Prosím o kontrolu- zpomalené ntb

T0m1k · Příspěvekod **T0m1k** » 13 zář 2013 19:41

viz. předmět

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:40:08, on 13. 9. 2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16688)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Lenovo\Intelligent Touchpad\IntelligentTouchpad.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: CrossriderApp0035382 - {11111111-1111-1111-1111-110311531182} - C:\Program Files (x86)\hosts\hosts-bho.dll
O2 - BHO: privitize Helper Object - {1ACB5ABE-4890-4747-952C-F13BDB93FB75} - C:\Program Files (x86)\Industriya\privitize\1.8.21.6\bh\privitize.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: privitize Toolbar - {1C46A0DD-D53E-46C4-A435-CA11103E255E} - C:\Program Files (x86)\Industriya\privitize\1.8.21.6\privitizeTlbr.dll
O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [IntellingentTouchpad] C:\Program Files (x86)\Lenovo\Intelligent Touchpad\IntelligentTouchpad.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BAD0226-4627-422F-B092-A25EE250FE75}: NameServer = 8.8.8.8,8.8.4.4
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\windows\syswow64\nvinit.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 9584 bytes

Reklama

Příspěvekod **memphisto** » 13 zář 2013 19:42

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranìní historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit doèasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po probìhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Stáhni AdwCleaner
Ulož si ho na svojí plochu
Ukonči všechny programy, okna a prohlížeče
Spusť program poklepáním a klikni na „Search“
Po skenu se objeví log (jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

T0m1k · Příspěvekod **T0m1k** » 14 zář 2013 20:58

zde je log z Malwarebytes' Anti-Malware:

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2013.09.14.08

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16688
Lam :: MANTIK [administrátor]

Ochrana: Povolena

14. 9. 2013 20:39:54
MBAM-log-2013-09-14 (20-48-23).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 243647
Uplynulý čas: 3 minut, 4 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 14
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Nebyla provedena žádná instrukce.
HKCR\CrossriderApp0035382.BHO (PUP.Optional.CrossRider.A) -> Nebyla provedena žádná instrukce.
HKCR\CrossriderApp0035382.BHO.1 (PUP.Optional.CrossRider.A) -> Nebyla provedena žádná instrukce.
HKCR\CrossriderApp0035382.Sandbox (PUP.Optional.CrossRider.A) -> Nebyla provedena žádná instrukce.
HKCR\CrossriderApp0035382.Sandbox.1 (PUP.Optional.CrossRider.A) -> Nebyla provedena žádná instrukce.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Nebyla provedena žádná instrukce.
HKCU\Software\Cr_Installer\35382 (PUP.Optional.CrossRider.A) -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311531182} (PUP.Optional.CrossRider.M) -> Nebyla provedena žádná instrukce.
HKCR\CLSID\{11111111-1111-1111-1111-110311531182} (PUP.Optional.CrossRider.M) -> Nebyla provedena žádná instrukce.
HKCR\TypeLib\{44444444-4444-4444-4444-440344534482} (PUP.Optional.CrossRider.M) -> Nebyla provedena žádná instrukce.
HKCR\Interface\{55555555-5555-5555-5555-550355535582} (PUP.Optional.CrossRider.M) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311531182} (PUP.Optional.CrossRider.M) -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311531182} (PUP.Optional.CrossRider.M) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 5
C:\Users\Lam\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Nebyla provedena žádná instrukce.
C:\Users\Lam\Documents\Optimizer Pro (PUP.Optional.OptimizerPro.A) -> Nebyla provedena žádná instrukce.
C:\Users\Lam\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\Users\Lam\AppData\Roaming\OpenCandy\B754AAEB3A9A42B983AFE4D4C075B67A (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.
C:\Users\Lam\AppData\Roaming\OpenCandy\OpenCandy_F5316FED0AB84424AB91516A096786A9 (PUP.Optional.OpenCandy) -> Nebyla provedena žádná instrukce.

Nalezené soubory: 3
C:\Users\Lam\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Nebyla provedena žádná instrukce.
C:\Users\Lam\Documents\Optimizer Pro\CookiesException.txt (PUP.Optional.OptimizerPro.A) -> Nebyla provedena žádná instrukce.
C:\Program Files (x86)\hosts\hosts-bho.dll (PUP.Optional.CrossRider.M) -> Nebyla provedena žádná instrukce.

(konec)

a tu z AdwCleaner:

# AdwCleaner v3.003 - Report created 14/09/2013 at 20:50:54
# Updated 07/09/2013 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : Lam - MANTIK
# Running from : C:\Users\Lam\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files (x86)\Industriya
Folder Deleted : C:\Users\Lam\AppData\LocalLow\Industriya
Folder Deleted : C:\Users\Lam\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Lam\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Lam\Documents\optimizer pro
Folder Deleted : C:\Users\Lam\AppData\Roaming\Mozilla\Firefox\Profiles\jgia5n34.default\Extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Users\Lam\AppData\Roaming\Mozilla\Firefox\Profiles\jgia5n34.default\Extensions\ffxtlbr@delta.com
File Deleted : C:\Users\Lam\AppData\Roaming\Mozilla\Firefox\Profiles\jgia5n34.default\searchplugins\Babylon.xml
File Deleted : C:\Users\Lam\AppData\Roaming\Mozilla\Firefox\Profiles\jgia5n34.default\searchplugins\delta.xml
File Deleted : C:\Users\Lam\AppData\Roaming\Mozilla\Firefox\Profiles\jgia5n34.default\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\privitize.privitizeHlpr
Key Deleted : HKLM\SOFTWARE\Classes\privitize.privitizeHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0035382.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0035382.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0035382.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0035382.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1ACB5ABE-4890-4747-952C-F13BDB93FB75}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B25AEDC4-8086-41E3-8349-328223FA9FCB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311531182}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322532282}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355535582}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366536682}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344534482}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ACB5ABE-4890-4747-952C-F13BDB93FB75}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311531182}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ACB5ABE-4890-4747-952C-F13BDB93FB75}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311531182}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1ACB5ABE-4890-4747-952C-F13BDB93FB75}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311531182}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16688

-\\ Mozilla Firefox v22.0 (cs)

[ File : C:\Users\Lam\AppData\Roaming\Mozilla\Firefox\Profiles\jgia5n34.default\prefs.js ]

Line Deleted : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.backgroundjs", "\n\n/*****************************************************************************[...]
Line Deleted : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.js", "\n\n /************************************************************************************\[...]
Line Deleted : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return app[...]
Line Deleted : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_13.name", "CrossriderAppUtils");
Line Deleted : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_14.name", "CrossriderUtils");
Line Deleted : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _[...]
Line Deleted : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1[...]
Line Deleted : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.a[...]
Line Deleted : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.que[...]
Line Deleted : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_con[...]
Line Deleted : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());[...]
Line Deleted : user_pref("extensions.a05dd836e2cbd42049ff32f8a8665967da8876730fb0c4057a2fcf9c09d438e81com35382.35382.plugins.plugin_78.name", "CrossriderInfo");
Line Deleted : user_pref("extensions.crossrider.bic", "13f8523ef9292240920bf69dfd4d87a0");
Line Deleted : user_pref("extensions.privitize.srchPrvdr", "Search The Web (privitize)");

-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\Lam\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [7217 octets] - [14/09/2013 20:49:09]
AdwCleaner[S0].txt - [6794 octets] - [14/09/2013 20:50:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6854 octets] ##########

Příspěvekod **memphisto** » 14 zář 2013 21:55

V Mbam i adw nech vše smazat a dodej logy po smazání

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

Stáhni si Junkware Removal Tool

na svojí plochu.
Deaktivuj si svůj antivirový program.
Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

T0m1k · Příspěvekod **T0m1k** » 15 zář 2013 08:35

Mbam:
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2013.09.14.08

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16688
Lam :: MANTIK [administrátor]

Ochrana: Povolena

15. 9. 2013 8:04:41
mbam-log-2013-09-15 (08-04-41).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 243465
Uplynulý čas: 2 minut, 50 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 1
HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

adw:
# AdwCleaner v3.003 - Report created 15/09/2013 at 08:10:07
# Updated 07/09/2013 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : Lam - MANTIK
# Running from : C:\Users\Lam\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16688

-\\ Mozilla Firefox v22.0 (cs)

[ File : C:\Users\Lam\AppData\Roaming\Mozilla\Firefox\Profiles\jgia5n34.default\prefs.js ]

-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\Lam\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [7217 octets] - [14/09/2013 20:49:09]
AdwCleaner[R1].txt - [975 octets] - [15/09/2013 08:09:34]
AdwCleaner[S0].txt - [6934 octets] - [14/09/2013 20:50:54]
AdwCleaner[S1].txt - [897 octets] - [15/09/2013 08:10:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [956 octets] ##########

RK 32:
RogueKiller V8.6.11 [Sep 11 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows 8 (6.2.9200 ) 64 bits version
Spuštěno v : Normální režim
Uživatel : Lam [Práva správce]
Mód : Kontrola -- Datum : 09/15/2013 08:18:50
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 1 ¤¤¤
[SUSP PATH] RTFTrack.exe -- C:\Windows\RTFTrack.exe [-] -> SMAZÁNO [TermProc]

¤¤¤ ¤¤¤ Záznamy Registrů: : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ naplánované úlohy : 1 ¤¤¤
[V2][SUSP PATH] OFFICE2010ACT : C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [-] -> NALEZENO

¤¤¤ spuštění položky : 1 ¤¤¤
[Lam][SUSP UNIC] Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk : C:\Users\Lam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk @C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [-][7] -> NALEZENO

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST1000LM024 HN-M101MBB +++++
--- User ---
[MBR] 3a06b487acf4bf97269bed8003ca0af6
[BSP] 2f386bd92e59708bb6f43c5c6293f66d : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_S_09152013_081850.txt >>

RK 64:
RogueKiller V8.6.11 _x64_ [Sep 11 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows 8 (6.2.9200 ) 64 bits version
Spuštěno v : Normální režim
Uživatel : Lam [Práva správce]
Mód : Kontrola -- Datum : 09/15/2013 08:23:49
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ naplánované úlohy : 1 ¤¤¤
[V2][SUSP PATH] OFFICE2010ACT : C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [-] -> NALEZENO

¤¤¤ spuštění položky : 1 ¤¤¤
[Lam][SUSP UNIC] Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk : C:\Users\Lam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk @C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [-][7] -> NALEZENO

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST1000LM024 HN-M101MBB +++++
--- User ---
[MBR] 3a06b487acf4bf97269bed8003ca0af6
[BSP] 2f386bd92e59708bb6f43c5c6293f66d : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_S_09152013_082349.txt >>
RKreport[0]_S_09152013_081850.txt

JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.0 (09.12.2013:1)
OS: Windows 8 x64
Ran by Lam on ne 15. 09. 2013 at 8:25:00,35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1C46A0DD-D53E-46C4-A435-CA11103E255E}
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1C46A0DD-D53E-46C4-A435-CA11103E255E}
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{1C46A0DD-D53E-46C4-A435-CA11103E255E}
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{1C46A0DD-D53E-46C4-A435-CA11103E255E}

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E976AADE-AFFE-45EA-8934-D73ABE2EEE44}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Lam\appdata\local\hosts"
Failed to delete: [Folder] "C:\Program Files (x86)\hosts"

~~~ FireFox

Successfully deleted the following from C:\Users\Lam\AppData\Roaming\mozilla\firefox\profiles\jgia5n34.default\prefs.js

user_pref("extensions.privitize.admin", false);
user_pref("extensions.privitize.aflt", "5");
user_pref("extensions.privitize.appId", "{301966DF-A84B-4255-AAB9-574B5CE237E4}");
user_pref("extensions.privitize.autoRvrt", "false");
user_pref("extensions.privitize.dfltLng", "");
user_pref("extensions.privitize.dfltSrch", true);
user_pref("extensions.privitize.dnsErr", true);
user_pref("extensions.privitize.excTlbr", false);
user_pref("extensions.privitize.ffxUnstlRst", false);
user_pref("extensions.privitize.hmpg", true);
user_pref("extensions.privitize.hmpgUrl", "hxxp://searchou.com/?id=6cc7b70400000000000012689df47dea&affilt=5");
user_pref("extensions.privitize.hpOld0", "");
user_pref("extensions.privitize.id", "6cc7b70400000000000012689df47dea");
user_pref("extensions.privitize.instlDay", "15883");
user_pref("extensions.privitize.instlRef", "");
user_pref("extensions.privitize.kw_url", "hxxp://searchou.com/?q={searchTerms}&id=6cc7b70400000000000012689df47dea&affilt=5");
user_pref("extensions.privitize.newTab", true);
user_pref("extensions.privitize.newTabUrl", "hxxp://searchou.com/?id=6cc7b70400000000000012689df47dea&affilt=5");
user_pref("extensions.privitize.prdct", "privitize");
user_pref("extensions.privitize.prtnrId", "privitize");
user_pref("extensions.privitize.rvrt", "false");
user_pref("extensions.privitize.smplGrp", "none");
user_pref("extensions.privitize.tlbrId", "base");
user_pref("extensions.privitize.tlbrSrchUrl", "hxxp://searchou.com/?id=6cc7b70400000000000012689df47dea&affilt=5&q=");
user_pref("extensions.privitize.vrsn", "1.8.21.6");
user_pref("extensions.privitize.vrsnTs", "1.8.21.612:16:38");
user_pref("extensions.privitize.vrsni", "1.8.21.6");

