Napojování na RU servery

[Kodlz]

Jen kontrolni otazka, poustel jsi to jako administrator?

pokud to nepujde zkus toto:

Uloz na plochu MBAR - http://www.bleepingcomputer.com/downloa ... i-rootkit/

spust dvojklikem a extrahuj na plochu
klikni na Next
aktualizuj virovou databazi klikem na Update a pokracuj na Next
vsechny 3 moznosti nech zaskrtnute a zvol Scan (potrva cca 20 minut)
zatrhni vsechny nalezy a take zkontroluj zatrzitko u Create Restore Point
klikni na Cleanup a souhlas s restartem - Yes
obsah logu uloz na plose v mbar\mbar-log-yyy-mm-dd (hh-mm-ss).txt vloz sem.

[lupenair]

No on ten Gmer jede, vidim, ze polozky co kontroluje roluji. Ale 24hodin, na to nemam nrvy Stopnu to a zkusim to co navrhujes.
L.

[lupenair]

Tady je log - snad už je to OK?

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
main: v2018.03.15.03
rootkit: v2018.03.08.03

Windows 10 x86 NTFS
Internet Explorer 11.309.16299.0
Administrator :: LUKKUK [administrator]

15.03.2018 10:36:58
mbar-log-2018-03-15 (10-36-58).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 254426
Time elapsed: 33 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

[Kodlz]

Je tam neco co Ti porad obnovuje HOSTS se skodlivymi odkazy.

Spusť ještě postupně tyto utility:

1. Stahni Zoek.exe http://download.bleepingcomputer.com/smeenk/zoek.exe a uloz jej na plochu,
klikni na Zoek pravym a dej Run As Administrator ci Spustit jako spravce
Do okna vloz skript nize:

autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;

Nasledne klikni na Run Script
PC provede opravu, restartuje se a da Ti log, jeho obsah vloz sem.

Nasledne muzes znovu zkusit pustit ADWCleaner a vlozit sem vysledny log.

[lupenair]

TAk zatím ZOEK:

Zoek.exe v5.0.0.2 Updated 21-Februari-2018(online version)
Tool run by Administrator on 16.03.2018 at 12:30:14,20.
Microsoft Windows 10 Pro 10.0.16299 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Administrator\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2018-03-15-165401.log 6170 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTer ... ORM=IE8SRC

==== Reset Google Chrome ======================

Nothing found to reset

==== Empty IE Cache ======================

C:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Default.migrated\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Luk\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Luk\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Edge Cache ======================

Edge Cache is not empty, a reboot is needed

==== Empty Chrome Cache ======================

C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Luk\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Luk\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
C:\Users\Luk\AppData\Local\yc\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\ADMINI~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Administrator\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001" not found
"C:\Users\Administrator\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002" not found

==== EOF on 16.03.2018 at 12:50:18,64 ======================

[lupenair]

...a tady je AdwCleaner po restartu PC:

# AdwCleaner 7.0.8.0 - Logfile created on Fri Mar 16 12:30:47 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 10 Pro (X86)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\Conduit
Deleted: [Key] - HKU\S-1-5-21-12593064-3215679268-4102683779-500\Software\Conduit
Deleted: [Key] - HKCU\Software\Conduit


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [11978 B] - [2017/4/2 7:11:5]
C:/AdwCleaner/AdwCleaner[C2].txt - [1695 B] - [2017/6/18 10:10:57]
C:/AdwCleaner/AdwCleaner[C3].txt - [1767 B] - [2017/7/5 17:26:59]
C:/AdwCleaner/AdwCleaner[S0].txt - [11400 B] - [2017/4/2 7:8:33]
C:/AdwCleaner/AdwCleaner[S1].txt - [1871 B] - [2017/6/18 10:8:59]
C:/AdwCleaner/AdwCleaner[S2].txt - [1651 B] - [2017/6/18 11:24:45]
C:/AdwCleaner/AdwCleaner[S3].txt - [2086 B] - [2017/7/5 17:22:49]
C:/AdwCleaner/AdwCleaner[S4].txt - [6598 B] - [2018/3/2 13:32:25]
C:/AdwCleaner/AdwCleaner[S5].txt - [1603 B] - [2018/3/7 13:21:22]
C:/AdwCleaner/AdwCleaner[S6].txt - [1598 B] - [2018/3/9 10:17:14]
C:/AdwCleaner/AdwCleaner[S7].txt - [1780 B] - [2018/3/16 12:1:48]


########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt ##########

[lupenair]

Ještě jeden, možná důležitý poznatek. Při nabíhání Win10, po prvním malém modrém okně naběhne černá obrazovka a vypíše se:
"Partizan is logging Registry aktivity to \SystemRoot\Partizan.log"

a v Partizan.log je toto:

PG1.03
.NET CLR Data -1
.NET CLR Networking -1
.NET CLR Networking 4.0.0.0 -1
.NET Data Provider for Oracle -1
.NET Data Provider for SqlServer -1
.NET Memory Cache 4.0 -1
.NETFramework -1
1394ohci \SystemRoot\System32\drivers\1394ohci.sys 3
3ware System32\drivers\3ware.sys 0
ACPI System32\drivers\ACPI.sys 0
AcpiDev \SystemRoot\System32\drivers\AcpiDev.sys 3
acpiex System32\Drivers\acpiex.sys 0
acpipagr \SystemRoot\System32\drivers\acpipagr.sys 3
AcpiPmi \SystemRoot\System32\drivers\acpipmi.sys 3
acpitime \SystemRoot\System32\drivers\acpitime.sys 3
AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 3
ADOVMPPackage -1
ADP80XX System32\drivers\ADP80XX.SYS 0
adsi -1
AFD \SystemRoot\system32\drivers\afd.sys 1
ahcache system32\DRIVERS\ahcache.sys 1
AJRouter %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p 3
ALG %SystemRoot%\System32\alg.exe 3
AmdK8 \SystemRoot\System32\drivers\amdk8.sys 3
AmdPPM \SystemRoot\System32\drivers\amdppm.sys 3
amdsata System32\drivers\amdsata.sys 0
amdsbs System32\drivers\amdsbs.sys 0
amdxata System32\drivers\amdxata.sys 0
AppHostSvc %windir%\system32\svchost.exe -k apphost 2
AppID system32\drivers\appid.sys 3
AppIDSvc %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p 3
Appinfo %SystemRoot%\system32\svchost.exe -k netsvcs -p 3
applockerfltr system32\drivers\applockerfltr.sys 3
AppMgmt %SystemRoot%\system32\svchost.exe -k netsvcs -p 3
AppReadiness %SystemRoot%\System32\svchost.exe -k AppReadiness -p 3
AppVClient %systemroot%\system32\AppVClient.exe 4
AppvStrm \SystemRoot\system32\drivers\AppvStrm.sys 3
AppvVemgr \SystemRoot\system32\drivers\AppvVemgr.sys 3
AppvVfs \SystemRoot\system32\drivers\AppvVfs.sys 3
AppXSvc %systemroot%\system32\svchost.exe -k wsappx -p 3
arcsas System32\drivers\arcsas.sys 0
ASP.NET -1
ASP.NET_2.0.50727 -1
ASP.NET_4.0.30319 -1
aspnet_state %systemroot%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 4
AssignedAccessManagerSvc %SystemRoot%\system32\svchost.exe -k AssignedAccessManagerSvc 3
aswRdr -1
AsyncMac \SystemRoot\System32\drivers\asyncmac.sys 3
atapi System32\drivers\atapi.sys 0
athur \SystemRoot\System32\drivers\athur.sys 3
AudioEndpointBuilder %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p 2
Audiosrv %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p 2
AxInstSV %SystemRoot%\system32\svchost.exe -k AxInstSVGroup 3
bam system32\drivers\bam.sys 1
BasicDisplay \SystemRoot\System32\drivers\BasicDisplay.sys 1
BasicRender \SystemRoot\System32\drivers\BasicRender.sys 1
BattC -1
bcmfn2 \SystemRoot\System32\drivers\bcmfn2.sys 3
BDESVC %SystemRoot%\System32\svchost.exe -k netsvcs -p 3
Beep -1
BFE %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork -p 2
BITS %SystemRoot%\System32\svchost.exe -k netsvcs -p 3
bowser system32\DRIVERS\bowser.sys 3
BrokerInfrastructure %SystemRoot%\system32\svchost.exe -k DcomLaunch -p 2
Browser %SystemRoot%\System32\svchost.exe -k netsvcs -p 3
BthAvrcpTg \SystemRoot\System32\drivers\BthAvrcpTg.sys 3
BthEnum -1
BthHFEnum \SystemRoot\System32\drivers\bthhfenum.sys 3
bthhfhid \SystemRoot\System32\drivers\BthHFHid.sys 3
BthHFSrv %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation 3
BTHMODEM \SystemRoot\System32\drivers\bthmodem.sys 3
BTHPORT -1
bthserv %SystemRoot%\system32\svchost.exe -k LocalService -p 3
buttonconverter \SystemRoot\System32\drivers\buttonconverter.sys 3
C-DillaCdaC11BA C:\Windows\system32\drivers\CDAC11BA.EXE 2
CAD \SystemRoot\System32\drivers\CAD.sys 3
camsvc %SystemRoot%\system32\svchost.exe -k appmodel -p 3
CapImg \SystemRoot\System32\drivers\capimg.sys 3
CdaC15BA \??\C:\Windows\system32\drivers\CDAC15BA.SYS 2
cdfs system32\DRIVERS\cdfs.sys 4
CDPSvc %SystemRoot%\system32\svchost.exe -k LocalService -p 2
CDPUserSvc %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup 2
cdrom \SystemRoot\System32\drivers\cdrom.sys 1
CertPropSvc %SystemRoot%\system32\svchost.exe -k netsvcs 3
circlass \SystemRoot\System32\drivers\circlass.sys 3
CldFlt system32\drivers\cldflt.sys 2
CLFS System32\drivers\CLFS.sys 0
ClipSVC %SystemRoot%\System32\svchost.exe -k wsappx -p 3
clr_optimization_v2.0.50727_32 -1
clr_optimization_v4.0.30319_32 -1
CmBatt \SystemRoot\System32\drivers\CmBatt.sys 3
CNG System32\Drivers\cng.sys 0
cnghwassist System32\DRIVERS\cnghwassist.sys 4
CompositeBus \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_x86_a83857ceb9491692\CompositeBus.sys 3
COMSysApp %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} 3
condrv System32\drivers\condrv.sys 3
CoreMessagingRegistrar %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork -p 2
CoreUI -1
CPK1HWU -1
CPK2HWU -1
crypt32 -1
CryptSvc %SystemRoot%\system32\svchost.exe -k NetworkService -p 2
CSC system32\drivers\csc.sys 1
CscService %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p 2
dam system32\drivers\dam.sys 1
dbupdate "C:\Program Files\Dropbox\Update\DropboxUpdate.exe" /svc 2
dbupdatem "C:\Program Files\Dropbox\Update\DropboxUpdate.exe" /medsvc 3
DbxSvc C:\WINDOWS\system32\DbxSvc.exe 2
DCLocator -1
DcomLaunch %SystemRoot%\system32\svchost.exe -k DcomLaunch -p 2
defragsvc %SystemRoot%\system32\svchost.exe -k defragsvc 3
DeviceAssociationService %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p 2
DeviceInstall %SystemRoot%\system32\svchost.exe -k DcomLaunch -p 3
DevicesFlowUserSvc %SystemRoot%\system32\svchost.exe -k DevicesFlow 3
DevQueryBroker %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p 3
Dfsc System32\Drivers\dfsc.sys 1
Dhcp %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p 2
diagnosticshub.standardcollector.service %SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe 3
