525 4976 DfsC - ok
17:00:35.0525 4976 dgderdrv - ok
17:00:35.0525 4976 dg_ssudbus - ok
17:00:35.0540 4976 Dhcp - ok
17:00:35.0540 4976 discache - ok
17:00:35.0556 4976 Disk - ok
17:00:35.0556 4976 Dnscache - ok
17:00:35.0556 4976 dot3svc - ok
17:00:35.0571 4976 DPS - ok
17:00:35.0571 4976 drmkaud - ok
17:00:35.0571 4976 DsiWMIService - ok
17:00:35.0587 4976 dtsoftbus01 - ok
17:00:35.0587 4976 DXGKrnl - ok
17:00:35.0587 4976 EapHost - ok
17:00:35.0603 4976 ebdrv - ok
17:00:35.0603 4976 EFS - ok
17:00:35.0603 4976 ehRecvr - ok
17:00:35.0618 4976 ehSched - ok
17:00:35.0618 4976 elxstor - ok
17:00:35.0634 4976 ePowerSvc - ok
17:00:35.0634 4976 ErrDev - ok
17:00:35.0649 4976 EventSystem - ok
17:00:35.0649 4976 EvtEng - ok
17:00:35.0649 4976 exfat - ok
17:00:35.0665 4976 fastfat - ok
17:00:35.0665 4976 Fax - ok
17:00:35.0665 4976 fdc - ok
17:00:35.0681 4976 fdPHost - ok
17:00:35.0681 4976 FDResPub - ok
17:00:35.0681 4976 FileInfo - ok
17:00:35.0696 4976 Filetrace - ok
17:00:35.0696 4976 flpydisk - ok
17:00:35.0696 4976 FltMgr - ok
17:00:35.0712 4976 FontCache - ok
17:00:35.0712 4976 FontCache3.0.0.0 - ok
17:00:35.0727 4976 FsDepends - ok
17:00:35.0727 4976 Fs_Rec - ok
17:00:35.0727 4976 fvevol - ok
17:00:35.0743 4976 gagp30kx - ok
17:00:35.0743 4976 GEARAspiWDM - ok
17:00:35.0743 4976 gpsvc - ok
17:00:35.0759 4976 hcw85cir - ok
17:00:35.0759 4976 HdAudAddService - ok
17:00:35.0759 4976 HDAudBus - ok
17:00:35.0774 4976 HECIx64 - ok
17:00:35.0774 4976 HidBatt - ok
17:00:35.0774 4976 HidBth - ok
17:00:35.0790 4976 HidIr - ok
17:00:35.0790 4976 hidserv - ok
17:00:35.0805 4976 HidUsb - ok
17:00:35.0805 4976 hkmsvc - ok
17:00:35.0805 4976 HomeGroupListener - ok
17:00:35.0821 4976 HomeGroupProvider - ok
17:00:35.0821 4976 HpSAMD - ok
17:00:35.0837 4976 HTTP - ok
17:00:35.0837 4976 hwpolicy - ok
17:00:35.0837 4976 i8042prt - ok
17:00:35.0852 4976 iaStor - ok
17:00:35.0852 4976 IAStorDataMgrSvc - ok
17:00:35.0852 4976 iaStorV - ok
17:00:35.0868 4976 idsvc - ok
17:00:35.0868 4976 iirsp - ok
17:00:35.0868 4976 IKEEXT - ok
17:00:35.0883 4976 intelide - ok
17:00:35.0883 4976 intelkmd - ok
17:00:35.0899 4976 intelppm - ok
17:00:35.0899 4976 IPBusEnum - ok
17:00:35.0899 4976 IpFilterDriver - ok
17:00:35.0915 4976 iphlpsvc - ok
17:00:35.0915 4976 IPMIDRV - ok
17:00:35.0930 4976 IPNAT - ok
17:00:35.0930 4976 iPod Service - ok
17:00:35.0930 4976 IRENUM - ok
17:00:35.0946 4976 isapnp - ok
17:00:35.0946 4976 iScsiPrt - ok
17:00:35.0946 4976 kbdclass - ok
17:00:35.0961 4976 kbdhid - ok
17:00:35.0961 4976 KeyIso - ok
17:00:35.0977 4976 KSecDD - ok
17:00:35.0977 4976 KSecPkg - ok