~~~ Chrome

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 15. 09. 2013 at 8:30:54,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Příspěvekod **memphisto** » 15 zář 2013 10:00

Ten Mbam nahoře je před mazáním

Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje "Smazání- Finished "
- Klikni na "Zprávy " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

T0m1k · Příspěvekod **T0m1k** » 15 zář 2013 11:48

mbam:
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2013.09.14.08

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16688
Lam :: MANTIK [administrátor]

Ochrana: Povolena

15. 9. 2013 11:40:53
mbam-log-2013-09-15 (11-40-53).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 243407
Uplynulý čas: 3 minut, 16 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)
RK 32:
RogueKiller V8.6.11 [Sep 11 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows 8 (6.2.9200 ) 64 bits version
Spuštěno v : Normální režim
Uživatel : Lam [Práva správce]
Mód : Odebrat -- Datum : 09/15/2013 11:27:50
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRAZENO (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)

¤¤¤ naplánované úlohy : 1 ¤¤¤
[V2][SUSP PATH] OFFICE2010ACT : C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [-] -> VYMAZÁNO

¤¤¤ spuštění položky : 1 ¤¤¤
[Lam][SUSP UNIC] Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk : C:\Users\Lam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk @C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [-][7] -> VYMAZÁNO

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST1000LM024 HN-M101MBB +++++
--- User ---
[MBR] 3a06b487acf4bf97269bed8003ca0af6
[BSP] 2f386bd92e59708bb6f43c5c6293f66d : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_D_09152013_112750.txt >>
RKreport[0]_S_09152013_112747.txt

RK64:
RogueKiller V8.6.11 _x64_ [Sep 11 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows 8 (6.2.9200 ) 64 bits version
Spuštěno v : Normální režim
Uživatel : Lam [Práva správce]
Mód : Odebrat -- Datum : 09/15/2013 11:30:17
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO 0x0] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST1000LM024 HN-M101MBB +++++
--- User ---
[MBR] 3a06b487acf4bf97269bed8003ca0af6
[BSP] 2f386bd92e59708bb6f43c5c6293f66d : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_D_09152013_113017.txt >>
RKreport[0]_D_09152013_112750.txt;RKreport[0]_S_09152013_113007.txt