diagsvc %SystemRoot%\System32\svchost.exe -k diagnostics 3
DiagTrack %SystemRoot%\System32\svchost.exe -k utcsvc -p 2
Disk System32\drivers\disk.sys 0
DmEnrollmentSvc %systemroot%\system32\svchost.exe -k netsvcs -p 3
dmvsc \SystemRoot\System32\drivers\dmvsc.sys 3
dmwappushservice %SystemRoot%\system32\svchost.exe -k netsvcs -p 3
Dnscache %SystemRoot%\system32\svchost.exe -k NetworkService -p 2
DoSvc %SystemRoot%\System32\svchost.exe -k NetworkService -p 2
dot3svc %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p 3
dot4 \SystemRoot\system32\DRIVERS\Dot4.sys 3
Dot4Print \SystemRoot\System32\drivers\Dot4Prt.sys 3
dot4usb \SystemRoot\system32\DRIVERS\dot4usb.sys 3
DPS %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork -p 2
drmkaud \SystemRoot\System32\drivers\drmkaud.sys 3
DsmSvc %SystemRoot%\system32\svchost.exe -k netsvcs -p 3
DsSvc %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p 3
DusmSvc %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p 2
DXGKrnl \SystemRoot\System32\drivers\dxgkrnl.sys 3
e1express \SystemRoot\System32\drivers\e1e6032.sys 3
Eaphost %SystemRoot%\System32\svchost.exe -k netsvcs -p 3
EFS %SystemRoot%\System32\lsass.exe 3
EhStorClass System32\drivers\EhStorClass.sys 0
EhStorTcgDrv System32\drivers\EhStorTcgDrv.sys 0
embeddedmode %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p 3
EntAppSvc %systemroot%\system32\svchost.exe -k appmodel -p 3
ErrDev \SystemRoot\System32\drivers\errdev.sys 3
es1371 \SystemRoot\system32\drivers\es1371mp.sys 3
ESENT -1
ESProtectionDriver \??\C:\WINDOWS\system32\drivers\mbae.sys 1
EventLog %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p 2
EventSystem %SystemRoot%\system32\svchost.exe -k LocalService -p 2
exfat -1
fastfat -1
Fax %systemroot%\system32\fxssvc.exe 3
fdc \SystemRoot\System32\drivers\fdc.sys 3
fdPHost %SystemRoot%\system32\svchost.exe -k LocalService -p 3
FDResPub %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation -p 3
fhsvc %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p 3
FileCrypt system32\drivers\filecrypt.sys 1
FileInfo System32\drivers\fileinfo.sys 0
Filetrace system32\drivers\filetrace.sys 3
FlexNet Licensing Service "C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe" 3
flpydisk \SystemRoot\System32\drivers\flpydisk.sys 3
FltMgr system32\drivers\fltmgr.sys 0
FontCache %SystemRoot%\system32\svchost.exe -k LocalService -p 2
FontCache3.0.0.0 %systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 3
FoxitReaderService "C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe" 2
FrameServer %SystemRoot%\System32\svchost.exe -k Camera 3
FsDepends System32\drivers\FsDepends.sys 3
Fs_Rec -1
fvevol System32\DRIVERS\fvevol.sys 0
gencounter \SystemRoot\System32\drivers\vmgencounter.sys 3
genericusbfn \SystemRoot\System32\drivers\genericusbfn.sys 3
GPIO \SystemRoot\System32\drivers\iaiogpio.sys 3
GPIOClx0101 System32\Drivers\msgpioclx.sys 3
gpsvc %systemroot%\system32\svchost.exe -k netsvcs -p 2
GpuEnergyDrv System32\drivers\gpuenergydrv.sys 1
GraphicsPerfSvc %SystemRoot%\System32\svchost.exe -k GraphicsPerfSvcGroup 3
gupdate "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc 2
gupdatem "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc 3
HdAudAddService \SystemRoot\System32\drivers\HdAudio.sys 3
HDAudBus \SystemRoot\System32\drivers\HDAudBus.sys 3
HidBatt \SystemRoot\System32\drivers\HidBatt.sys 3
HidBth \SystemRoot\System32\drivers\hidbth.sys 3
hidi2c \SystemRoot\System32\drivers\hidi2c.sys 3
hidinterrupt \SystemRoot\System32\drivers\hidinterrupt.sys 3
HidIr \SystemRoot\System32\drivers\hidir.sys 3
hidserv %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p 3
HidUsb \SystemRoot\System32\drivers\hidusb.sys 3
HomeGroupListener %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p 3
HomeGroupProvider %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p 3
hpqcxs08 C:\Windows\system32\svchost.exe -k hpdevmgmt 3
hpqddsvc C:\Windows\system32\svchost.exe -k hpdevmgmt 2
HpSAMD System32\drivers\HpSAMD.sys 0
HPSLPSVC C:\Windows\system32\svchost.exe -k HPService 2
HPSupportSolutionsFrameworkService "C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" 2
HTTP system32\drivers\HTTP.sys 3
HWiNFO32 \??\C:\WINDOWS\system32\drivers\HWiNFO32.SYS 1
HwNClx0101 System32\Drivers\mshwnclx.sys 3
hwpolicy System32\drivers\hwpolicy.sys 0
hyperkbd \SystemRoot\System32\drivers\hyperkbd.sys 3
HyperVideo \SystemRoot\System32\drivers\HyperVideo.sys 3
i8042prt \SystemRoot\System32\drivers\i8042prt.sys 3
iagpio \SystemRoot\System32\drivers\iagpio.sys 3
iai2c \SystemRoot\System32\drivers\iai2c.sys 3
iaioi2c \SystemRoot\System32\drivers\iaioi2c.sys 3
iaStorAV System32\drivers\iaStorAV.sys 0
iaStorV System32\drivers\iaStorV.sys 0
icssvc %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p 3
IDriverT "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" 3
idsvc -1
igfx \SystemRoot\system32\DRIVERS\igdkmd32.sys 3
IKEEXT %systemroot%\system32\svchost.exe -k netsvcs -p 3
IndirectKmd \SystemRoot\System32\drivers\IndirectKmd.sys 3
inetaccs -1
InetInfo -1
InstallService %SystemRoot%\System32\svchost.exe -k netsvcs -p 3
IntcAzAudAddService \SystemRoot\system32\drivers\RTKVHDA.sys 3
intelide System32\drivers\intelide.sys 0
intelpep System32\drivers\intelpep.sys 0
intelppm \SystemRoot\System32\drivers\intelppm.sys 3
iorate system32\drivers\iorate.sys 0
IpFilterDriver system32\DRIVERS\ipfltdrv.sys 3
iphlpsvc %SystemRoot%\System32\svchost.exe -k NetSvcs -p 2
IPMIDRV \SystemRoot\System32\drivers\IPMIDrv.sys 3
IPNAT System32\drivers\ipnat.sys 3
