FRST log

64 views
Skip to first unread message

patrikzi...@gmail.com

unread,
Dec 18, 2013, 10:52:40 AM12/18/13
to virus...@googlegroups.com
lutujem inak mi to poslať nešlo, lebo som nemohol pripojiť súbor


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-12-2013 03
Ran by Patrik (administrator) on PATRIK-PC on 18-12-2013 16:17:19
Running from C:\Users\Patrik\Downloads
Windows 7 Ultimate (X64) OS Language: 041B
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
() C:\Users\Patrik\ASP\networks.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10151968 2010-04-20] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [369200 2009-10-30] (DT Soft Ltd)
HKCU\...\Run: [Adobe Media Software] - C:\ProgramData\AdobeMSoft0\bzsbkotiu.exe [430080 2013-12-18] (The Enigma Protector Developers Team)
HKCU\...\Run: [Network Service] - C:\Users\Patrik\ASP\networks.exe [35192 2013-12-17] ()
HKCU\...\Policies\Explorer: [TaskbarNoNotification] 1
HKCU\...\Policies\Explorer: [HideSCAHealth] 1
HKCU\...\CurrentVersion\Windows: [Load] c:\users\patrik\dxeone.exe <===== ATTENTION
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-03-07] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
IFEO\mbam.exe: [Debugger] cxy_.exe
IFEO\mbamgui.exe: [Debugger] vxd_.exe
IFEO\MSASCui.exe: [Debugger] uuqsy_.exe
IFEO\MsMpEng.exe: [Debugger] piztm_.exe
IFEO\msseces.exe: [Debugger] dtdas_.exe
IFEO\rstrui.exe: [Debugger] skskjbpc_.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCE9DCE1302FCCE01
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) =================

S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 s1039bus; C:\Windows\System32\DRIVERS\s1039bus.sys [127600 2009-11-19] (MCCI Corporation)
S3 s1039mdfl; C:\Windows\System32\DRIVERS\s1039mdfl.sys [19568 2009-11-19] (MCCI Corporation)
S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [161904 2009-11-19] (MCCI Corporation)
S3 s1039mgmt; C:\Windows\System32\DRIVERS\s1039mgmt.sys [141424 2009-11-19] (MCCI Corporation)
S3 s1039nd5; C:\Windows\System32\DRIVERS\s1039nd5.sys [34416 2009-11-19] (MCCI Corporation)
S3 s1039obex; C:\Windows\System32\DRIVERS\s1039obex.sys [137328 2009-11-19] (MCCI Corporation)
S3 s1039unic; C:\Windows\System32\DRIVERS\s1039unic.sys [158320 2009-11-19] (MCCI Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-02-20] ()
U3 ayz5wppd; C:\Windows\System32\Drivers\ayz5wppd.sys [0 ] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-18 16:17 - 2013-12-18 16:17 - 00006973 _____ C:\Users\Patrik\Downloads\FRST.txt
2013-12-18 16:04 - 2013-12-18 16:04 - 01929306 _____ (Farbar) C:\Users\Patrik\Downloads\FRST64.exe
2013-12-18 15:52 - 2013-12-18 15:58 - 00000000 ____D C:\AdwCleaner
2013-12-18 15:52 - 2013-12-18 15:52 - 01226750 _____ C:\Users\Patrik\Downloads\adwcleaner.exe
2013-12-18 15:45 - 2013-12-18 15:45 - 00935175 _____ C:\Users\Patrik\Downloads\RSITx64.exe
2013-12-18 15:44 - 2013-12-18 15:44 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-18 15:44 - 2013-12-18 15:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-18 15:44 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-18 15:28 - 2013-12-18 15:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Patrik\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-18 15:00 - 2013-12-18 15:00 - 00003202 _____ C:\Windows\System32\Tasks\Windows Update Check - 0x10F00377
2013-12-18 14:58 - 2013-12-18 14:58 - 00106496 _____ C:\Users\Patrik\AppData\Roaming\FlashPlayerVaziu.exe
2013-12-18 14:58 - 2013-12-18 14:58 - 00000000 __SHD C:\ProgramData\AdobeMSoft0
2013-12-18 14:58 - 2013-12-18 14:58 - 00000000 ____D C:\Users\Patrik\ASP
2013-12-15 19:52 - 2013-12-15 19:52 - 00000084 _____ C:\Users\Patrik\Desktop\ters.txt
2013-12-04 16:59 - 2013-12-04 16:59 - 00000000 ____D C:\Users\Patrik\Documents\EA Games
2013-12-04 16:57 - 2013-12-04 16:57 - 00002283 _____ C:\Users\Patrik\Desktop\Medal of Honor 2010.lnk
2013-12-04 16:57 - 2013-12-04 16:57 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-12-04 16:53 - 2013-12-04 16:53 - 00000000 ____D C:\Program Files (x86)\Electronic Arts

==================== One Month Modified Files and Folders =======

2013-12-18 16:17 - 2013-12-18 16:17 - 00006973 _____ C:\Users\Patrik\Downloads\FRST.txt
2013-12-18 16:05 - 2009-07-26 19:41 - 00614314 _____ C:\Windows\system32\perfh005.dat
2013-12-18 16:05 - 2009-07-26 19:41 - 00118486 _____ C:\Windows\system32\perfc005.dat
2013-12-18 16:05 - 2009-07-14 06:13 - 01445734 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-18 16:04 - 2013-12-18 16:04 - 01929306 _____ (Farbar) C:\Users\Patrik\Downloads\FRST64.exe
2013-12-18 16:04 - 2013-09-26 18:16 - 00000000 ____D C:\FRST
2013-12-18 16:03 - 2009-07-14 05:45 - 00022272 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-18 16:03 - 2009-07-14 05:45 - 00022272 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-18 16:01 - 2012-09-09 11:54 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-18 15:58 - 2013-12-18 15:52 - 00000000 ____D C:\AdwCleaner
2013-12-18 15:58 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-18 15:58 - 2009-07-14 05:51 - 00150068 _____ C:\Windows\setupact.log
2013-12-18 15:53 - 2011-05-08 12:20 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-12-18 15:53 - 2011-04-13 23:25 - 01860025 _____ C:\Windows\WindowsUpdate.log
2013-12-18 15:52 - 2013-12-18 15:52 - 01226750 _____ C:\Users\Patrik\Downloads\adwcleaner.exe
2013-12-18 15:45 - 2013-12-18 15:45 - 00935175 _____ C:\Users\Patrik\Downloads\RSITx64.exe
2013-12-18 15:44 - 2013-12-18 15:44 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-18 15:44 - 2013-12-18 15:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-18 15:28 - 2013-12-18 15:28 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Patrik\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-18 15:00 - 2013-12-18 15:00 - 00003202 _____ C:\Windows\System32\Tasks\Windows Update Check - 0x10F00377
2013-12-18 14:59 - 2011-04-14 17:27 - 00000000 ____D C:\Users\Patrik
2013-12-18 14:58 - 2013-12-18 14:58 - 00106496 _____ C:\Users\Patrik\AppData\Roaming\FlashPlayerVaziu.exe
2013-12-18 14:58 - 2013-12-18 14:58 - 00000000 __SHD C:\ProgramData\AdobeMSoft0
2013-12-18 14:58 - 2013-12-18 14:58 - 00000000 ____D C:\Users\Patrik\ASP
2013-12-15 19:52 - 2013-12-15 19:52 - 00000084 _____ C:\Users\Patrik\Desktop\ters.txt
2013-12-14 13:20 - 2013-08-15 07:48 - 00000000 ____D C:\Windows\system32\MRT
2013-12-14 13:19 - 2011-04-18 06:24 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-12 08:40 - 2011-08-25 14:39 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-11 21:33 - 2009-07-14 06:08 - 00032512 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-10 22:01 - 2012-09-09 11:54 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-10 22:01 - 2012-09-09 11:54 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-10 22:01 - 2011-05-29 14:31 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-04 16:59 - 2013-12-04 16:59 - 00000000 ____D C:\Users\Patrik\Documents\EA Games
2013-12-04 16:58 - 2012-02-22 16:06 - 00000000 ____D C:\Windows\SysWOW64\directx
2013-12-04 16:57 - 2013-12-04 16:57 - 00002283 _____ C:\Users\Patrik\Desktop\Medal of Honor 2010.lnk
2013-12-04 16:57 - 2013-12-04 16:57 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-12-04 16:53 - 2013-12-04 16:53 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-12-04 16:31 - 2011-04-13 20:11 - 00000000 ____D C:\Users\Patrik\AppData\Roaming\Skype
2013-12-02 07:41 - 2011-06-09 17:39 - 00084244 _____ C:\Windows\PFRO.log
2013-12-01 21:23 - 2011-06-27 15:03 - 00000000 ____D C:\Users\Patrik\AppData\Roaming\Notepad++
2013-12-01 21:23 - 2011-06-27 15:03 - 00000000 ____D C:\Program Files (x86)\Notepad++
2013-12-01 21:22 - 2012-02-23 13:32 - 00000000 ____D C:\Program Files (x86)\Sevt
2013-11-23 18:50 - 2009-07-14 03:34 - 00000478 _____ C:\Windows\win.ini
2013-11-19 12:50 - 2011-05-08 12:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-11-19 12:50 - 2011-05-07 06:19 - 00001945 _____ C:\Windows\epplauncher.mif
2013-11-19 11:21 - 2011-04-14 18:06 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Files to move or delete:
====================
C:\ProgramData\dx502D12B2.dat
C:\Users\Patrik\dxeone.exe


Some content of TEMP:
====================
C:\Users\Patrik\AppData\Local\Temp\cbdlfpvewny.exe
C:\Users\Patrik\AppData\Local\Temp\hemxccapeaj.exe
C:\Users\Patrik\AppData\Local\Temp\Quarantine.exe
C:\Users\Patrik\AppData\Local\Temp\xyqpdndnqgy.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-10 14:55

==================== End Of Log ============================

Stefan Stell

unread,
Dec 18, 2013, 11:24:01 AM12/18/13
to virus...@googlegroups.com
Takto, mas tazko infikovany pocitac, preto rob presne len to co pisem, nic viac a nic menej, vsetko rob podla mojej instrukcie.
Ak nieco nebudes vediet, tak pis, a pytaj sa.
Teraz stiahni prilohu Fixlist.txt
Presne tam musis Fixlist.txt stiahnut, ako mas FRST .txt. teda sem.
C:\Users\Patrik\Downloads

