Preventivní kontrola logu Vyřešeno

[Renee]

Zdravíčko,

nejde snad o nic vážného, mám jen jeden malý problém a jednu malou starost:

Starost spočívá v tom, že jsem si ze svého starého stolního PC s bůhvíjak dlouho neaktualizovaným firewallem nebo antivirem udělal minecraft server na kterém jsem chvíli hrál, při tom hraní na mě docela často skákaly od Avastu hlášky o možném trojanovi, můj selský rozum mi řekl že na mě útočí můj stolní PC, který v mých představách od té chvíle havětí přetéká. Hrál jsem takto jen jednou, asi hodinku, od té doby je stolní PC zas vypnutý. Na notebooku nepozoruji žádné problémy, ale jistota je jistota.

Problém spočívá v tom, že jsem si za mých mladých let upirátil Oblivion, poté ho z nějakého důvodu smazal (shift+delete, ne uninstall) a teď se ty zbytky nedají odstranit. Když vložím nějaký image a dám uninstall, píše securom že mám vložit originál CD. Pročistil jsem registry a všechno CCleanerem, nezabírá.

Posílám log se žádostí o kontrolu. Mockrát děkuji.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:22:11, on 28.5.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\QIP\qip.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\AIMP2\AIMP2.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\HJT\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={0601E1E3-5B52-4991-BA47-351DF10F6227}&mid=854798549efa47d0b3d2a113f06cf7d4-f5c845c6db490679ca6eab25fb85908206edd5fe&lang=cs&ds=st011&pr=sa&d=2012-05-28 19:05:40&v=11.1.0.7&sap=hp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKCU\..\Run: [QIP2005] C:\Program Files (x86)\QIP\qip.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\Renee\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Renee\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater11.1.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11017 bytes

[Reklama]

[Žbeky]

Odinstaluj věci od AVG a nech jen Avast


Fixni:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={0601E1E3-5B52-4991-BA47-351DF10F6227}&mid=854798549efa47d0b3d2a113f06cf7d4-f5c845c6db490679ca6eab25fb85908206edd5fe&lang=cs&ds=st011&pr=sa&d=2012-05-28 19:05:40&v=11.1.0.7&sap=hp
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Renee\AppData\Local\Google\Update\GoogleUpdate.exe" /c

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.

[Renee]

Wow, nechci radši ani vědět kde jsem přišel k něčemu od AVG... Nicméně to byl "jen" nějáký toolbar (!), je fuč. S jeho odinstalací zmizely i všechny AVG-related odrážky v HJT.

Log z MBAM:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Verze databáze: v2012.05.28.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Renee :: RENEE-JE-BUH [administrátor]

28.5.2012 22:29:09
mbam-log-2012-05-28 (22-35-03).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 208200
Uplynulý čas: 4 minut, 23 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 118
C:\Users\Public\trz104B.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trz1478.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trz162A.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trz2249.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trz225C.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trz2392.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trz27F9.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trz28C0.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trz2A9.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trz2B55.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trz334.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trz335B.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trz366.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trz36A7.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trz40E1.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trz4143.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trz44EC.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trz46CC.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trz46EB.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trz48ED.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trz49AE.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trz562A.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trz5DCB.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trz5F89.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trz6029.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trz61DF.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trz65E1.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trz667C.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trz6AF.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trz70D0.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trz7256.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trz756E.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trz841B.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trz843A.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trz8F97.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trz9463.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trz9D9.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trz9DD9.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trzA217.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trzA5A3.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trzAE9D.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trzB2CD.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trzB588.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trzB726.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trzBA9D.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trzC370.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trzCC89.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trzCDC1.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trzD3F9.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trzD531.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trzDB6.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trzDFE6.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trzE01A.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trzE358.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trzE539.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trzF2EB.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trzF32E.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\trzF6D9.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trz15D1.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trz17EE.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trz1DE.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trz1F9A.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trz29CF.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trz2B7A.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trz2CFA.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trz2D08.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trz2D24.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trz3463.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trz3809.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trz3DBD.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trz4004.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trz406B.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trz47D4.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trz4C58.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trz4CB2.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trz538F.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trz5588.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trz5B46.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trz5DEB.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trz66E1.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trz693A.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trz6AAE.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trz6C53.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trz6CA5.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trz6EE6.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trz71BA.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trz7426.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trz7A62.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trz7E8F.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trz815B.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trz851B.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trz871A.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trz9422.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trz9533.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trz985E.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trz9A1E.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trzA070.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trzA57.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trzA866.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trzAC2D.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trzAD13.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trzB2DA.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trzBB99.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trzBBF6.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trzC101.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trzC783.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trzCF58.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trzCF86.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trzD4C7.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trzD6E.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trzE2CA.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trzE336.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trzE5AB.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trzE887.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trzF715.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trzF890.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trzFC27.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.
C:\Users\Public\Downloads\trzFD7.tmp (Worm.AutoRun) -> Žádná instrukce nebyla provedena.

(konec)

[Žbeky]

Znovu spusť MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

[Renee]

Teď doufám že jsem nic nepokazil, blbec jsem vypnul při kontrole ComboFixem štíty jen na 10 minut, pak se zas nahodily když začal mazat a Avast i něco bloknul, hned jsem zase štíty shodil. Po restartu jsem to spustil znovu, tentokrát projel rychle a ani nic nemazal.
MBAM mi po skenu hodí hlášku že nenalezl žádný malware a nedá mi možnost zobrazit log, poslední z logů v jeho složce (7 minut starý) následuje:
MBAM:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Verze databáze: v2012.05.28.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Renee :: RENEE-JE-BUH [administrátor]

28.5.2012 23:52:23
mbam-log-2012-05-28 (23-52-23).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 211208
Uplynulý čas: 4 minut, 29 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)


ComboFix:

ComboFix 12-05-28.05 - Renee 28.05.2012 23:40:35.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3958.2563 [GMT 2:00]
Spuštěný z: c:\users\Renee\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-04-28 do 2012-05-28 )))))))))))))))))))))))))))))))
.
.
2012-05-28 21:46 . 2012-05-28 21:46 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-28 21:46 . 2012-05-28 21:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-28 20:57 . 2012-05-28 20:57 -------- d-----w- c:\users\Renee\AppData\Local\ATI
2012-05-28 20:28 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-28 19:04 . 2012-05-28 19:04 -------- d-----w- c:\program files (x86)\Bethesda Softworks
2012-05-28 17:05 . 2012-05-28 17:05 -------- d--h--w- c:\programdata\Common Files
2012-05-28 17:05 . 2012-05-28 17:05 -------- d-----w- c:\program files (x86)\PowerISO
2012-05-28 17:05 . 2012-02-09 06:06 125376 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-05-26 10:18 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{78F473AA-222B-48B4-B70E-BD99BF9FB98B}\mpengine.dll
2012-05-25 18:54 . 2012-05-25 18:54 -------- d-----w- c:\users\Renee\AppData\Roaming\LolClient2
2012-05-20 13:55 . 2012-05-20 13:55 -------- d-----w- c:\programdata\Sony
2012-05-20 13:55 . 2012-05-20 13:55 -------- d-----w- c:\program files (x86)\Sony
2012-05-17 18:04 . 2012-05-17 18:04 -------- d-----w- c:\program files (x86)\SEGA
2012-05-11 14:21 . 2012-05-28 19:53 -------- d-----w- C:\Games
2012-05-11 14:15 . 2012-05-28 19:53 -------- d-----w- c:\program files\Nexus Mod Manager
2012-05-10 09:26 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 09:26 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 09:26 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 09:26 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 09:26 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 09:26 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 09:25 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 09:24 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 09:24 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 09:24 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 09:24 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 09:24 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 09:24 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 17:19 . 2012-05-22 08:08 -------- d-----w- c:\users\Renee\AppData\Roaming\Hamachi
2012-05-09 17:18 . 2012-05-09 17:18 33344 ----a-w- c:\windows\system32\drivers\hamachi.sys
2012-05-09 17:18 . 2012-05-09 17:19 -------- d-----w- c:\program files (x86)\Hamachi
2012-05-09 16:52 . 2012-05-09 16:53 -------- d-----w- c:\users\Renee\AppData\Roaming\.minecraft
2012-05-08 09:28 . 2012-05-08 09:28 -------- d-----w- c:\program files (x86)\AMD APP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 13:20 . 2012-04-19 07:54 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 13:20 . 2011-09-12 16:50 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 13:20 . 2012-04-19 08:20 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-02 15:53 . 2010-06-22 12:40 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-02 15:53 . 2010-06-18 18:42 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-24 21:03 . 2010-06-18 18:42 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-04-05 20:34 . 2012-04-05 20:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-05 20:34 . 2012-04-05 20:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-05 20:34 . 2012-04-05 20:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-05 20:33 . 2012-04-05 20:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-05 20:33 . 2012-04-05 20:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-05 20:33 . 2012-04-05 20:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-05 20:32 . 2012-04-05 20:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-03-07 14:21 . 2012-03-07 14:21 4612 ----a-w- C:\STF1FC0.tmp
2012-03-07 00:15 . 2011-03-01 12:44 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2011-03-01 12:44 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-07 00:15 . 2011-03-01 12:45 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:04 . 2011-03-01 12:45 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:04 . 2011-03-01 12:45 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2012-02-24 12:19 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-07 00:01 . 2011-03-01 12:45 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2011-03-01 12:45 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-07 00:01 . 2011-03-01 12:45 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 12:10 . 2011-01-10 13:11 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-01 06:46 . 2012-04-12 20:51 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-12 20:51 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-12 20:51 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-12 20:51 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-12 20:51 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-12 20:51 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 20:51 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-28_21.28.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-05-28 21:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-28 21:47 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-28 21:47 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-28 21:28 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-28 21:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-28 21:47 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-18 09:18 . 2012-05-28 21:47 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-18 09:18 . 2012-05-28 21:28 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-18 09:18 . 2012-05-28 21:47 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-06-18 09:18 . 2012-05-28 21:28 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-28 21:28 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-28 21:47 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-18 09:33 . 2012-05-28 21:48 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-18 09:33 . 2012-05-28 21:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-18 09:33 . 2012-05-28 21:48 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-06-18 09:33 . 2012-05-28 21:29 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-06-18 09:33 . 2012-05-28 21:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-18 09:33 . 2012-05-28 21:48 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-06-30 12:11 . 2012-05-28 21:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-30 12:11 . 2012-05-28 21:48 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-30 12:11 . 2012-05-28 21:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-30 12:11 . 2012-05-28 21:48 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-05-28 21:47 . 2012-05-28 21:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-28 21:28 . 2012-05-28 21:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-28 21:28 . 2012-05-28 21:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-28 21:47 . 2012-05-28 21:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-05-28 21:27 440508 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-28 21:46 440508 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-08-05 01:30 . 2012-05-28 21:27 10065800 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2981530016-580221720-1048424455-1000-12288.dat
+ 2010-08-05 01:30 . 2012-05-28 21:46 10065800 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2981530016-580221720-1048424455-1000-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QIP2005"="c:\program files (x86)\QIP\qip.exe" [2008-12-09 3259392]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-09-12 3077528]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-11-11 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-03 343168]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-09 116648]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 ALSysIO;ALSysIO;c:\users\Renee\AppData\Local\Temp\ALSysIO64.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\Drift City\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-09 116648]
R3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\Drivers\IT9135BDA.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-22 225280]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-05 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-11-10 824688]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-01-13 129440]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-27 252784]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-09-28 251760]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-05-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 13:20]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-09 20:09]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-09 20:09]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2981530016-580221720-1048424455-1000Core.job
- c:\users\Renee\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-18 10:14]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2981530016-580221720-1048424455-1000UA.job
- c:\users\Renee\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-18 10:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Renee\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
TCP: Interfaces\{D53D5CA2-2542-4177-8B4F-603AD49EE52A}: DhcpNameServer = 213.46.172.36 213.46.172.37
TCP: Interfaces\{D53D5CA2-2542-4177-8B4F-603AD49EE52A}\058696C69607370275966496: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\Renee\AppData\Roaming\Mozilla\Firefox\Profiles\hfvzcg6f.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
.
.
------- Asociace souborů -------
.
JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2981530016-580221720-1048424455-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2981530016-580221720-1048424455-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2981530016-580221720-1048424455-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:42,77,4b,e5,1b,4f,b6,00,23,fc,f2,ab,f9,08,21,49,55,3f,4b,77,18,81,d4,
26,ab,0d,08,f1,d7,bf,68,aa,50,56,80,ea,1f,81,a0,0d,e0,4a,7b,a7,32,68,92,93,\
"??"=hex:d3,06,4a,d4,65,98,fb,cc,9c,d4,e4,7e,82,6c,7b,d4
.
[HKEY_USERS\S-1-5-21-2981530016-580221720-1048424455-1000\Software\SecuROM\License information*]
"datasecu"=hex:14,1b,8d,6d,a0,e1,18,9c,54,1a,89,e9,69,7c,61,95,fa,a6,d4,27,00,
13,bf,4d,63,08,6e,4e,f6,81,24,18,c6,1c,46,ba,63,12,db,3c,ae,ea,21,7d,10,93,\
"rkeysecu"=hex:e8,11,78,cd,9f,69,3d,5b,a0,a7,00,dd,fd,25,03,99
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
c:\windows\SysWOW64\rundll32.exe
c:\users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe
c:\users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Celkový čas: 2012-05-28 23:54:44 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-05-28 21:54
ComboFix2.txt 2012-05-28 21:35
.
Před spuštěním: Volných bajtů: 59 530 911 744
Po spuštění: Volných bajtů: 59 206 430 720
.
- - End Of File - - DB7B9BCA02DD22A1ED6F02F99091CCDE