IPT \SystemRoot\System32\drivers\ipt.sys 3
IpxlatCfgSvc %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p 3
irda \SystemRoot\system32\drivers\irda.sys 3
IRENUM system32\drivers\irenum.sys 3
irmon %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p 3
isapnp System32\drivers\isapnp.sys 0
iScsiPrt \SystemRoot\System32\drivers\msiscsi.sys 3
iteatapi System32\drivers\iteatapi.sys 0
kbdclass \SystemRoot\System32\drivers\kbdclass.sys 3
kbdhid \SystemRoot\System32\drivers\kbdhid.sys 3
kdnic \SystemRoot\System32\drivers\kdnic.sys 3
KeyIso %SystemRoot%\system32\lsass.exe 3
KSecDD System32\Drivers\ksecdd.sys 0
KSecPkg System32\Drivers\ksecpkg.sys 0
KtmRm %SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation -p 3
LanmanServer %SystemRoot%\system32\svchost.exe -k netsvcs -p 2
LanmanWorkstation %SystemRoot%\System32\svchost.exe -k NetworkService -p 2
ldap -1
lfsvc %SystemRoot%\system32\svchost.exe -k netsvcs -p 3
libusbK \SystemRoot\System32\drivers\libusbK.sys 3
LicenseManager %SystemRoot%\System32\svchost.exe -k LocalService -p 3
lltdio system32\drivers\lltdio.sys 2
lltdsvc %SystemRoot%\System32\svchost.exe -k LocalService -p 3
lmhosts %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p 3
Lsa -1
LSI_SAS System32\drivers\lsi_sas.sys 0
LSI_SAS2i System32\drivers\lsi_sas2i.sys 0
LSI_SAS3i System32\drivers\lsi_sas3i.sys 0
LSI_SSS System32\drivers\lsi_sss.sys 0
LSM %SystemRoot%\system32\svchost.exe -k DcomLaunch -p 2
luafv \SystemRoot\system32\drivers\luafv.sys 2
MapsBroker %SystemRoot%\System32\svchost.exe -k NetworkService -p 2
mausbhost \SystemRoot\System32\drivers\mausbhost.sys 3
mausbip \SystemRoot\System32\drivers\mausbip.sys 3
MBAMChameleon \SystemRoot\System32\Drivers\MbamChameleon.sys 2
MBAMFarflt system32\DRIVERS\farflt.sys 3
MBAMProtection \SystemRoot\system32\DRIVERS\mbam.sys 3
MBAMService "C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe" 2
MBAMSwissArmy \SystemRoot\System32\Drivers\mbamswissarmy.sys 3
MBAMWebProtection \SystemRoot\system32\DRIVERS\mwac.sys 3
megasas System32\drivers\megasas.sys 0
megasas2i System32\drivers\MegaSas2i.sys 0
megasr System32\drivers\megasr.sys 0
MessagingService %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup 3
Microsoft Office Groove Audit Service "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe" 3
MMCSS \SystemRoot\system32\drivers\mmcss.sys 2
Modem system32\drivers\modem.sys 3
monitor \SystemRoot\System32\drivers\monitor.sys 3
mouclass \SystemRoot\System32\drivers\mouclass.sys 3
mouhid \SystemRoot\System32\drivers\mouhid.sys 3
mountmgr System32\drivers\mountmgr.sys 0
mpsdrv System32\drivers\mpsdrv.sys 3
MpsSvc %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork -p 2
MQAC system32\drivers\mqac.sys 3
MRxDAV \SystemRoot\system32\drivers\mrxdav.sys 3
mrxsmb system32\DRIVERS\mrxsmb.sys 3
mrxsmb10 system32\DRIVERS\mrxsmb10.sys 2
mrxsmb20 system32\DRIVERS\mrxsmb20.sys 3
MsBridge System32\drivers\bridge.sys 3
MSDTC %SystemRoot%\System32\msdtc.exe 3
MSDTC Bridge 3.0.0.0 -1
MSDTC Bridge 4.0.0.0 -1
Msfs -1
msgpiowin32 \SystemRoot\System32\drivers\msgpiowin32.sys 3
mshidkmdf \SystemRoot\System32\drivers\mshidkmdf.sys 3
mshidumdf \SystemRoot\System32\drivers\mshidumdf.sys 3
msisadrv System32\drivers\msisadrv.sys 0
MSiSCSI %systemroot%\system32\svchost.exe -k netsvcs -p 3
msiserver %systemroot%\system32\msiexec.exe /V 3
MSKSSRV \SystemRoot\System32\drivers\MSKSSRV.sys 3
MsLldp system32\drivers\mslldp.sys 2
MSMQ %systemroot%\system32\mqsvc.exe 2
MSPCLOCK \SystemRoot\System32\drivers\MSPCLOCK.sys 3
MSPQM \SystemRoot\System32\drivers\MSPQM.sys 3
MsRPC -1
MSSCNTRS -1
MsSecFlt system32\drivers\mssecflt.sys 0
mssmbios \SystemRoot\System32\drivers\mssmbios.sys 1
MSTEE \SystemRoot\System32\drivers\MSTEE.sys 3
MTConfig \SystemRoot\System32\drivers\MTConfig.sys 3
MTsensor \SystemRoot\system32\DRIVERS\ASACPI.sys 3
Mup System32\Drivers\mup.sys 0
mvumis System32\drivers\mvumis.sys 0
napagent -1
NativeWifiP system32\DRIVERS\nwifi.sys 3
NaturalAuthentication %SystemRoot%\system32\svchost.exe -k netsvcs -p 3
NcaSvc %SystemRoot%\System32\svchost.exe -k NetSvcs -p 3
NcbService %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p 3
NcdAutoSetup %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork -p 3
NDIS system32\drivers\ndis.sys 0
NdisCap System32\drivers\ndiscap.sys 3
NdisImPlatform System32\drivers\NdisImPlatform.sys 3
NdisTapi System32\DRIVERS\ndistapi.sys 3
Ndisuio system32\drivers\ndisuio.sys 3
NdisVirtualBus \SystemRoot\System32\drivers\NdisVirtualBus.sys 3
NdisWan \SystemRoot\System32\drivers\ndiswan.sys 3
ndiswanlegacy System32\DRIVERS\ndiswan.sys 3
ndproxy System32\DRIVERS\NDProxy.sys 3
Ndu system32\drivers\Ndu.sys 2
Net Driver HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 2
NetAdapterCx system32\drivers\NetAdapterCx.sys 3
NetBIOS system32\drivers\netbios.sys 1
NetbiosSmb -1
NetBT System32\DRIVERS\netbt.sys 1
Netlogon %systemroot%\system32\lsass.exe 3
Netman %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p 3
NetMsmqActivator "%systemroot%\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator 2
NetPipeActivator %systemroot%\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 2
netprofm %SystemRoot%\System32\svchost.exe -k LocalService -p 3
netr28u \SystemRoot\System32\drivers\netr28u.sys 3
NetSetupSvc %SystemRoot%\System32\svchost.exe -k netsvcs -p 3
NetTcpActivator %systemroot%\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 2
NetTcpPortSharing %systemroot%\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 3
netvsc \SystemRoot\System32\drivers\netvsc.sys 3