17:00:35.0977 4976 ksthunk - ok
17:00:35.0993 4976 KtmRm - ok
17:00:35.0993 4976 L1C - ok
17:00:35.0993 4976 LanmanServer - ok
17:00:36.0008 4976 LanmanWorkstation - ok
17:00:36.0008 4976 LkCitadelServer - ok
17:00:36.0024 4976 lkClassAds - ok
17:00:36.0024 4976 lkTimeSync - ok
17:00:36.0024 4976 lltdio - ok
17:00:36.0039 4976 lltdsvc - ok
17:00:36.0039 4976 lmhosts - ok
17:00:36.0055 4976 LMS - ok
17:00:36.0055 4976 LSI_FC - ok
17:00:36.0055 4976 LSI_SAS - ok
17:00:36.0071 4976 LSI_SAS2 - ok
17:00:36.0071 4976 LSI_SCSI - ok
17:00:36.0071 4976 luafv - ok
17:00:36.0086 4976 Mcx2Svc - ok
17:00:36.0086 4976 megasas - ok
17:00:36.0086 4976 MegaSR - ok
17:00:36.0102 4976 Microsoft SharePoint Workspace Audit Service - ok
17:00:36.0102 4976 MMCSS - ok
17:00:36.0117 4976 Modem - ok
17:00:36.0117 4976 monitor - ok
17:00:36.0117 4976 mouclass - ok
17:00:36.0133 4976 mouhid - ok
17:00:36.0133 4976 mountmgr - ok
17:00:36.0133 4976 mpio - ok
17:00:36.0149 4976 mpsdrv - ok
17:00:36.0149 4976 MpsSvc - ok
17:00:36.0149 4976 MRxDAV - ok
17:00:36.0164 4976 mrxsmb - ok
17:00:36.0164 4976 mrxsmb10 - ok
17:00:36.0164 4976 mrxsmb20 - ok
17:00:36.0180 4976 msahci - ok
17:00:36.0180 4976 msdsm - ok
17:00:36.0180 4976 MSDTC - ok
17:00:36.0195 4976 Msfs - ok
17:00:36.0211 4976 mshidkmdf - ok
17:00:36.0211 4976 msisadrv - ok
17:00:36.0211 4976 MSiSCSI - ok
17:00:36.0227 4976 msiserver - ok
17:00:36.0227 4976 MSKSSRV - ok
17:00:36.0227 4976 MSPCLOCK - ok
17:00:36.0242 4976 MSPQM - ok
17:00:36.0242 4976 MsRPC - ok
17:00:36.0242 4976 mssmbios - ok
17:00:36.0258 4976 MSTEE - ok
17:00:36.0258 4976 MTConfig - ok
17:00:36.0273 4976 Mup - ok
17:00:36.0273 4976 MyWiFiDHCPDNS - ok
17:00:36.0273 4976 napagent - ok
17:00:36.0289 4976 NativeWifiP - ok
17:00:36.0289 4976 NDIS - ok
17:00:36.0289 4976 NdisCap - ok
17:00:36.0305 4976 NdisTapi - ok
17:00:36.0305 4976 Ndisuio - ok
17:00:36.0305 4976 NdisWan - ok
17:00:36.0320 4976 NDProxy - ok
17:00:36.0320 4976 NetBIOS - ok
17:00:36.0336 4976 NetBT - ok
17:00:36.0336 4976 Netlogon - ok
17:00:36.0336 4976 Netman - ok
17:00:36.0351 4976 NetMsmqActivator - ok
17:00:36.0351 4976 NetPipeActivator - ok
17:00:36.0351 4976 netprofm - ok
17:00:36.0367 4976 NetTcpActivator - ok
17:00:36.0367 4976 NetTcpPortSharing - ok
17:00:36.0367 4976 nfrd960 - ok
17:00:36.0383 4976 NIDomainService - ok
17:00:36.0383 4976 NILM License Manager - ok
17:00:36.0383 4976 niSvcLoc - ok
17:00:36.0398 4976 NlaSvc - ok
17:00:36.0398 4976 NMIndexingService - ok
17:00:36.0414 4976 Npfs - ok
17:00:36.0414 4976 nsi - ok
17:00:36.0414 4976 nsiproxy - ok
17:00:36.0429 4976 Ntfs - ok