Potom spust znova FRST.exe, pravy klik, a spust ako administrator, ale POZOR, teraz kliknes na gombik.
FIX
Pockas kym program prebehne, v zlozke Users\Patrik\Downloads  sa ti vytvori  textovy subor FIXLOG.txt, ten sem nahraj ako prilohu, otm dostanes dalsie instrukcie.

fixlist.txt

patrikzi...@gmail.com

unread,
Dec 18, 2013, 11:33:16 AM12/18/13
to virus...@googlegroups.com
znova nemôžem poslať prílohu takže tu je kopia z fixlogu




Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-12-2013 03
Ran by Patrik at 2013-12-18 17:30:11 Run:2
Running from C:\Users\Patrik\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKCU\...\Run: [Adobe Media Software] - C:\ProgramData\AdobeMSoft0\bzsbkotiu.exe [430080 2013-12-18] (The Enigma Protector Developers Team)
HKCU\...\Run: [Network Service] - C:\Users\Patrik\ASP\networks.exe [35192 2013-12-17] ()
HKCU\...\Run: [Network Service] - C:\Users\Patrik\ASP\networks.exe [35192 2013-12-17] ()
HKCU\...\Policies\Explorer: [TaskbarNoNotification] 1
HKCU\...\Policies\Explorer: [HideSCAHealth] 1
HKCU\...\CurrentVersion\Windows: [Load] c:\users\patrik\dxeone.exe <===== ATTENTION
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2011-03-07] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
IFEO\mbam.exe: [Debugger] cxy_.exe
IFEO\mbamgui.exe: [Debugger] vxd_.exe
IFEO\MSASCui.exe: [Debugger] uuqsy_.exe
IFEO\MsMpEng.exe: [Debugger] piztm_.exe
IFEO\msseces.exe: [Debugger] dtdas_.exe
IFEO\rstrui.exe: [Debugger] skskjbpc_.exe
2013-12-18 14:58 - 2013-12-18 14:58 - 00106496 _____ C:\Users\Patrik\AppData\Roaming\FlashPlayerVaziu.exe
2013-12-18 14:58 - 2013-12-18 14:58 - 00000000 __SHD C:\ProgramData\AdobeMSoft0
2013-12-18 14:58 - 2013-12-18 14:58 - 00000000 ____D C:\Users\Patrik\ASP
C:\ProgramData\dx502D12B2.dat
C:\Users\Patrik\dxeone.exe
C:\Users\Patrik\AppData\Local\Temp\cbdlfpvewny.exe
C:\Users\Patrik\AppData\Local\Temp\hemxccapeaj.exe
C:\Users\Patrik\AppData\Local\Temp\Quarantine.exe
C:\Users\Patrik\AppData\Local\Temp\xyqpdndnqgy.exe
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Media Software => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Network Service => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Network Service => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\TaskbarNoNotification => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => Value deleted successfully.
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Value was restored successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamgui.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MSASCui.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MsMpEng.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msseces.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rstrui.exe => Key deleted successfully.
C:\Users\Patrik\AppData\Roaming\FlashPlayerVaziu.exe => Moved successfully.
C:\ProgramData\AdobeMSoft0 => Moved successfully.
C:\Users\Patrik\ASP => Moved successfully.
C:\ProgramData\dx502D12B2.dat => Moved successfully.
C:\Users\Patrik\dxeone.exe => Moved successfully.
C:\Users\Patrik\AppData\Local\Temp\cbdlfpvewny.exe => Moved successfully.
C:\Users\Patrik\AppData\Local\Temp\hemxccapeaj.exe => Moved successfully.
C:\Users\Patrik\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Patrik\AppData\Local\Temp\xyqpdndnqgy.exe => Moved successfully.

==== End of Fixlog ====

Stefan Stell

unread,
Dec 18, 2013, 11:47:23 AM12/18/13
to virus...@googlegroups.com
Ok, otazka, preco subory sem nenahravas ako prilohu??
Vsak ked pises ,hore je odkaz, PRIPOJIT subor, kliknes nan, a najdes subor v pocitaci, a nahrajes to.ok.
Takze pokracuj Takto:
1:Stiahni program  RKILL z mojho blogu. precitaj si navod a spust ako admin.
http://www.viruskasino.com/2011/01/ako-zacat.html#RKILL
log nahraj sem ako prilohu.

2:Stiahni program Malwarebytes-AntiRootkit RKILL z mojho blogu. precitaj si navod a spust ako admin.
http://www.viruskasino.com/2010/12/programy-na-odstranenie-malware-z.html#Malwarebytes%20Anti-Rootkit
log nahraj sem ako prilohu.

3:Stiahnes TDSSKILLER
precitaj si navod a spust ako admin.
http://www.viruskasino.com/2010/12/odstranenie-rootkitov.html
log nahraj sem ako prilohu.

4:Stiahni ADWCLEANER precitaj si navod a spust ako admin.NEZABUDNI PO SKENE DAT CLEAN>
http://www.viruskasino.com/2012/09/adwcleaner.html
log nahraj sem ako prilohu.

Potom uvidime ako dalej.

patrikzi...@gmail.com

unread,
Dec 18, 2013, 11:52:26 AM12/18/13
to virus...@googlegroups.com
prilohu mi nechce pripojit, neustale to len načítava dokola. a neprida ju pretoto davam takto. idem na to potom napíšem

Stefan Stell

unread,
Dec 18, 2013, 12:05:13 PM12/18/13
to virus...@googlegroups.com
Takto,este mas infikovany pocitac, vyskusaj po pouziti programov, ci nahras, ich. klikni na tento odkaz,
http://viruskasino.blogspot.sk/p/blog-page_6.html
a tu skus nacitat prilohu, ak ani tu nepojde, tak potom ich davaj, tak ako doteraz.

patrikzi...@gmail.com

unread,
Dec 18, 2013, 12:16:07 PM12/18/13
to virus...@googlegroups.com
mám problém, o 10 minút musím odísť, dúfam, že nebude vadiť ak to dokončím ráno ...

Stefan Stell

unread,
Dec 18, 2013, 12:17:50 PM12/18/13
to virus...@googlegroups.com
Ok, stacis,

patrikzi...@gmail.com

unread,
Dec 18, 2013, 3:16:05 PM12/18/13
to virus...@googlegroups.com
použil som všetky programy, dúfam, že správne. prílohu nemôžem poslať tak ich nahrám tak ako doteraz

patrikzi...@gmail.com

unread,
Dec 18, 2013, 3:17:06 PM12/18/13
to virus...@googlegroups.com
RKILL

Rkill 2.6.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/18/2013 06:03:57 PM in x64 mode.
Windows Version: Windows 7 Ultimate

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Brána Windows Firewall (MpsSvc) is not Running.
Startup Type set to: Disabled

* Security Center (wscsvc) is not Running.
Startup Type set to: Disabled

* Windows Update (wuauserv) is not Running.
Startup Type set to: Disabled

* Ovládač overenia brány Windows Firewall (mpsdrv) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 12/18/2013 06:04:04 PM
Execution time: 0 hours(s), 0 minute(s), and 7 seconds(s)

patrikzi...@gmail.com

unread,
Dec 18, 2013, 3:18:47 PM12/18/13
to virus...@googlegroups.com
mbar

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_35

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Z:\ DRIVE_FIXED
CPU speed: 2.932000 GHz
Memory total: 4258390016, free: 3096002560

Downloaded database version: v2013.12.18.05
Downloaded database version: v2013.10.11.02
Initializing...
======================
------------ Kernel report ------------
12/18/2013 18:05:54
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\spvp.sys
\SystemRoot\System32\Drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\intelide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\Drivers\azf5mmxk.SYS
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\rpcrt4.dll
\Windows\System32\iertutil.dll
\Windows\System32\urlmon.dll
\Windows\System32\advapi32.dll
\Windows\System32\normaliz.dll
\Windows\System32\setupapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\imm32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\ole32.dll
\Windows\System32\nsi.dll
\Windows\System32\usp10.dll
\Windows\System32\lpk.dll
\Windows\System32\user32.dll
\Windows\System32\wininet.dll
\Windows\System32\kernel32.dll
\Windows\System32\gdi32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\imagehlp.dll
\Windows\System32\shlwapi.dll
\Windows\System32\shell32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\difxapi.dll
\Windows\System32\sechost.dll
\Windows\System32\ws2_32.dll
\Windows\System32\psapi.dll
\Windows\System32\msctf.dll
\Windows\System32\oleaut32.dll
\Windows\System32\devobj.dll
\Windows\System32\comctl32.dll
\Windows\System32\wintrust.dll
\Windows\System32\crypt32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR2
Upper Device Object: 0xfffffa8003e75790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006d\
Lower Device Object: 0xfffffa8003e76b70
Lower Device Driver Name: \Driver\USBSTOR\
IRP handler 0 of \Driver\USBSTOR points to an unknown module
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR2
Upper Device Object: 0xfffffa8003e75790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006d\
Lower Device Object: 0xfffffa8003e76b70
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004695060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-2\
Lower Device Object: 0xfffffa8004538680
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004695060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004695b20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004695060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80044a9c40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8004538680, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a0038b38c0, 0xfffffa8004695060, 0xfffffa800431f630
Lower DeviceData: 0xfffff8a00ac4dc80, 0xfffffa8004538680, 0xfffffa8003abd340
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sptd.sys (0x00000020)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 5D2F0350

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 511793152

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 512000000 Numsec = 464771072

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8003e75790, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8003e91b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8003e75790, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8003e76b70, DeviceName: \Device\0000006d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00ab2e2a0, 0xfffffa8003e75790, 0xfffffa8004324090
Lower DeviceData: 0xfffff8a00361b590, 0xfffffa8003e76b70, 0xfffffa80042af5b0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 91F72D24

Partition information:

Partition 0 type is Other (0x6)
Partition is ACTIVE.
Partition starts at LBA: 32 Numsec = 981728
Partition file system is FAT
Partition is not bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 502661120 bytes
Sector size: 512 bytes

Done!
Infected: C:\ProgramData\AdobeMSoft0\bzsbkotiu.exe --> [Trojan.LVBP]
Infected: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Adobe Media Software --> [Trojan.LVBP]
Infected: C:\$Recycle.Bin\S-1-5-21-1348779906-1493868690-708309629-1000\$RTETGO2.exe --> [Trojan.LVBP]
Infected: C:\Users\Patrik\dxeone.exe --> [Trojan.VBInject]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1008