[Renee]

TDSSKiller:

22:53:30.0669 0124 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
22:53:30.0851 0124 ============================================================
22:53:30.0851 0124 Current date / time: 2012/05/28 22:53:30.0851
22:53:30.0851 0124 SystemInfo:
22:53:30.0851 0124
22:53:30.0851 0124 OS Version: 6.1.7601 ServicePack: 1.0
22:53:30.0851 0124 Product type: Workstation
22:53:30.0851 0124 ComputerName: RENEE-JE-BUH
22:53:30.0852 0124 UserName: Renee
22:53:30.0852 0124 Windows directory: C:\Windows
22:53:30.0852 0124 System windows directory: C:\Windows
22:53:30.0852 0124 Running under WOW64
22:53:30.0852 0124 Processor architecture: Intel x64
22:53:30.0852 0124 Number of processors: 4
22:53:30.0852 0124 Page size: 0x1000
22:53:30.0852 0124 Boot type: Normal boot
22:53:30.0852 0124 ============================================================
22:53:31.0479 0124 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:53:31.0484 0124 ============================================================
22:53:31.0484 0124 \Device\Harddisk0\DR0:
22:53:31.0484 0124 MBR partitions:
22:53:31.0484 0124 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x1D1C3000
22:53:31.0484 0124 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D28B800, BlocksNum 0x1D0FA800
22:53:31.0484 0124 ============================================================
22:53:31.0515 0124 C: <-> \Device\Harddisk0\DR0\Partition0
22:53:31.0566 0124 D: <-> \Device\Harddisk0\DR0\Partition1
22:53:31.0566 0124 ============================================================
22:53:31.0566 0124 Initialize success
22:53:31.0566 0124 ============================================================
22:53:33.0778 1980 ============================================================
22:53:33.0778 1980 Scan started
22:53:33.0778 1980 Mode: Manual;
22:53:33.0778 1980 ============================================================
22:53:34.0424 1980 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:53:34.0427 1980 1394ohci - ok
22:53:34.0517 1980 acedrv05 (056faaff049ca7237194065423307189) C:\Windows\system32\drivers\acedrv05.sys
22:53:34.0520 1980 acedrv05 - ok
22:53:34.0644 1980 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:53:34.0649 1980 ACPI - ok
22:53:34.0716 1980 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:53:34.0718 1980 AcpiPmi - ok
22:53:35.0049 1980 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:53:35.0052 1980 AdobeFlashPlayerUpdateSvc - ok
22:53:35.0136 1980 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:53:35.0145 1980 adp94xx - ok
22:53:35.0206 1980 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:53:35.0212 1980 adpahci - ok
22:53:35.0254 1980 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:53:35.0258 1980 adpu320 - ok
22:53:35.0295 1980 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:53:35.0297 1980 AeLookupSvc - ok
22:53:35.0534 1980 Afc (6ccd1135320109d6b219f1a6e04ad9f6) C:\Windows\syswow64\drivers\Afc.sys
22:53:35.0535 1980 Afc - ok
22:53:35.0663 1980 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
22:53:35.0688 1980 AFD - ok
22:53:35.0747 1980 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:53:35.0749 1980 agp440 - ok
22:53:35.0795 1980 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:53:35.0797 1980 ALG - ok
22:53:35.0843 1980 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:53:35.0845 1980 aliide - ok
22:53:36.0001 1980 ALSysIO - ok
22:53:36.0063 1980 AMD External Events Utility (27c35485fc4458fbe95032a68cd316e2) C:\Windows\system32\atiesrxx.exe
22:53:36.0066 1980 AMD External Events Utility - ok
22:53:36.0101 1980 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:53:36.0102 1980 amdide - ok
22:53:36.0139 1980 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:53:36.0142 1980 AmdK8 - ok
22:53:37.0279 1980 amdkmdag (78546921d348e9f917e00b9ed8279c3c) C:\Windows\system32\DRIVERS\atikmdag.sys
22:53:37.0499 1980 amdkmdag - ok
22:53:37.0696 1980 amdkmdap (619c03c378be737b779e2cd9ecb9c778) C:\Windows\system32\DRIVERS\atikmpag.sys
22:53:37.0702 1980 amdkmdap - ok
22:53:37.0740 1980 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:53:37.0751 1980 AmdPPM - ok
22:53:37.0789 1980 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:53:37.0792 1980 amdsata - ok
22:53:37.0831 1980 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:53:37.0834 1980 amdsbs - ok
22:53:37.0869 1980 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:53:37.0871 1980 amdxata - ok
22:53:37.0926 1980 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:53:37.0928 1980 AppID - ok
22:53:37.0959 1980 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:53:37.0961 1980 AppIDSvc - ok
22:53:38.0031 1980 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
22:53:38.0033 1980 Appinfo - ok
22:53:38.0098 1980 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:53:38.0101 1980 arc - ok
22:53:38.0109 1980 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:53:38.0112 1980 arcsas - ok
22:53:38.0206 1980 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:53:38.0207 1980 aspnet_state - ok
22:53:38.0267 1980 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
22:53:38.0269 1980 aswFsBlk - ok
22:53:38.0353 1980 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
22:53:38.0356 1980 aswMonFlt - ok
22:53:38.0407 1980 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
22:53:38.0409 1980 aswRdr - ok
22:53:38.0495 1980 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
22:53:38.0506 1980 aswSnx - ok
22:53:38.0550 1980 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
22:53:38.0554 1980 aswSP - ok
22:53:38.0621 1980 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
22:53:38.0623 1980 aswTdi - ok
22:53:38.0665 1980 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:53:38.0667 1980 AsyncMac - ok
22:53:38.0728 1980 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:53:38.0730 1980 atapi - ok
22:53:39.0353 1980 atikmdag (78546921d348e9f917e00b9ed8279c3c) C:\Windows\system32\DRIVERS\atikmdag.sys
22:53:39.0402 1980 atikmdag - ok
22:53:39.0578 1980 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
22:53:39.0582 1980 atksgt - ok
22:53:39.0730 1980 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:53:39.0741 1980 AudioEndpointBuilder - ok
22:53:39.0751 1980 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:53:39.0758 1980 AudioSrv - ok
22:53:39.0849 1980 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
22:53:39.0851 1980 avast! Antivirus - ok
22:53:39.0913 1980 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
22:53:39.0916 1980 AxInstSV - ok
22:53:39.0972 1980 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:53:39.0979 1980 b06bdrv - ok
22:53:40.0022 1980 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:53:40.0031 1980 b57nd60a - ok
22:53:40.0093 1980 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:53:40.0096 1980 BDESVC - ok
22:53:40.0120 1980 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:53:40.0121 1980 Beep - ok
22:53:40.0228 1980 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
22:53:40.0238 1980 BFE - ok
22:53:40.0299 1980 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
22:53:40.0349 1980 BITS - ok
22:53:40.0411 1980 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:53:40.0413 1980 blbdrive - ok
22:53:40.0467 1980 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:53:40.0470 1980 bowser - ok
22:53:40.0494 1980 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:53:40.0496 1980 BrFiltLo - ok
22:53:40.0507 1980 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:53:40.0509 1980 BrFiltUp - ok
22:53:40.0535 1980 Bridge (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
22:53:40.0538 1980 Bridge - ok
22:53:40.0551 1980 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
22:53:40.0553 1980 BridgeMP - ok
22:53:40.0609 1980 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
22:53:40.0612 1980 Browser - ok
22:53:40.0660 1980 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:53:40.0665 1980 Brserid - ok
22:53:40.0688 1980 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:53:40.0690 1980 BrSerWdm - ok
22:53:40.0697 1980 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:53:40.0699 1980 BrUsbMdm - ok
22:53:40.0704 1980 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:53:40.0706 1980 BrUsbSer - ok
22:53:40.0713 1980 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:53:40.0715 1980 BTHMODEM - ok
22:53:40.0752 1980 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:53:40.0754 1980 bthserv - ok
22:53:40.0788 1980 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:53:40.0790 1980 cdfs - ok
22:53:40.0851 1980 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
22:53:40.0854 1980 cdrom - ok
22:53:40.0913 1980 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:53:40.0916 1980 CertPropSvc - ok
22:53:41.0063 1980 cfWiMAXService (adbdc69a0c25361870a1ac009d29f960) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
22:53:41.0066 1980 cfWiMAXService - ok
22:53:41.0108 1980 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:53:41.0111 1980 circlass - ok
22:53:41.0200 1980 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:53:41.0207 1980 CLFS - ok
22:53:41.0292 1980 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:53:41.0294 1980 clr_optimization_v2.0.50727_32 - ok
22:53:41.0352 1980 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:53:41.0354 1980 clr_optimization_v2.0.50727_64 - ok
22:53:41.0457 1980 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:53:41.0459 1980 clr_optimization_v4.0.30319_32 - ok
22:53:41.0555 1980 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:53:41.0557 1980 clr_optimization_v4.0.30319_64 - ok
22:53:41.0598 1980 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:53:41.0600 1980 CmBatt - ok
22:53:41.0632 1980 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:53:41.0634 1980 cmdide - ok
22:53:41.0727 1980 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
22:53:41.0734 1980 CNG - ok
22:53:41.0765 1980 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:53:41.0768 1980 Compbatt - ok
22:53:41.0809 1980 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:53:41.0811 1980 CompositeBus - ok
22:53:41.0833 1980 COMSysApp - ok
22:53:41.0947 1980 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
22:53:41.0949 1980 ConfigFree Service - ok
22:53:41.0992 1980 cpuz135 - ok
22:53:42.0024 1980 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:53:42.0027 1980 crcdisk - ok
22:53:42.0095 1980 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
22:53:42.0098 1980 CryptSvc - ok
22:53:42.0180 1980 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:53:42.0191 1980 DcomLaunch - ok
22:53:42.0239 1980 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:53:42.0245 1980 defragsvc - ok
22:53:42.0301 1980 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:53:42.0304 1980 DfsC - ok
22:53:42.0371 1980 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
22:53:42.0377 1980 Dhcp - ok
22:53:42.0425 1980 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:53:42.0427 1980 discache - ok
22:53:42.0466 1980 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:53:42.0474 1980 Disk - ok
22:53:42.0524 1980 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
22:53:42.0528 1980 Dnscache - ok
22:53:42.0569 1980 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
22:53:42.0574 1980 dot3svc - ok
22:53:42.0618 1980 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
22:53:42.0622 1980 DPS - ok
22:53:42.0658 1980 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:53:42.0660 1980 drmkaud - ok
22:53:42.0779 1980 dump_wmimmc - ok
22:53:42.0869 1980 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:53:42.0882 1980 DXGKrnl - ok
22:53:42.0925 1980 EagleX64 - ok
22:53:42.0940 1980 eamonm - ok