T0m1k · Příspěvekod **T0m1k** » 15 zář 2013 11:55

TDSSKiller:
11:30:41.0386 5516 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:30:41.0386 5516 UEFI system
11:30:41.0605 5516 ============================================================
11:30:41.0605 5516 Current date / time: 2013/09/15 11:30:41.0605
11:30:41.0605 5516 SystemInfo:
11:30:41.0605 5516
11:30:41.0605 5516 OS Version: 6.2.9200 ServicePack: 0.0
11:30:41.0605 5516 Product type: Workstation
11:30:41.0605 5516 ComputerName: MANTIK
11:30:41.0605 5516 UserName: Lam
11:30:41.0605 5516 Windows directory: C:\windows
11:30:41.0605 5516 System windows directory: C:\windows
11:30:41.0605 5516 Running under WOW64
11:30:41.0605 5516 Processor architecture: Intel x64
11:30:41.0605 5516 Number of processors: 4
11:30:41.0605 5516 Page size: 0x1000
11:30:41.0605 5516 Boot type: Normal boot
11:30:41.0605 5516 ============================================================
11:30:42.0246 5516 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:30:42.0246 5516 ============================================================
11:30:42.0246 5516 \Device\Harddisk0\DR0:
11:30:42.0246 5516 GPT partitions:
11:30:42.0246 5516 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {1E3364D7-8022-44E3-B3EF-D64521431DB5}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x1F4000
11:30:42.0246 5516 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {D9823BFD-D95E-49AC-8905-81AE749698D0}, Name: EFI system partition, StartLBA 0x1F4800, BlocksNum 0x82000
11:30:42.0246 5516 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {BFBFAFE7-A34F-448A-9A5B-6213EB736C22}, UniqueGUID: {56D02F76-3CEC-491B-826F-42CFAE718C5C}, Name: Basic data partition, StartLBA 0x276800, BlocksNum 0x1F4000
11:30:42.0246 5516 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {8783C73F-7B03-4AE7-904B-3CB971A4BEC8}, Name: Microsoft reserved partition, StartLBA 0x46A800, BlocksNum 0x40000
11:30:42.0246 5516 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {DA717B7E-DE89-49EC-A0A1-53604794211D}, Name: Basic data partition, StartLBA 0x4AA800, BlocksNum 0x6E85C000
11:30:42.0246 5516 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {F49C3789-4E7A-44A6-A823-E8E97227B0AC}, Name: Basic data partition, StartLBA 0x6ED06800, BlocksNum 0x3200000
11:30:42.0246 5516 \Device\Harddisk0\DR0\Partition7: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {77EFD5F9-F88F-4848-9753-33BE95C569DB}, Name: Basic data partition, StartLBA 0x71F06800, BlocksNum 0x2800000
11:30:42.0246 5516 MBR partitions:
11:30:42.0246 5516 ============================================================
11:30:42.0277 5516 C: <-> \Device\Harddisk0\DR0\Partition5
11:30:42.0324 5516 D: <-> \Device\Harddisk0\DR0\Partition6
11:30:42.0324 5516 ============================================================
11:30:42.0324 5516 Initialize success
11:30:42.0324 5516 ============================================================
11:30:44.0605 1756 ============================================================
11:30:44.0605 1756 Scan started
11:30:44.0605 1756 Mode: Manual;
11:30:44.0605 1756 ============================================================
11:30:45.0386 1756 ================ Scan system memory ========================
11:30:45.0386 1756 System memory - ok
11:30:45.0386 1756 ================ Scan services =============================
11:30:45.0652 1756 1394hub - ok
11:30:45.0699 1756 [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci C:\windows\System32\drivers\1394ohci.sys
11:30:45.0699 1756 1394ohci - ok
11:30:45.0699 1756 [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware C:\windows\system32\drivers\3ware.sys
11:30:45.0699 1756 3ware - ok
11:30:45.0746 1756 [ 975AABEB243B800C23626D6B652C5A9C ] ACPI C:\windows\system32\drivers\ACPI.sys
11:30:45.0746 1756 ACPI - ok
11:30:45.0761 1756 [ DC968C37822117E576B933F34A2D130C ] acpiex C:\windows\system32\Drivers\acpiex.sys
11:30:45.0761 1756 acpiex - ok
11:30:45.0777 1756 [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr C:\windows\System32\drivers\acpipagr.sys
11:30:45.0777 1756 acpipagr - ok
11:30:45.0839 1756 [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi C:\windows\System32\drivers\acpipmi.sys
11:30:45.0839 1756 AcpiPmi - ok
11:30:45.0855 1756 [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime C:\windows\System32\drivers\acpitime.sys
11:30:45.0855 1756 acpitime - ok
11:30:45.0886 1756 [ 3B42D95D20CD2AACDB0564471AE43ED7 ] ACPIVPC C:\windows\System32\drivers\AcpiVpc.sys
11:30:45.0886 1756 ACPIVPC - ok
11:30:46.0027 1756 [ 3109B16A0939BA11696EEB04F345D099 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:30:46.0027 1756 AdobeFlashPlayerUpdateSvc - ok
11:30:46.0074 1756 [ 93C6388592B99925C1D1576E465BC80F ] adp94xx C:\windows\system32\drivers\adp94xx.sys
11:30:46.0074 1756 adp94xx - ok
11:30:46.0089 1756 [ D27763E0247292654E7F7D16444C7C72 ] adpahci C:\windows\system32\drivers\adpahci.sys
11:30:46.0089 1756 adpahci - ok
11:30:46.0105 1756 [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320 C:\windows\system32\drivers\adpu320.sys
11:30:46.0105 1756 adpu320 - ok
11:30:46.0136 1756 [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc C:\windows\System32\aelupsvc.dll
11:30:46.0136 1756 AeLookupSvc - ok
11:30:46.0199 1756 [ 36D6A3201721558A8AFBCC09C2DA4C2C ] AFD C:\windows\system32\drivers\afd.sys
11:30:46.0214 1756 AFD - ok
11:30:46.0230 1756 [ 01590377A5AB19E792528C628A2A68F9 ] agp440 C:\windows\system32\drivers\agp440.sys
11:30:46.0230 1756 agp440 - ok
11:30:46.0261 1756 [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG C:\windows\System32\alg.exe
11:30:46.0277 1756 ALG - ok
11:30:46.0308 1756 [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\windows\system32\AUInstallAgent.dll
11:30:46.0308 1756 AllUserInstallAgent - ok
11:30:46.0386 1756 [ 5A81054B824004B1ECC04F0034A1CDF9 ] AmdK8 C:\windows\System32\drivers\amdk8.sys
11:30:46.0402 1756 AmdK8 - ok
11:30:46.0449 1756 [ B849D453E644FAB9BC8EF6DC8CA9C4C6 ] AmdPPM C:\windows\System32\drivers\amdppm.sys
11:30:46.0449 1756 AmdPPM - ok
11:30:46.0464 1756 [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata C:\windows\system32\drivers\amdsata.sys
11:30:46.0464 1756 amdsata - ok
11:30:46.0511 1756 [ 00452671904F5EE94B50BF0219C97164 ] amdsbs C:\windows\system32\drivers\amdsbs.sys
11:30:46.0511 1756 amdsbs - ok
11:30:46.0511 1756 [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata C:\windows\system32\drivers\amdxata.sys
11:30:46.0511 1756 amdxata - ok
11:30:46.0589 1756 [ 83B3682CE922FB0F415734B26D9D6233 ] AppID C:\windows\system32\drivers\appid.sys
11:30:46.0589 1756 AppID - ok
11:30:46.0636 1756 [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc C:\windows\System32\appidsvc.dll
11:30:46.0636 1756 AppIDSvc - ok
11:30:46.0683 1756 [ 4F750B7EFCB6520AE01E01D082D7D476 ] Appinfo C:\windows\System32\appinfo.dll
11:30:46.0683 1756 Appinfo - ok
11:30:46.0699 1756 [ E933401B392387F4BE34DE8BAF1722A7 ] arc C:\windows\system32\drivers\arc.sys
11:30:46.0699 1756 arc - ok
11:30:46.0746 1756 [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas C:\windows\system32\drivers\arcsas.sys
11:30:46.0746 1756 arcsas - ok
11:30:46.0777 1756 [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk C:\windows\system32\drivers\aswFsBlk.sys
11:30:46.0777 1756 aswFsBlk - ok
11:30:46.0793 1756 [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt C:\windows\system32\drivers\aswMonFlt.sys
11:30:46.0793 1756 aswMonFlt - ok
11:30:46.0808 1756 [ 64E2BAB4096C13D2342BC4661C967E07 ] aswRdr C:\windows\System32\Drivers\aswrdr2.sys
11:30:46.0808 1756 aswRdr - ok
11:30:46.0824 1756 [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt C:\windows\system32\drivers\aswRvrt.sys
11:30:46.0824 1756 aswRvrt - ok
11:30:46.0855 1756 [ 8C0800CDB501CFC1164B286A0478DC10 ] aswSnx C:\windows\system32\drivers\aswSnx.sys
11:30:46.0871 1756 aswSnx - ok
11:30:46.0886 1756 [ 3815DB16CDA62190F5C0A65118F3D714 ] aswSP C:\windows\system32\drivers\aswSP.sys
11:30:46.0886 1756 aswSP - ok
11:30:46.0902 1756 [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi C:\windows\system32\drivers\aswTdi.sys
11:30:46.0902 1756 aswTdi - ok
11:30:46.0918 1756 [ 22F521108881DC59837F6FC614E0568F ] aswVmm C:\windows\system32\drivers\aswVmm.sys
11:30:46.0933 1756 aswVmm - ok
11:30:46.0949 1756 [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
11:30:46.0949 1756 AsyncMac - ok
11:30:46.0965 1756 [ A721FF570C2387E383BDDEA9632863C9 ] atapi C:\windows\system32\drivers\atapi.sys
11:30:46.0965 1756 atapi - ok
11:30:46.0996 1756 [ 51C6777AD7649F6C3ED389151CFD9DE6 ] AthBTPort C:\windows\system32\DRIVERS\btath_flt.sys
11:30:46.0996 1756 AthBTPort - ok
11:30:47.0058 1756 [ 67EC05E67E1416A51C478A5DAA59302E ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
11:30:47.0058 1756 AtherosSvc - ok
11:30:47.0152 1756 [ 221F28472FB210E2D4A7B4488BC798F9 ] athr C:\windows\system32\DRIVERS\athw8x.sys
11:30:47.0168 1756 athr - ok
11:30:47.0215 1756 [ BCD7A47EF587DC00DD61D12D9C2D1E44 ] AudioEndpointBuilder C:\windows\System32\AudioEndpointBuilder.dll
11:30:47.0230 1756 AudioEndpointBuilder - ok
11:30:47.0261 1756 [ 599B3F685A263A114FFAF3BE29C49C75 ] Audiosrv C:\windows\System32\Audiosrv.dll
11:30:47.0277 1756 Audiosrv - ok
11:30:47.0402 1756 [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
11:30:47.0402 1756 avast! Antivirus - ok
11:30:47.0480 1756 [ 89491EF71D5EA011127832C588002853 ] AxInstSV C:\windows\System32\AxInstSV.dll
11:30:47.0480 1756 AxInstSV - ok
11:30:47.0511 1756 [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
11:30:47.0511 1756 b06bdrv - ok
11:30:47.0590 1756 [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay C:\windows\System32\drivers\BasicDisplay.sys
11:30:47.0590 1756 BasicDisplay - ok
11:30:47.0605 1756 [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender C:\windows\System32\drivers\BasicRender.sys
11:30:47.0605 1756 BasicRender - ok
11:30:47.0652 1756 [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC C:\windows\System32\bdesvc.dll
11:30:47.0668 1756 BDESVC - ok
11:30:47.0683 1756 [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep C:\windows\system32\drivers\Beep.sys
11:30:47.0683 1756 Beep - ok
11:30:47.0715 1756 [ 73133A0C0CA63817BFF2CB9DE65B64E7 ] BFE C:\windows\System32\bfe.dll
11:30:47.0730 1756 BFE - ok
11:30:47.0777 1756 [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS C:\windows\System32\qmgr.dll
11:30:47.0793 1756 BITS - ok
11:30:47.0793 1756 [ B17AC10B47C7FCB44D22A1F06415840E ] bowser C:\windows\system32\DRIVERS\bowser.sys
11:30:47.0808 1756 bowser - ok
11:30:47.0840 1756 [ 038FA1B55531E7020DB705B42FCCE373 ] BrokerInfrastructure C:\windows\System32\bisrv.dll
11:30:47.0840 1756 BrokerInfrastructure - ok
11:30:47.0871 1756 [ 310068BDA80B1D55C36580FD8A873FAF ] Browser C:\windows\System32\browser.dll
11:30:47.0886 1756 Browser - ok
11:30:47.0949 1756 [ B600D86961C6DF87EEB637D4C4ABB663 ] BTATH_A2DP C:\windows\system32\drivers\btath_a2dp.sys
11:30:47.0965 1756 BTATH_A2DP - ok
11:30:47.0965 1756 [ 43C965027229D9FF6E52E4C71C03B09E ] btath_avdt C:\windows\system32\drivers\btath_avdt.sys
11:30:47.0965 1756 btath_avdt - ok
11:30:47.0996 1756 [ 23CEDCD7527A26B222732A158F76EB24 ] BTATH_BUS C:\windows\System32\drivers\btath_bus.sys
11:30:47.0996 1756 BTATH_BUS - ok
11:30:48.0011 1756 [ 3DD64966A764BCAFF07C9DC064BD410E ] BTATH_HCRP C:\windows\System32\drivers\btath_hcrp.sys
11:30:48.0011 1756 BTATH_HCRP - ok
11:30:48.0011 1756 [ B68EE0721EAC305AB1C9C989CDF1AEFF ] BTATH_LWFLT C:\windows\system32\DRIVERS\btath_lwflt.sys
11:30:48.0011 1756 BTATH_LWFLT - ok
11:30:48.0027 1756 [ 057DA8351AD21AE485A11A8237DC9263 ] BTATH_RCP C:\windows\System32\drivers\btath_rcp.sys
11:30:48.0027 1756 BTATH_RCP - ok
11:30:48.0058 1756 [ 185C8FCF6FD4D263AB1AC5A32ADD86AD ] BtFilter C:\windows\system32\DRIVERS\btfilter.sys
11:30:48.0058 1756 BtFilter - ok
11:30:48.0090 1756 [ 6695200F455E251F0BCC9CE4D0978D59 ] BthAvrcpTg C:\windows\System32\drivers\BthAvrcpTg.sys
11:30:48.0090 1756 BthAvrcpTg - ok
11:30:48.0105 1756 [ A8B20D852B07AE19A13B5D47EC4E4C3B ] BthEnum C:\windows\System32\drivers\BthEnum.sys