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_35

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Z:\ DRIVE_FIXED
CPU speed: 2.932000 GHz
Memory total: 4258390016, free: 3283726336

=======================================

patrikzi...@gmail.com

unread,
Dec 18, 2013, 3:20:22 PM12/18/13
to virus...@googlegroups.com
TDDS Killer

21:04:38.0497 2092 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:04:38.0927 2092 ============================================================
21:04:38.0927 2092 Current date / time: 2013/12/18 21:04:38.0927
21:04:38.0927 2092 SystemInfo:
21:04:38.0927 2092
21:04:38.0927 2092 OS Version: 6.1.7600 ServicePack: 0.0
21:04:38.0927 2092 Product type: Workstation
21:04:38.0927 2092 ComputerName: PATRIK-PC
21:04:38.0927 2092 UserName: Patrik
21:04:38.0927 2092 Windows directory: C:\Windows
21:04:38.0927 2092 System windows directory: C:\Windows
21:04:38.0927 2092 Running under WOW64
21:04:38.0927 2092 Processor architecture: Intel x64
21:04:38.0927 2092 Number of processors: 2
21:04:38.0927 2092 Page size: 0x1000
21:04:38.0927 2092 Boot type: Normal boot
21:04:38.0927 2092 ============================================================
21:04:40.0247 2092 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x38080, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
21:04:40.0257 2092 Drive \Device\Harddisk1\DR1 - Size: 0x1DF60000 (0.47 Gb), SectorSize: 0x200, Cylinders: 0x3D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:04:40.0257 2092 ============================================================
21:04:40.0257 2092 \Device\Harddisk0\DR0:
21:04:40.0257 2092 MBR partitions:
21:04:40.0257 2092 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:04:40.0257 2092 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1E815800
21:04:40.0257 2092 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1E848000, BlocksNum 0x1BB3D800
21:04:40.0257 2092 \Device\Harddisk1\DR1:
21:04:40.0257 2092 MBR partitions:
21:04:40.0257 2092 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0xEFAE0
21:04:40.0257 2092 ============================================================
21:04:40.0267 2092 C: <-> \Device\Harddisk0\DR0\Partition2
21:04:40.0307 2092 D: <-> \Device\Harddisk0\DR0\Partition3
21:04:40.0337 2092 Z: <-> \Device\Harddisk0\DR0\Partition1
21:04:40.0337 2092 ============================================================
21:04:40.0337 2092 Initialize success
21:04:40.0337 2092 ============================================================
21:04:42.0139 3212 ============================================================
21:04:42.0139 3212 Scan started
21:04:42.0139 3212 Mode: Manual;
21:04:42.0139 3212 ============================================================
21:04:43.0479 3212 ================ Scan system memory ========================
21:04:43.0479 3212 System memory - ok
21:04:43.0479 3212 ================ Scan services =============================
21:04:43.0599 3212 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
21:04:43.0599 3212 1394ohci - ok
21:04:43.0629 3212 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
21:04:43.0629 3212 ACPI - ok
21:04:43.0649 3212 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
21:04:43.0649 3212 AcpiPmi - ok
21:04:43.0759 3212 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:04:43.0759 3212 AdobeARMservice - ok
21:04:43.0859 3212 [ 1BA1AB4141A92EB34DA99F1249CA2D4D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:04:43.0859 3212 AdobeFlashPlayerUpdateSvc - ok
21:04:43.0899 3212 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:04:43.0899 3212 adp94xx - ok
21:04:43.0939 3212 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:04:43.0939 3212 adpahci - ok
21:04:43.0949 3212 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:04:43.0949 3212 adpu320 - ok
21:04:43.0979 3212 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:04:43.0979 3212 AeLookupSvc - ok
21:04:44.0029 3212 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
21:04:44.0029 3212 AFD - ok
21:04:44.0069 3212 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
21:04:44.0069 3212 agp440 - ok
21:04:44.0089 3212 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:04:44.0089 3212 ALG - ok
21:04:44.0099 3212 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
21:04:44.0109 3212 aliide - ok
21:04:44.0119 3212 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
21:04:44.0119 3212 amdide - ok
21:04:44.0139 3212 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:04:44.0139 3212 AmdK8 - ok
21:04:44.0149 3212 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:04:44.0149 3212 AmdPPM - ok
21:04:44.0159 3212 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
21:04:44.0159 3212 amdsata - ok
21:04:44.0179 3212 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:04:44.0179 3212 amdsbs - ok
21:04:44.0199 3212 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
21:04:44.0199 3212 amdxata - ok
21:04:44.0229 3212 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
21:04:44.0229 3212 AppID - ok
21:04:44.0249 3212 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:04:44.0249 3212 AppIDSvc - ok
21:04:44.0259 3212 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
21:04:44.0259 3212 Appinfo - ok
21:04:44.0299 3212 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:04:44.0299 3212 Apple Mobile Device - ok
21:04:44.0319 3212 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
21:04:44.0319 3212 AppMgmt - ok
21:04:44.0339 3212 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:04:44.0339 3212 arc - ok
21:04:44.0349 3212 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:04:44.0349 3212 arcsas - ok
21:04:44.0369 3212 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:04:44.0369 3212 AsyncMac - ok
21:04:44.0379 3212 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
21:04:44.0379 3212 atapi - ok
21:04:44.0429 3212 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:04:44.0439 3212 AudioEndpointBuilder - ok
21:04:44.0449 3212 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:04:44.0449 3212 AudioSrv - ok
21:04:44.0469 3212 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:04:44.0469 3212 AxInstSV - ok
21:04:44.0489 3212 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:04:44.0489 3212 b06bdrv - ok
21:04:44.0519 3212 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:04:44.0519 3212 b57nd60a - ok
21:04:44.0549 3212 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:04:44.0549 3212 BDESVC - ok
21:04:44.0569 3212 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:04:44.0569 3212 Beep - ok
21:04:44.0599 3212 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
21:04:44.0599 3212 BFE - ok
21:04:44.0639 3212 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
21:04:44.0639 3212 BITS - ok
21:04:44.0659 3212 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:04:44.0669 3212 blbdrive - ok
21:04:44.0729 3212 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
21:04:44.0739 3212 Bonjour Service - ok
21:04:44.0759 3212 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:04:44.0769 3212 bowser - ok
21:04:44.0779 3212 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:04:44.0779 3212 BrFiltLo - ok
21:04:44.0789 3212 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:04:44.0789 3212 BrFiltUp - ok
21:04:44.0829 3212 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
21:04:44.0829 3212 Browser - ok
21:04:44.0839 3212 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:04:44.0849 3212 Brserid - ok
21:04:44.0859 3212 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:04:44.0859 3212 BrSerWdm - ok
21:04:44.0879 3212 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:04:44.0879 3212 BrUsbMdm - ok
21:04:44.0889 3212 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:04:44.0889 3212 BrUsbSer - ok
21:04:44.0899 3212 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:04:44.0899 3212 BTHMODEM - ok
21:04:44.0919 3212 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:04:44.0919 3212 bthserv - ok
21:04:44.0929 3212 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:04:44.0929 3212 cdfs - ok
21:04:44.0959 3212 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:04:44.0959 3212 cdrom - ok
21:04:44.0979 3212 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
21:04:44.0979 3212 CertPropSvc - ok
21:04:44.0999 3212 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:04:44.0999 3212 circlass - ok
21:04:45.0029 3212 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:04:45.0029 3212 CLFS - ok
21:04:45.0089 3212 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:04:45.0089 3212 clr_optimization_v2.0.50727_32 - ok
21:04:45.0119 3212 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:04:45.0119 3212 clr_optimization_v2.0.50727_64 - ok
21:04:45.0149 3212 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:04:45.0149 3212 CmBatt - ok
21:04:45.0159 3212 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
21:04:45.0159 3212 cmdide - ok
21:04:45.0199 3212 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
21:04:45.0199 3212 CNG - ok
21:04:45.0219 3212 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:04:45.0219 3212 Compbatt - ok
21:04:45.0239 3212 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
21:04:45.0239 3212 CompositeBus - ok
21:04:45.0249 3212 COMSysApp - ok
21:04:45.0269 3212 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:04:45.0269 3212 crcdisk - ok
21:04:45.0309 3212 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:04:45.0319 3212 CryptSvc - ok
21:04:45.0329 3212 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
21:04:45.0329 3212 CSC - ok
21:04:45.0349 3212 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
21:04:45.0359 3212 CscService - ok
21:04:45.0389 3212 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:04:45.0389 3212 DcomLaunch - ok
21:04:45.0429 3212 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:04:45.0429 3212 defragsvc - ok
21:04:45.0459 3212 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:04:45.0459 3212 DfsC - ok
21:04:45.0489 3212 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
21:04:45.0489 3212 Dhcp - ok
21:04:45.0509 3212 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:04:45.0509 3212 discache - ok
21:04:45.0529 3212 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:04:45.0529 3212 Disk - ok
21:04:45.0559 3212 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:04:45.0559 3212 Dnscache - ok
21:04:45.0579 3212 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
21:04:45.0579 3212 dot3svc - ok
21:04:45.0599 3212 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
21:04:45.0599 3212 DPS - ok
21:04:45.0619 3212 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:04:45.0619 3212 drmkaud - ok
21:04:45.0659 3212 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:04:45.0659 3212 DXGKrnl - ok
21:04:45.0679 3212 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:04:45.0679 3212 EapHost - ok
21:04:45.0739 3212 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:04:45.0779 3212 ebdrv - ok
21:04:45.0809 3212 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
21:04:45.0810 3212 EFS - ok
21:04:45.0851 3212 [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:04:45.0861 3212 ehRecvr - ok
21:04:45.0871 3212 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:04:45.0871 3212 ehSched - ok
21:04:45.0901 3212 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:04:45.0911 3212 elxstor - ok
21:04:45.0911 3212 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
21:04:45.0911 3212 ErrDev - ok
21:04:45.0961 3212 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:04:45.0961 3212 EventSystem - ok
21:04:45.0981 3212 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:04:45.0981 3212 exfat - ok
21:04:46.0011 3212 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:04:46.0011 3212 fastfat - ok
21:04:46.0041 3212 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
21:04:46.0051 3212 Fax - ok