22:53:42.0975 1980 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:53:42.0979 1980 EapHost - ok
22:53:43.0193 1980 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:53:43.0293 1980 ebdrv - ok
22:53:43.0420 1980 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
22:53:43.0424 1980 EFS - ok
22:53:43.0524 1980 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:53:43.0531 1980 ehRecvr - ok
22:53:43.0585 1980 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:53:43.0587 1980 ehSched - ok
22:53:43.0677 1980 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:53:43.0685 1980 elxstor - ok
22:53:43.0720 1980 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:53:43.0721 1980 ErrDev - ok
22:53:43.0779 1980 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:53:43.0786 1980 EventSystem - ok
22:53:43.0831 1980 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:53:43.0835 1980 exfat - ok
22:53:43.0860 1980 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:53:43.0864 1980 fastfat - ok
22:53:43.0952 1980 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:53:43.0962 1980 Fax - ok
22:53:43.0976 1980 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:53:43.0978 1980 fdc - ok
22:53:44.0010 1980 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:53:44.0013 1980 fdPHost - ok
22:53:44.0027 1980 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:53:44.0030 1980 FDResPub - ok
22:53:44.0060 1980 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:53:44.0062 1980 FileInfo - ok
22:53:44.0079 1980 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:53:44.0081 1980 Filetrace - ok
22:53:44.0102 1980 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:53:44.0104 1980 flpydisk - ok
22:53:44.0157 1980 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:53:44.0162 1980 FltMgr - ok
22:53:44.0256 1980 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
22:53:44.0273 1980 FontCache - ok
22:53:44.0369 1980 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:53:44.0371 1980 FontCache3.0.0.0 - ok
22:53:44.0398 1980 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:53:44.0400 1980 FsDepends - ok
22:53:44.0446 1980 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
22:53:44.0448 1980 Fs_Rec - ok
22:53:44.0569 1980 Futuremark SystemInfo Service (e231333acee7c9713ace10a7e0be89d2) C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
22:53:44.0571 1980 Futuremark SystemInfo Service - ok
22:53:44.0634 1980 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:53:44.0638 1980 fvevol - ok
22:53:44.0676 1980 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:53:44.0678 1980 gagp30kx - ok
22:53:44.0725 1980 ggflt (a4198f2bd8aa592cb90476277a81b5e1) C:\Windows\system32\DRIVERS\ggflt.sys
22:53:44.0727 1980 ggflt - ok
22:53:44.0751 1980 ggsemc (d266350bdaab9eb6c1aec370eeaaff3a) C:\Windows\system32\DRIVERS\ggsemc.sys
22:53:44.0753 1980 ggsemc - ok
22:53:44.0849 1980 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
22:53:44.0861 1980 gpsvc - ok
22:53:44.0937 1980 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:53:44.0939 1980 gupdate - ok
22:53:44.0956 1980 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:53:44.0957 1980 gupdatem - ok
22:53:44.0999 1980 hamachi (f8f0851d336c3b88dbd7232b6348e09a) C:\Windows\system32\DRIVERS\hamachi.sys
22:53:45.0001 1980 hamachi - ok
22:53:45.0039 1980 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:53:45.0041 1980 hcw85cir - ok
22:53:45.0108 1980 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:53:45.0114 1980 HdAudAddService - ok
22:53:45.0139 1980 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:53:45.0142 1980 HDAudBus - ok
22:53:45.0184 1980 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
22:53:45.0187 1980 HECIx64 - ok
22:53:45.0210 1980 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:53:45.0212 1980 HidBatt - ok
22:53:45.0220 1980 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:53:45.0223 1980 HidBth - ok
22:53:45.0229 1980 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:53:45.0231 1980 HidIr - ok
22:53:45.0261 1980 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
22:53:45.0263 1980 hidserv - ok
22:53:45.0317 1980 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:53:45.0319 1980 HidUsb - ok
22:53:45.0374 1980 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:53:45.0378 1980 hkmsvc - ok
22:53:45.0440 1980 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:53:45.0447 1980 HomeGroupListener - ok
22:53:45.0495 1980 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:53:45.0501 1980 HomeGroupProvider - ok
22:53:45.0554 1980 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:53:45.0557 1980 HpSAMD - ok
22:53:45.0638 1980 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:53:45.0648 1980 HTTP - ok
22:53:45.0676 1980 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:53:45.0678 1980 hwpolicy - ok
22:53:45.0716 1980 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:53:45.0718 1980 i8042prt - ok
22:53:45.0771 1980 iaStor (85977cd13fc16069ce0af7943a811775) C:\Windows\system32\DRIVERS\iaStor.sys
22:53:45.0775 1980 iaStor - ok
22:53:45.0836 1980 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:53:45.0842 1980 iaStorV - ok
22:53:45.0967 1980 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
22:53:45.0969 1980 IDriverT - ok
22:53:46.0086 1980 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:53:46.0094 1980 idsvc - ok
22:53:46.0195 1980 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:53:46.0197 1980 iirsp - ok
22:53:46.0279 1980 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
22:53:46.0291 1980 IKEEXT - ok
22:53:46.0356 1980 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
22:53:46.0359 1980 Impcd - ok
22:53:46.0531 1980 IntcAzAudAddService (59b0bba422f04467e8c89b7ce6ae95e1) C:\Windows\system32\drivers\RTKVHD64.sys
22:53:46.0559 1980 IntcAzAudAddService - ok
22:53:46.0695 1980 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:53:46.0697 1980 intelide - ok
22:53:46.0735 1980 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:53:46.0738 1980 intelppm - ok
22:53:46.0782 1980 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:53:46.0786 1980 IPBusEnum - ok
22:53:46.0844 1980 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:53:46.0847 1980 IpFilterDriver - ok
22:53:46.0902 1980 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
22:53:46.0912 1980 iphlpsvc - ok
22:53:46.0944 1980 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:53:46.0947 1980 IPMIDRV - ok
22:53:46.0984 1980 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:53:46.0987 1980 IPNAT - ok
22:53:47.0016 1980 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:53:47.0031 1980 IRENUM - ok
22:53:47.0072 1980 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:53:47.0074 1980 isapnp - ok
22:53:47.0106 1980 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:53:47.0111 1980 iScsiPrt - ok
22:53:47.0154 1980 IT9135BDA (0c6635413077e415ca31ad2f4e648fc1) C:\Windows\system32\Drivers\IT9135BDA.sys
22:53:47.0157 1980 IT9135BDA - ok
22:53:47.0204 1980 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
22:53:47.0206 1980 kbdclass - ok
22:53:47.0242 1980 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
22:53:47.0244 1980 kbdhid - ok
22:53:47.0286 1980 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:53:47.0290 1980 KeyIso - ok
22:53:47.0309 1980 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
22:53:47.0312 1980 KSecDD - ok
22:53:47.0331 1980 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
22:53:47.0346 1980 KSecPkg - ok
22:53:47.0388 1980 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:53:47.0390 1980 ksthunk - ok
22:53:47.0439 1980 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:53:47.0447 1980 KtmRm - ok
22:53:47.0498 1980 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
22:53:47.0505 1980 LanmanServer - ok
22:53:47.0555 1980 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:53:47.0563 1980 LanmanWorkstation - ok
22:53:47.0624 1980 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
22:53:47.0627 1980 lirsgt - ok
22:53:47.0663 1980 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:53:47.0665 1980 lltdio - ok
22:53:47.0784 1980 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:53:47.0804 1980 lltdsvc - ok
22:53:47.0839 1980 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:53:47.0842 1980 lmhosts - ok
22:53:48.0036 1980 LMS (a1c148801b4af64847aeb9f3ad9594ef) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:53:48.0040 1980 LMS - ok
22:53:48.0109 1980 LPCFilter (41e122f6d1448c94cc05196bc41d6bfb) C:\Windows\system32\DRIVERS\LPCFilter.sys
22:53:48.0111 1980 LPCFilter - ok
22:53:48.0163 1980 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:53:48.0166 1980 LSI_FC - ok
22:53:48.0195 1980 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:53:48.0197 1980 LSI_SAS - ok
22:53:48.0257 1980 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:53:48.0260 1980 LSI_SAS2 - ok
22:53:48.0289 1980 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:53:48.0292 1980 LSI_SCSI - ok
22:53:48.0333 1980 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:53:48.0336 1980 luafv - ok
22:53:48.0379 1980 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:53:48.0384 1980 Mcx2Svc - ok
22:53:48.0407 1980 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:53:48.0409 1980 megasas - ok
22:53:48.0437 1980 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:53:48.0442 1980 MegaSR - ok
22:53:48.0471 1980 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:53:48.0475 1980 MMCSS - ok
22:53:48.0481 1980 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:53:48.0483 1980 Modem - ok
22:53:48.0509 1980 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:53:48.0511 1980 monitor - ok
22:53:48.0560 1980 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
22:53:48.0562 1980 mouclass - ok
22:53:48.0599 1980 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:53:48.0601 1980 mouhid - ok
22:53:48.0648 1980 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:53:48.0651 1980 mountmgr - ok
22:53:48.0693 1980 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:53:48.0696 1980 mpio - ok
22:53:48.0725 1980 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:53:48.0727 1980 mpsdrv - ok
22:53:48.0815 1980 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
22:53:48.0828 1980 MpsSvc - ok
22:53:48.0867 1980 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:53:48.0870 1980 MRxDAV - ok
22:53:48.0920 1980 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:53:48.0923 1980 mrxsmb - ok
22:53:48.0974 1980 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:53:48.0979 1980 mrxsmb10 - ok
22:53:49.0030 1980 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:53:49.0033 1980 mrxsmb20 - ok
22:53:49.0067 1980 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:53:49.0069 1980 msahci - ok
22:53:49.0104 1980 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:53:49.0107 1980 msdsm - ok
22:53:49.0138 1980 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:53:49.0143 1980 MSDTC - ok
22:53:49.0185 1980 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:53:49.0187 1980 Msfs - ok
22:53:49.0210 1980 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:53:49.0212 1980 mshidkmdf - ok
22:53:49.0251 1980 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:53:49.0253 1980 msisadrv - ok
22:53:49.0287 1980 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:53:49.0293 1980 MSiSCSI - ok
22:53:49.0297 1980 msiserver - ok
22:53:49.0327 1980 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:53:49.0330 1980 MSKSSRV - ok
22:53:49.0345 1980 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:53:49.0347 1980 MSPCLOCK - ok
22:53:49.0351 1980 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