netvscvfpp -1
NgcCtnrSvc %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p 3
NgcSvc %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p 3
NlaSvc %SystemRoot%\System32\svchost.exe -k NetworkService -p 2
Npfs -1
npsvctrig \SystemRoot\System32\drivers\npsvctrig.sys 1
nsi %systemroot%\system32\svchost.exe -k LocalService -p 2
nsiproxy system32\drivers\nsiproxy.sys 1
NTDS -1
NTFS -1
Null -1
nvraid System32\drivers\nvraid.sys 0
nvstor System32\drivers\nvstor.sys 0
odserv "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" 3
OneSyncSvc %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup 2
ose "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" 3
osrss %systemroot%\system32\svchost.exe -k osrss 2
Outlook -1
p2pimsvc %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet 3
p2psvc %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet 3
Parport \SystemRoot\System32\drivers\parport.sys 3
Partizan system32\drivers\Partizan.sys 3
partmgr System32\drivers\partmgr.sys 0
Parvdm \SystemRoot\System32\drivers\parvdm.sys 2
PcaSvc %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p 3
pci System32\drivers\pci.sys 0
pciide System32\drivers\pciide.sys 0
pcmcia System32\drivers\pcmcia.sys 0
pcw System32\drivers\pcw.sys 0
pdc system32\drivers\pdc.sys 0
PEAuth system32\drivers\peauth.sys 2
PeerDistSvc %SystemRoot%\System32\svchost.exe -k PeerDist 3
percsas2i System32\drivers\percsas2i.sys 0
percsas3i System32\drivers\percsas3i.sys 0
PerfDisk -1
PerfNet -1
PerfOS -1
PerfProc -1
PhoneSvc %SystemRoot%\system32\svchost.exe -k LocalService -p 3
PimIndexMaintenanceSvc %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup 3
pla %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork -p 3
PlugPlay %SystemRoot%\system32\svchost.exe -k DcomLaunch -p 3
Pml Driver HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 2
pneteth \SystemRoot\System32\drivers\pneteth.sys 3
PNPMEM \SystemRoot\System32\drivers\pnpmem.sys 3
PNRPAutoReg %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet 3
PNRPsvc %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet 3
PolicyAgent %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted -p 3
PortProxy -1
Power %SystemRoot%\system32\svchost.exe -k DcomLaunch -p 2
PptpMiniport \SystemRoot\System32\drivers\raspptp.sys 3
PrintNotify %SystemRoot%\system32\svchost.exe -k print 3
PrintWorkflowUserSvc %SystemRoot%\system32\svchost.exe -k PrintWorkflow 3
Processor \SystemRoot\System32\drivers\processr.sys 3
ProfSvc %systemroot%\system32\svchost.exe -k netsvcs -p 2
Psched System32\drivers\pacer.sys 1
PushToInstall %SystemRoot%\System32\svchost.exe -k netsvcs -p 3
QWAVE %windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation -p 3
QWAVEdrv \SystemRoot\system32\drivers\qwavedrv.sys 3
Ramdisk system32\DRIVERS\ramdisk.sys 0
RasAcd System32\DRIVERS\rasacd.sys 3
RasAgileVpn \SystemRoot\System32\drivers\AgileVpn.sys 3
RasAuto %SystemRoot%\System32\svchost.exe -k netsvcs -p 3
Rasl2tp \SystemRoot\System32\drivers\rasl2tp.sys 3
RasMan %SystemRoot%\System32\svchost.exe -k netsvcs 2
RasPppoe System32\DRIVERS\raspppoe.sys 3
RasSstp \SystemRoot\System32\drivers\rassstp.sys 3
rdbss system32\DRIVERS\rdbss.sys 1
RDMANDK -1
rdpbus \SystemRoot\System32\drivers\rdpbus.sys 3
RDPDR System32\drivers\rdpdr.sys 3
RDPNP -1
RDPUDD -1
RdpVideoMiniport System32\drivers\rdpvideominiport.sys 3
rdyboost System32\drivers\rdyboost.sys 0
RemoteAccess %SystemRoot%\System32\svchost.exe -k netsvcs 4
RemoteRegistry %SystemRoot%\system32\svchost.exe -k localService -p 4
RetailDemo %SystemRoot%\System32\svchost.exe -k rdxgroup 3
rhproxy \SystemRoot\System32\drivers\rhproxy.sys 3
RmSvc %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted 3
RpcEptMapper %SystemRoot%\system32\svchost.exe -k RPCSS -p 2
RpcLocator %SystemRoot%\system32\locator.exe 3
RpcSs %SystemRoot%\system32\svchost.exe -k rpcss -p 2
rspndr system32\drivers\rspndr.sys 2
s3cap \SystemRoot\System32\drivers\vms3cap.sys 3
SamSs %SystemRoot%\system32\lsass.exe 2
sbp2port System32\drivers\sbp2port.sys 0
SCardSvr %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation 4
SCDEmu -1
ScDeviceEnum %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted 3
scfilter System32\DRIVERS\scfilter.sys 3
Schedule %systemroot%\system32\svchost.exe -k netsvcs -p 2
SCPolicySvc %SystemRoot%\system32\svchost.exe -k netsvcs 3
sdbus \SystemRoot\System32\drivers\sdbus.sys 3
SDRSVC %SystemRoot%\system32\svchost.exe -k SDRSVC 3
sdstor \SystemRoot\System32\drivers\sdstor.sys 3
seclogon %windir%\system32\svchost.exe -k netsvcs -p 3
SecurityHealthService %SystemRoot%\system32\SecurityHealthService.exe 2
SEMgrSvc %SystemRoot%\system32\svchost.exe -k LocalService -p 3
SENS %SystemRoot%\system32\svchost.exe -k netsvcs -p 2
Sense "%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe" 3
SensorDataService %SystemRoot%\System32\SensorDataService.exe 3
SensorService %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p 3
SensrSvc %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation -p 3
Ser2plx86 \SystemRoot\system32\DRIVERS\ser2pl.sys 3
SerCx system32\drivers\SerCx.sys 3
SerCx2 system32\drivers\SerCx2.sys 3
Serenum \SystemRoot\System32\drivers\serenum.sys 3
Serial \SystemRoot\System32\drivers\serial.sys 3
sermouse \SystemRoot\System32\drivers\sermouse.sys 3
ServiceModelEndpoint 3.0.0.0 -1
ServiceModelOperation 3.0.0.0 -1
ServiceModelService 3.0.0.0 -1
SessionEnv %SystemRoot%\System32\svchost.exe -k netsvcs -p 3
Sffp_Mmc -1
Sffp_Sd -1
sfloppy \SystemRoot\System32\drivers\sfloppy.sys 3