21:04:46.0061 3212 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:04:46.0061 3212 fdc - ok
21:04:46.0091 3212 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:04:46.0091 3212 fdPHost - ok
21:04:46.0111 3212 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:04:46.0111 3212 FDResPub - ok
21:04:46.0131 3212 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:04:46.0131 3212 FileInfo - ok
21:04:46.0141 3212 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:04:46.0141 3212 Filetrace - ok
21:04:46.0161 3212 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:04:46.0161 3212 flpydisk - ok
21:04:46.0181 3212 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:04:46.0181 3212 FltMgr - ok
21:04:46.0221 3212 [ BC00505CFDA789ED3BE95D2FF38C4875 ] FontCache C:\Windows\system32\FntCache.dll
21:04:46.0231 3212 FontCache - ok
21:04:46.0261 3212 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:04:46.0261 3212 FontCache3.0.0.0 - ok
21:04:46.0281 3212 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:04:46.0281 3212 FsDepends - ok
21:04:46.0311 3212 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:04:46.0311 3212 Fs_Rec - ok
21:04:46.0341 3212 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:04:46.0341 3212 fvevol - ok
21:04:46.0361 3212 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:04:46.0361 3212 gagp30kx - ok
21:04:46.0401 3212 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:04:46.0401 3212 GEARAspiWDM - ok
21:04:46.0441 3212 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
21:04:46.0441 3212 gpsvc - ok
21:04:46.0461 3212 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:04:46.0461 3212 hcw85cir - ok
21:04:46.0501 3212 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:04:46.0501 3212 HdAudAddService - ok
21:04:46.0531 3212 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:04:46.0531 3212 HDAudBus - ok
21:04:46.0541 3212 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:04:46.0541 3212 HidBatt - ok
21:04:46.0541 3212 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:04:46.0541 3212 HidBth - ok
21:04:46.0551 3212 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:04:46.0551 3212 HidIr - ok
21:04:46.0581 3212 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:04:46.0581 3212 hidserv - ok
21:04:46.0621 3212 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:04:46.0621 3212 HidUsb - ok
21:04:46.0651 3212 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:04:46.0651 3212 hkmsvc - ok
21:04:46.0661 3212 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:04:46.0661 3212 HomeGroupListener - ok
21:04:46.0671 3212 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:04:46.0681 3212 HomeGroupProvider - ok
21:04:46.0691 3212 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
21:04:46.0691 3212 HpSAMD - ok
21:04:46.0721 3212 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:04:46.0731 3212 HTTP - ok
21:04:46.0731 3212 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:04:46.0731 3212 hwpolicy - ok
21:04:46.0771 3212 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:04:46.0771 3212 i8042prt - ok
21:04:46.0801 3212 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
21:04:46.0811 3212 iaStorV - ok
21:04:46.0851 3212 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:04:46.0861 3212 idsvc - ok
21:04:47.0011 3212 [ 2A22AB054F4630D2EF4BAB2853F6D5F6 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
21:04:47.0131 3212 igfx - ok
21:04:47.0161 3212 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:04:47.0161 3212 iirsp - ok
21:04:47.0191 3212 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
21:04:47.0201 3212 IKEEXT - ok
21:04:47.0261 3212 [ D6B90D1208CFC57E9F213357BCC41A3C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:04:47.0271 3212 IntcAzAudAddService - ok
21:04:47.0281 3212 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
21:04:47.0291 3212 intelide - ok
21:04:47.0311 3212 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:04:47.0311 3212 intelppm - ok
21:04:47.0341 3212 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:04:47.0341 3212 IPBusEnum - ok
21:04:47.0351 3212 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:04:47.0351 3212 IpFilterDriver - ok
21:04:47.0371 3212 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:04:47.0381 3212 iphlpsvc - ok
21:04:47.0391 3212 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:04:47.0391 3212 IPMIDRV - ok
21:04:47.0421 3212 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:04:47.0431 3212 IPNAT - ok
21:04:47.0531 3212 [ F8E8676D1B6B2CC12DF9AA6B1A43D929 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:04:47.0541 3212 iPod Service - ok
21:04:47.0571 3212 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:04:47.0581 3212 IRENUM - ok
21:04:47.0591 3212 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
21:04:47.0591 3212 isapnp - ok
21:04:47.0611 3212 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
21:04:47.0611 3212 iScsiPrt - ok
21:04:47.0631 3212 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:04:47.0631 3212 kbdclass - ok
21:04:47.0651 3212 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:04:47.0651 3212 kbdhid - ok
21:04:47.0661 3212 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
21:04:47.0661 3212 KeyIso - ok
21:04:47.0691 3212 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:04:47.0691 3212 KSecDD - ok
21:04:47.0701 3212 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:04:47.0701 3212 KSecPkg - ok
21:04:47.0731 3212 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:04:47.0731 3212 ksthunk - ok
21:04:47.0751 3212 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:04:47.0761 3212 KtmRm - ok
21:04:47.0791 3212 [ B4A3A05B0F9C81D098B96AB6AA915042 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
21:04:47.0791 3212 L1C - ok
21:04:47.0821 3212 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:04:47.0821 3212 LanmanServer - ok
21:04:47.0841 3212 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:04:47.0841 3212 LanmanWorkstation - ok
21:04:47.0861 3212 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:04:47.0861 3212 lltdio - ok
21:04:47.0881 3212 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:04:47.0881 3212 lltdsvc - ok
21:04:47.0901 3212 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:04:47.0901 3212 lmhosts - ok
21:04:47.0931 3212 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:04:47.0931 3212 LSI_FC - ok
21:04:47.0951 3212 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:04:47.0951 3212 LSI_SAS - ok
21:04:47.0961 3212 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:04:47.0961 3212 LSI_SAS2 - ok
21:04:47.0971 3212 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:04:47.0971 3212 LSI_SCSI - ok
21:04:48.0001 3212 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:04:48.0001 3212 luafv - ok
21:04:48.0111 3212 [ 07389F6925E490D2DB7882110E99921C ] lvpepf64 C:\Windows\system32\DRIVERS\lv302a64.sys
21:04:48.0121 3212 lvpepf64 - ok
21:04:48.0148 3212 [ 7F0BA3A6E8996F15693C6B7D81DA049E ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
21:04:48.0157 3212 LVRS64 - ok
21:04:48.0173 3212 [ 5C3FF68267A5D242EE79EE01B993D6CE ] LVUSBS64 C:\Windows\system32\drivers\LVUSBS64.sys
21:04:48.0173 3212 LVUSBS64 - ok
21:04:48.0193 3212 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:04:48.0193 3212 Mcx2Svc - ok
21:04:48.0213 3212 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:04:48.0214 3212 megasas - ok
21:04:48.0235 3212 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:04:48.0235 3212 MegaSR - ok
21:04:48.0305 3212 Microsoft SharePoint Workspace Audit Service - ok
21:04:48.0345 3212 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:04:48.0345 3212 MMCSS - ok
21:04:48.0362 3212 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:04:48.0363 3212 Modem - ok
21:04:48.0388 3212 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:04:48.0389 3212 monitor - ok
21:04:48.0414 3212 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:04:48.0414 3212 mouclass - ok
21:04:48.0444 3212 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:04:48.0445 3212 mouhid - ok
21:04:48.0457 3212 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:04:48.0459 3212 mountmgr - ok
21:04:48.0516 3212 [ C6B88D62F20AC646C6BD5C032EC2FAF9 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
21:04:48.0519 3212 MpFilter - ok
21:04:48.0549 3212 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
21:04:48.0551 3212 mpio - ok
21:04:48.0580 3212 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:04:48.0582 3212 mpsdrv - ok
21:04:48.0609 3212 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:04:48.0616 3212 MpsSvc - ok
21:04:48.0627 3212 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:04:48.0627 3212 MRxDAV - ok
21:04:48.0657 3212 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:04:48.0667 3212 mrxsmb - ok
21:04:48.0697 3212 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:04:48.0707 3212 mrxsmb10 - ok
21:04:48.0717 3212 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:04:48.0717 3212 mrxsmb20 - ok
21:04:48.0737 3212 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
21:04:48.0737 3212 msahci - ok
21:04:48.0747 3212 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
21:04:48.0757 3212 msdsm - ok
21:04:48.0777 3212 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:04:48.0777 3212 MSDTC - ok
21:04:48.0799 3212 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:04:48.0800 3212 Msfs - ok
21:04:48.0807 3212 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:04:48.0808 3212 mshidkmdf - ok
21:04:48.0819 3212 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
21:04:48.0819 3212 msisadrv - ok
21:04:48.0839 3212 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:04:48.0839 3212 MSiSCSI - ok
21:04:48.0849 3212 msiserver - ok
21:04:48.0869 3212 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:04:48.0869 3212 MSKSSRV - ok
21:04:48.0939 3212 [ 7675E15D1B2180745E4DA4D26AAD7385 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:04:48.0939 3212 MsMpSvc - ok
21:04:48.0959 3212 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:04:48.0959 3212 MSPCLOCK - ok
21:04:48.0969 3212 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:04:48.0969 3212 MSPQM - ok
21:04:48.0989 3212 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:04:48.0999 3212 MsRPC - ok
21:04:49.0009 3212 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:04:49.0009 3212 mssmbios - ok
21:04:49.0029 3212 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:04:49.0029 3212 MSTEE - ok
21:04:49.0049 3212 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:04:49.0049 3212 MTConfig - ok
21:04:49.0089 3212 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
21:04:49.0089 3212 MTsensor - ok
21:04:49.0099 3212 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:04:49.0099 3212 Mup - ok
21:04:49.0129 3212 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
21:04:49.0129 3212 napagent - ok
21:04:49.0159 3212 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:04:49.0159 3212 NativeWifiP - ok
21:04:49.0189 3212 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
21:04:49.0199 3212 NDIS - ok
21:04:49.0209 3212 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:04:49.0209 3212 NdisCap - ok
21:04:49.0239 3212 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:04:49.0239 3212 NdisTapi - ok
21:04:49.0249 3212 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:04:49.0259 3212 Ndisuio - ok
21:04:49.0269 3212 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:04:49.0279 3212 NdisWan - ok
21:04:49.0289 3212 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:04:49.0289 3212 NDProxy - ok
21:04:49.0309 3212 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:04:49.0309 3212 NetBIOS - ok
21:04:49.0319 3212 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:04:49.0329 3212 NetBT - ok
21:04:49.0339 3212 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
21:04:49.0339 3212 Netlogon - ok