11:30:48.0105 1756 BthEnum - ok
11:30:48.0136 1756 [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum C:\windows\System32\drivers\bthhfenum.sys
11:30:48.0136 1756 BthHFEnum - ok
11:30:48.0199 1756 [ DCB4EBD928A6FB368BE6CAE522412DE1 ] bthhfhid C:\windows\System32\drivers\BthHFHid.sys
11:30:48.0199 1756 bthhfhid - ok
11:30:48.0230 1756 [ 42201C346F0B8C458E1E9CDE04D68A2C ] BthLEEnum C:\windows\system32\DRIVERS\BthLEEnum.sys
11:30:48.0230 1756 BthLEEnum - ok
11:30:48.0246 1756 [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM C:\windows\System32\drivers\bthmodem.sys
11:30:48.0246 1756 BTHMODEM - ok
11:30:48.0261 1756 [ 091BB978E9504D0AD14586929431A957 ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
11:30:48.0261 1756 BthPan - ok
11:30:48.0308 1756 [ 13795CAA34239D97A7211E7F9D96E012 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
11:30:48.0308 1756 BTHPORT - ok
11:30:48.0340 1756 [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv C:\windows\system32\bthserv.dll
11:30:48.0355 1756 bthserv - ok
11:30:48.0371 1756 [ 1F715957F5236D30B6020A19A4271F6A ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
11:30:48.0371 1756 BTHUSB - ok
11:30:48.0402 1756 [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
11:30:48.0402 1756 cdfs - ok
11:30:48.0418 1756 [ 339BFF85D788268752DA8C9644B188EE ] cdrom C:\windows\System32\drivers\cdrom.sys
11:30:48.0433 1756 cdrom - ok
11:30:48.0449 1756 [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc C:\windows\System32\certprop.dll
11:30:48.0465 1756 CertPropSvc - ok
11:30:48.0465 1756 [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass C:\windows\System32\drivers\circlass.sys
11:30:48.0465 1756 circlass - ok
11:30:48.0480 1756 [ 9905168708DB68849B879B5548F68AB3 ] CLFS C:\windows\system32\drivers\CLFS.sys
11:30:48.0496 1756 CLFS - ok
11:30:48.0511 1756 [ 2DC8538A2260647484A6C921CA837313 ] CmBatt C:\windows\System32\drivers\CmBatt.sys
11:30:48.0511 1756 CmBatt - ok
11:30:48.0590 1756 [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG C:\windows\system32\Drivers\cng.sys
11:30:48.0605 1756 CNG - ok
11:30:48.0636 1756 [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus C:\windows\System32\drivers\CompositeBus.sys
11:30:48.0636 1756 CompositeBus - ok
11:30:48.0652 1756 COMSysApp - ok
11:30:48.0652 1756 [ D9CB0782AF819548072AA45B70F8B22D ] condrv C:\windows\system32\drivers\condrv.sys
11:30:48.0652 1756 condrv - ok
11:30:48.0777 1756 [ 78AF1C499BF02F9814DF959A04A4F9C9 ] cphs C:\windows\SysWow64\IntelCpHeciSvc.exe
11:30:48.0777 1756 cphs - ok
11:30:48.0793 1756 [ 5CE2742F063731EC10C1B2EE386A2C08 ] CryptSvc C:\windows\system32\cryptsvc.dll
11:30:48.0793 1756 CryptSvc - ok
11:30:48.0824 1756 [ FAEF4C245BE832DB41B15DAAC336AFB7 ] dam C:\windows\system32\drivers\dam.sys
11:30:48.0824 1756 dam - ok
11:30:48.0871 1756 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch C:\windows\system32\rpcss.dll
11:30:48.0886 1756 DcomLaunch - ok
11:30:48.0918 1756 [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc C:\windows\System32\defragsvc.dll
11:30:48.0918 1756 defragsvc - ok
11:30:48.0949 1756 [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\windows\system32\das.dll
11:30:48.0949 1756 DeviceAssociationService - ok
11:30:48.0996 1756 [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall C:\windows\system32\umpnpmgr.dll
11:30:49.0011 1756 DeviceInstall - ok
11:30:49.0027 1756 [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc C:\windows\system32\Drivers\dfsc.sys
11:30:49.0027 1756 Dfsc - ok
11:30:49.0058 1756 [ 0B3F6C8F93C5C25977EA5A8B2E656357 ] dg_ssudbus C:\windows\system32\DRIVERS\ssudbus.sys
11:30:49.0058 1756 dg_ssudbus - ok
11:30:49.0090 1756 [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp C:\windows\system32\dhcpcore.dll
11:30:49.0105 1756 Dhcp - ok
11:30:49.0168 1756 [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache C:\windows\system32\drivers\discache.sys
11:30:49.0168 1756 discache - ok
11:30:49.0183 1756 [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk C:\windows\system32\drivers\disk.sys
11:30:49.0199 1756 disk - ok
11:30:49.0215 1756 [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc C:\windows\System32\drivers\dmvsc.sys
11:30:49.0215 1756 dmvsc - ok
11:30:49.0261 1756 [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache C:\windows\System32\dnsrslvr.dll
11:30:49.0261 1756 Dnscache - ok
11:30:49.0293 1756 [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc C:\windows\System32\dot3svc.dll
11:30:49.0324 1756 dot3svc - ok
11:30:49.0402 1756 [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS C:\windows\system32\dps.dll
11:30:49.0402 1756 DPS - ok
11:30:49.0433 1756 [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud C:\windows\system32\drivers\drmkaud.sys
11:30:49.0433 1756 drmkaud - ok
11:30:49.0480 1756 [ F87F4AAAF6664906248D11D5E579A53B ] DsmSvc C:\windows\System32\DeviceSetupManager.dll
11:30:49.0480 1756 DsmSvc - ok
11:30:49.0543 1756 [ 6D1B8A9A2C0BD4851D8AF1AB43E67AD9 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
11:30:49.0558 1756 DXGKrnl - ok
11:30:49.0621 1756 [ 651FBD69A9713D623D456A240F96179C ] e1iexpress C:\windows\system32\DRIVERS\e1i63x64.sys
11:30:49.0621 1756 e1iexpress - ok
11:30:49.0683 1756 [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost C:\windows\System32\eapsvc.dll
11:30:49.0683 1756 Eaphost - ok
11:30:49.0824 1756 [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv C:\windows\system32\drivers\evbda.sys
11:30:49.0840 1756 ebdrv - ok
11:30:49.0855 1756 [ F702AB6181513303AB0FC8D59E52708B ] EFS C:\windows\System32\lsass.exe
11:30:49.0871 1756 EFS - ok
11:30:49.0887 1756 [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass C:\windows\system32\drivers\EhStorClass.sys
11:30:49.0887 1756 EhStorClass - ok
11:30:49.0902 1756 [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv C:\windows\system32\drivers\EhStorTcgDrv.sys
11:30:49.0902 1756 EhStorTcgDrv - ok
11:30:49.0918 1756 [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev C:\windows\System32\drivers\errdev.sys
11:30:49.0918 1756 ErrDev - ok
11:30:49.0949 1756 [ C3C9DCCF23EAD3249C4C7E472AC57050 ] ETD C:\windows\system32\DRIVERS\ETD.sys
11:30:49.0949 1756 ETD - ok
11:30:49.0996 1756 [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem C:\windows\system32\es.dll
11:30:50.0012 1756 EventSystem - ok
11:30:50.0012 1756 [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat C:\windows\system32\drivers\exfat.sys
11:30:50.0012 1756 exfat - ok
11:30:50.0043 1756 [ 60996602A7111FD2D086E803F33E4282 ] fastfat C:\windows\system32\drivers\fastfat.sys
11:30:50.0043 1756 fastfat - ok
11:30:50.0074 1756 [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax C:\windows\system32\fxssvc.exe
11:30:50.0090 1756 Fax - ok
11:30:50.0105 1756 [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc C:\windows\System32\drivers\fdc.sys
11:30:50.0105 1756 fdc - ok
11:30:50.0121 1756 [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost C:\windows\system32\fdPHost.dll
11:30:50.0137 1756 fdPHost - ok
11:30:50.0137 1756 [ 872506AAB591E8908DF4461475AF92DF ] FDResPub C:\windows\system32\fdrespub.dll
11:30:50.0137 1756 FDResPub - ok
11:30:50.0199 1756 [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc C:\windows\system32\fhsvc.dll
11:30:50.0199 1756 fhsvc - ok
11:30:50.0215 1756 [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
11:30:50.0215 1756 FileInfo - ok
11:30:50.0230 1756 [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace C:\windows\system32\drivers\filetrace.sys
11:30:50.0230 1756 Filetrace - ok
11:30:50.0246 1756 [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk C:\windows\System32\drivers\flpydisk.sys
11:30:50.0246 1756 flpydisk - ok
11:30:50.0262 1756 [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr C:\windows\system32\drivers\fltmgr.sys
11:30:50.0277 1756 FltMgr - ok
11:30:50.0324 1756 [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache C:\windows\system32\FntCache.dll
11:30:50.0340 1756 FontCache - ok
11:30:50.0496 1756 [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:30:50.0496 1756 FontCache3.0.0.0 - ok
11:30:50.0512 1756 [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends C:\windows\system32\drivers\FsDepends.sys
11:30:50.0512 1756 FsDepends - ok
11:30:50.0543 1756 [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
11:30:50.0543 1756 Fs_Rec - ok
11:30:50.0590 1756 [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
11:30:50.0590 1756 fvevol - ok
11:30:50.0621 1756 [ A969D92973DFA895E7776B4BFE36DBB2 ] FxPPM C:\windows\System32\drivers\fxppm.sys
11:30:50.0621 1756 FxPPM - ok
11:30:50.0637 1756 [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
11:30:50.0637 1756 gagp30kx - ok
11:30:50.0668 1756 [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter C:\windows\System32\drivers\vmgencounter.sys
11:30:50.0668 1756 gencounter - ok
11:30:50.0699 1756 [ FC2B8B06BDBD3B6457F5A3DA9AD2410E ] GPIOClx0101 C:\windows\system32\Drivers\msgpioclx.sys
11:30:50.0699 1756 GPIOClx0101 - ok
11:30:50.0746 1756 [ 5358678C6370F2ADC5291849F6503262 ] gpsvc C:\windows\System32\gpsvc.dll
11:30:50.0777 1756 gpsvc - ok
11:30:50.0902 1756 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:30:50.0902 1756 gupdate - ok
11:30:50.0902 1756 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:30:50.0902 1756 gupdatem - ok
11:30:50.0965 1756 [ 630555943E5A3FE21010CE91EC7FC84F ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
11:30:50.0965 1756 HdAudAddService - ok
11:30:51.0027 1756 [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus C:\windows\System32\drivers\HDAudBus.sys
11:30:51.0027 1756 HDAudBus - ok
11:30:51.0058 1756 [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt C:\windows\System32\drivers\HidBatt.sys
11:30:51.0058 1756 HidBatt - ok
11:30:51.0074 1756 [ 085F150D002B7F0153D3C06DDF33A143 ] HidBth C:\windows\System32\drivers\hidbth.sys
11:30:51.0090 1756 HidBth - ok
11:30:51.0105 1756 [ CC4A07E51D89575CAB6F4EB590D87CD4 ] hidi2c C:\windows\System32\drivers\hidi2c.sys
11:30:51.0105 1756 hidi2c - ok
11:30:51.0105 1756 [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr C:\windows\System32\drivers\hidir.sys
11:30:51.0105 1756 HidIr - ok
11:30:51.0137 1756 [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv C:\windows\system32\hidserv.dll
11:30:51.0137 1756 hidserv - ok
11:30:51.0168 1756 [ 9E11EE0F2E117B2D5A835B2B91752827 ] HidUsb C:\windows\System32\drivers\hidusb.sys
11:30:51.0168 1756 HidUsb - ok
11:30:51.0199 1756 [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc C:\windows\system32\kmsvc.dll
11:30:51.0215 1756 hkmsvc - ok
11:30:51.0277 1756 [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\windows\system32\ListSvc.dll
11:30:51.0293 1756 HomeGroupListener - ok
11:30:51.0324 1756 [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\windows\system32\provsvc.dll
11:30:51.0324 1756 HomeGroupProvider - ok
11:30:51.0355 1756 [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
11:30:51.0355 1756 HpSAMD - ok
11:30:51.0402 1756 [ F4A91D985EB9D1D2717D538F3424603C ] HTTP C:\windows\system32\drivers\HTTP.sys
11:30:51.0418 1756 HTTP - ok
11:30:51.0465 1756 [ 2A98301068801700906C06649860FE94 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
11:30:51.0465 1756 hwpolicy - ok
11:30:51.0480 1756 [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd C:\windows\System32\drivers\hyperkbd.sys
11:30:51.0480 1756 hyperkbd - ok
11:30:51.0480 1756 [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo C:\windows\system32\DRIVERS\HyperVideo.sys
11:30:51.0480 1756 HyperVideo - ok
11:30:51.0496 1756 [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt C:\windows\System32\drivers\i8042prt.sys
11:30:51.0496 1756 i8042prt - ok
11:30:51.0543 1756 [ 0FE66A51D81A25AACEAAE4C26308121D ] iaStorA C:\windows\system32\drivers\iaStorA.sys
11:30:51.0558 1756 iaStorA - ok
11:30:51.0590 1756 [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
11:30:51.0590 1756 iaStorV - ok
11:30:51.0699 1756 [ A1CF07D24EDCDC6870535471654D957C ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