17:00:36.0429 4976 Null - ok
17:00:36.0429 4976 nvraid - ok
17:00:36.0445 4976 nvstor - ok
17:00:36.0445 4976 nv_agp - ok
17:00:36.0461 4976 ODDPwrSvc - ok
17:00:36.0461 4976 ohci1394 - ok
17:00:36.0461 4976 ose64 - ok
17:00:36.0476 4976 osppsvc - ok
17:00:36.0476 4976 p2pimsvc - ok
17:00:36.0476 4976 p2psvc - ok
17:00:36.0492 4976 Parport - ok
17:00:36.0492 4976 partmgr - ok
17:00:36.0507 4976 PcaSvc - ok
17:00:36.0507 4976 pccsmcfd - ok
17:00:36.0507 4976 pci - ok
17:00:36.0523 4976 pciide - ok
17:00:36.0523 4976 pcmcia - ok
17:00:36.0523 4976 pcw - ok
17:00:36.0539 4976 PEAUTH - ok
17:00:36.0539 4976 PeerDistSvc - ok
17:00:36.0554 4976 PerfHost - ok
17:00:36.0554 4976 pla - ok
17:00:36.0570 4976 PlugPlay - ok
17:00:36.0570 4976 PnkBstrA - ok
17:00:36.0570 4976 PNRPAutoReg - ok
17:00:36.0585 4976 PNRPsvc - ok
17:00:36.0585 4976 PolicyAgent - ok
17:00:36.0601 4976 Power - ok
17:00:36.0601 4976 PptpMiniport - ok
17:00:36.0601 4976 Processor - ok
17:00:36.0617 4976 ProfSvc - ok
17:00:36.0617 4976 ProtectedStorage - ok
17:00:36.0632 4976 Psched - ok
17:00:36.0632 4976 ql2300 - ok
17:00:36.0632 4976 ql40xx - ok
17:00:36.0648 4976 QWAVE - ok
17:00:36.0648 4976 QWAVEdrv - ok
17:00:36.0648 4976 RasAcd - ok
17:00:36.0663 4976 RasAgileVpn - ok
17:00:36.0663 4976 RasAuto - ok
17:00:36.0663 4976 Rasl2tp - ok
17:00:36.0679 4976 RasMan - ok
17:00:36.0679 4976 RasPppoe - ok
17:00:36.0679 4976 RasSstp - ok
17:00:36.0695 4976 rdbss - ok
17:00:36.0695 4976 rdpbus - ok
17:00:36.0695 4976 RDPCDD - ok
17:00:36.0710 4976 RDPDR - ok
17:00:36.0710 4976 RDPENCDD - ok
17:00:36.0726 4976 RDPREFMP - ok
17:00:36.0726 4976 RdpVideoMiniport - ok
17:00:36.0741 4976 RDPWD - ok
17:00:36.0741 4976 rdyboost - ok
17:00:36.0741 4976 RegSrvc - ok
17:00:36.0757 4976 RemoteAccess - ok
17:00:36.0757 4976 RemoteRegistry - ok
17:00:36.0773 4976 RFCOMM - ok
17:00:36.0773 4976 RMCAST - ok
17:00:36.0773 4976 RpcEptMapper - ok
17:00:36.0788 4976 RpcLocator - ok
17:00:36.0788 4976 RpcSs - ok
17:00:36.0788 4976 rspndr - ok
17:00:36.0804 4976 RTL2832UBDA - ok
17:00:36.0804 4976 RTL2832UUSB - ok
17:00:36.0804 4976 s3cap - ok
17:00:36.0819 4976 SamSs - ok
17:00:36.0819 4976 sbp2port - ok
17:00:36.0835 4976 SCardSvr - ok
17:00:36.0835 4976 scfilter - ok
17:00:36.0835 4976 Schedule - ok
17:00:36.0851 4976 SCPolicySvc - ok
17:00:36.0851 4976 SDRSVC - ok
17:00:36.0851 4976 secdrv - ok
17:00:36.0866 4976 seclogon - ok
17:00:36.0866 4976 SENS - ok
17:00:36.0866 4976 SensrSvc - ok
17:00:36.0882 4976 Sentinel - ok
17:00:36.0882 4976 Serenum - ok
17:00:36.0882 4976 Serial - ok
17:00:36.0897 4976 sermouse - ok