21:04:49.0379 3212 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:04:49.0392 3212 Netman - ok
21:04:49.0451 3212 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:04:49.0461 3212 netprofm - ok
21:04:49.0503 3212 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:04:49.0506 3212 NetTcpPortSharing - ok
21:04:49.0565 3212 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:04:49.0566 3212 nfrd960 - ok
21:04:49.0623 3212 [ ACE8C64C57E4A711473C8BC10ADF692B ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:04:49.0624 3212 NisDrv - ok
21:04:49.0648 3212 [ 6247E8B31ED0A9D6BC5A26276E49BEB3 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
21:04:49.0652 3212 NisSrv - ok
21:04:49.0680 3212 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:04:49.0683 3212 NlaSvc - ok
21:04:49.0698 3212 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:04:49.0699 3212 Npfs - ok
21:04:49.0711 3212 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:04:49.0712 3212 nsi - ok
21:04:49.0733 3212 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:04:49.0734 3212 nsiproxy - ok
21:04:49.0783 3212 [ 9A6089B056EA1B83B36424FC9D0A300E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:04:49.0793 3212 Ntfs - ok
21:04:49.0803 3212 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:04:49.0803 3212 Null - ok
21:04:49.0823 3212 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
21:04:49.0823 3212 nvraid - ok
21:04:49.0843 3212 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
21:04:49.0843 3212 nvstor - ok
21:04:49.0863 3212 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
21:04:49.0873 3212 nv_agp - ok
21:04:49.0883 3212 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
21:04:49.0883 3212 ohci1394 - ok
21:04:49.0933 3212 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:04:49.0933 3212 ose64 - ok
21:04:50.0075 3212 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:04:50.0116 3212 osppsvc - ok
21:04:50.0147 3212 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:04:50.0147 3212 p2pimsvc - ok
21:04:50.0167 3212 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:04:50.0177 3212 p2psvc - ok
21:04:50.0197 3212 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:04:50.0207 3212 Parport - ok
21:04:50.0227 3212 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:04:50.0237 3212 partmgr - ok
21:04:50.0267 3212 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:04:50.0287 3212 PcaSvc - ok
21:04:50.0317 3212 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
21:04:50.0317 3212 pci - ok
21:04:50.0327 3212 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
21:04:50.0327 3212 pciide - ok
21:04:50.0357 3212 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:04:50.0367 3212 pcmcia - ok
21:04:50.0387 3212 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:04:50.0387 3212 pcw - ok
21:04:50.0417 3212 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:04:50.0427 3212 PEAUTH - ok
21:04:50.0467 3212 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
21:04:50.0487 3212 PeerDistSvc - ok
21:04:50.0539 3212 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:04:50.0539 3212 PerfHost - ok
21:04:50.0638 3212 [ 087A343DFC337F37723DD7912DE6B6CD ] PID_PEPI C:\Windows\system32\DRIVERS\LV302V64.SYS
21:04:50.0662 3212 PID_PEPI - ok
21:04:50.0699 3212 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
21:04:50.0712 3212 pla - ok
21:04:50.0784 3212 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:04:50.0789 3212 PlugPlay - ok
21:04:50.0815 3212 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:04:50.0817 3212 PNRPAutoReg - ok
21:04:50.0844 3212 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:04:50.0846 3212 PNRPsvc - ok
21:04:50.0897 3212 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:04:50.0902 3212 PolicyAgent - ok
21:04:50.0925 3212 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:04:50.0927 3212 Power - ok
21:04:51.0004 3212 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:04:51.0005 3212 PptpMiniport - ok
21:04:51.0021 3212 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:04:51.0022 3212 Processor - ok
21:04:51.0065 3212 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
21:04:51.0068 3212 ProfSvc - ok
21:04:51.0084 3212 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:04:51.0085 3212 ProtectedStorage - ok
21:04:51.0153 3212 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:04:51.0155 3212 Psched - ok
21:04:51.0185 3212 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:04:51.0199 3212 ql2300 - ok
21:04:51.0219 3212 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:04:51.0219 3212 ql40xx - ok
21:04:51.0249 3212 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:04:51.0259 3212 QWAVE - ok
21:04:51.0269 3212 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:04:51.0269 3212 QWAVEdrv - ok
21:04:51.0289 3212 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:04:51.0289 3212 RasAcd - ok
21:04:51.0319 3212 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:04:51.0319 3212 RasAgileVpn - ok
21:04:51.0339 3212 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:04:51.0339 3212 RasAuto - ok
21:04:51.0359 3212 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:04:51.0359 3212 Rasl2tp - ok
21:04:51.0379 3212 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
21:04:51.0379 3212 RasMan - ok
21:04:51.0389 3212 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:04:51.0399 3212 RasPppoe - ok
21:04:51.0409 3212 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:04:51.0419 3212 RasSstp - ok
21:04:51.0449 3212 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:04:51.0449 3212 rdbss - ok
21:04:51.0469 3212 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:04:51.0469 3212 rdpbus - ok
21:04:51.0498 3212 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:04:51.0499 3212 RDPCDD - ok
21:04:51.0516 3212 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:04:51.0518 3212 RDPDR - ok
21:04:51.0533 3212 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:04:51.0534 3212 RDPENCDD - ok
21:04:51.0548 3212 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:04:51.0548 3212 RDPREFMP - ok
21:04:51.0576 3212 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:04:51.0576 3212 RDPWD - ok
21:04:51.0611 3212 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:04:51.0611 3212 rdyboost - ok
21:04:51.0631 3212 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:04:51.0631 3212 RemoteAccess - ok
21:04:51.0656 3212 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:04:51.0656 3212 RemoteRegistry - ok
21:04:51.0688 3212 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:04:51.0688 3212 RpcEptMapper - ok
21:04:51.0708 3212 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:04:51.0708 3212 RpcLocator - ok
21:04:51.0718 3212 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
21:04:51.0728 3212 RpcSs - ok
21:04:51.0757 3212 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:04:51.0758 3212 rspndr - ok
21:04:51.0788 3212 [ C92E383CDAFE94B0DA30CBFCD561ECF8 ] s1039bus C:\Windows\system32\DRIVERS\s1039bus.sys
21:04:51.0788 3212 s1039bus - ok
21:04:51.0811 3212 [ CBACDDCE5FD32310FD5855E1FD8517E8 ] s1039mdfl C:\Windows\system32\DRIVERS\s1039mdfl.sys
21:04:51.0811 3212 s1039mdfl - ok
21:04:51.0831 3212 [ A339F1E0BC7AF29B2FDBA32AE4B9FCA4 ] s1039mdm C:\Windows\system32\DRIVERS\s1039mdm.sys
21:04:51.0831 3212 s1039mdm - ok
21:04:51.0853 3212 [ 84E260AAD1BB19DFCC0DD333CB83BBA7 ] s1039mgmt C:\Windows\system32\DRIVERS\s1039mgmt.sys
21:04:51.0853 3212 s1039mgmt - ok
21:04:51.0886 3212 [ 0772F403D615563E9D8D32BA7A132D1E ] s1039nd5 C:\Windows\system32\DRIVERS\s1039nd5.sys
21:04:51.0886 3212 s1039nd5 - ok
21:04:51.0911 3212 [ 134EDBCE4DACD749FC508AFE1C512D09 ] s1039obex C:\Windows\system32\DRIVERS\s1039obex.sys
21:04:51.0911 3212 s1039obex - ok
21:04:51.0921 3212 [ BC54B27EC3900328BC390E98BBFC9D3A ] s1039unic C:\Windows\system32\DRIVERS\s1039unic.sys
21:04:51.0933 3212 s1039unic - ok
21:04:51.0953 3212 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
21:04:51.0953 3212 s3cap - ok
21:04:51.0973 3212 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
21:04:51.0976 3212 SamSs - ok
21:04:51.0986 3212 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
21:04:51.0986 3212 sbp2port - ok
21:04:52.0018 3212 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:04:52.0018 3212 SCardSvr - ok
21:04:52.0028 3212 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:04:52.0028 3212 scfilter - ok
21:04:52.0071 3212 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
21:04:52.0081 3212 Schedule - ok
21:04:52.0098 3212 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:04:52.0098 3212 SCPolicySvc - ok
21:04:52.0128 3212 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:04:52.0131 3212 SDRSVC - ok
21:04:52.0151 3212 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:04:52.0153 3212 secdrv - ok
21:04:52.0161 3212 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
21:04:52.0163 3212 seclogon - ok
21:04:52.0166 3212 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:04:52.0166 3212 SENS - ok
21:04:52.0186 3212 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:04:52.0186 3212 SensrSvc - ok
21:04:52.0196 3212 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:04:52.0196 3212 Serenum - ok
21:04:52.0206 3212 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:04:52.0206 3212 Serial - ok
21:04:52.0226 3212 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:04:52.0228 3212 sermouse - ok
21:04:52.0253 3212 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
21:04:52.0253 3212 SessionEnv - ok
21:04:52.0263 3212 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
21:04:52.0263 3212 sffdisk - ok
21:04:52.0276 3212 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:04:52.0276 3212 sffp_mmc - ok
21:04:52.0286 3212 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
21:04:52.0288 3212 sffp_sd - ok
21:04:52.0291 3212 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:04:52.0293 3212 sfloppy - ok
21:04:52.0306 3212 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:04:52.0306 3212 SharedAccess - ok
21:04:52.0316 3212 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:04:52.0326 3212 ShellHWDetection - ok
21:04:52.0336 3212 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:04:52.0336 3212 SiSRaid2 - ok
21:04:52.0362 3212 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:04:52.0363 3212 SiSRaid4 - ok
21:04:52.0457 3212 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:04:52.0459 3212 SkypeUpdate - ok
21:04:52.0480 3212 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:04:52.0483 3212 Smb - ok
21:04:52.0520 3212 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:04:52.0522 3212 SNMPTRAP - ok
21:04:52.0542 3212 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:04:52.0545 3212 spldr - ok
21:04:52.0580 3212 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
21:04:52.0587 3212 Spooler - ok
21:04:52.0637 3212 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
21:04:52.0671 3212 sppsvc - ok
21:04:52.0693 3212 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:04:52.0695 3212 sppuinotify - ok
21:04:52.0754 3212 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
21:04:52.0754 3212 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
21:04:52.0757 3212 sptd ( LockedFile.Multi.Generic ) - warning
21:04:52.0757 3212 sptd - detected LockedFile.Multi.Generic (1)
21:04:52.0797 3212 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:04:52.0802 3212 srv - ok
21:04:52.0827 3212 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:04:52.0832 3212 srv2 - ok
21:04:52.0844 3212 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:04:52.0847 3212 srvnet - ok
21:04:52.0864 3212 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:04:52.0874 3212 SSDPSRV - ok
21:04:52.0884 3212 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:04:52.0884 3212 SstpSvc - ok
21:04:52.0909 3212 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:04:52.0909 3212 stexstor - ok