11:30:51.0730 1756 igfx - ok
11:30:51.0762 1756 [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp C:\windows\system32\drivers\iirsp.sys
11:30:51.0762 1756 iirsp - ok
11:30:51.0824 1756 [ 3884117CE4FEC35E4A1A7A62918B1F34 ] IKEEXT C:\windows\System32\ikeext.dll
11:30:51.0840 1756 IKEEXT - ok
11:30:51.0933 1756 [ 7A93DBF7DD86A28C0B941F4D39B85A0E ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
11:30:51.0949 1756 IntcAzAudAddService - ok
11:30:51.0965 1756 [ F5495B38BFB9149925F54F65AB40EFBF ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
11:30:51.0965 1756 IntcDAud - ok
11:30:52.0090 1756 [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
11:30:52.0090 1756 Intel(R) Capability Licensing Service Interface - ok
11:30:52.0121 1756 [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide C:\windows\system32\drivers\intelide.sys
11:30:52.0121 1756 intelide - ok
11:30:52.0152 1756 [ E15CDF68DD73423F15D4AC404793AF0D ] intelppm C:\windows\System32\drivers\intelppm.sys
11:30:52.0168 1756 intelppm - ok
11:30:52.0230 1756 [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
11:30:52.0230 1756 IpFilterDriver - ok
11:30:52.0277 1756 [ C217B8D2E58C57A319B16125C3D4B69C ] iphlpsvc C:\windows\System32\iphlpsvc.dll
11:30:52.0293 1756 iphlpsvc - ok
11:30:52.0309 1756 [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV C:\windows\System32\drivers\IPMIDrv.sys
11:30:52.0309 1756 IPMIDRV - ok
11:30:52.0309 1756 [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT C:\windows\system32\drivers\ipnat.sys
11:30:52.0309 1756 IPNAT - ok
11:30:52.0340 1756 [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM C:\windows\system32\drivers\irenum.sys
11:30:52.0340 1756 IRENUM - ok
11:30:52.0340 1756 [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp C:\windows\system32\drivers\isapnp.sys
11:30:52.0340 1756 isapnp - ok
11:30:52.0418 1756 [ 69C8BF0BC2B0EA10F130F4D3104DC2EF ] iScsiPrt C:\windows\System32\drivers\msiscsi.sys
11:30:52.0418 1756 iScsiPrt - ok
11:30:52.0512 1756 [ 78ABBE558F57144047F10A0F50FE4B2F ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
11:30:52.0527 1756 jhi_service - ok
11:30:52.0543 1756 [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass C:\windows\System32\drivers\kbdclass.sys
11:30:52.0543 1756 kbdclass - ok
11:30:52.0605 1756 [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid C:\windows\System32\drivers\kbdhid.sys
11:30:52.0605 1756 kbdhid - ok
11:30:52.0621 1756 [ FB6C185092E18011EF49989425C2AA87 ] kdnic C:\windows\system32\DRIVERS\kdnic.sys
11:30:52.0621 1756 kdnic - ok
11:30:52.0652 1756 [ F702AB6181513303AB0FC8D59E52708B ] KeyIso C:\windows\system32\lsass.exe
11:30:52.0652 1756 KeyIso - ok
11:30:52.0684 1756 [ DFA480F6DED551464F3A5B959F437800 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
11:30:52.0684 1756 KSecDD - ok
11:30:52.0715 1756 [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
11:30:52.0715 1756 KSecPkg - ok
11:30:52.0777 1756 [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
11:30:52.0777 1756 ksthunk - ok
11:30:52.0824 1756 [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm C:\windows\system32\msdtckrm.dll
11:30:52.0824 1756 KtmRm - ok
11:30:52.0871 1756 [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer C:\windows\system32\srvsvc.dll
11:30:52.0887 1756 LanmanServer - ok
11:30:52.0918 1756 [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
11:30:52.0934 1756 LanmanWorkstation - ok
11:30:52.0965 1756 [ BE166935083F9C38EDFDC21B9A7A679B ] LHDmgr C:\windows\system32\DRIVERS\LhdX64.sys
11:30:52.0965 1756 LHDmgr - ok
11:30:52.0980 1756 [ CEEFD29FC551F289810B0B9381B321DC ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
11:30:52.0980 1756 lltdio - ok
11:30:53.0059 1756 [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc C:\windows\System32\lltdsvc.dll
11:30:53.0059 1756 lltdsvc - ok
11:30:53.0090 1756 [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts C:\windows\System32\lmhsvc.dll
11:30:53.0090 1756 lmhosts - ok
11:30:53.0137 1756 [ 2C24DC448DBE8DB9BE1441B824C57E79 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
11:30:53.0137 1756 LMS - ok
11:30:53.0168 1756 [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
11:30:53.0168 1756 LSI_SAS - ok
11:30:53.0168 1756 [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
11:30:53.0168 1756 LSI_SAS2 - ok
11:30:53.0184 1756 [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
11:30:53.0184 1756 LSI_SCSI - ok
11:30:53.0199 1756 [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS C:\windows\system32\drivers\lsi_sss.sys
11:30:53.0199 1756 LSI_SSS - ok
11:30:53.0230 1756 [ A57BA284F5996FFD32DCDBC41A4657DB ] LSM C:\windows\System32\lsm.dll
11:30:53.0246 1756 LSM - ok
11:30:53.0262 1756 [ 2BDC5D711FA61307CE6190D47C956368 ] luafv C:\windows\system32\drivers\luafv.sys
11:30:53.0262 1756 luafv - ok
11:30:53.0324 1756 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
11:30:53.0324 1756 MBAMProtector - ok
11:30:53.0449 1756 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:30:53.0449 1756 MBAMScheduler - ok
11:30:53.0496 1756 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:30:53.0496 1756 MBAMService - ok
11:30:53.0527 1756 [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas C:\windows\system32\drivers\megasas.sys
11:30:53.0527 1756 megasas - ok
11:30:53.0590 1756 [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
11:30:53.0590 1756 MegaSR - ok
11:30:53.0621 1756 [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64 C:\windows\System32\drivers\HECIx64.sys
11:30:53.0621 1756 MEIx64 - ok
11:30:53.0652 1756 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS C:\windows\system32\mmcss.dll
11:30:53.0652 1756 MMCSS - ok
11:30:53.0668 1756 [ 780098AD5DA8A4822E2563984C85EF7B ] Modem C:\windows\system32\drivers\modem.sys
11:30:53.0668 1756 Modem - ok
11:30:53.0699 1756 [ EA8EAD3F5B762F889CC7F3966625B48B ] monitor C:\windows\System32\drivers\monitor.sys
11:30:53.0699 1756 monitor - ok
11:30:53.0699 1756 [ 618446B98C79776654340CE27C73485E ] mouclass C:\windows\System32\drivers\mouclass.sys
11:30:53.0715 1756 mouclass - ok
11:30:53.0730 1756 [ C0ADEBED913295803B579ED288936CBB ] mouhid C:\windows\System32\drivers\mouhid.sys
11:30:53.0730 1756 mouhid - ok
11:30:53.0746 1756 [ 89D263DBF08119CE16273991C120D6DD ] mountmgr C:\windows\system32\drivers\mountmgr.sys
11:30:53.0746 1756 mountmgr - ok
11:30:53.0777 1756 [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
11:30:53.0777 1756 mpsdrv - ok
11:30:53.0809 1756 [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc C:\windows\system32\mpssvc.dll
11:30:53.0824 1756 MpsSvc - ok
11:30:53.0840 1756 [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
11:30:53.0840 1756 MRxDAV - ok
11:30:53.0855 1756 [ 93179D48066918323628CB016D8C94DC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
11:30:53.0871 1756 mrxsmb - ok
11:30:53.0887 1756 [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
11:30:53.0887 1756 mrxsmb10 - ok
11:30:53.0918 1756 [ 5C7DD2E5759FFCCD2C7341C1B90F2B26 ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
11:30:53.0918 1756 mrxsmb20 - ok
11:30:53.0949 1756 [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge C:\windows\system32\DRIVERS\bridge.sys
11:30:53.0949 1756 MsBridge - ok
11:30:53.0996 1756 [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC C:\windows\System32\msdtc.exe
11:30:54.0043 1756 MSDTC - ok
11:30:54.0059 1756 [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs C:\windows\system32\drivers\Msfs.sys
11:30:54.0074 1756 Msfs - ok
11:30:54.0090 1756 [ C32A7A39B960A42BA9D4FBE47213CA03 ] msgpiowin32 C:\windows\System32\drivers\msgpiowin32.sys
11:30:54.0105 1756 msgpiowin32 - ok
11:30:54.0121 1756 [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
11:30:54.0121 1756 mshidkmdf - ok
11:30:54.0137 1756 [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf C:\windows\System32\drivers\mshidumdf.sys
11:30:54.0137 1756 mshidumdf - ok
11:30:54.0215 1756 [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv C:\windows\system32\drivers\msisadrv.sys
11:30:54.0215 1756 msisadrv - ok
11:30:54.0262 1756 [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI C:\windows\system32\iscsiexe.dll
11:30:54.0277 1756 MSiSCSI - ok
11:30:54.0277 1756 msiserver - ok
11:30:54.0293 1756 [ 509809566E49F4411055864EA8D437CD ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
11:30:54.0293 1756 MSKSSRV - ok
11:30:54.0324 1756 [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp C:\windows\system32\DRIVERS\mslldp.sys
11:30:54.0324 1756 MsLldp - ok
11:30:54.0324 1756 [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
11:30:54.0324 1756 MSPCLOCK - ok
11:30:54.0340 1756 [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
11:30:54.0340 1756 MSPQM - ok
11:30:54.0340 1756 [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
11:30:54.0355 1756 MsRPC - ok
11:30:54.0371 1756 [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios C:\windows\System32\drivers\mssmbios.sys
11:30:54.0371 1756 mssmbios - ok
11:30:54.0387 1756 [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
11:30:54.0387 1756 MSTEE - ok
11:30:54.0402 1756 [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig C:\windows\System32\drivers\MTConfig.sys
11:30:54.0402 1756 MTConfig - ok
11:30:54.0480 1756 [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup C:\windows\system32\Drivers\mup.sys
11:30:54.0480 1756 Mup - ok
11:30:54.0480 1756 [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis C:\windows\system32\drivers\mvumis.sys
11:30:54.0480 1756 mvumis - ok
11:30:54.0527 1756 [ 4B18840511D720BA118D3017E8165875 ] napagent C:\windows\system32\qagentRT.dll
11:30:54.0543 1756 napagent - ok
11:30:54.0574 1756 [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
11:30:54.0574 1756 NativeWifiP - ok
11:30:54.0621 1756 [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc C:\windows\System32\ncasvc.dll
11:30:54.0621 1756 NcaSvc - ok
11:30:54.0668 1756 [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup C:\windows\System32\NcdAutoSetup.dll
11:30:54.0684 1756 NcdAutoSetup - ok
11:30:54.0715 1756 [ A10E176F3B2BF83EDE7B5C4658C93B66 ] NDIS C:\windows\system32\drivers\ndis.sys
11:30:54.0730 1756 NDIS - ok
11:30:54.0762 1756 [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
11:30:54.0762 1756 NdisCap - ok
11:30:54.0777 1756 [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform C:\windows\system32\DRIVERS\NdisImPlatform.sys
11:30:54.0777 1756 NdisImPlatform - ok
11:30:54.0840 1756 [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
11:30:54.0840 1756 NdisTapi - ok
11:30:54.0856 1756 [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
11:30:54.0856 1756 Ndisuio - ok
11:30:54.0902 1756 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
11:30:54.0902 1756 NdisWan - ok
11:30:54.0902 1756 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY C:\windows\system32\DRIVERS\ndiswan.sys
11:30:54.0902 1756 NDISWANLEGACY - ok
11:30:54.0934 1756 [ 3730942D7DB2F8BB5F84542B7FF6F650 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
11:30:54.0934 1756 NDProxy - ok
11:30:54.0934 1756 [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu C:\windows\system32\drivers\Ndu.sys
11:30:54.0934 1756 Ndu - ok
11:30:54.0949 1756 [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
11:30:54.0949 1756 NetBIOS - ok
11:30:54.0965 1756 [ 7CEC25C682D319D484630B3952C31A11 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
11:30:54.0965 1756 NetBT - ok
11:30:54.0981 1756 [ F702AB6181513303AB0FC8D59E52708B ] Netlogon C:\windows\system32\lsass.exe
11:30:54.0981 1756 Netlogon - ok
11:30:54.0996 1756 [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman C:\windows\System32\netman.dll
11:30:54.0996 1756 Netman - ok
11:30:55.0043 1756 [ 79FA9393C67EBBF92A56923592CF7A7C ] netprofm C:\windows\System32\netprofmsvc.dll
11:30:55.0043 1756 netprofm - ok
11:30:55.0090 1756 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:30:55.0106 1756 NetTcpPortSharing - ok
11:30:55.0262 1756 [ 57B9C04D673F236D41FAB03842C8640B ] NETwNs64