17:00:36.0897 4976 ServiceLayer - ok
17:00:36.0913 4976 SessionEnv - ok
17:00:36.0913 4976 sffdisk - ok
17:00:36.0929 4976 sffp_mmc - ok
17:00:36.0929 4976 sffp_sd - ok
17:00:36.0944 4976 sfloppy - ok
17:00:36.0944 4976 SharedAccess - ok
17:00:36.0960 4976 ShellHWDetection - ok
17:00:36.0960 4976 SiSRaid2 - ok
17:00:36.0960 4976 SiSRaid4 - ok
17:00:36.0975 4976 Smb - ok
17:00:36.0991 4976 SNMPTRAP - ok
17:00:36.0991 4976 Sntnlusb - ok
17:00:37.0007 4976 spldr - ok
17:00:37.0007 4976 Spooler - ok
17:00:37.0007 4976 sppsvc - ok
17:00:37.0022 4976 sppuinotify - ok
17:00:37.0022 4976 sptd - ok
17:00:37.0022 4976 srv - ok
17:00:37.0038 4976 srv2 - ok
17:00:37.0038 4976 srvnet - ok
17:00:37.0038 4976 SSDPSRV - ok
17:00:37.0053 4976 SstpSvc - ok
17:00:37.0053 4976 ssudmdm - ok
17:00:37.0053 4976 StarOpen - ok
17:00:37.0069 4976 Steam Client Service - ok
17:00:37.0069 4976 stexstor - ok
17:00:37.0085 4976 stisvc - ok
17:00:37.0085 4976 storflt - ok
17:00:37.0100 4976 storvsc - ok
17:00:37.0100 4976 swenum - ok
17:00:37.0100 4976 SwitchBoard - ok
17:00:37.0116 4976 swprv - ok
17:00:37.0116 4976 Synth3dVsc - ok
17:00:37.0116 4976 SynTP - ok
17:00:37.0131 4976 SysMain - ok
17:00:37.0131 4976 TabletInputService - ok
17:00:37.0147 4976 TapiSrv - ok
17:00:37.0147 4976 TBS - ok
17:00:37.0147 4976 Tcpip - ok
17:00:37.0163 4976 TCPIP6 - ok
17:00:37.0178 4976 tcpipreg - ok
17:00:37.0178 4976 TDPIPE - ok
17:00:37.0178 4976 TDTCP - ok
17:00:37.0194 4976 tdx - ok
17:00:37.0194 4976 TermDD - ok
17:00:37.0194 4976 TermService - ok
17:00:37.0209 4976 Themes - ok
17:00:37.0209 4976 THREADORDER - ok
17:00:37.0225 4976 TrkWks - ok
17:00:37.0225 4976 TrustedInstaller - ok
17:00:37.0241 4976 tssecsrv - ok
17:00:37.0241 4976 TsUsbFlt - ok
17:00:37.0241 4976 tsusbhub - ok
17:00:37.0256 4976 TuneUp.UtilitiesSvc - ok
17:00:37.0256 4976 TuneUpUtilitiesDrv - ok
17:00:37.0272 4976 tunnel - ok
17:00:37.0272 4976 uagp35 - ok
17:00:37.0272 4976 udfs - ok
17:00:37.0287 4976 UI0Detect - ok
17:00:37.0287 4976 uliagpkx - ok
17:00:37.0303 4976 umbus - ok
17:00:37.0303 4976 UmPass - ok
17:00:37.0319 4976 UmRdpService - ok
17:00:37.0319 4976 UNS - ok
17:00:37.0319 4976 upnphost - ok
17:00:37.0334 4976 USBAAPL64 - ok
17:00:37.0334 4976 usbccgp - ok
17:00:37.0334 4976 usbcir - ok
17:00:37.0350 4976 usbehci - ok
17:00:37.0350 4976 usbhub - ok
17:00:37.0365 4976 usbohci - ok
17:00:37.0365 4976 usbprint - ok
17:00:37.0365 4976 usbscan - ok
17:00:37.0381 4976 USBSTOR - ok
17:00:37.0381 4976 usbuhci - ok
17:00:37.0381 4976 usbvideo - ok
17:00:37.0397 4976 usb_rndisx - ok
17:00:37.0397 4976 UxSms - ok