[Renee]

22:53:49.0353 1980 MSPQM - ok
22:53:49.0412 1980 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:53:49.0418 1980 MsRPC - ok
22:53:49.0456 1980 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:53:49.0458 1980 mssmbios - ok
22:53:49.0483 1980 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:53:49.0486 1980 MSTEE - ok
22:53:49.0490 1980 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:53:49.0492 1980 MTConfig - ok
22:53:49.0508 1980 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:53:49.0510 1980 Mup - ok
22:53:49.0566 1980 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:53:49.0576 1980 napagent - ok
22:53:49.0640 1980 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:53:49.0646 1980 NativeWifiP - ok
22:53:49.0753 1980 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:53:49.0766 1980 NDIS - ok
22:53:49.0811 1980 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:53:49.0813 1980 NdisCap - ok
22:53:49.0841 1980 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:53:49.0843 1980 NdisTapi - ok
22:53:49.0894 1980 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:53:49.0896 1980 Ndisuio - ok
22:53:49.0938 1980 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:53:49.0941 1980 NdisWan - ok
22:53:49.0978 1980 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:53:49.0981 1980 NDProxy - ok
22:53:50.0018 1980 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:53:50.0020 1980 NetBIOS - ok
22:53:50.0064 1980 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:53:50.0069 1980 NetBT - ok
22:53:50.0120 1980 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:53:50.0123 1980 Netlogon - ok
22:53:50.0183 1980 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:53:50.0191 1980 Netman - ok
22:53:50.0298 1980 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:53:50.0301 1980 NetMsmqActivator - ok
22:53:50.0338 1980 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:53:50.0341 1980 NetPipeActivator - ok
22:53:50.0392 1980 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:53:50.0402 1980 netprofm - ok
22:53:50.0407 1980 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:53:50.0409 1980 NetTcpActivator - ok
22:53:50.0415 1980 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:53:50.0417 1980 NetTcpPortSharing - ok
22:53:50.0474 1980 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:53:50.0477 1980 nfrd960 - ok
22:53:50.0547 1980 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
22:53:50.0555 1980 NlaSvc - ok
22:53:50.0675 1980 NMSAccess (7aea4df1ca68fd45dd4bbe1f0243ce7f) C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
22:53:50.0677 1980 NMSAccess - ok
22:53:50.0706 1980 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:53:50.0708 1980 Npfs - ok
22:53:50.0744 1980 npggsvc - ok
22:53:50.0782 1980 NPPTNT2 - ok
22:53:50.0809 1980 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:53:50.0814 1980 nsi - ok
22:53:50.0830 1980 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:53:50.0832 1980 nsiproxy - ok
22:53:50.0962 1980 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:53:50.0983 1980 Ntfs - ok
22:53:51.0109 1980 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:53:51.0112 1980 Null - ok
22:53:51.0162 1980 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:53:51.0165 1980 nvraid - ok
22:53:51.0196 1980 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:53:51.0199 1980 nvstor - ok
22:53:51.0256 1980 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:53:51.0259 1980 nv_agp - ok
22:53:51.0297 1980 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:53:51.0300 1980 ohci1394 - ok
22:53:51.0345 1980 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:53:51.0353 1980 p2pimsvc - ok
22:53:51.0393 1980 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:53:51.0402 1980 p2psvc - ok
22:53:51.0439 1980 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:53:51.0442 1980 Parport - ok
22:53:51.0484 1980 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
22:53:51.0486 1980 partmgr - ok
22:53:51.0523 1980 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:53:51.0530 1980 PcaSvc - ok
22:53:51.0575 1980 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:53:51.0579 1980 pci - ok
22:53:51.0595 1980 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:53:51.0598 1980 pciide - ok
22:53:51.0647 1980 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:53:51.0652 1980 pcmcia - ok
22:53:51.0668 1980 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:53:51.0670 1980 pcw - ok
22:53:51.0716 1980 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:53:51.0725 1980 PEAUTH - ok
22:53:51.0809 1980 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:53:51.0813 1980 PerfHost - ok
22:53:51.0985 1980 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:53:52.0007 1980 pla - ok
22:53:52.0076 1980 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:53:52.0087 1980 PlugPlay - ok
22:53:52.0125 1980 PnkBstrA - ok
22:53:52.0151 1980 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:53:52.0156 1980 PNRPAutoReg - ok
22:53:52.0190 1980 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:53:52.0196 1980 PNRPsvc - ok
22:53:52.0263 1980 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:53:52.0273 1980 PolicyAgent - ok
22:53:52.0312 1980 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:53:52.0318 1980 Power - ok
22:53:52.0385 1980 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:53:52.0388 1980 PptpMiniport - ok
22:53:52.0414 1980 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:53:52.0417 1980 Processor - ok
22:53:52.0469 1980 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
22:53:52.0476 1980 ProfSvc - ok
22:53:52.0520 1980 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:53:52.0523 1980 ProtectedStorage - ok
22:53:52.0590 1980 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:53:52.0593 1980 Psched - ok
22:53:52.0699 1980 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:53:52.0718 1980 ql2300 - ok
22:53:52.0853 1980 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:53:52.0856 1980 ql40xx - ok
22:53:52.0899 1980 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:53:52.0907 1980 QWAVE - ok
22:53:52.0927 1980 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:53:52.0929 1980 QWAVEdrv - ok
22:53:52.0949 1980 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:53:52.0951 1980 RasAcd - ok
22:53:52.0989 1980 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:53:52.0991 1980 RasAgileVpn - ok
22:53:53.0027 1980 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:53:53.0033 1980 RasAuto - ok
22:53:53.0082 1980 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:53:53.0085 1980 Rasl2tp - ok
22:53:53.0147 1980 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:53:53.0157 1980 RasMan - ok
22:53:53.0202 1980 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:53:53.0205 1980 RasPppoe - ok
22:53:53.0227 1980 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:53:53.0229 1980 RasSstp - ok
22:53:53.0282 1980 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:53:53.0288 1980 rdbss - ok
22:53:53.0312 1980 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:53:53.0314 1980 rdpbus - ok
22:53:53.0335 1980 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:53:53.0337 1980 RDPCDD - ok
22:53:53.0361 1980 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:53:53.0363 1980 RDPENCDD - ok
22:53:53.0373 1980 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:53:53.0375 1980 RDPREFMP - ok
22:53:53.0421 1980 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
22:53:53.0426 1980 RDPWD - ok
22:53:53.0484 1980 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:53:53.0489 1980 rdyboost - ok
22:53:53.0523 1980 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:53:53.0528 1980 RemoteAccess - ok
22:53:53.0565 1980 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:53:53.0569 1980 RemoteRegistry - ok
22:53:53.0598 1980 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:53:53.0602 1980 RpcEptMapper - ok
22:53:53.0647 1980 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:53:53.0651 1980 RpcLocator - ok
22:53:53.0714 1980 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:53:53.0722 1980 RpcSs - ok
22:53:53.0760 1980 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:53:53.0762 1980 rspndr - ok
22:53:53.0810 1980 RSUSBSTOR (483df0b58ca532e5240e59dc41f30aa2) C:\Windows\system32\Drivers\RtsUStor.sys
22:53:53.0814 1980 RSUSBSTOR - ok
22:53:53.0872 1980 RTHDMIAzAudService (483c537e69fa97c77f7fe0e2e1c1f102) C:\Windows\system32\drivers\RtHDMIVX.sys
22:53:53.0876 1980 RTHDMIAzAudService - ok
22:53:53.0933 1980 RTL8167 (365ed58b47b46de8b1c5fa759b6fcd6e) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:53:53.0938 1980 RTL8167 - ok
22:53:54.0049 1980 rtl8192se (7475548b0ba58eba4d12414fc9e9dfe6) C:\Windows\system32\DRIVERS\rtl8192se.sys
22:53:54.0063 1980 rtl8192se - ok
22:53:54.0110 1980 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:53:54.0113 1980 SamSs - ok
22:53:54.0150 1980 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:53:54.0152 1980 sbp2port - ok
22:53:54.0188 1980 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:53:54.0196 1980 SCardSvr - ok
22:53:54.0265 1980 SCDEmu (c81eb41e9ffc35560e5025891dc01a6e) C:\Windows\system32\drivers\SCDEmu.sys
22:53:54.0268 1980 SCDEmu - ok
22:53:54.0300 1980 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:53:54.0302 1980 scfilter - ok
22:53:54.0397 1980 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:53:54.0416 1980 Schedule - ok
22:53:54.0459 1980 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:53:54.0461 1980 SCPolicySvc - ok
22:53:54.0506 1980 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:53:54.0513 1980 SDRSVC - ok
22:53:54.0571 1980 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:53:54.0573 1980 secdrv - ok
22:53:54.0609 1980 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:53:54.0614 1980 seclogon - ok
22:53:54.0654 1980 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
22:53:54.0660 1980 SENS - ok
22:53:54.0677 1980 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:53:54.0683 1980 SensrSvc - ok
22:53:54.0700 1980 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:53:54.0702 1980 Serenum - ok
22:53:54.0727 1980 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:53:54.0731 1980 Serial - ok
22:53:54.0786 1980 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:53:54.0788 1980 sermouse - ok
22:53:54.0834 1980 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:53:54.0840 1980 SessionEnv - ok
22:53:54.0878 1980 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:53:54.0880 1980 sffdisk - ok
22:53:54.0894 1980 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:53:54.0896 1980 sffp_mmc - ok
22:53:54.0901 1980 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:53:54.0903 1980 sffp_sd - ok
22:53:54.0937 1980 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:53:54.0940 1980 sfloppy - ok
22:53:54.0984 1980 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:53:54.0991 1980 SharedAccess - ok
22:53:55.0046 1980 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
22:53:55.0055 1980 ShellHWDetection - ok
22:53:55.0095 1980 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:53:55.0098 1980 SiSRaid2 - ok
22:53:55.0106 1980 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:53:55.0108 1980 SiSRaid4 - ok
22:53:55.0124 1980 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:53:55.0127 1980 Smb - ok
22:53:55.0172 1980 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:53:55.0175 1980 SNMPTRAP - ok
22:53:55.0331 1980 Sony PC Companion (5177d14a78e60fd61dcfc6b388e7e971) C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
22:53:55.0334 1980 Sony PC Companion - ok
22:53:55.0368 1980 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:53:55.0370 1980 spldr - ok
22:53:55.0442 1980 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
22:53:55.0454 1980 Spooler - ok
22:53:55.0696 1980 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:53:55.0791 1980 sppsvc - ok
22:53:55.0902 1980 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:53:55.0909 1980 sppuinotify - ok
22:53:56.0018 1980 sptd (34f974f8b3c86de03a30dcbe79091c97) C:\Windows\system32\Drivers\sptd.sys
22:53:56.0019 1980 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 34f974f8b3c86de03a30dcbe79091c97