T0m1k · Příspěvekod **T0m1k** » 15 zář 2013 11:55

pokračování TDSSKiller:
C:\windows\system32\DRIVERS\NETwNs64.sys
11:30:55.0293 1756 NETwNs64 - ok
11:30:55.0309 1756 [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
11:30:55.0309 1756 nfrd960 - ok
11:30:55.0340 1756 [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc C:\windows\System32\nlasvc.dll
11:30:55.0356 1756 NlaSvc - ok
11:30:55.0418 1756 [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs C:\windows\system32\drivers\Npfs.sys
11:30:55.0418 1756 Npfs - ok
11:30:55.0434 1756 [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig C:\windows\System32\drivers\npsvctrig.sys
11:30:55.0434 1756 npsvctrig - ok
11:30:55.0465 1756 [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi C:\windows\system32\nsisvc.dll
11:30:55.0512 1756 nsi - ok
11:30:55.0527 1756 [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
11:30:55.0527 1756 nsiproxy - ok
11:30:55.0621 1756 [ 76929F4A69E425911A63B407E26C2589 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
11:30:55.0637 1756 Ntfs - ok
11:30:55.0668 1756 [ 4163ADE07DB51843AE31F65B94F5398D ] Null C:\windows\system32\drivers\Null.sys
11:30:55.0668 1756 Null - ok
11:30:55.0934 1756 [ 142E69816EC9C4ED274E1AD3E801F09E ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
11:30:55.0981 1756 nvlddmkm - ok
11:30:56.0012 1756 [ 644CC9A6BB1C378ECDC8366131B09581 ] nvpciflt C:\windows\system32\DRIVERS\nvpciflt.sys
11:30:56.0012 1756 nvpciflt - ok
11:30:56.0074 1756 [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid C:\windows\system32\drivers\nvraid.sys
11:30:56.0074 1756 nvraid - ok
11:30:56.0106 1756 [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor C:\windows\system32\drivers\nvstor.sys
11:30:56.0106 1756 nvstor - ok
11:30:56.0152 1756 [ EDEF3B2D77698F9FF8BD9A56D297638B ] nvsvc C:\windows\system32\nvvsvc.exe
11:30:56.0168 1756 nvsvc - ok
11:30:56.0277 1756 [ 249357999355A998AA94A3673C3367EB ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
11:30:56.0293 1756 nvUpdatusService - ok
11:30:56.0324 1756 [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
11:30:56.0324 1756 nv_agp - ok
11:30:56.0371 1756 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:30:56.0371 1756 ose - ok
11:30:56.0559 1756 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:30:56.0590 1756 osppsvc - ok
11:30:56.0621 1756 [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc C:\windows\system32\pnrpsvc.dll
11:30:56.0637 1756 p2pimsvc - ok
11:30:56.0652 1756 [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc C:\windows\system32\p2psvc.dll
11:30:56.0652 1756 p2psvc - ok
11:30:56.0684 1756 [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport C:\windows\System32\drivers\parport.sys
11:30:56.0684 1756 Parport - ok
11:30:56.0746 1756 [ D6ACCF9F2EEEEA711C14EFD976E573F3 ] partmgr C:\windows\system32\drivers\partmgr.sys
11:30:56.0746 1756 partmgr - ok
11:30:56.0777 1756 [ 4811D9EC53649105A5A8BEA661B0F936 ] PcaSvc C:\windows\System32\pcasvc.dll
11:30:56.0793 1756 PcaSvc - ok
11:30:56.0824 1756 [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci C:\windows\system32\drivers\pci.sys
11:30:56.0824 1756 pci - ok
11:30:56.0824 1756 [ F9908D274D458220F91E89B54D78D837 ] pciide C:\windows\system32\drivers\pciide.sys
11:30:56.0824 1756 pciide - ok
11:30:56.0840 1756 [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia C:\windows\system32\drivers\pcmcia.sys
11:30:56.0840 1756 pcmcia - ok
11:30:56.0871 1756 [ CEBBAD5391C2644560C55628A40BFD27 ] pcw C:\windows\system32\drivers\pcw.sys
11:30:56.0871 1756 pcw - ok
11:30:56.0887 1756 [ 0698DEDEAD6A00AD0D468C687D830FBF ] pdc C:\windows\system32\drivers\pdc.sys
11:30:56.0887 1756 pdc - ok
11:30:56.0934 1756 [ 61FE70659CD43E07F94DA4DC31DEC493 ] PEAUTH C:\windows\system32\drivers\peauth.sys
11:30:56.0934 1756 PEAUTH - ok
11:30:57.0012 1756 [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost C:\windows\SysWow64\perfhost.exe
11:30:57.0012 1756 PerfHost - ok
11:30:57.0074 1756 [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla C:\windows\system32\pla.dll
11:30:57.0090 1756 pla - ok
11:30:57.0121 1756 [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay C:\windows\system32\umpnpmgr.dll
11:30:57.0121 1756 PlugPlay - ok
11:30:57.0137 1756 [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
11:30:57.0137 1756 PNRPAutoReg - ok
11:30:57.0168 1756 [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc C:\windows\system32\pnrpsvc.dll
11:30:57.0168 1756 PNRPsvc - ok
11:30:57.0199 1756 [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
11:30:57.0199 1756 PolicyAgent - ok
11:30:57.0231 1756 [ F1E067F56373F11EA4B785CAE823740A ] Power C:\windows\system32\umpo.dll
11:30:57.0246 1756 Power - ok
11:30:57.0262 1756 [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
11:30:57.0262 1756 PptpMiniport - ok
11:30:57.0403 1756 [ 9D59831262CAD44E709D695FC9D5E7AB ] PrintNotify C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
11:30:57.0418 1756 PrintNotify - ok
11:30:57.0449 1756 [ DD979EB6A7212F60E4AFBE96EDC7AE6D ] Processor C:\windows\System32\drivers\processr.sys
11:30:57.0449 1756 Processor - ok
11:30:57.0528 1756 [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc C:\windows\system32\profsvc.dll
11:30:57.0528 1756 ProfSvc - ok
11:30:57.0559 1756 [ EB8034147D4820CD31BFCB11A2A652DF ] Psched C:\windows\system32\DRIVERS\pacer.sys
11:30:57.0559 1756 Psched - ok
11:30:57.0606 1756 [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE C:\windows\system32\qwave.dll
11:30:57.0606 1756 QWAVE - ok
11:30:57.0621 1756 [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
11:30:57.0621 1756 QWAVEdrv - ok
11:30:57.0653 1756 [ 873C60F8178100557740A832FCE10B5F ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
11:30:57.0653 1756 RasAcd - ok
11:30:57.0684 1756 [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
11:30:57.0684 1756 RasAgileVpn - ok
11:30:57.0699 1756 [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto C:\windows\System32\rasauto.dll
11:30:57.0699 1756 RasAuto - ok
11:30:57.0715 1756 [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
11:30:57.0715 1756 Rasl2tp - ok
11:30:57.0746 1756 [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan C:\windows\System32\rasmans.dll
11:30:57.0746 1756 RasMan - ok
11:30:57.0762 1756 [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
11:30:57.0762 1756 RasPppoe - ok
11:30:57.0778 1756 [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
11:30:57.0778 1756 RasSstp - ok
11:30:57.0809 1756 [ CA03D642ACE58E1BA54E4B383F91CD69 ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
11:30:57.0809 1756 rdbss - ok
11:30:57.0824 1756 [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus C:\windows\System32\drivers\rdpbus.sys
11:30:57.0824 1756 rdpbus - ok
11:30:57.0840 1756 [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR C:\windows\system32\drivers\rdpdr.sys
11:30:57.0840 1756 RDPDR - ok
11:30:57.0871 1756 [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
11:30:57.0871 1756 RdpVideoMiniport - ok
11:30:57.0887 1756 [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
11:30:57.0887 1756 RDPWD - ok
11:30:57.0903 1756 [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
11:30:57.0903 1756 rdyboost - ok
11:30:57.0981 1756 [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess C:\windows\System32\mprdim.dll
11:30:57.0981 1756 RemoteAccess - ok
11:30:58.0012 1756 [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry C:\windows\system32\regsvc.dll
11:30:58.0028 1756 RemoteRegistry - ok
11:30:58.0043 1756 [ CCBFCABDFE2BC22F0645CEAADDB36004 ] RFCOMM C:\windows\System32\drivers\rfcomm.sys
11:30:58.0043 1756 RFCOMM - ok
11:30:58.0074 1756 [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
11:30:58.0090 1756 RpcEptMapper - ok
11:30:58.0137 1756 [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator C:\windows\system32\locator.exe
11:30:58.0153 1756 RpcLocator - ok
11:30:58.0168 1756 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs C:\windows\system32\rpcss.dll
11:30:58.0184 1756 RpcSs - ok
11:30:58.0215 1756 [ E04E770DD198B9399640717145E79EBF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
11:30:58.0215 1756 rspndr - ok
11:30:58.0246 1756 [ 55E66BAE5B30E09FDE217FBF0CDAA579 ] RSUSBVSTOR C:\windows\System32\Drivers\RtsUVStor.sys
11:30:58.0246 1756 RSUSBVSTOR - ok
11:30:58.0324 1756 [ 7D9DA8EC6784A9EE213C676709D46BE6 ] RTL8168 C:\windows\system32\DRIVERS\Rt630x64.sys
11:30:58.0324 1756 RTL8168 - ok
11:30:58.0481 1756 [ 02FE42ED9CBB4CBE806ED1E906D7AC8F ] rtsuvc C:\windows\system32\DRIVERS\rtsuvc.sys
11:30:58.0512 1756 rtsuvc - ok
11:30:58.0543 1756 [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap C:\windows\System32\drivers\vms3cap.sys
11:30:58.0543 1756 s3cap - ok
11:30:58.0574 1756 [ F702AB6181513303AB0FC8D59E52708B ] SamSs C:\windows\system32\lsass.exe
11:30:58.0574 1756 SamSs - ok
11:30:58.0590 1756 [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port C:\windows\system32\drivers\sbp2port.sys
11:30:58.0590 1756 sbp2port - ok
11:30:58.0637 1756 [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr C:\windows\System32\SCardSvr.dll
11:30:58.0653 1756 SCardSvr - ok
11:30:58.0684 1756 [ 5D7733A12756B267FCA021672B26BC9E ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
11:30:58.0684 1756 scfilter - ok
11:30:58.0731 1756 [ ED40ED9A65F3E79A8C43DD50C5FDADBF ] Schedule C:\windows\system32\schedsvc.dll
11:30:58.0746 1756 Schedule - ok
11:30:58.0778 1756 [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc C:\windows\System32\certprop.dll
11:30:58.0778 1756 SCPolicySvc - ok
11:30:58.0856 1756 [ F58B030A0664385C707B8C1C63682041 ] sdbus C:\windows\System32\drivers\sdbus.sys
11:30:58.0856 1756 sdbus - ok
11:30:58.0887 1756 [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC C:\windows\System32\SDRSVC.dll
11:30:58.0903 1756 SDRSVC - ok
11:30:58.0934 1756 [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor C:\windows\System32\drivers\sdstor.sys
11:30:58.0934 1756 sdstor - ok
11:30:58.0965 1756 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
11:30:58.0965 1756 secdrv - ok
11:30:58.0981 1756 [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon C:\windows\system32\seclogon.dll
11:30:58.0996 1756 seclogon - ok
11:30:59.0012 1756 [ 9C51620998F0763039DFA6BF68E475ED ] SENS C:\windows\System32\sens.dll
11:30:59.0012 1756 SENS - ok
11:30:59.0028 1756 [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc C:\windows\system32\sensrsvc.dll
11:30:59.0028 1756 SensrSvc - ok
11:30:59.0043 1756 [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx C:\windows\system32\drivers\SerCx.sys
11:30:59.0059 1756 SerCx - ok
11:30:59.0059 1756 [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum C:\windows\System32\drivers\serenum.sys
11:30:59.0059 1756 Serenum - ok
11:30:59.0059 1756 [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial C:\windows\System32\drivers\serial.sys
11:30:59.0059 1756 Serial - ok
11:30:59.0059 1756 [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse C:\windows\System32\drivers\sermouse.sys
11:30:59.0059 1756 sermouse - ok
11:30:59.0153 1756 [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv C:\windows\system32\sessenv.dll
11:30:59.0153 1756 SessionEnv - ok
11:30:59.0168 1756 [ 7EE65419B29302C795714FF8073969A1 ] sfloppy C:\windows\System32\drivers\sfloppy.sys
11:30:59.0168 1756 sfloppy - ok
11:30:59.0199 1756 [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess C:\windows\System32\ipnathlp.dll
11:30:59.0215 1756 SharedAccess - ok
11:30:59.0246 1756 [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\windows\System32\shsvcs.dll
11:30:59.0262 1756 ShellHWDetection - ok
11:30:59.0278 1756 [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
11:30:59.0278 1756 SiSRaid2 - ok
11:30:59.0293 1756 [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
11:30:59.0293 1756 SiSRaid4 - ok
11:30:59.0340 1756 [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP C:\windows\System32\snmptrap.exe
11:30:59.0340 1756 SNMPTRAP - ok
11:30:59.0418 1756 [ FD3AF5575B99871BADB94E7699DBCE08 ] spaceport C:\windows\system32\drivers\spaceport.sys
11:30:59.0418 1756 spaceport - ok
11:30:59.0434 1756 [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx C:\windows\system32\drivers\SpbCx.sys
11:30:59.0434 1756 SpbCx - ok
11:30:59.0465 1756 [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler C:\windows\System32\spoolsv.exe
11:30:59.0481 1756 Spooler - ok
11:30:59.0590 1756 [ 061A977C920FBE4BF71FF47C966DDDCA ] sppsvc C:\windows\system32\sppsvc.exe
11:30:59.0621 1756 sppsvc - ok
11:30:59.0653 1756 [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv C:\windows\system32\DRIVERS\srv.sys
11:30:59.0653 1756 srv - ok
11:30:59.0684 1756 [ 56218A571ECF8D55E0CDFF8DF2546CF1 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
11:30:59.0699 1756 srv2 - ok
11:30:59.0715 1756 [ 14FC338B80CFF7E04215133B568D15C4 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
11:30:59.0715 1756 srvnet - ok
11:30:59.0731 1756 [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
11:30:59.0746 1756 SSDPSRV - ok
11:30:59.0762 1756 [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc C:\windows\system32\sstpsvc.dll
11:30:59.0778 1756 SstpSvc - ok
11:30:59.0840 1756 [ EA8F41484CCC5BA6A1455C2AD3D1BE3C ] ssudmdm C:\windows\system32\DRIVERS\ssudmdm.sys
11:30:59.0840 1756 ssudmdm - ok
11:30:59.0871 1756 [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor C:\windows\system32\drivers\stexstor.sys
11:30:59.0871 1756 stexstor - ok
11:30:59.0918 1756 [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc C:\windows\System32\wiaservc.dll
11:30:59.0934 1756 stisvc - ok
11:30:59.0965 1756 [ B240874B2CA0CD02E8CD11E140B14C57 ] storahci C:\windows\system32\drivers\storahci.sys
11:30:59.0965 1756 storahci - ok
11:30:59.0996 1756 [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt C:\windows\system32\DRIVERS\vmstorfl.sys
11:30:59.0996 1756 storflt - ok
11:31:00.0075 1756 [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc C:\windows\system32\storsvc.dll
11:31:00.0090 1756 StorSvc - ok
11:31:00.0090 1756 [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc C:\windows\system32\drivers\storvsc.sys
11:31:00.0090 1756 storvsc - ok
11:31:00.0106 1756 [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc C:\windows\system32\svsvc.dll
11:31:00.0121 1756 svsvc - ok
11:31:00.0137 1756 [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum C:\windows\System32\drivers\swenum.sys
11:31:00.0137 1756 swenum - ok
11:31:00.0278 1756 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
11:31:00.0293 1756 SwitchBoard - ok
11:31:00.0309 1756 [ 502F9488540051F3E6C39889ECFA76BB ] swprv C:\windows\System32\swprv.dll
11:31:00.0325 1756 swprv - ok
11:31:00.0371 1756 [ A06CB9269D29EE3D0F3F5630ABB660B8 ] SysMain C:\windows\system32\sysmain.dll
11:31:00.0403 1756 SysMain - ok
11:31:00.0418 1756 [ 6FB88606C4A71E1BFAF97D63A676C673 ] SystemEventsBroker C:\windows\System32\SystemEventsBrokerServer.dll
11:31:00.0418 1756 SystemEventsBroker - ok
11:31:00.0450 1756 [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\windows\System32\TabSvc.dll
11:31:00.0450 1756 TabletInputService - ok
11:31:00.0465 1756 [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv C:\windows\System32\tapisrv.dll
11:31:00.0465 1756 TapiSrv - ok
11:31:00.0528 1756 [ 1794C43A000A47D92B3304FC1E3E512A ] Tcpip C:\windows\system32\drivers\tcpip.sys
11:31:00.0543 1756 Tcpip - ok
11:31:00.0559 1756 [ 1794C43A000A47D92B3304FC1E3E512A ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
11:31:00.0575 1756 TCPIP6 - ok
11:31:00.0606 1756 [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
11:31:00.0606 1756 tcpipreg - ok
11:31:00.0621 1756 [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx C:\windows\system32\DRIVERS\tdx.sys
11:31:00.0621 1756 tdx - ok
11:31:00.0637 1756 [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt C:\windows\System32\drivers\terminpt.sys
11:31:00.0637 1756 terminpt - ok
11:31:00.0684 1756 [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService C:\windows\System32\termsrv.dll
11:31:00.0778 1756 TermService - ok