SharedAccess %SystemRoot%\System32\svchost.exe -k netsvcs -p 3
SharedRealitySvc %SystemRoot%\system32\svchost.exe -k LocalService -p 3
ShellHWDetection %SystemRoot%\System32\svchost.exe -k netsvcs -p 2
shpamsvc %SystemRoot%\System32\svchost.exe -k netsvcs -p 4
silabenm \SystemRoot\System32\drivers\silabenm.sys 3
silabser \SystemRoot\system32\DRIVERS\silabser.sys 3
SiSRaid2 System32\drivers\SiSRaid2.sys 0
SiSRaid4 System32\drivers\sisraid4.sys 0
smphost %SystemRoot%\System32\svchost.exe -k smphost 3
SmsRouter %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p 3
SMSvcHost 3.0.0.0 -1
SMSvcHost 4.0.0.0 -1
SNMP -1
SNMPTRAP %SystemRoot%\System32\snmptrap.exe 3
spaceport System32\drivers\spaceport.sys 0
SpbCx system32\drivers\SpbCx.sys 3
spectrum %systemroot%\system32\spectrum.exe 3
Spooler %SystemRoot%\System32\spoolsv.exe 2
sppsvc %SystemRoot%\system32\sppsvc.exe 2
SpyRemoverService "C:\Program Files\Support King LLC\SpyRemover Pro\Service\SpyRemoverService.exe" 2
srv System32\DRIVERS\srv.sys 2
srv2 System32\DRIVERS\srv2.sys 3
srvnet System32\DRIVERS\srvnet.sys 3
SSDPSRV %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation -p 3
SstpSvc %SystemRoot%\system32\svchost.exe -k LocalService -p 3
StateRepository %SystemRoot%\system32\svchost.exe -k appmodel -p 3
stexstor System32\drivers\stexstor.sys 0
StiSvc %SystemRoot%\system32\svchost.exe -k imgsvc 2
storahci System32\drivers\storahci.sys 0
storflt System32\drivers\vmstorfl.sys 0
stornvme System32\drivers\stornvme.sys 0
storqosflt system32\drivers\storqosflt.sys 2
StorSvc %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p 3
storufs System32\drivers\storufs.sys 0
storvsc System32\drivers\storvsc.sys 0
STTub30 \SystemRoot\System32\Drivers\STTub30.sys 3
svsvc %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p 3
swenum \SystemRoot\System32\drivers\swenum.sys 3
swprv %SystemRoot%\System32\svchost.exe -k swprv 3
Synth3dVsc \SystemRoot\System32\drivers\Synth3dVsc.sys 3
SysMain %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p 2
SystemEventsBroker %SystemRoot%\system32\svchost.exe -k DcomLaunch -p 2
TabletInputService %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p 3
TapiSrv %SystemRoot%\System32\svchost.exe -k NetworkService -p 3
Tcpip System32\drivers\tcpip.sys 0
Tcpip6 System32\drivers\tcpip.sys 3
TCPIP6TUNNEL -1
tcpipreg System32\drivers\tcpipreg.sys 2
TCPIPTUNNEL -1
tdx \SystemRoot\system32\DRIVERS\tdx.sys 1
TeamViewer "C:\Program Files\TeamViewer\TeamViewer_Service.exe" 2
terminpt \SystemRoot\System32\drivers\terminpt.sys 3
TermService %SystemRoot%\System32\svchost.exe -k NetworkService 3
Themes %SystemRoot%\System32\svchost.exe -k netsvcs -p 2
TieringEngineService %SystemRoot%\system32\TieringEngineService.exe 3
tiledatamodelsvc %systemroot%\system32\svchost.exe -k appmodel -p 3
TimeBrokerSvc %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p 3
TokenBroker %SystemRoot%\system32\svchost.exe -k netsvcs -p 3
TPM \SystemRoot\System32\drivers\tpm.sys 3
TrkWks %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p 2
TrustedInstaller %SystemRoot%\servicing\TrustedInstaller.exe 3
TSDDD -1
TsUsbFlt system32\drivers\tsusbflt.sys 3
TsUsbGD \SystemRoot\System32\drivers\TsUsbGD.sys 3
tsusbhub system32\drivers\tsusbhub.sys 3
tunnel \SystemRoot\System32\drivers\tunnel.sys 3
tzautoupdate %SystemRoot%\system32\svchost.exe -k LocalService -p 4
UASPStor \SystemRoot\System32\drivers\uaspstor.sys 3
UcmCx0101 System32\Drivers\UcmCx.sys 3
UcmTcpciCx0101 System32\Drivers\UcmTcpciCx.sys 3
UcmUcsi \SystemRoot\System32\drivers\UcmUcsi.sys 3
Ucx01000 system32\drivers\ucx01000.sys 3
UdeCx system32\drivers\udecx.sys 3
udfs system32\DRIVERS\udfs.sys 4
UEFI \SystemRoot\System32\drivers\UEFI.sys 3
UevAgentDriver \SystemRoot\system32\drivers\UevAgentDriver.sys 4
UevAgentService %systemroot%\system32\AgentService.exe 4
Ufx01000 system32\drivers\ufx01000.sys 3
UfxChipidea \SystemRoot\System32\drivers\UfxChipidea.sys 3
ufxsynopsys \SystemRoot\System32\drivers\ufxsynopsys.sys 3
UGatherer -1
UGTHRSVC -1
UI0Detect %SystemRoot%\system32\UI0Detect.exe 3
umbus \SystemRoot\System32\drivers\umbus.sys 3
UmPass \SystemRoot\System32\drivers\umpass.sys 3
UmRdpService %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p 3
UnistoreSvc %SystemRoot%\System32\svchost.exe -k UnistackSvcGroup 3
upnphost %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation -p 3
UrsChipidea \SystemRoot\System32\drivers\urschipidea.sys 3
UrsCx01000 system32\drivers\urscx01000.sys 3
UrsSynopsys \SystemRoot\System32\drivers\urssynopsys.sys 3
usbaudio \SystemRoot\system32\drivers\usbaudio.sys 3
usbccgp \SystemRoot\System32\drivers\usbccgp.sys 3
usbcir \SystemRoot\System32\drivers\usbcir.sys 3
usbehci \SystemRoot\System32\drivers\usbehci.sys 3
usbhub \SystemRoot\System32\drivers\usbhub.sys 3
USBHUB3 \SystemRoot\System32\drivers\UsbHub3.sys 3
usbohci \SystemRoot\System32\drivers\usbohci.sys 3
usbprint \SystemRoot\System32\drivers\usbprint.sys 3
usbscan \SystemRoot\system32\DRIVERS\usbscan.sys 3
usbser \SystemRoot\System32\drivers\usbser.sys 3
USBSTOR \SystemRoot\System32\drivers\USBSTOR.SYS 3
usbuhci \SystemRoot\System32\drivers\usbuhci.sys 3
USBXHCI \SystemRoot\System32\drivers\USBXHCI.SYS 3
UserDataSvc %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup 3
UserManager %SystemRoot%\system32\svchost.exe -k netsvcs -p 2
UsoSvc %systemroot%\system32\svchost.exe -k netsvcs 3
VaultSvc %SystemRoot%\system32\lsass.exe 3
vdrvroot System32\drivers\vdrvroot.sys 0
vds %SystemRoot%\System32\vds.exe 3
VerifierExt system32\drivers\VerifierExt.sys 3
vhdmp \SystemRoot\System32\drivers\vhdmp.sys 3