17:00:37.0412 4976 VaultSvc - ok
17:00:37.0412 4976 vdrvroot - ok
17:00:37.0412 4976 vds - ok
17:00:37.0428 4976 vga - ok
17:00:37.0428 4976 VgaSave - ok
17:00:37.0428 4976 VGPU - ok
17:00:37.0443 4976 vhdmp - ok
17:00:37.0443 4976 viaide - ok
17:00:37.0443 4976 vmbus - ok
17:00:37.0459 4976 VMBusHID - ok
17:00:37.0459 4976 volmgr - ok
17:00:37.0475 4976 volmgrx - ok
17:00:37.0475 4976 volsnap - ok
17:00:37.0475 4976 vsmraid - ok
17:00:37.0490 4976 VSS - ok
17:00:37.0490 4976 vwifibus - ok
17:00:37.0506 4976 VWiFiFlt - ok
17:00:37.0506 4976 vwifimp - ok
17:00:37.0506 4976 W32Time - ok
17:00:37.0521 4976 WacomPen - ok
17:00:37.0521 4976 WANARP - ok
17:00:37.0537 4976 Wanarpv6 - ok
17:00:37.0537 4976 WatAdminSvc - ok
17:00:37.0537 4976 wbengine - ok
17:00:37.0553 4976 WbioSrvc - ok
17:00:37.0553 4976 wcncsvc - ok
17:00:37.0568 4976 WcsPlugInService - ok
17:00:37.0568 4976 Wd - ok
17:00:37.0584 4976 Wdf01000 - ok
17:00:37.0584 4976 WdiServiceHost - ok
17:00:37.0584 4976 WdiSystemHost - ok
17:00:37.0599 4976 WebClient - ok
17:00:37.0599 4976 Wecsvc - ok
17:00:37.0599 4976 wercplsupport - ok
17:00:37.0615 4976 WerSvc - ok
17:00:37.0615 4976 WfpLwf - ok
17:00:37.0631 4976 WIMMount - ok
17:00:37.0631 4976 WinDefend - ok
17:00:37.0646 4976 WinHttpAutoProxySvc - ok
17:00:37.0646 4976 Winmgmt - ok
17:00:37.0662 4976 WinRM - ok
17:00:37.0662 4976 WinUsb - ok
17:00:37.0677 4976 Wlansvc - ok
17:00:37.0677 4976 wlidsvc - ok
17:00:37.0677 4976 WmiAcpi - ok
17:00:37.0693 4976 wmiApSrv - ok
17:00:37.0693 4976 WMPNetworkSvc - ok
17:00:37.0709 4976 WPCSvc - ok
17:00:37.0709 4976 WPDBusEnum - ok
17:00:37.0724 4976 ws2ifsl - ok
17:00:37.0724 4976 wscsvc - ok
17:00:37.0724 4976 WSearch - ok
17:00:37.0740 4976 wuauserv - ok
17:00:37.0740 4976 WudfPf - ok
17:00:37.0755 4976 WUDFRd - ok
17:00:37.0755 4976 wudfsvc - ok
17:00:37.0755 4976 WwanSvc - ok
17:00:37.0833 4976 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:00:37.0849 4976 \Device\Harddisk0\DR0 - ok
17:00:38.0535 4976 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
17:00:38.0582 4976 \Device\Harddisk1\DR1 - ok
17:00:38.0598 4976 Boot (0x1200) (38a0fb04c19701e5e3767a2c4bb50b84) \Device\Harddisk1\DR1\Partition0
17:00:38.0598 4976 \Device\Harddisk1\DR1\Partition0 - ok
17:00:38.0598 4976 ============================================================
17:00:38.0598 4976 Scan finished
17:00:38.0598 4976 ============================================================
17:00:38.0613 4224 Detected object count: 0
17:00:38.0613 4224 Actual detected object count: 0
17:00:40.0345 2976 Deinitialize success