11:31:00.0793 1756 [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes C:\windows\system32\themeservice.dll
11:31:00.0809 1756 Themes - ok
11:31:00.0825 1756 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER C:\windows\system32\mmcss.dll
11:31:00.0840 1756 THREADORDER - ok
11:31:00.0871 1756 [ 4515B9E4140F04FB3907692DF89FCA87 ] TimeBroker C:\windows\System32\TimeBrokerServer.dll
11:31:00.0918 1756 TimeBroker - ok
11:31:00.0950 1756 [ 6F0BFF80EE2A5BC841286A51F893CBAD ] TPM C:\windows\system32\drivers\tpm.sys
11:31:00.0950 1756 TPM - ok
11:31:00.0996 1756 [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks C:\windows\System32\trkwks.dll
11:31:00.0996 1756 TrkWks - ok
11:31:01.0121 1756 [ 8ABBB5CE0C62E0A6D28F32F44B7F865C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
11:31:01.0121 1756 TrustedInstaller - ok
11:31:01.0153 1756 [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
11:31:01.0153 1756 TsUsbFlt - ok
11:31:01.0153 1756 [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD C:\windows\System32\drivers\TsUsbGD.sys
11:31:01.0168 1756 TsUsbGD - ok
11:31:01.0168 1756 [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
11:31:01.0184 1756 tunnel - ok
11:31:01.0184 1756 [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35 C:\windows\system32\drivers\uagp35.sys
11:31:01.0184 1756 uagp35 - ok
11:31:01.0200 1756 [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor C:\windows\System32\drivers\uaspstor.sys
11:31:01.0200 1756 UASPStor - ok
11:31:01.0231 1756 [ 4834158B8D06A153FADAB6B85320FBBE ] UCX01000 C:\windows\System32\drivers\ucx01000.sys
11:31:01.0231 1756 UCX01000 - ok
11:31:01.0325 1756 [ 25C50F4EDF70D0A831E0566BD181CCF2 ] udfs C:\windows\system32\DRIVERS\udfs.sys
11:31:01.0340 1756 udfs - ok
11:31:01.0371 1756 [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect C:\windows\system32\UI0Detect.exe
11:31:01.0387 1756 UI0Detect - ok
11:31:01.0403 1756 [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
11:31:01.0403 1756 uliagpkx - ok
11:31:01.0418 1756 [ 02CEB3FE6152668A7BA420B93B664860 ] umbus C:\windows\System32\drivers\umbus.sys
11:31:01.0418 1756 umbus - ok
11:31:01.0450 1756 [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass C:\windows\System32\drivers\umpass.sys
11:31:01.0450 1756 UmPass - ok
11:31:01.0528 1756 [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService C:\windows\System32\umrdp.dll
11:31:01.0543 1756 UmRdpService - ok
11:31:01.0621 1756 [ E1A119AD21F5AFE22EB516C549306D3D ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
11:31:01.0621 1756 UNS - ok
11:31:01.0684 1756 [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost C:\windows\System32\upnphost.dll
11:31:01.0684 1756 upnphost - ok
11:31:01.0715 1756 [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp C:\windows\System32\drivers\usbccgp.sys
11:31:01.0715 1756 usbccgp - ok
11:31:01.0746 1756 [ B395B62B62F28106218FA6FB17F4C797 ] usbcir C:\windows\System32\drivers\usbcir.sys
11:31:01.0746 1756 usbcir - ok
11:31:01.0778 1756 [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci C:\windows\System32\drivers\usbehci.sys
11:31:01.0778 1756 usbehci - ok
11:31:01.0793 1756 [ ADBF89B8E0BB372FEFE2E4B84E1E20AE ] usbhub C:\windows\System32\drivers\usbhub.sys
11:31:01.0793 1756 usbhub - ok
11:31:01.0856 1756 [ EA040D4C6C94F315A85F3D0EAA884B37 ] USBHUB3 C:\windows\System32\drivers\UsbHub3.sys
11:31:01.0871 1756 USBHUB3 - ok
11:31:01.0887 1756 [ 325F6179009B5A7F6118951A5BA422AB ] usbohci C:\windows\System32\drivers\usbohci.sys
11:31:01.0887 1756 usbohci - ok
11:31:01.0903 1756 [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint C:\windows\System32\drivers\usbprint.sys
11:31:01.0903 1756 usbprint - ok
11:31:01.0934 1756 [ BFC7FE4AAEB61317A921871B4085EF4B ] USBSTOR C:\windows\System32\drivers\USBSTOR.SYS
11:31:01.0934 1756 USBSTOR - ok
11:31:01.0934 1756 [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci C:\windows\System32\drivers\usbuhci.sys
11:31:01.0934 1756 usbuhci - ok
11:31:01.0965 1756 [ 09799E701B4327097E9F63D3FE221083 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
11:31:01.0965 1756 usbvideo - ok
11:31:01.0981 1756 [ 1ADCF0A490C2845637B334626669CD6F ] USBXHCI C:\windows\System32\drivers\USBXHCI.SYS
11:31:01.0981 1756 USBXHCI - ok
11:31:01.0981 1756 [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc C:\windows\system32\lsass.exe
11:31:01.0981 1756 VaultSvc - ok
11:31:02.0012 1756 [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
11:31:02.0012 1756 vdrvroot - ok
11:31:02.0043 1756 [ 1B4488988E5E7512E6C5CD1255E9E973 ] vds C:\windows\System32\vds.exe
11:31:02.0059 1756 vds - ok
11:31:02.0059 1756 [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt C:\windows\system32\drivers\VerifierExt.sys
11:31:02.0059 1756 VerifierExt - ok
11:31:02.0153 1756 [ 500BE6B2E49883720D0AE8BB859ED7A3 ] vhdmp C:\windows\System32\drivers\vhdmp.sys
11:31:02.0153 1756 vhdmp - ok
11:31:02.0200 1756 [ F5B4A14B00E89250C50982AC762DDD1D ] viaide C:\windows\system32\drivers\viaide.sys
11:31:02.0200 1756 viaide - ok
11:31:02.0215 1756 [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus C:\windows\system32\drivers\vmbus.sys
11:31:02.0215 1756 vmbus - ok
11:31:02.0231 1756 [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID C:\windows\System32\drivers\VMBusHID.sys
11:31:02.0231 1756 VMBusHID - ok
11:31:02.0262 1756 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat C:\windows\System32\ICSvc.dll
11:31:02.0278 1756 vmicheartbeat - ok
11:31:02.0293 1756 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\windows\System32\ICSvc.dll
11:31:02.0293 1756 vmickvpexchange - ok
11:31:02.0309 1756 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv C:\windows\System32\ICSvc.dll
11:31:02.0309 1756 vmicrdv - ok
11:31:02.0309 1756 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown C:\windows\System32\ICSvc.dll
11:31:02.0309 1756 vmicshutdown - ok
11:31:02.0325 1756 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync C:\windows\System32\ICSvc.dll
11:31:02.0325 1756 vmictimesync - ok
11:31:02.0325 1756 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss C:\windows\System32\ICSvc.dll
11:31:02.0340 1756 vmicvss - ok
11:31:02.0340 1756 [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr C:\windows\system32\drivers\volmgr.sys
11:31:02.0340 1756 volmgr - ok
11:31:02.0371 1756 [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
11:31:02.0371 1756 volmgrx - ok
11:31:02.0403 1756 [ 78A5BBA3819FFFC62FFEC3E2220D102D ] volsnap C:\windows\system32\drivers\volsnap.sys
11:31:02.0403 1756 volsnap - ok
11:31:02.0418 1756 [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci C:\windows\System32\drivers\vpci.sys
11:31:02.0418 1756 vpci - ok
11:31:02.0418 1756 [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
11:31:02.0434 1756 vsmraid - ok
11:31:02.0465 1756 [ D0C69E44BC1E1D4AD290FD84104623D8 ] VSS C:\windows\system32\vssvc.exe
11:31:02.0481 1756 VSS - ok
11:31:02.0575 1756 [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID C:\windows\system32\drivers\vstxraid.sys
11:31:02.0575 1756 VSTXRAID - ok
11:31:02.0606 1756 [ 62460A45435A26A334907E3F2EA45611 ] vwifibus C:\windows\System32\drivers\vwifibus.sys
11:31:02.0606 1756 vwifibus - ok
11:31:02.0637 1756 [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
11:31:02.0637 1756 vwififlt - ok
11:31:02.0653 1756 [ 73FA1A41A97A5C34ADC03B3577FF1A86 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
11:31:02.0653 1756 vwifimp - ok
11:31:02.0731 1756 [ F690B6EEAA94576727B24376D7ED3601 ] W32Time C:\windows\system32\w32time.dll
11:31:02.0731 1756 W32Time - ok
11:31:02.0747 1756 [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen C:\windows\System32\drivers\wacompen.sys
11:31:02.0747 1756 WacomPen - ok
11:31:02.0778 1756 [ 61F6972FF9AC9A8D0B4D62076DC30051 ] Wanarp C:\windows\system32\DRIVERS\wanarp.sys
11:31:02.0778 1756 Wanarp - ok
11:31:02.0778 1756 [ 61F6972FF9AC9A8D0B4D62076DC30051 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
11:31:02.0778 1756 Wanarpv6 - ok
11:31:02.0825 1756 [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine C:\windows\system32\wbengine.exe
11:31:02.0856 1756 wbengine - ok
11:31:02.0856 1756 [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
11:31:02.0872 1756 WbioSrvc - ok
11:31:02.0918 1756 [ AF1349386D4C6786EF4E34FACEF15042 ] Wcmsvc C:\windows\System32\wcmsvc.dll
11:31:02.0918 1756 Wcmsvc - ok
11:31:02.0981 1756 [ 5B5FEAB51172F5513C2CF7B39CFA6A01 ] wcncsvc C:\windows\System32\wcncsvc.dll
11:31:02.0997 1756 wcncsvc - ok
11:31:03.0012 1756 [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
11:31:03.0012 1756 WcsPlugInService - ok
11:31:03.0043 1756 [ B3A4D918DAB90505B6BC7B70632913CB ] Wd C:\windows\system32\drivers\wd.sys
11:31:03.0059 1756 Wd - ok
11:31:03.0090 1756 [ FD47DF026B32969B8A68721A0243E8EE ] WdBoot C:\windows\system32\drivers\WdBoot.sys
11:31:03.0090 1756 WdBoot - ok
11:31:03.0122 1756 [ 2ADC985B85A71BD7D99712EC0C24358B ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
11:31:03.0137 1756 Wdf01000 - ok
11:31:03.0168 1756 [ 5F425D842DD6ADE9F95A51A0616AFAD7 ] WdFilter C:\windows\system32\drivers\WdFilter.sys
11:31:03.0168 1756 WdFilter - ok
11:31:03.0200 1756 [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost C:\windows\system32\wdi.dll
11:31:03.0262 1756 WdiServiceHost - ok
11:31:03.0262 1756 [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost C:\windows\system32\wdi.dll
11:31:03.0278 1756 WdiSystemHost - ok
11:31:03.0309 1756 [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient C:\windows\System32\webclnt.dll
11:31:03.0325 1756 WebClient - ok
11:31:03.0325 1756 [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc C:\windows\system32\wecsvc.dll
11:31:03.0340 1756 Wecsvc - ok
11:31:03.0356 1756 [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport C:\windows\System32\wercplsupport.dll
11:31:03.0372 1756 wercplsupport - ok
11:31:03.0387 1756 [ 5F70EBFC1F75B487DE79501E3CCBDB54 ] WerSvc C:\windows\System32\WerSvc.dll
11:31:03.0387 1756 WerSvc - ok
11:31:03.0418 1756 [ 3F1F31883EAC9DDDF836ACC6D1DAC36C ] WFPLWFS C:\windows\system32\DRIVERS\wfplwfs.sys
11:31:03.0418 1756 WFPLWFS - ok
11:31:03.0434 1756 [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc C:\windows\System32\wiarpc.dll
11:31:03.0450 1756 WiaRpc - ok
11:31:03.0465 1756 [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount C:\windows\system32\drivers\wimmount.sys
11:31:03.0481 1756 WIMMount - ok
11:31:03.0543 1756 WinDefend - ok
11:31:03.0622 1756 [ 7911470B6018059A880469A63B65700A ] WinHttpAutoProxySvc C:\windows\system32\winhttp.dll
11:31:03.0622 1756 WinHttpAutoProxySvc - ok
11:31:03.0684 1756 [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
11:31:03.0684 1756 Winmgmt - ok
11:31:03.0747 1756 [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0 C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys
11:31:03.0747 1756 WinRing0_1_2_0 - ok
11:31:03.0825 1756 [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM C:\windows\system32\WsmSvc.dll
11:31:03.0856 1756 WinRM - ok
11:31:03.0903 1756 [ BB20956C424531003F7FA6CD36F11D5D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
11:31:03.0903 1756 WinUsb - ok
11:31:03.0950 1756 [ 6351724B8FA0255C2DBD970297F00B93 ] WlanSvc C:\windows\System32\wlansvc.dll
11:31:03.0965 1756 WlanSvc - ok
11:31:04.0012 1756 [ B330CE47FB74A6BE9A3FFFF4B3F64D9B ] wlidsvc C:\windows\system32\wlidsvc.dll
11:31:04.0028 1756 wlidsvc - ok
11:31:04.0075 1756 [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi C:\windows\System32\drivers\wmiacpi.sys
11:31:04.0075 1756 WmiAcpi - ok
11:31:04.0153 1756 [ D113499052C5E541906B727779F0F959 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
11:31:04.0153 1756 wmiApSrv - ok
11:31:04.0200 1756 WMPNetworkSvc - ok
11:31:04.0200 1756 [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr C:\windows\system32\DRIVERS\wpcfltr.sys
11:31:04.0200 1756 wpcfltr - ok
11:31:04.0231 1756 [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc C:\windows\System32\wpcsvc.dll
11:31:04.0231 1756 WPCSvc - ok
11:31:04.0262 1756 [ 3013658A4D327854BEEC4A08D9655194 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
11:31:04.0262 1756 WPDBusEnum - ok
11:31:04.0325 1756 [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr C:\windows\system32\drivers\WpdUpFltr.sys
11:31:04.0325 1756 WpdUpFltr - ok
11:31:04.0340 1756 [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
11:31:04.0356 1756 ws2ifsl - ok
11:31:04.0372 1756 [ 012CFE7F0F95266F554EE3B91EE2128A ] wscsvc C:\windows\System32\wscsvc.dll
11:31:04.0387 1756 wscsvc - ok
11:31:04.0387 1756 WSearch - ok
11:31:04.0450 1756 [ D4D04839F3DFAF09D94BAB1016F7A297 ] WSService C:\windows\System32\WSService.dll
11:31:04.0481 1756 WSService - ok
11:31:04.0512 1756 [ 72B4E9DF6456C43C42A1419B09486045 ] wsvd C:\windows\system32\DRIVERS\wsvd.sys
11:31:04.0512 1756 wsvd - ok
11:31:04.0606 1756 [ 9DEC60D4783377097014DFCCA31E69F8 ] wuauserv C:\windows\system32\wuaueng.dll
11:31:04.0637 1756 wuauserv - ok
11:31:04.0668 1756 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
11:31:04.0668 1756 WudfPf - ok
11:31:04.0668 1756 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\System32\drivers\WUDFRd.sys
11:31:04.0668 1756 WUDFRd - ok
11:31:04.0684 1756 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
11:31:04.0700 1756 wudfsvc - ok
11:31:04.0700 1756 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs C:\windows\system32\DRIVERS\WUDFRd.sys
11:31:04.0700 1756 WUDFWpdFs - ok
11:31:04.0700 1756 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdMtp C:\windows\system32\DRIVERS\WUDFRd.sys
11:31:04.0700 1756 WUDFWpdMtp - ok
11:31:04.0731 1756 [ 6D9E07436B6646EC8F7EFFD39B6BA288 ] WwanSvc C:\windows\System32\wwansvc.dll
11:31:04.0747 1756 WwanSvc - ok
11:31:04.0840 1756 X6va012 - ok
11:31:04.0840 1756 X6va013 - ok
11:31:04.0903 1756 [ 03CD249A16CF815FFFD347DC61EF9E6D ] ZAtheros Bt and Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
11:31:04.0903 1756 ZAtheros Bt and Wlan Coex Agent - ok
11:31:04.0934 1756 ================ Scan global ===============================
11:31:04.0997 1756 [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\windows\system32\basesrv.dll
11:31:05.0028 1756 [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\windows\system32\winsrv.dll
11:31:05.0059 1756 [ BD7C6949984D19AAA609896B675E7357 ] C:\windows\system32\sxssrv.dll
11:31:05.0106 1756 [ 8F226143046435C75C033B0C52E90FFE ] C:\windows\system32\services.exe
11:31:05.0106 1756 [Global] - ok
11:31:05.0106 1756 ================ Scan MBR ==================================
11:31:05.0122 1756 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
11:31:05.0137 1756 \Device\Harddisk0\DR0 - ok
11:31:05.0137 1756 ================ Scan VBR ==================================
11:31:05.0137 1756 [ 41F105BAD697140E0F1A360BC963197A ] \Device\Harddisk0\DR0\Partition1
11:31:05.0137 1756 \Device\Harddisk0\DR0\Partition1 - ok
11:31:05.0153 1756 [ AF8A59F53C62645914677F12BCB5B542 ] \Device\Harddisk0\DR0\Partition2
11:31:05.0153 1756 \Device\Harddisk0\DR0\Partition2 - ok
11:31:05.0169 1756 [ A3322261FDD6033BF44A3BD5F401BD5E ] \Device\Harddisk0\DR0\Partition3
11:31:05.0169 1756 \Device\Harddisk0\DR0\Partition3 - ok
11:31:05.0184 1756 [ 3F215E98FD6E925DA8E24DB8D4FE1EA3 ] \Device\Harddisk0\DR0\Partition4
11:31:05.0184 1756 \Device\Harddisk0\DR0\Partition4 - ok
11:31:05.0184 1756 [ A462C87E814DA02EA7AB95292958A96A ] \Device\Harddisk0\DR0\Partition5
11:31:05.0200 1756 \Device\Harddisk0\DR0\Partition5 - ok
11:31:05.0262 1756 [ 66EDEE3392448FEC08EAFBA966337624 ] \Device\Harddisk0\DR0\Partition6
11:31:05.0262 1756 \Device\Harddisk0\DR0\Partition6 - ok
11:31:05.0278 1756 [ CFDBC5B1302A40A968BAC72AADFDC13B ] \Device\Harddisk0\DR0\Partition7
11:31:05.0294 1756 \Device\Harddisk0\DR0\Partition7 - ok
11:31:05.0294 1756 ============================================================
11:31:05.0294 1756 Scan finished
11:31:05.0294 1756 ============================================================
11:31:05.0294 1604 Detected object count: 0
11:31:05.0294 1604 Actual detected object count: 0
11:31:52.0305 4716 Deinitialize success