vhf \SystemRoot\System32\drivers\vhf.sys 3
ViaC7 \SystemRoot\System32\drivers\viac7.sys 3
vjoy \SystemRoot\System32\drivers\vjoy.sys 3
vmbus System32\drivers\vmbus.sys 0
VMBusHID \SystemRoot\System32\drivers\VMBusHID.sys 3
vmgid \SystemRoot\System32\drivers\vmgid.sys 3
vmicguestinterface %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p 3
vmicheartbeat %systemroot%\system32\svchost.exe -k ICService -p 3
vmickvpexchange %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p 3
vmicrdv %systemroot%\system32\svchost.exe -k ICService -p 3
vmicshutdown %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p 3
vmictimesync %systemroot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p 3
vmicvmsession %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p 3
vmicvss %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p 3
volmgr System32\drivers\volmgr.sys 0
volmgrx System32\drivers\volmgrx.sys 0
volsnap System32\drivers\volsnap.sys 0
volume System32\drivers\volume.sys 0
VSBC \SystemRoot\System32\drivers\evsbc.sys 3
vsmraid System32\drivers\vsmraid.sys 0
VSS %systemroot%\system32\vssvc.exe 3
VSTXRAID System32\drivers\vstxraid.sys 0
vwifibus \SystemRoot\System32\drivers\vwifibus.sys 3
vwififlt System32\drivers\vwififlt.sys 1
vwifimp \SystemRoot\System32\drivers\vwifimp.sys 3
W32Time %SystemRoot%\system32\svchost.exe -k LocalService 3
w3logsvc %windir%\system32\svchost.exe -k apphost 3
W3SVC %windir%\system32\svchost.exe -k iissvcs 2
WacomPen \SystemRoot\System32\drivers\wacompen.sys 3
WalletService %SystemRoot%\System32\svchost.exe -k appmodel -p 3
wanarp System32\DRIVERS\wanarp.sys 2
wanarpv6 System32\DRIVERS\wanarp.sys 3
WarpJITSvc %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted 3
WAS %windir%\system32\svchost.exe -k iissvcs 3
wbengine "%systemroot%\system32\wbengine.exe" 3
WbioSrvc %SystemRoot%\system32\svchost.exe -k WbioSvcGroup 3
wcifs \SystemRoot\system32\drivers\wcifs.sys 2
Wcmsvc %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p 2
wcncsvc %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation -p 3
wcnfs \SystemRoot\system32\drivers\wcnfs.sys 3
WdBoot system32\drivers\wd\WdBoot.sys 0
WDC_SAM \SystemRoot\System32\drivers\wdcsam.sys 3
Wdf01000 system32\drivers\Wdf01000.sys 0
WdFilter system32\drivers\wd\WdFilter.sys 0
WdiServiceHost %SystemRoot%\System32\svchost.exe -k LocalService -p 3
WdiSystemHost %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p 3
wdiwifi system32\DRIVERS\wdiwifi.sys 3
wdm_usb \SystemRoot\system32\DRIVERS\usb2ser.sys 3
WdNisDrv system32\drivers\wd\WdNisDrv.sys 3
WdNisSvc "%ProgramData%\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe" 3
wdnsfltr system32\drivers\wdnsfltr.sys 3
WebClient %SystemRoot%\system32\svchost.exe -k LocalService -p 3
Wecsvc %SystemRoot%\system32\svchost.exe -k NetworkService -p 3
WEPHOSTSVC %systemroot%\system32\svchost.exe -k WepHostSvcGroup 3
wercplsupport %SystemRoot%\System32\svchost.exe -k netsvcs -p 3
WerSvc %SystemRoot%\System32\svchost.exe -k WerSvcGroup 3
WFDSConMgrSvc %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p 3
WFPLWFS System32\drivers\wfplwfs.sys 0
WiaRpc %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p 3
WIMMount system32\drivers\wimmount.sys 3
WinDefend "C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe" 2
Windows Workflow Foundation 3.0.0.0 -1
Windows Workflow Foundation 4.0.0.0 -1
WindowsTrustedRT system32\drivers\WindowsTrustedRT.sys 0
WindowsTrustedRTProxy System32\drivers\WindowsTrustedRTProxy.sys 0
WinHttpAutoProxySvc %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p 3
winmgmt %systemroot%\system32\svchost.exe -k netsvcs -p 2
WinNat system32\drivers\winnat.sys 3
WinRM %SystemRoot%\System32\svchost.exe -k NetworkService -p 3
Winsock -1
WinSock2 -1
WINUSB \SystemRoot\System32\drivers\WinUSB.SYS 3
wisvc %systemroot%\system32\svchost.exe -k netsvcs -p 3
Wlansvc %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p 2
wlidsvc %SystemRoot%\system32\svchost.exe -k netsvcs -p 3
wlpasvc %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p 3
WmiAcpi \SystemRoot\System32\drivers\wmiacpi.sys 3
WmiApRpl -1
wmiApSrv %systemroot%\system32\wbem\WmiApSrv.exe 3
WMPNetworkSvc "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" 3
Wof -1
workerdd -1
workfolderssvc %SystemRoot%\System32\svchost.exe -k LocalService -p 3
WPDBusEnum %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p 3
WpdUpFltr System32\drivers\WpdUpFltr.sys 3
WpnService %systemroot%\system32\svchost.exe -k netsvcs -p 2
WpnUserService %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup 2
ws2ifsl \SystemRoot\system32\drivers\ws2ifsl.sys 4
wscsvc %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p 2
WSearch %systemroot%\system32\SearchIndexer.exe /Embedding 2
WSearchIdxPi -1
wuauserv %systemroot%\system32\svchost.exe -k netsvcs 3
WudfPf system32\drivers\WudfPf.sys 3
WUDFRd \SystemRoot\System32\drivers\WUDFRd.sys 3
WUDFWpdFs \SystemRoot\system32\DRIVERS\WUDFRd.sys 3
WUDFWpdMtp \SystemRoot\system32\DRIVERS\WUDFRd.sys 3
WwanSvc %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork -p 3
xbgm %SystemRoot%\system32\xbgmsvc.exe 3
XblAuthManager %SystemRoot%\system32\svchost.exe -k netsvcs -p 3
XblGameSave %SystemRoot%\system32\svchost.exe -k netsvcs -p 3
xboxgip \SystemRoot\System32\drivers\xboxgip.sys 3
XboxGipSvc %SystemRoot%\system32\svchost.exe -k netsvcs -p 3
XboxNetApiSvc %SystemRoot%\system32\svchost.exe -k netsvcs -p 3
xinputhid \SystemRoot\System32\drivers\xinputhid.sys 3
xmlprov -1
ZAM_Guard \??\C:\Windows\System32\drivers\zamguard32.sys 1