22:53:56.0028 1980 sptd ( LockedFile.Multi.Generic ) - warning
22:53:56.0028 1980 sptd - detected LockedFile.Multi.Generic (1)
22:53:56.0089 1980 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:53:56.0096 1980 srv - ok
22:53:56.0131 1980 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:53:56.0137 1980 srv2 - ok
22:53:56.0190 1980 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
22:53:56.0196 1980 SrvHsfHDA - ok
22:53:56.0301 1980 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
22:53:56.0358 1980 SrvHsfV92 - ok
22:53:56.0525 1980 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
22:53:56.0535 1980 SrvHsfWinac - ok
22:53:56.0579 1980 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:53:56.0582 1980 srvnet - ok
22:53:56.0627 1980 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:53:56.0632 1980 SSDPSRV - ok
22:53:56.0651 1980 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:53:56.0655 1980 SstpSvc - ok
22:53:56.0682 1980 StarOpen - ok
22:53:56.0778 1980 Steam Client Service - ok
22:53:56.0801 1980 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:53:56.0804 1980 stexstor - ok
22:53:56.0881 1980 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:53:56.0894 1980 stisvc - ok
22:53:56.0923 1980 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:53:56.0925 1980 swenum - ok
22:53:56.0977 1980 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:53:56.0988 1980 swprv - ok
22:53:57.0070 1980 SynTP (e28ca52ecf8cb6eb04b34de440ba260e) C:\Windows\system32\DRIVERS\SynTP.sys
22:53:57.0075 1980 SynTP - ok
22:53:57.0218 1980 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
22:53:57.0245 1980 SysMain - ok
22:53:57.0356 1980 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:53:57.0363 1980 TabletInputService - ok
22:53:57.0419 1980 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:53:57.0429 1980 TapiSrv - ok
22:53:57.0448 1980 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:53:57.0455 1980 TBS - ok
22:53:57.0621 1980 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
22:53:57.0642 1980 Tcpip - ok
22:53:57.0895 1980 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
22:53:57.0908 1980 TCPIP6 - ok
22:53:58.0037 1980 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:53:58.0039 1980 tcpipreg - ok
22:53:58.0067 1980 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:53:58.0069 1980 TDPIPE - ok
22:53:58.0103 1980 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
22:53:58.0105 1980 TDTCP - ok
22:53:58.0144 1980 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:53:58.0147 1980 tdx - ok
22:53:58.0190 1980 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:53:58.0193 1980 TermDD - ok
22:53:58.0249 1980 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
22:53:58.0262 1980 TermService - ok
22:53:58.0280 1980 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:53:58.0286 1980 Themes - ok
22:53:58.0317 1980 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:53:58.0320 1980 THREADORDER - ok
22:53:58.0441 1980 TOSHIBA eco Utility Service (6938cbd31b47092b042420a5fd2e9aae) C:\Program Files\TOSHIBA\TECO\TecoService.exe
22:53:58.0446 1980 TOSHIBA eco Utility Service - ok
22:53:58.0510 1980 TOSHIBA HDD SSD Alert Service (4218356616e08518e6c2cb102ac3798a) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
22:53:58.0512 1980 TOSHIBA HDD SSD Alert Service - ok
22:53:58.0584 1980 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\Windows\system32\DRIVERS\tos_sps64.sys
22:53:58.0591 1980 tos_sps64 - ok
22:53:58.0685 1980 TPCHSrv (270cebd8b5dd9f232cd50d18d19c10a0) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
22:53:58.0692 1980 TPCHSrv - ok
22:53:58.0799 1980 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:53:58.0806 1980 TrkWks - ok
22:53:58.0851 1980 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:53:58.0853 1980 TrustedInstaller - ok
22:53:58.0908 1980 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:53:58.0910 1980 tssecsrv - ok
22:53:58.0965 1980 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:53:58.0967 1980 TsUsbFlt - ok
22:53:59.0034 1980 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:53:59.0037 1980 tunnel - ok
22:53:59.0084 1980 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
22:53:59.0086 1980 TVALZ - ok
22:53:59.0122 1980 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\Windows\system32\DRIVERS\TVALZFL.sys
22:53:59.0124 1980 TVALZFL - ok
22:53:59.0146 1980 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:53:59.0149 1980 uagp35 - ok
22:53:59.0205 1980 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:53:59.0210 1980 udfs - ok
22:53:59.0241 1980 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:53:59.0247 1980 UI0Detect - ok
22:53:59.0299 1980 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:53:59.0302 1980 uliagpkx - ok
22:53:59.0340 1980 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
22:53:59.0343 1980 umbus - ok
22:53:59.0385 1980 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:53:59.0387 1980 UmPass - ok
22:53:59.0629 1980 UNS (41118d920b2b268c0adc36421248cdcf) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:53:59.0644 1980 UNS - ok
22:53:59.0763 1980 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:53:59.0773 1980 upnphost - ok
22:53:59.0865 1980 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
22:53:59.0869 1980 usbaudio - ok
22:53:59.0932 1980 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:53:59.0936 1980 usbccgp - ok
22:53:59.0997 1980 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:54:00.0001 1980 usbcir - ok
22:54:00.0039 1980 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
22:54:00.0042 1980 usbehci - ok
22:54:00.0100 1980 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:54:00.0106 1980 usbhub - ok
22:54:00.0136 1980 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
22:54:00.0138 1980 usbohci - ok
22:54:00.0168 1980 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:54:00.0170 1980 usbprint - ok
22:54:00.0207 1980 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:54:00.0210 1980 USBSTOR - ok
22:54:00.0253 1980 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:54:00.0256 1980 usbuhci - ok
22:54:00.0299 1980 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
22:54:00.0303 1980 usbvideo - ok
22:54:00.0330 1980 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:54:00.0337 1980 UxSms - ok
22:54:00.0377 1980 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:54:00.0380 1980 VaultSvc - ok
22:54:00.0427 1980 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:54:00.0430 1980 vdrvroot - ok
22:54:00.0492 1980 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
22:54:00.0503 1980 vds - ok
22:54:00.0539 1980 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:54:00.0542 1980 vga - ok
22:54:00.0567 1980 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:54:00.0570 1980 VgaSave - ok
22:54:00.0610 1980 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:54:00.0614 1980 vhdmp - ok
22:54:00.0644 1980 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:54:00.0646 1980 viaide - ok
22:54:00.0663 1980 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:54:00.0666 1980 volmgr - ok
22:54:00.0715 1980 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:54:00.0721 1980 volmgrx - ok
22:54:00.0772 1980 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:54:00.0777 1980 volsnap - ok
22:54:00.0823 1980 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:54:00.0827 1980 vsmraid - ok
22:54:00.0960 1980 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:54:00.0985 1980 VSS - ok
22:54:01.0102 1980 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:54:01.0104 1980 vwifibus - ok
22:54:01.0138 1980 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:54:01.0140 1980 vwififlt - ok
22:54:01.0202 1980 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:54:01.0213 1980 W32Time - ok
22:54:01.0241 1980 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:54:01.0243 1980 WacomPen - ok
22:54:01.0304 1980 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:54:01.0307 1980 WANARP - ok
22:54:01.0312 1980 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:54:01.0314 1980 Wanarpv6 - ok
22:54:01.0439 1980 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
22:54:01.0456 1980 WatAdminSvc - ok
22:54:01.0583 1980 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
22:54:01.0608 1980 wbengine - ok
22:54:01.0714 1980 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:54:01.0723 1980 WbioSrvc - ok
22:54:01.0780 1980 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:54:01.0790 1980 wcncsvc - ok
22:54:01.0811 1980 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:54:01.0817 1980 WcsPlugInService - ok
22:54:01.0853 1980 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:54:01.0855 1980 Wd - ok
22:54:01.0907 1980 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:54:01.0916 1980 Wdf01000 - ok
22:54:01.0951 1980 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:54:01.0957 1980 WdiServiceHost - ok
22:54:01.0962 1980 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:54:01.0968 1980 WdiSystemHost - ok
22:54:02.0025 1980 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
22:54:02.0036 1980 WebClient - ok
22:54:02.0078 1980 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:54:02.0086 1980 Wecsvc - ok
22:54:02.0102 1980 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:54:02.0108 1980 wercplsupport - ok
22:54:02.0150 1980 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:54:02.0156 1980 WerSvc - ok
22:54:02.0200 1980 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:54:02.0203 1980 WfpLwf - ok
22:54:02.0224 1980 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:54:02.0226 1980 WIMMount - ok
22:54:02.0268 1980 WinDefend - ok
22:54:02.0281 1980 WinHttpAutoProxySvc - ok
22:54:02.0346 1980 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:54:02.0351 1980 Winmgmt - ok
22:54:02.0500 1980 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
22:54:02.0526 1980 WinRM - ok
22:54:02.0680 1980 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:54:02.0683 1980 WinUsb - ok
22:54:02.0760 1980 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:54:02.0777 1980 Wlansvc - ok
22:54:03.0005 1980 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:54:03.0032 1980 wlidsvc - ok
22:54:03.0148 1980 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:54:03.0150 1980 WmiAcpi - ok
22:54:03.0210 1980 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:54:03.0214 1980 wmiApSrv - ok
22:54:03.0280 1980 WMPNetworkSvc - ok
22:54:03.0328 1980 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:54:03.0335 1980 WPCSvc - ok
22:54:03.0380 1980 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:54:03.0388 1980 WPDBusEnum - ok
22:54:03.0416 1980 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:54:03.0419 1980 ws2ifsl - ok
22:54:03.0448 1980 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
22:54:03.0456 1980 wscsvc - ok
22:54:03.0460 1980 WSearch - ok
22:54:03.0662 1980 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
22:54:03.0754 1980 wuauserv - ok
22:54:03.0901 1980 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:54:03.0905 1980 WudfPf - ok
22:54:03.0946 1980 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:54:03.0963 1980 WUDFRd - ok
22:54:04.0000 1980 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:54:04.0007 1980 wudfsvc - ok
22:54:04.0046 1980 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:54:04.0055 1980 WwanSvc - ok
22:54:04.0094 1980 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:54:04.0338 1980 \Device\Harddisk0\DR0 - ok
22:54:04.0347 1980 Boot (0x1200) (37605659d890e7ecccfd26e71a1053da) \Device\Harddisk0\DR0\Partition0
22:54:04.0350 1980 \Device\Harddisk0\DR0\Partition0 - ok
22:54:04.0379 1980 Boot (0x1200) (9eda79f333383bea3792ada330375f96) \Device\Harddisk0\DR0\Partition1
22:54:04.0382 1980 \Device\Harddisk0\DR0\Partition1 - ok
22:54:04.0382 1980 ============================================================
22:54:04.0382 1980 Scan finished
22:54:04.0382 1980 ============================================================
22:54:04.0399 4552 Detected object count: 1
22:54:04.0399 4552 Actual detected object count: 1
22:54:17.0109 4552 sptd ( LockedFile.Multi.Generic ) - skipped by user
22:54:17.0109 4552 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
22:54:21.0088 1400 Deinitialize success