21:04:52.0932 3212 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
21:04:52.0942 3212 stisvc - ok
21:04:52.0964 3212 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
21:04:52.0964 3212 storflt - ok
21:04:53.0017 3212 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
21:04:53.0017 3212 storvsc - ok
21:04:53.0034 3212 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:04:53.0035 3212 swenum - ok
21:04:53.0066 3212 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:04:53.0074 3212 swprv - ok
21:04:53.0114 3212 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
21:04:53.0131 3212 SysMain - ok
21:04:53.0143 3212 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:04:53.0145 3212 TabletInputService - ok
21:04:53.0166 3212 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
21:04:53.0168 3212 TapiSrv - ok
21:04:53.0181 3212 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:04:53.0196 3212 TBS - ok
21:04:53.0253 3212 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:04:53.0281 3212 Tcpip - ok
21:04:53.0318 3212 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:04:53.0331 3212 TCPIP6 - ok
21:04:53.0363 3212 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:04:53.0363 3212 tcpipreg - ok
21:04:53.0373 3212 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:04:53.0373 3212 TDPIPE - ok
21:04:53.0421 3212 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:04:53.0426 3212 TDTCP - ok
21:04:53.0521 3212 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:04:53.0523 3212 tdx - ok
21:04:53.0658 3212 [ 3E85BDD019E3DB66D9471DAD7FD6A887 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
21:04:53.0673 3212 TeamViewer7 - ok
21:04:53.0701 3212 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:04:53.0703 3212 TermDD - ok
21:04:53.0751 3212 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
21:04:53.0761 3212 TermService - ok
21:04:53.0773 3212 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:04:53.0776 3212 Themes - ok
21:04:53.0796 3212 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:04:53.0796 3212 THREADORDER - ok
21:04:53.0838 3212 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:04:53.0838 3212 TrkWks - ok
21:04:53.0883 3212 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:04:53.0893 3212 TrustedInstaller - ok
21:04:53.0918 3212 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:04:53.0918 3212 tssecsrv - ok
21:04:54.0026 3212 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:04:54.0026 3212 tunnel - ok
21:04:54.0036 3212 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:04:54.0036 3212 uagp35 - ok
21:04:54.0048 3212 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:04:54.0058 3212 udfs - ok
21:04:54.0078 3212 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:04:54.0081 3212 UI0Detect - ok
21:04:54.0093 3212 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
21:04:54.0093 3212 uliagpkx - ok
21:04:54.0123 3212 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:04:54.0123 3212 umbus - ok
21:04:54.0143 3212 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:04:54.0143 3212 UmPass - ok
21:04:54.0153 3212 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
21:04:54.0153 3212 UmRdpService - ok
21:04:54.0163 3212 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:04:54.0176 3212 upnphost - ok
21:04:54.0198 3212 [ 54D4B48D443E7228BF64CF7CDC3118AC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
21:04:54.0208 3212 USBAAPL64 - ok
21:04:54.0238 3212 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:04:54.0238 3212 usbaudio - ok
21:04:54.0258 3212 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:04:54.0268 3212 usbccgp - ok
21:04:54.0288 3212 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
21:04:54.0288 3212 usbcir - ok
21:04:54.0301 3212 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:04:54.0301 3212 usbehci - ok
21:04:54.0326 3212 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:04:54.0326 3212 usbhub - ok
21:04:54.0336 3212 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
21:04:54.0336 3212 usbohci - ok
21:04:54.0366 3212 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:04:54.0366 3212 usbprint - ok
21:04:54.0396 3212 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:04:54.0396 3212 usbscan - ok
21:04:54.0406 3212 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:04:54.0418 3212 USBSTOR - ok
21:04:54.0418 3212 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:04:54.0418 3212 usbuhci - ok
21:04:54.0448 3212 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:04:54.0448 3212 UxSms - ok
21:04:54.0458 3212 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
21:04:54.0468 3212 VaultSvc - ok
21:04:54.0486 3212 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
21:04:54.0486 3212 vdrvroot - ok
21:04:54.0508 3212 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
21:04:54.0511 3212 vds - ok
21:04:54.0531 3212 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:04:54.0531 3212 vga - ok
21:04:54.0553 3212 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:04:54.0553 3212 VgaSave - ok
21:04:54.0573 3212 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
21:04:54.0573 3212 vhdmp - ok
21:04:54.0583 3212 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
21:04:54.0583 3212 viaide - ok
21:04:54.0606 3212 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
21:04:54.0608 3212 vmbus - ok
21:04:54.0621 3212 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
21:04:54.0621 3212 VMBusHID - ok
21:04:54.0636 3212 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
21:04:54.0636 3212 volmgr - ok
21:04:54.0656 3212 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:04:54.0666 3212 volmgrx - ok
21:04:54.0691 3212 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:04:54.0691 3212 volsnap - ok
21:04:54.0711 3212 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:04:54.0711 3212 vsmraid - ok
21:04:54.0753 3212 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
21:04:54.0763 3212 VSS - ok
21:04:54.0783 3212 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
21:04:54.0786 3212 vwifibus - ok
21:04:54.0798 3212 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:04:54.0798 3212 W32Time - ok
21:04:54.0818 3212 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:04:54.0818 3212 WacomPen - ok
21:04:54.0843 3212 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:04:54.0843 3212 WANARP - ok
21:04:54.0848 3212 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:04:54.0848 3212 Wanarpv6 - ok
21:04:54.0893 3212 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:04:54.0903 3212 WatAdminSvc - ok
21:04:54.0933 3212 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
21:04:54.0953 3212 wbengine - ok
21:04:54.0963 3212 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:04:54.0963 3212 WbioSrvc - ok
21:04:54.0983 3212 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:04:54.0983 3212 wcncsvc - ok
21:04:55.0003 3212 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:04:55.0003 3212 WcsPlugInService - ok
21:04:55.0026 3212 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:04:55.0026 3212 Wd - ok
21:04:55.0046 3212 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:04:55.0056 3212 Wdf01000 - ok
21:04:55.0066 3212 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:04:55.0066 3212 WdiServiceHost - ok
21:04:55.0076 3212 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:04:55.0076 3212 WdiSystemHost - ok
21:04:55.0098 3212 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll
21:04:55.0098 3212 WebClient - ok
21:04:55.0118 3212 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:04:55.0118 3212 Wecsvc - ok
21:04:55.0133 3212 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:04:55.0133 3212 wercplsupport - ok
21:04:55.0143 3212 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:04:55.0153 3212 WerSvc - ok
21:04:55.0173 3212 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:04:55.0173 3212 WfpLwf - ok
21:04:55.0203 3212 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:04:55.0203 3212 WIMMount - ok
21:04:55.0231 3212 WinDefend - ok
21:04:55.0243 3212 WinHttpAutoProxySvc - ok
21:04:55.0291 3212 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:04:55.0293 3212 Winmgmt - ok
21:04:55.0331 3212 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
21:04:55.0341 3212 WinRM - ok
21:04:55.0393 3212 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:04:55.0398 3212 WinUsb - ok
21:04:55.0486 3212 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:04:55.0496 3212 Wlansvc - ok
21:04:55.0528 3212 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
21:04:55.0528 3212 WmiAcpi - ok
21:04:55.0571 3212 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:04:55.0571 3212 wmiApSrv - ok
21:04:55.0618 3212 WMPNetworkSvc - ok
21:04:55.0676 3212 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:04:55.0676 3212 WPCSvc - ok
21:04:55.0688 3212 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:04:55.0698 3212 WPDBusEnum - ok
21:04:55.0743 3212 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:04:55.0746 3212 ws2ifsl - ok
21:04:55.0776 3212 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
21:04:55.0781 3212 wscsvc - ok
21:04:55.0783 3212 WSearch - ok
21:04:55.0841 3212 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:04:55.0863 3212 wuauserv - ok
21:04:55.0876 3212 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:04:55.0876 3212 WudfPf - ok
21:04:55.0906 3212 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:04:55.0906 3212 WUDFRd - ok
21:04:55.0926 3212 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:04:55.0936 3212 wudfsvc - ok
21:04:55.0946 3212 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:04:55.0946 3212 WwanSvc - ok
21:04:55.0976 3212 ================ Scan global ===============================
21:04:55.0996 3212 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:04:56.0026 3212 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
21:04:56.0056 3212 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
21:04:56.0112 3212 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:04:56.0123 3212 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:04:56.0125 3212 [Global] - ok
21:04:56.0126 3212 ================ Scan MBR ==================================
21:04:56.0138 3212 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:04:56.0485 3212 \Device\Harddisk0\DR0 - ok
21:04:56.0485 3212 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk1\DR1
21:04:58.0300 3212 \Device\Harddisk1\DR1 - ok
21:04:58.0304 3212 ================ Scan VBR ==================================
21:04:58.0327 3212 [ 8CF3EF3531A3A2634E914149BCAC956F ] \Device\Harddisk0\DR0\Partition1
21:04:58.0337 3212 \Device\Harddisk0\DR0\Partition1 - ok
21:04:58.0365 3212 [ 9248A12CDD365B79CC38CCB6F940DFD1 ] \Device\Harddisk0\DR0\Partition2
21:04:58.0365 3212 \Device\Harddisk0\DR0\Partition2 - ok
21:04:58.0395 3212 [ 57114464E1FDC2F6F2F94F57E24F650D ] \Device\Harddisk0\DR0\Partition3
21:04:58.0445 3212 \Device\Harddisk0\DR0\Partition3 - ok
21:04:58.0445 3212 [ 5969CDE9A2749A576A991D0D4A954551 ] \Device\Harddisk1\DR1\Partition1
21:04:58.0445 3212 \Device\Harddisk1\DR1\Partition1 - ok
21:04:58.0445 3212 ============================================================
21:04:58.0445 3212 Scan finished
21:04:58.0445 3212 ============================================================
21:04:58.0465 0524 Detected object count: 1
21:04:58.0465 0524 Actual detected object count: 1
21:05:07.0391 0524 C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
21:05:07.0391 0524 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted on reboot
21:05:07.0449 0524 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted on reboot
21:05:07.0694 0524 C:\Windows\system32\Drivers\sptd.sys - will be deleted on reboot
21:05:07.0694 0524 sptd ( LockedFile.Multi.Generic ) - User select action: Delete
21:05:14.0579 0972 Deinitialize success