asw

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-24 17:02:48
-----------------------------
17:02:48.140 OS Version: Windows x64 6.1.7601 Service Pack 1
17:02:48.140 Number of processors: 4 586 0x2505
17:02:48.155 ComputerName: KUBA-PC UserName: Kuba
17:02:49.622 Initialize success
17:03:17.776 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:03:17.776 Disk 0 Vendor: TOSHIBA_ GN00 Size: 715404MB BusType: 3
17:03:17.791 Disk 0 MBR read successfully
17:03:17.791 Disk 0 MBR scan
17:03:17.807 Disk 0 Windows 7 default MBR code
17:03:17.807 Disk 0 Partition 1 00 42 SFS 0 MB offset 63
17:03:17.823 Disk 0 Partition 2 00 27 Hidden NTFS WinRE NTFS 14000 MB offset 2048
17:03:17.838 Disk 0 Partition 3 80 (A) 42 SFS NTFS 100 MB offset 28674048
17:03:17.854 Disk 0 Partition 4 00 42 SFS NTFS 101301 MB offset 28878848
17:03:17.869 Disk 0 scanning C:\Windows\system32\drivers
17:03:17.869 Service scanning
17:03:44.818 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
17:03:51.838 Modules scanning
17:03:51.838 Disk 0 trace - called modules:
17:03:51.916 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys spze.sys hal.dll
17:03:51.932 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003409060]
17:03:51.932 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80031b5050]
17:03:51.947 Scan finished successfully
17:04:17.937 Disk 0 MBR has been saved successfully to "C:\Users\Kuba\Desktop\MBR.dat"
17:04:17.937 The log file has been saved successfully to "C:\Users\Kuba\Desktop\aswMBR.txt"

jinak toto mi nic neříka :
//TCP: Interfaces\{813565E6-4680-4A00-80A2-BDDA8BC2BE48}\75966696: NameServer = 77.98.40.10,77.95.42.102

a zkontrolované soubory jsem nemohl protože by to pokaždé vyhodilo chybu, zkoušeno na jiném pc
zkusím to jeste vecer

jinak děkuji za ochotu :)

Příspěvekod **jaro3** » 24 dub 2012 18:12

Nebo si je zkopíruj jinam ( na plochu)..

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj antivir a antispyware ,následně T-Cleaner smaž a zapni si znovu antivir a antispyware.

Jak to vypadá nyní? Flash , problémy.

BiScHop · Příspěvekod **BiScHop** » 24 dub 2012 20:32

Počítaš se mi ted zda svižnější, ale fleška se ani nenačte...říkám pouze že nebyla rozpoznana a to s ním můsím trochu viklat....asi bude po ní :-(

zkusim to s tou reklamací

ale děkuji za ochotu a rady :smile:

Příspěvekod **jaro3** » 24 dub 2012 20:40

Tak bude něco s konektorem USB , asi na ní..

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

Flashdisk nenaběhne - vir?? Vyřešeno

Flashdisk nenaběhne - vir??

Re: Flashdisk nenaběhne - vir??

Re: Flashdisk nenaběhne - vir??

Re: Flashdisk nenaběhne - vir??

Re: Flashdisk nenaběhne - vir??

Re: Flashdisk nenaběhne - vir??

Re: Flashdisk nenaběhne - vir??

Re: Flashdisk nenaběhne - vir??

Re: Flashdisk nenaběhne - vir??

Re: Flashdisk nenaběhne - vir??

Re: Flashdisk nenaběhne - vir?? Vyřešeno

Kdo je online