Moc se omlouvám za tři příspěvky po sobě, myslel jsem že TDSSKiller se vejde do single zprávy, no nevejde tak ho musím nejen oddělit ale i rozdělit...

[jaro3]

OK.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

KillAll::
Collect::
C:\STF1FC0.tmp

File::
c:\windows\system32\DRIVERS\eamonm.sys
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2981530016-580221720-1048424455-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2981530016-580221720-1048424455-1000UA.job
c:\users\Renee\AppData\Local\Google\Update\GoogleUpdate.exe

Driver::
eamonm
gupdate
gupdatem

Firefox::
FF - ProfilePath - c:\users\Renee\AppData\Roaming\Mozilla\Firefox\Profiles\hfvzcg6f.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[Renee]

Nevím, co má ComboFix proti League of Legends. Včera mi ji smazal a dneska mi ji smazal znovu. Log z ComboFixu kvůli tomu má přes 650 tisíc znaků, takže sem vložím log s vynechanou částí "Ostatní výmazy" protože v té části kromě LoL nic není. Kdybys ale potřeboval tak sem ten log rozdělený na 11 příspěvků klidně vložím.
ComboFix:

ComboFix 12-05-29.01 - Renee 29.05.2012 20:05:05.5.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3958.2603 [GMT 2:00]
Spuštěný z: c:\combofix\ComboFix.exe
Použité ovládací přepínače :: c:\users\Renee\OstatnÝ\Desktop\cfscript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
League of Legends
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-04-28 do 2012-05-29 )))))))))))))))))))))))))))))))
.
.
2012-05-29 18:22 . 2012-05-29 18:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-29 18:22 . 2012-05-29 18:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-29 14:21 . 2012-05-29 14:21 -------- d-----w- c:\programdata\Firefly Studios
2012-05-29 13:52 . 2012-05-29 13:52 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{75FD1938-9047-42AC-B6B8-FEA54CD4D6AB}\offreg.dll
2012-05-29 07:42 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{75FD1938-9047-42AC-B6B8-FEA54CD4D6AB}\mpengine.dll
2012-05-28 20:57 . 2012-05-28 20:57 -------- d-----w- c:\users\Renee\AppData\Local\ATI
2012-05-28 19:04 . 2012-05-28 19:04 -------- d-----w- c:\program files (x86)\Bethesda Softworks
2012-05-28 17:05 . 2012-05-28 17:05 -------- d--h--w- c:\programdata\Common Files
2012-05-28 17:05 . 2012-05-28 17:05 -------- d-----w- c:\program files (x86)\PowerISO
2012-05-28 17:05 . 2012-02-09 06:06 125376 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-05-25 18:54 . 2012-05-25 18:54 -------- d-----w- c:\users\Renee\AppData\Roaming\LolClient2
2012-05-20 13:55 . 2012-05-20 13:55 -------- d-----w- c:\programdata\Sony
2012-05-20 13:55 . 2012-05-20 13:55 -------- d-----w- c:\program files (x86)\Sony
2012-05-17 18:04 . 2012-05-17 18:04 -------- d-----w- c:\program files (x86)\SEGA
2012-05-11 14:21 . 2012-05-28 19:53 -------- d-----w- C:\Games
2012-05-11 14:15 . 2012-05-28 19:53 -------- d-----w- c:\program files\Nexus Mod Manager
2012-05-10 09:26 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 09:26 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 09:26 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 09:26 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 09:26 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 09:26 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 09:25 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 09:24 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 09:24 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 09:24 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 09:24 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 09:24 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 09:24 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 17:19 . 2012-05-22 08:08 -------- d-----w- c:\users\Renee\AppData\Roaming\Hamachi
2012-05-09 17:18 . 2012-05-09 17:18 33344 ----a-w- c:\windows\system32\drivers\hamachi.sys
2012-05-09 17:18 . 2012-05-09 17:19 -------- d-----w- c:\program files (x86)\Hamachi
2012-05-09 16:52 . 2012-05-09 16:53 -------- d-----w- c:\users\Renee\AppData\Roaming\.minecraft
2012-05-08 09:28 . 2012-05-08 09:28 -------- d-----w- c:\program files (x86)\AMD APP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 13:20 . 2012-04-19 07:54 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 13:20 . 2011-09-12 16:50 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 13:20 . 2012-04-19 08:20 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-02 15:53 . 2010-06-22 12:40 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-02 15:53 . 2010-06-18 18:42 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-24 21:03 . 2010-06-18 18:42 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-04-05 20:34 . 2012-04-05 20:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-05 20:34 . 2012-04-05 20:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-05 20:34 . 2012-04-05 20:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-05 20:33 . 2012-04-05 20:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-05 20:33 . 2012-04-05 20:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-05 20:33 . 2012-04-05 20:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-05 20:32 . 2012-04-05 20:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-03-07 14:21 . 2012-03-07 14:21 4612 ----a-w- C:\STF1FC0.tmp
2012-03-07 00:15 . 2011-03-01 12:44 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2011-03-01 12:44 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-07 00:15 . 2011-03-01 12:45 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:04 . 2011-03-01 12:45 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:04 . 2011-03-01 12:45 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2012-02-24 12:19 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-07 00:01 . 2011-03-01 12:45 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2011-03-01 12:45 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-07 00:01 . 2011-03-01 12:45 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 12:10 . 2011-01-10 13:11 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-01 06:46 . 2012-04-12 20:51 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-12 20:51 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-12 20:51 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-12 20:51 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-12 20:51 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-12 20:51 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 20:51 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-28_21.28.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-05-28 21:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-29 18:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-28 21:28 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-29 18:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-28 21:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-29 18:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-11 10:31 . 2012-05-29 07:25 50686 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-29 18:26 39062 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-06-18 10:00 . 2012-05-29 18:26 14648 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2981530016-580221720-1048424455-1000_UserData.bin
+ 2010-06-18 09:18 . 2012-05-29 18:24 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-18 09:18 . 2012-05-28 21:28 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-18 09:18 . 2012-05-28 21:28 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-06-18 09:18 . 2012-05-29 18:24 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-29 18:24 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-28 21:28 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-06-18 09:33 . 2012-05-28 21:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-18 09:33 . 2012-05-29 18:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-18 09:33 . 2012-05-29 18:25 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-06-18 09:33 . 2012-05-28 21:29 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-06-18 09:33 . 2012-05-29 18:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-06-18 09:33 . 2012-05-28 21:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-06-30 12:11 . 2012-05-28 21:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-30 12:11 . 2012-05-29 18:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-30 12:11 . 2012-05-29 18:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-06-30 12:11 . 2012-05-28 21:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-05-28 21:28 . 2012-05-28 21:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-29 18:24 . 2012-05-29 18:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-28 21:28 . 2012-05-28 21:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-29 18:24 . 2012-05-29 18:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-06-18 18:08 . 2012-05-29 10:32 513056 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:01 . 2012-05-28 21:27 440508 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-29 18:23 440508 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-08-05 01:30 . 2012-05-29 18:23 10065800 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2981530016-580221720-1048424455-1000-12288.dat
- 2010-08-05 01:30 . 2012-05-28 21:27 10065800 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2981530016-580221720-1048424455-1000-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QIP2005"="c:\program files (x86)\QIP\qip.exe" [2008-12-09 3259392]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-09-12 3077528]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-11-11 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-03 343168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-09 116648]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 ALSysIO;ALSysIO;c:\users\Renee\AppData\Local\Temp\ALSysIO64.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\Drift City\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-09 116648]
R3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\Drivers\IT9135BDA.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-22 225280]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-05 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-11-10 824688]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-01-13 129440]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-27 252784]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-09-28 251760]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-05-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 13:20]
.
2012-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-09 20:09]
.
2012-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-09 20:09]
.
2012-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2981530016-580221720-1048424455-1000Core.job
- c:\users\Renee\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-18 10:14]
.
2012-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2981530016-580221720-1048424455-1000UA.job
- c:\users\Renee\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-18 10:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Renee\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
TCP: Interfaces\{D53D5CA2-2542-4177-8B4F-603AD49EE52A}: DhcpNameServer = 213.46.172.36 213.46.172.37
TCP: Interfaces\{D53D5CA2-2542-4177-8B4F-603AD49EE52A}\058696C69607370275966496: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\Renee\AppData\Roaming\Mozilla\Firefox\Profiles\hfvzcg6f.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2981530016-580221720-1048424455-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2981530016-580221720-1048424455-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2981530016-580221720-1048424455-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:42,77,4b,e5,1b,4f,b6,00,23,fc,f2,ab,f9,08,21,49,55,3f,4b,77,18,81,d4,
26,ab,0d,08,f1,d7,bf,68,aa,50,56,80,ea,1f,81,a0,0d,e0,4a,7b,a7,32,68,92,93,\
"??"=hex:d3,06,4a,d4,65,98,fb,cc,9c,d4,e4,7e,82,6c,7b,d4
.
[HKEY_USERS\S-1-5-21-2981530016-580221720-1048424455-1000\Software\SecuROM\License information*]
"datasecu"=hex:14,1b,8d,6d,a0,e1,18,9c,54,1a,89,e9,69,7c,61,95,fa,a6,d4,27,00,
13,bf,4d,63,08,6e,4e,f6,81,24,18,c6,1c,46,ba,63,12,db,3c,ae,ea,21,7d,10,93,\
"rkeysecu"=hex:e8,11,78,cd,9f,69,3d,5b,a0,a7,00,dd,fd,25,03,99
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
c:\windows\SysWOW64\rundll32.exe
c:\users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Celkový čas: 2012-05-29 20:31:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-05-29 18:31
ComboFix2.txt 2012-05-28 21:54
ComboFix3.txt 2012-05-28 21:35
.
Před spuštěním: Volných bajtů: 57 942 048 768
Po spuštění: Volných bajtů: 57 672 237 056
.
- - End Of File - - 5947D17E0F614E7E66AF9355BA3145F6

HJT:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:37:11, on 29.5.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\QIP\qip.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\HJT\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [QIP2005] C:\Program Files (x86)\QIP\qip.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Renee\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9317 bytes

aswMBR:

Při aswMBR došlo k BSOD, mám se to snažit protlačit znovu? nakonec jsem to zkusil a už to projelo v pohodě, tu je log:


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-29 21:09:42
-----------------------------
21:09:42.845 OS Version: Windows x64 6.1.7601 Service Pack 1
21:09:42.845 Number of processors: 4 586 0x2502
21:09:42.846 ComputerName: RENEE-JE-BUH UserName: Renee
21:09:44.153 Initialize success
21:09:44.330 AVAST engine defs: 12052901
21:09:53.483 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:09:53.487 Disk 0 Vendor: TOSHIBA_ GC00 Size: 476940MB BusType: 3
21:09:53.499 Disk 0 MBR read successfully
21:09:53.503 Disk 0 MBR scan
21:09:53.508 Disk 0 Windows 7 default MBR code
21:09:53.523 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 400 MB offset 2048
21:09:53.539 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238470 MB offset 821248
21:09:53.560 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 238069 MB offset 489207808
21:09:53.589 Disk 0 scanning C:\Windows\system32\drivers
21:10:02.481 Service scanning
21:10:37.468 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
21:10:49.166 Modules scanning
21:10:49.180 Disk 0 trace - called modules:
21:10:49.548 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys sptd.sys hal.dll
21:10:49.558 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006997060]
21:10:49.566 3 CLASSPNP.SYS[fffff88001a6c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800494f050]
21:10:50.160 AVAST engine scan C:\Windows
21:10:52.716 AVAST engine scan C:\Windows\system32
21:15:15.633 AVAST engine scan C:\Windows\system32\drivers
21:15:36.390 AVAST engine scan C:\Users\Renee
21:25:04.996 AVAST engine scan C:\ProgramData
21:26:37.609 Scan finished successfully
21:31:34.020 Disk 0 MBR has been saved successfully to "C:\Users\Renee\Ostatní\Desktop\MBR.dat"
21:31:34.029 The log file has been saved successfully to "C:\Users\Renee\Ostatní\Desktop\aswMBR.txt"

[jaro3]

jo , znovu , i ten script Combofixz znovu , nis nesmazalo...dej sem celý.

League of Legends---originálka??

[Renee]

League of Legends je freeware, nemám to nijak crackované ani jinak ošéfované.
Za ComboFix se omlouvám, když jsem tam přetáhl ten script tak se aktualizoval a pak se restartoval nejspíš bez skriptu (nenapadlo mě to), teď jsem to projel s tím skriptem.
CF log:

ComboFix 12-05-28.05 - Renee 29.05.2012 21:54:35.6.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3958.2383 [GMT 2:00]
Spuštěný z: c:\users\Renee\Ostatní\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Renee\Ostatní\Desktop\cfscript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\Google\Update\GoogleUpdate.exe"
"c:\users\Renee\AppData\Local\Google\Update\GoogleUpdate.exe"
"c:\windows\system32\DRIVERS\eamonm.sys"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2981530016-580221720-1048424455-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2981530016-580221720-1048424455-1000UA.job"
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Update\GoogleUpdate.exe
C:\STF1FC0.tmp
c:\users\Renee\AppData\Local\Google\Update\GoogleUpdate.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2981530016-580221720-1048424455-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2981530016-580221720-1048424455-1000UA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_EAMONM
-------\Service_eamonm
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-04-28 do 2012-05-29 )))))))))))))))))))))))))))))))
.
.
2012-05-29 20:01 . 2012-05-29 20:01 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-29 20:01 . 2012-05-29 20:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-29 14:21 . 2012-05-29 14:21 -------- d-----w- c:\programdata\Firefly Studios
2012-05-29 13:52 . 2012-05-29 13:52 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{75FD1938-9047-42AC-B6B8-FEA54CD4D6AB}\offreg.dll
2012-05-29 07:42 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{75FD1938-9047-42AC-B6B8-FEA54CD4D6AB}\mpengine.dll
2012-05-28 20:57 . 2012-05-28 20:57 -------- d-----w- c:\users\Renee\AppData\Local\ATI
2012-05-28 19:04 . 2012-05-28 19:04 -------- d-----w- c:\program files (x86)\Bethesda Softworks
2012-05-28 17:05 . 2012-05-28 17:05 -------- d--h--w- c:\programdata\Common Files
2012-05-28 17:05 . 2012-05-28 17:05 -------- d-----w- c:\program files (x86)\PowerISO
2012-05-28 17:05 . 2012-02-09 06:06 125376 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-05-25 18:54 . 2012-05-25 18:54 -------- d-----w- c:\users\Renee\AppData\Roaming\LolClient2
2012-05-20 13:55 . 2012-05-20 13:55 -------- d-----w- c:\programdata\Sony
2012-05-20 13:55 . 2012-05-20 13:55 -------- d-----w- c:\program files (x86)\Sony
2012-05-17 18:04 . 2012-05-17 18:04 -------- d-----w- c:\program files (x86)\SEGA
2012-05-11 14:21 . 2012-05-28 19:53 -------- d-----w- C:\Games
2012-05-11 14:15 . 2012-05-28 19:53 -------- d-----w- c:\program files\Nexus Mod Manager
2012-05-10 09:26 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 09:26 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 09:26 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 09:26 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 09:26 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 09:26 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 09:25 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 09:24 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 09:24 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 09:24 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 09:24 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 09:24 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 09:24 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 17:19 . 2012-05-22 08:08 -------- d-----w- c:\users\Renee\AppData\Roaming\Hamachi
2012-05-09 17:18 . 2012-05-09 17:18 33344 ----a-w- c:\windows\system32\drivers\hamachi.sys
2012-05-09 17:18 . 2012-05-09 17:19 -------- d-----w- c:\program files (x86)\Hamachi
2012-05-09 16:52 . 2012-05-09 16:53 -------- d-----w- c:\users\Renee\AppData\Roaming\.minecraft
2012-05-08 09:28 . 2012-05-08 09:28 -------- d-----w- c:\program files (x86)\AMD APP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 13:20 . 2012-04-19 07:54 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 13:20 . 2011-09-12 16:50 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 13:20 . 2012-04-19 08:20 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-02 15:53 . 2010-06-22 12:40 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-02 15:53 . 2010-06-18 18:42 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-24 21:03 . 2010-06-18 18:42 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-04-05 20:34 . 2012-04-05 20:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-05 20:34 . 2012-04-05 20:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-05 20:34 . 2012-04-05 20:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-05 20:33 . 2012-04-05 20:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-05 20:33 . 2012-04-05 20:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-05 20:33 . 2012-04-05 20:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-05 20:32 . 2012-04-05 20:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-03-07 00:15 . 2011-03-01 12:44 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2011-03-01 12:44 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-07 00:15 . 2011-03-01 12:45 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:04 . 2011-03-01 12:45 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:04 . 2011-03-01 12:45 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2012-02-24 12:19 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-07 00:01 . 2011-03-01 12:45 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2011-03-01 12:45 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-07 00:01 . 2011-03-01 12:45 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 12:10 . 2011-01-10 13:11 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-01 06:46 . 2012-04-12 20:51 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-12 20:51 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-12 20:51 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-12 20:51 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-12 20:51 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-12 20:51 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 20:51 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-28_21.28.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-05-28 21:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-29 20:02 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-28 21:28 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-29 20:02 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-28 21:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-29 20:02 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-11 10:31 . 2012-05-29 07:25 50686 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-29 19:07 39078 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-06-18 10:00 . 2012-05-29 19:07 14700 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2981530016-580221720-1048424455-1000_UserData.bin
+ 2010-06-18 09:18 . 2012-05-29 20:02 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-18 09:18 . 2012-05-28 21:28 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-18 09:18 . 2012-05-28 21:28 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-06-18 09:18 . 2012-05-29 20:02 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-29 20:02 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-28 21:28 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-06-18 09:33 . 2012-05-28 21:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-18 09:33 . 2012-05-29 20:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-18 09:33 . 2012-05-28 21:29 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-06-18 09:33 . 2012-05-29 20:03 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-06-18 09:33 . 2012-05-28 21:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-18 09:33 . 2012-05-29 20:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-06-30 12:11 . 2012-05-28 21:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-30 12:11 . 2012-05-29 20:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-30 12:11 . 2012-05-28 21:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-30 12:11 . 2012-05-29 20:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-05-29 20:02 . 2012-05-29 20:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-28 21:28 . 2012-05-28 21:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-29 20:02 . 2012-05-29 20:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-28 21:28 . 2012-05-28 21:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-06-18 18:08 . 2012-05-29 10:32 513056 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2012-05-29 20:01 . 2012-05-29 20:01 239832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-05-28 21:27 440508 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-29 20:01 440508 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-08-05 01:30 . 2012-05-29 20:01 10065800 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2981530016-580221720-1048424455-1000-12288.dat
- 2010-08-05 01:30 . 2012-05-28 21:27 10065800 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2981530016-580221720-1048424455-1000-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QIP2005"="c:\program files (x86)\QIP\qip.exe" [2008-12-09 3259392]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-09-12 3077528]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-11-11 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-03 343168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 ALSysIO;ALSysIO;c:\users\Renee\AppData\Local\Temp\ALSysIO64.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\Drift City\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\Drivers\IT9135BDA.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-22 225280]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-05 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-11-10 824688]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-01-13 129440]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-27 252784]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-09-28 251760]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-05-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 13:20]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"combofix"="c:\combofix\CF27434.3XE" [2010-11-20 345088]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Renee\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
TCP: Interfaces\{D53D5CA2-2542-4177-8B4F-603AD49EE52A}: DhcpNameServer = 213.46.172.36 213.46.172.37
TCP: Interfaces\{D53D5CA2-2542-4177-8B4F-603AD49EE52A}\058696C69607370275966496: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\Renee\AppData\Roaming\Mozilla\Firefox\Profiles\hfvzcg6f.default\
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2981530016-580221720-1048424455-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2981530016-580221720-1048424455-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2981530016-580221720-1048424455-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:42,77,4b,e5,1b,4f,b6,00,23,fc,f2,ab,f9,08,21,49,55,3f,4b,77,18,81,d4,
26,ab,0d,08,f1,d7,bf,68,aa,50,56,80,ea,1f,81,a0,0d,e0,4a,7b,a7,32,68,92,93,\
"??"=hex:d3,06,4a,d4,65,98,fb,cc,9c,d4,e4,7e,82,6c,7b,d4
.
[HKEY_USERS\S-1-5-21-2981530016-580221720-1048424455-1000\Software\SecuROM\License information*]
"datasecu"=hex:14,1b,8d,6d,a0,e1,18,9c,54,1a,89,e9,69,7c,61,95,fa,a6,d4,27,00,
13,bf,4d,63,08,6e,4e,f6,81,24,18,c6,1c,46,ba,63,12,db,3c,ae,ea,21,7d,10,93,\
"rkeysecu"=hex:e8,11,78,cd,9f,69,3d,5b,a0,a7,00,dd,fd,25,03,99
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Celkový čas: 2012-05-29 22:09:30 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-05-29 20:09
ComboFix2.txt 2012-05-29 18:31
ComboFix3.txt 2012-05-28 21:54
ComboFix4.txt 2012-05-28 21:35
.
Před spuštěním: Volných bajtů: 56 905 621 504
Po spuštění: Volných bajtů: 56 401 833 984
.
- - End Of File - - FB4557E0DF034D5CF3F160416D0EDE18

HJT:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:26:59, on 29.5.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\QIP\qip.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Renee\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\HJT\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [QIP2005] C:\Program Files (x86)\QIP\qip.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Renee\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8954 bytes

aswMBR
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-29 21:09:42
-----------------------------
21:09:42.845 OS Version: Windows x64 6.1.7601 Service Pack 1
21:09:42.845 Number of processors: 4 586 0x2502
21:09:42.846 ComputerName: RENEE-JE-BUH UserName: Renee
21:09:44.153 Initialize success
21:09:44.330 AVAST engine defs: 12052901
21:09:53.483 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:09:53.487 Disk 0 Vendor: TOSHIBA_ GC00 Size: 476940MB BusType: 3
21:09:53.499 Disk 0 MBR read successfully
21:09:53.503 Disk 0 MBR scan
21:09:53.508 Disk 0 Windows 7 default MBR code
21:09:53.523 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 400 MB offset 2048
21:09:53.539 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238470 MB offset 821248
21:09:53.560 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 238069 MB offset 489207808
21:09:53.589 Disk 0 scanning C:\Windows\system32\drivers
21:10:02.481 Service scanning
21:10:37.468 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
21:10:49.166 Modules scanning
21:10:49.180 Disk 0 trace - called modules:
21:10:49.548 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys sptd.sys hal.dll
21:10:49.558 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006997060]
21:10:49.566 3 CLASSPNP.SYS[fffff88001a6c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800494f050]
21:10:50.160 AVAST engine scan C:\Windows
21:10:52.716 AVAST engine scan C:\Windows\system32
21:15:15.633 AVAST engine scan C:\Windows\system32\drivers
21:15:36.390 AVAST engine scan C:\Users\Renee
21:25:04.996 AVAST engine scan C:\ProgramData
21:26:37.609 Scan finished successfully
21:31:34.020 Disk 0 MBR has been saved successfully to "C:\Users\Renee\Ostatní\Desktop\MBR.dat"
21:31:34.029 The log file has been saved successfully to "C:\Users\Renee\Ostatní\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-29 22:27:52
-----------------------------
22:27:52.184 OS Version: Windows x64 6.1.7601 Service Pack 1
22:27:52.184 Number of processors: 4 586 0x2502
22:27:52.185 ComputerName: RENEE-JE-BUH UserName: Renee
22:27:53.164 Initialize success
22:27:53.258 AVAST engine defs: 12052901
22:27:55.413 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:27:55.416 Disk 0 Vendor: TOSHIBA_ GC00 Size: 476940MB BusType: 3
22:27:55.453 Disk 0 MBR read successfully
22:27:55.456 Disk 0 MBR scan
22:27:55.462 Disk 0 Windows 7 default MBR code
22:27:55.477 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 400 MB offset 2048
22:27:55.493 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238470 MB offset 821248
22:27:55.514 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 238069 MB offset 489207808
22:27:55.543 Disk 0 scanning C:\Windows\system32\drivers
22:28:04.559 Service scanning
22:28:37.621 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
22:28:49.098 Modules scanning
22:28:49.112 Disk 0 trace - called modules:
22:28:49.157 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys sptd.sys hal.dll
22:28:49.165 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006997060]
22:28:49.172 3 CLASSPNP.SYS[fffff88001a6c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800494f050]
22:28:49.803 AVAST engine scan C:\Windows
22:28:52.459 AVAST engine scan C:\Windows\system32
22:31:39.765 AVAST engine scan C:\Windows\system32\drivers
22:31:50.810 AVAST engine scan C:\Users\Renee
22:40:43.634 AVAST engine scan C:\ProgramData
22:42:15.814 Scan finished successfully
22:46:23.801 Disk 0 MBR has been saved successfully to "C:\Users\Renee\Ostatní\Desktop\MBR.dat"
22:46:23.852 The log file has been saved successfully to "C:\Users\Renee\Ostatní\Desktop\aswMBR.txt"

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj antivir a antispyware ,následně T-Cleaner smaž a zapni si znovu antivir a antispyware.


Jak to vypadá nyní?