patrikzi...@gmail.com

unread,
Dec 18, 2013, 3:22:10 PM12/18/13
to virus...@googlegroups.com
ADW Cleaner R1

# AdwCleaner v3.015 - Report created 18/12/2013 at 15:57:16
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Ultimate (64 bits)
# Username : Patrik - PATRIK-PC
# Running from : C:\Users\Patrik\Downloads\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16476


*************************

AdwCleaner[R0].txt - [794 octets] - [18/12/2013 15:52:47]
AdwCleaner[R1].txt - [543 octets] - [18/12/2013 15:57:16]
AdwCleaner[S0].txt - [858 octets] - [18/12/2013 15:53:25]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [661 octets] ##########

patrikzi...@gmail.com

unread,
Dec 18, 2013, 3:23:38 PM12/18/13
to virus...@googlegroups.com
ADW cleaner S1

# AdwCleaner v3.015 - Report created 18/12/2013 at 15:58:02


# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Ultimate (64 bits)
# Username : Patrik - PATRIK-PC
# Running from : C:\Users\Patrik\Downloads\adwcleaner.exe

# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16476


*************************

AdwCleaner[R0].txt - [794 octets] - [18/12/2013 15:52:47]

AdwCleaner[R1].txt - [740 octets] - [18/12/2013 15:57:16]


AdwCleaner[S0].txt - [858 octets] - [18/12/2013 15:53:25]

AdwCleaner[S1].txt - [662 octets] - [18/12/2013 15:58:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [721 octets] ##########

Stefan Stell

unread,
Dec 18, 2013, 3:30:30 PM12/18/13
to virus...@googlegroups.com
Stiahnes Service Repair
http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe
    Ulozte najlepsie na Plochu
     Spustite a potvrdte Yes aby ste potvrdili reinštalácii sluzieb
     Nasledne kliknutim na Yes potvrdte reštart PC
     Na Ploche vznikne zlozka CC Support, nájdete tam log SvcRepair.txt - mel by byt CC Support \ Logs \ SvcRepair.txt - vlozte mi ho sem

patrikzi...@gmail.com

unread,
Dec 18, 2013, 3:38:49 PM12/18/13
to virus...@googlegroups.com
tu je log

Log Opened: 2013-12-18 @ 21:35:36
21:35:36 - -----------------
21:35:36 - | Begin Logging |
21:35:36 - -----------------
21:35:36 - Fix started on a WIN_7 X64 computer
21:35:36 - Prep in progress. Please Wait.
21:35:36 - Prep complete
21:35:36 - Repairing Services Now. Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BFE.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

SetACL finished successfully.
21:35:37 - Services Repair Complete.
21:35:44 - Reboot Initiated

Stefan Stell

unread,
Dec 18, 2013, 3:43:58 PM12/18/13
to virus...@googlegroups.com
Ok, takze este das log z combofixu, zacina sa to vylepsovat.
http://www.bleepingcomputer.com/combofix/cz/jak-pouzit-combofix
Stiahnes na plochu a spustis, odklikas, ok, ok, ok, a cakas na log, potom to sem vloz, ak este dnes tu budem tak pozriem sa na to, ak nie tak uz len zajtra to dokoncime.

patrikzi...@gmail.com

unread,
Dec 18, 2013, 3:51:58 PM12/18/13
to virus...@googlegroups.com
ok, idem na to

patrikzi...@gmail.com

unread,
Dec 18, 2013, 4:09:17 PM12/18/13
to virus...@googlegroups.com
tu je log

ComboFix 13-12-18.01 - Patrik . 12. 2013 22:02:07.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.4061.2906 [GMT 1:00]
Running from: c:\users\Patrik\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-11-18 to 2013-12-18 )))))))))))))))))))))))))))))))
.
.
2013-12-18 21:06 . 2013-12-18 21:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-18 20:05 . 2013-12-18 20:05 -------- d-----w- C:\TDSSKiller_Quarantine
2013-12-18 17:05 . 2013-12-18 17:05 117464 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-12-18 17:05 . 2013-12-18 17:05 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-12-18 16:30 . 2013-12-18 17:17 -------- d-sh--w- c:\programdata\AdobeMSoft0
2013-12-18 14:52 . 2013-12-18 20:08 -------- d-----w- C:\AdwCleaner
2013-12-18 14:44 . 2013-12-18 14:44 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-12-18 14:44 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-17 15:04 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{874BF977-5FB5-4B74-8F04-5780B5592E49}\mpengine.dll
2013-12-16 12:31 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-06 13:54 . 2013-10-18 20:43 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{566A023C-F7A5-43DA-988B-C1F701E2933A}\gapaengine.dll
2013-12-04 15:57 . 2013-12-04 15:57 -------- d--h--w- c:\windows\msdownld.tmp
2013-12-04 15:53 . 2013-12-04 15:53 -------- d-----w- c:\program files (x86)\Electronic Arts
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-14 12:19 . 2011-04-18 05:24 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-10 21:01 . 2012-09-09 10:54 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-10 21:01 . 2011-05-29 13:31 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-19 10:21 . 2011-04-14 17:06 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-10-18 20:43 . 2011-05-22 06:21 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-09-27 08:53 . 2013-09-27 08:53 248240 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-09-27 08:53 . 2010-10-24 19:25 134944 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys;c:\windows\SYSNATIVE\DRIVERS\lv302a64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\DRIVERS\s1039bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1039bus.sys [x]
R3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1039mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1039mdfl.sys [x]
R3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1039mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1039mdm.sys [x]
R3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1039mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1039mgmt.sys [x]
R3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1039nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1039nd5.sys [x]
R3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1039obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1039obex.sys [x]
R3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1039unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1039unic.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-09 21:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-26 413208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-20 10151968]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-07698091.sys
AddRemove-Adobe Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1348779906-1493868690-708309629-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-18 22:07:28
ComboFix-quarantined-files.txt 2013-12-18 21:07
.
Pre-Run: 207 520 423 936 bytes free
Post-Run: 207 398 756 352 bytes free
.
- - End Of File - - 5BDE62E04C75894E8F369014B19B7D2A
A36C5E4F47E84449FF07ED3517B43A31

Stefan Stell

unread,
Dec 18, 2013, 4:26:07 PM12/18/13
to virus...@googlegroups.com
1:Ok, vyzera to dobre, odinstaluj combofix>.premenuj ikonku combofixu na uninstall
a spust, combofix sa odinstaluje z pocitaca.

2:Vycistime este TEMP, pouzi TFCleaner
Navod
http://www.viruskasino.com/2010/12/programy-na-odstranenie-malware-z.html#TF-Cleaner

3:Vypni-vymaz obnov systemu,
http://www.viruskasino.com/2011/03/cistenie-pocitaca-od-malware_06.html#Vypnutieobnovusystemu

Odskusaj pocitac, a zajtra napis, ci je vsetko ok, uz virusa by si nemal mat.

patrikzi...@gmail.com

unread,
Dec 18, 2013, 4:30:53 PM12/18/13
to virus...@googlegroups.com
musim ist, dokončím to zajtra ale až tak niekedy ku večeru, ozvem sa keď to budem mať. Ďakujem veľmi pekne za pomoc :)

patrikzi...@gmail.com

unread,
Dec 19, 2013, 2:57:28 PM12/19/13
to virus...@googlegroups.com
pokračoval som podľa pokynov, odinštaloval som combofix, použil som TFCleaner vypol som, reštartoval som pc a zapol som obnovu systemu, stále nemôžem spustiť antivirus ...

patrikzi...@gmail.com

unread,
Dec 19, 2013, 3:35:24 PM12/19/13
to virus...@googlegroups.com
nejak sa mi to podarilo najsť, aj keď to už asi nie je podstatné, vírus sa volá Rundll32, pc beží celkom normálne až na to, že po zapnutí pc mi vyskočia dve chybové hľášky a to - jedna sa týka antivírusu, druhá Deamon tools

Stefan Stell

unread,
Dec 20, 2013, 2:56:47 AM12/20/13
to
Ok, Rundll32 nie je virus,
Takto DAEMON, chcel si byt sikovny a tak si zmazal s TDSSKILLEROM-ovladac DAEMONU.

21:04:58.0465 0524  Detected object count: 1
21:04:58.0465 0524  Actual detected object count: 1
21:05:07.0391 0524  C:\Windows\system32\Drivers\

sptd.sys - copied to quarantine
21:05:07.0391 0524  HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted on reboot
21:05:07.0449 0524  HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted on reboot
21:05:07.0694 0524  C:\Windows\system32\Drivers\sptd.sys - will be deleted on reboot
21:05:07.0694 0524  sptd ( LockedFile.Multi.Generic ) - User select action: Delete
21:05:14.0579 0972  Deinitialize success


1:Odinstaluj DAEMON.

Stahni zo  stranok SPTD

http://www.duplexsecure.com/en/downloads

verziu podla svojho operacneho systemu. SPTD for Windows (32 bit) alebo (64b) na plochu.
- spust
- zvol moznost Uninstall
- restart PC.

2:cez pridat/odobrat programy Odinstaluj aj antivirusovy program
Microsoft Security Essentials.
Restart.