Příspěvekod **jaro3** » 16 zář 2013 09:30

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

T0m1k · Příspěvekod **T0m1k** » 17 zář 2013 13:53

ComboFix 13-09-16.01 - Lam . 09. 2013 13:42:20.1.4 - x64
Microsoft Windows 8 6.2.9200.0.1250.420.1029.18.8048.6443 [GMT 2:00]
Spuštěný z: c:\users\Lam\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\frapsvid.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-08-17 do 2013-09-17 )))))))))))))))))))))))))))))))
.
.
2013-09-15 06:24 . 2013-09-15 06:24 -------- d-----w- c:\windows\ERUNT
2013-09-15 06:15 . 2013-09-15 06:15 -------- d-----w- c:\users\Lam\AppData\Local\BMExplorer
2013-09-15 06:14 . 2013-09-15 06:14 -------- d-----w- c:\users\Lam\AppData\Local\Adobe
2013-09-14 18:49 . 2013-09-15 06:10 -------- d-----w- C:\AdwCleaner
2013-09-14 18:37 . 2013-09-14 18:37 -------- d-----w- c:\users\Lam\AppData\Roaming\Malwarebytes
2013-09-14 18:36 . 2013-09-14 18:36 -------- d-----w- c:\programdata\Malwarebytes
2013-09-14 18:36 . 2013-09-14 18:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-14 18:36 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-13 17:37 . 2013-09-13 17:37 388096 ----a-r- c:\users\Lam\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-09-13 17:37 . 2013-09-13 17:37 -------- d-----w- c:\program files (x86)\Trend Micro
2013-09-12 05:46 . 2013-09-12 05:46 265392 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10216.bin
2013-09-12 05:40 . 2013-09-12 05:40 -------- d-----w- C:\CherryDeGames
2013-09-11 19:21 . 2013-09-05 20:09 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-11 19:21 . 2013-09-05 20:09 694232 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-11 12:48 . 2013-08-21 05:53 775256 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2013-09-06 08:31 . 2013-09-06 08:31 -------- d-----w- c:\program files (x86)\MP3 Voice Recorder
2013-09-06 08:31 . 2004-03-08 19:30 212240 ----a-w- c:\windows\SysWow64\richtx32.ocx
2013-09-05 17:35 . 2013-09-12 20:03 -------- d-----w- c:\users\Lam\AppData\Roaming\vlc
2013-09-05 17:31 . 2013-09-05 17:31 -------- d-----w- c:\program files (x86)\Free Media Player
2013-09-05 17:30 . 2013-09-10 06:38 -------- d-----w- c:\program files (x86)\Seznam.cz
2013-09-05 17:30 . 2013-09-10 06:39 -------- d-----w- c:\users\Lam\AppData\Roaming\Seznam.cz
2013-09-04 04:39 . 2013-09-05 03:39 -------- d-----w- c:\program files (x86)\Common Files\Steam
2013-08-25 04:34 . 2013-08-25 04:52 -------- d-----w- c:\users\Lam\AppData\Local\Pokki
2013-08-25 04:27 . 2013-08-25 04:38 -------- d-----w- c:\program files (x86)\Real
2013-08-19 03:27 . 2013-08-19 03:27 -------- d-----w- c:\users\Lam\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-17 11:34 . 2013-06-24 23:47 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-09-11 17:32 . 2013-06-24 12:50 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-07-13 06:18 . 2013-08-14 08:53 337408 ----a-w- c:\windows\system32\wintrust.dll
2013-07-13 06:16 . 2013-08-14 08:53 1889280 ----a-w- c:\windows\system32\crypt32.dll
2013-07-13 06:16 . 2013-08-14 08:53 68096 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-13 06:15 . 2013-08-14 08:53 98304 ----a-w- c:\windows\system32\apprepsync.dll
2013-07-13 06:15 . 2013-08-14 08:53 124416 ----a-w- c:\windows\system32\apprepapi.dll
2013-07-13 04:24 . 2013-08-14 08:53 261120 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-13 04:23 . 2013-08-14 08:53 1568256 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-13 04:23 . 2013-08-14 08:53 87040 ----a-w- c:\windows\SysWow64\apprepapi.dll
2013-07-13 04:23 . 2013-08-14 08:53 74240 ----a-w- c:\windows\SysWow64\apprepsync.dll
2013-07-09 06:07 . 2013-08-14 08:58 2233168 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-07-02 17:13 . 2013-07-02 17:09 528726415 ----a-w- c:\program files (x86)\top2_setup_1.0.64.exe
2013-07-02 00:44 . 2013-08-14 08:59 36288 ----a-w- c:\windows\system32\drivers\WdBoot.sys
2013-07-01 22:08 . 2013-08-14 08:59 247216 ----a-w- c:\windows\system32\drivers\WdFilter.sys
2013-06-28 05:02 . 2013-06-25 03:35 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-28 05:02 . 2013-06-25 03:35 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-28 05:02 . 2013-06-25 03:35 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-25 03:44 . 2013-06-25 03:36 671261856 ----a-w- c:\program files\S4_League.exe
2013-06-25 03:39 . 2013-06-25 03:35 528726415 ----a-w- C:\top2_setup_1.0.64.exe
2013-06-24 23:48 . 2013-06-24 23:48 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-06-24 23:43 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2012-07-26 508656]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2012-07-27 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" [2012-07-27 167024]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2012-04-19 217088]
"RemoteControl10"="c:\program files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe" [2012-03-29 91432]
"IntellingentTouchpad"="c:\program files (x86)\Lenovo\Intelligent Touchpad\IntelligentTouchpad.exe" [2012-07-23 673336]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 vmicheartbeat;Služba prezenčního signálu technologie Hyper-V;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
R3 X6va013;X6va013;c:\windows\SysWOW64\Drivers\X6va013;c:\windows\SysWOW64\Drivers\X6va013 [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\System32\drivers\AcpiVpc.sys;c:\windows\SYSNATIVE\drivers\AcpiVpc.sys [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 BthLEEnum;Ovladač úspory energie technologie Bluetooth;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 rtsuvc;Lenovo EasyCamera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-05 09:10 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-09-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-25 17:08]
.
2013-09-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-908574775-679172992-511979433-1002Core.job
- c:\users\Lam\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-28 10:47]
.
2013-09-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-908574775-679172992-511979433-1002UA.job
- c:\users\Lam\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-28 10:47]
.
2013-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-09 05:59]
.
2013-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-09 05:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-12 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-12 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-12 441888]
"RtsFT"="RTFTrack.exe" [2012-08-27 6334096]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-10-26 13213840]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-10-29 1234064]
"BtPreLoad"="c:\program files (x86)\Bluetooth Suite\BtPreLoad.exe" [2012-09-30 64640]
"OnekeyStudio"="c:\program files\Lenovo\Onekey Theater\OnekeyStudio.exe" [2012-09-14 4196432]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-12-05 17080376]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-12-05 191544]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3BAD0226-4627-422F-B092-A25EE250FE75}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Lam\AppData\Roaming\Mozilla\Firefox\Profiles\jgia5n34.default\
FF - prefs.js: browser.startup.homepage -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Toolbar-{1C46A0DD-D53E-46C4-A435-CA11103E255E} - c:\program files (x86)\Industriya\privitize\1.8.21.6\privitizeTlbr.dll
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-privitize - c:\program files (x86)\Industriya\privitize\1.8.21.6\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va013]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va013"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Celkový čas: 2013-09-17 13:50:16
ComboFix-quarantined-files.txt 2013-09-17 11:50
.
Před spuštěním: 834 260 135 936 bytes free
Po spuštění: 834 112 327 680 bytes free
.
- - End Of File - - 5E3BE381D32EB05971E8AB81980E963B

Příspěvekod **jaro3** » 17 zář 2013 19:17

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

KillAll::
File::
c:\windows\SysWOW64\Drivers\X6va012
c:\windows\SysWOW64\Drivers\X6va013
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-908574775-679172992-511979433-1002Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-908574775-679172992-511979433-1002UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\program files (x86)\Seznam.cz
c:\users\Lam\AppData\Roaming\Seznam.cz
c:\users\Lam\AppData\Local\Facebook\Update
c:\program files (x86)\Google\Update


Driver::
X6va012
X6va013

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va012]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va013]

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
C:\top2_setup_1.0.64.exe
c:\windows\SYSNATIVE\svchost.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

Prosím o kontrolu- zpomalené ntb Vyřešeno

Prosím o kontrolu- zpomalené ntb

Re: Prosím o kontrolu- zpomalené ntb

Re: Prosím o kontrolu- zpomalené ntb

Re: Prosím o kontrolu- zpomalené ntb

Re: Prosím o kontrolu- zpomalené ntb

Re: Prosím o kontrolu- zpomalené ntb

Re: Prosím o kontrolu- zpomalené ntb

Re: Prosím o kontrolu- zpomalené ntb

Re: Prosím o kontrolu- zpomalené ntb

Re: Prosím o kontrolu- zpomalené ntb

Re: Prosím o kontrolu- zpomalené ntb

Re: Prosím o kontrolu- zpomalené ntb

Kdo je online