3:Nainstaluj DAEMON TOOLS
4:Nainstaluj AV-program FREE AVIRA

Potom odskusaj a napis.


patrikzi...@gmail.com

unread,
Dec 20, 2013, 7:17:52 AM12/20/13
to virus...@googlegroups.com
pri tom SPTD nemôžem zvoliť možnosť uninstall čo s tým ?

patrikzi...@gmail.com

unread,
Dec 20, 2013, 7:34:51 AM12/20/13
to virus...@googlegroups.com
mam stiahnutý AV program Avira - aj naištalovaný, čo ďalej

Stefan Stell

unread,
Dec 20, 2013, 8:15:18 AM12/20/13
to virus...@googlegroups.com
Takze DAEMON este nefunguje?/
ak nie tak ideme obnovit zmazane ovladace.
Sprav sken, a log vloz sem
Stiahni na plochu
http://www.malwareinfo.nl/tools/TDSSQlook.exe
spust ako admin,
vyber možnosť A
Táto voľba bude len naskenovať a vytvoriť log s názvom TDSSQ.txt
vloz sem

patrikzi...@gmail.com

unread,
Dec 20, 2013, 8:19:40 AM12/20/13
to virus...@googlegroups.com
deamon nefunguje, idem na to, log vložim ochviľu

patrikzi...@gmail.com

unread,
Dec 20, 2013, 8:20:56 AM12/20/13
to virus...@googlegroups.com
[b]TDSSKiller Quarantine Information log[/b]
TDSS Qlook Version 1.0.0.5 - Patrik - pi 20. 12. 2013 - 14:20:31,53.
Microsoft Windows 7 Ultimate 6.1.7600
***** START SCAN pi 20. 12. 2013 14:20:31,94 *****

---------- [B]TDSSKiller logs[/B] ----------

TDSSKiller.2.8.16.0_18.12.2013_18.18.17_log.txt
TDSSKiller.2.8.16.0_18.12.2013_21.04.38_log.txt
TDSSKiller.2.8.16.0_18.12.2013_21.06.08_log.txt

---------- [B]TDSSStarter logs[/B] ----------


---------- [B]DIR LIST[/B] ----------

C:\TDSSKiller_Quarantine\18.12.2013_21.04.38
C:\TDSSKiller_Quarantine\18.12.2013_21.04.38\susp0000
C:\TDSSKiller_Quarantine\18.12.2013_21.04.38\susp0000\object.ini
C:\TDSSKiller_Quarantine\18.12.2013_21.04.38\susp0000\svc0000
C:\TDSSKiller_Quarantine\18.12.2013_21.04.38\susp0000\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\18.12.2013_21.04.38\susp0000\svc0000\object.ini
C:\TDSSKiller_Quarantine\18.12.2013_21.04.38\susp0000\svc0000\tsk0000.ini

---------- [B]INI FILES[/B] ----------

=== [b]C:\TDSSKiller_Quarantine\18.12.2013_21.04.38\susp0000\object.ini[/b]

[InfectedObject]
Verdict: LockedFile.Multi.Generic


=== [b]C:\TDSSKiller_Quarantine\18.12.2013_21.04.38\susp0000\svc0000\object.ini[/b]

[InfectedObject]
Type: Service
Name: sptd
Type: Kernel driver (0x1)
Start: Boot (0x0)
ImagePath: System32\Drivers\sptd.sys
Suspicious states: Locked file;


=== [b]C:\TDSSKiller_Quarantine\18.12.2013_21.04.38\susp0000\svc0000\tsk0000.ini[/b]

[InfectedFile]
Type: Raw image
Src: C:\Windows\system32\Drivers\sptd.sys
md5: 602884696850C86434530790B110E8EB


***** END SCAN pi 20. 12. 2013 14:20:32,08 *****

Stefan Stell

unread,
Dec 20, 2013, 8:40:52 AM12/20/13
to virus...@googlegroups.com
Spustite TDSSQlook.exe znovu a vyberte možnosť B (Fix)
Poznámkový blok sa otvorí

Skopírujt a vlož nižšie uvedený text do poznamkoveho bloku.

REN "C:\TDSSKiller_Quarantine\18.12.2013_21.04.38\susp0000\svc0000\tsk0000.dta" sptd.sys
Copy "C:\TDSSKiller_Quarantine\18.12.2013_21.04.38\susp0000\svc0000\sptd.sys" C:\Windows\system32\drivers\


Ukonči program Poznámkový blok kliknutím na tlačidlo X v pravom hornom rohu> uložiť zmeny
TDSSQlook  nahradi ovladac, ty nebudes vidiet co sa deje.
Ked ukonci, tak restartuj pocitac, a napis ci funguje daemon, ci je hlaska.

patrikzi...@gmail.com

unread,
Dec 20, 2013, 8:52:10 AM12/20/13
to virus...@googlegroups.com
ako viem, že to ukončil a môžem restartovat pc ?

Stefan Stell

unread,
Dec 20, 2013, 8:53:50 AM12/20/13
to virus...@googlegroups.com
mozes restartovat, to sa urobi bleskove, ak chybu si nedostal tak malo by byt,vsetko ok,

patrikzi...@gmail.com

unread,
Dec 20, 2013, 8:57:44 AM12/20/13
to virus...@googlegroups.com
chybu som nedostal, ale po restarte mi znova vybehla chybova hlaska

Stefan Stell

unread,
Dec 20, 2013, 9:02:39 AM12/20/13
to virus...@googlegroups.com
Co si skopiroval do notepad??
Aku hlasku si dostal??

patrikzi...@gmail.com

unread,
Dec 20, 2013, 9:09:55 AM12/20/13
to virus...@googlegroups.com
do notepad som skopiroval dva riadky, ten ktorý začína s REN ...
a ten Copy ...

tu je chybová hláška - Tento program požaduje najmenej windows 2000 s SPTD 1,60 alebo vyššiu. Ladenie jadra musí byt vypnuto.

Stefan Stell

unread,
Dec 20, 2013, 9:14:34 AM12/20/13
to virus...@googlegroups.com
spust znovu tdsqlookt ako admin,
vyber možnosť A
a log vloz sem

patrikzi...@gmail.com

unread,
Dec 20, 2013, 9:15:46 AM12/20/13
to virus...@googlegroups.com
[b]TDSSKiller Quarantine Information log[/b]
TDSS Qlook Version 1.0.0.5 - Patrik - pi 20. 12. 2013 - 15:15:25,24.

Microsoft Windows 7 Ultimate 6.1.7600
***** START SCAN pi 20. 12. 2013 15:15:25,64 *****

---------- [B]TDSSKiller logs[/B] ----------

TDSSKiller.2.8.16.0_18.12.2013_18.18.17_log.txt
TDSSKiller.2.8.16.0_18.12.2013_21.04.38_log.txt
TDSSKiller.2.8.16.0_18.12.2013_21.06.08_log.txt

---------- [B]TDSSStarter logs[/B] ----------


---------- [B]DIR LIST[/B] ----------

C:\TDSSKiller_Quarantine\18.12.2013_21.04.38
C:\TDSSKiller_Quarantine\18.12.2013_21.04.38\susp0000
C:\TDSSKiller_Quarantine\18.12.2013_21.04.38\susp0000\svc0000
C:\TDSSKiller_Quarantine\18.12.2013_21.04.38\susp0000\object.ini
C:\TDSSKiller_Quarantine\18.12.2013_21.04.38\susp0000\svc0000\sptd.sys
C:\TDSSKiller_Quarantine\18.12.2013_21.04.38\susp0000\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\18.12.2013_21.04.38\susp0000\svc0000\object.ini


---------- [B]INI FILES[/B] ----------

=== [b]C:\TDSSKiller_Quarantine\18.12.2013_21.04.38\susp0000\object.ini[/b]

[InfectedObject]
Verdict: LockedFile.Multi.Generic


=== [b]C:\TDSSKiller_Quarantine\18.12.2013_21.04.38\susp0000\svc0000\object.ini[/b]

[InfectedObject]
Type: Service
Name: sptd
Type: Kernel driver (0x1)
Start: Boot (0x0)
ImagePath: System32\Drivers\sptd.sys
Suspicious states: Locked file;


=== [b]C:\TDSSKiller_Quarantine\18.12.2013_21.04.38\susp0000\svc0000\tsk0000.ini[/b]

[InfectedFile]
Type: Raw image
Src: C:\Windows\system32\Drivers\sptd.sys
md5: 602884696850C86434530790B110E8EB


***** END SCAN pi 20. 12. 2013 15:15:25,79 *****

Stefan Stell

unread,
Dec 20, 2013, 9:18:32 AM12/20/13
to virus...@googlegroups.com
ok, tu nevidim problem
skontroluj ci tu najdes sptd.sys
cesta C:\Windows\system32\Drivers\sptd.sys
a napis

patrikzi...@gmail.com

unread,
Dec 20, 2013, 9:23:44 AM12/20/13
to virus...@googlegroups.com
neni tam

patrikzi...@gmail.com

unread,
Dec 20, 2013, 9:28:17 AM12/20/13
to virus...@googlegroups.com
musim bezat, ozvem sa ked sa bude dat

Stefan Stell

unread,
Dec 20, 2013, 9:34:06 AM12/20/13
to virus...@googlegroups.com
Takze skus este raz, a spust ako ADMIN, apockaj ccc5, minut,
Daj pozor aby si skopiroval vsetky znaky teda aj lomitko uplne na konci
Pravdepodobne si nespravne skopiroval 2- riadok.

Spustite TDSSQlook.exe znovu a vyberte možnosť B (Fix)
Poznámkový blok sa otvorí

Skopírujt a vlož nižšie uvedený text do poznamkoveho bloku.


Copy "C:\TDSSKiller_Quarantine\18.12.2013_21.04.38\susp0000\svc0000\sptd.sys" C:\Windows\system32\drivers\

patrikzi...@gmail.com

unread,
Dec 21, 2013, 3:18:26 AM12/21/13
to virus...@googlegroups.com
skúšal som to viackrát, no vždy mi vyhodilo hlášku, potom som našiel spôsob ako odinštalovať deamon, odinštaloval som a hláška je preč, čo teraz s tym AV AVIRA, mám to spustiť ?

Stefan Stell

unread,
Dec 21, 2013, 4:08:45 AM12/21/13
to virus...@googlegroups.com
Ako spustit??ak avira je nainstalovana, a spustena, tak vidis pri hodinach otvoreny dazdnik,ak chces preskenovat pocitac, tak mozes, ale to nemusis.
Odskusaj pc, ak vsetko ok, tak to je vsetko.

patrikzi...@gmail.com

unread,
Dec 21, 2013, 4:25:41 AM12/21/13
to virus...@googlegroups.com
ano, avira je spustena a pc šľape. ďakujem veľmi pekne, pekné sviatky prajem ;)

Stefan Stell

unread,
Dec 21, 2013, 4:28:02 AM12/21/13
to virus...@googlegroups.com
Nemas zaco.
Vesele Vianoce a stastny Novy Rok.
Reply all
Reply to author
Forward
This conversation is locked
You cannot reply and perform actions on locked conversations.
0 new messages