[lupenair]

Ještě jeden, možná důležitý poznatek. Při nabíhání Win10, po prvním malém modrém okně naběhne černá obrazovka a vypíše se:
"Partizan is logging Registry aktivity to \SystemRoot\Partizan.log"

a v Partizan.log je toto:

PG1.03
.NET CLR Data -1
.NET CLR Networking -1
.NET CLR Networking 4.0.0.0 -1
.NET Data Provider for Oracle -1
.NET Data Provider for SqlServer -1
.NET Memory Cache 4.0 -1
.NETFramework -1
1394ohci \SystemRoot\System32\drivers\1394ohci.sys 3
3ware System32\drivers\3ware.sys 0
ACPI System32\drivers\ACPI.sys 0
AcpiDev \SystemRoot\System32\drivers\AcpiDev.sys 3
acpiex System32\Drivers\acpiex.sys 0
acpipagr \SystemRoot\System32\drivers\acpipagr.sys 3
AcpiPmi \SystemRoot\System32\drivers\acpipmi.sys 3
acpitime \SystemRoot\System32\drivers\acpitime.sys 3
AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 3
ADOVMPPackage -1
ADP80XX System32\drivers\ADP80XX.SYS 0
adsi -1
AFD \SystemRoot\system32\drivers\afd.sys 1
ahcache system32\DRIVERS\ahcache.sys 1
AJRouter %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p 3
ALG %SystemRoot%\System32\alg.exe 3
AmdK8 \SystemRoot\System32\drivers\amdk8.sys 3
AmdPPM \SystemRoot\System32\drivers\amdppm.sys 3
amdsata System32\drivers\amdsata.sys 0
amdsbs System32\drivers\amdsbs.sys 0
amdxata System32\drivers\amdxata.sys 0
AppHostSvc %windir%\system32\svchost.exe -k apphost 2
AppID system32\drivers\appid.sys 3
AppIDSvc %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p 3
Appinfo %SystemRoot%\system32\svchost.exe -k netsvcs -p 3
applockerfltr system32\drivers\applockerfltr.sys 3
AppMgmt %SystemRoot%\system32\svchost.exe -k netsvcs -p 3
AppReadiness %SystemRoot%\System32\svchost.exe -k AppReadiness -p 3
AppVClient %systemroot%\system32\AppVClient.exe 4
AppvStrm \SystemRoot\system32\drivers\AppvStrm.sys 3
AppvVemgr \SystemRoot\system32\drivers\AppvVemgr.sys 3
AppvVfs \SystemRoot\system32\drivers\AppvVfs.sys 3
AppXSvc %systemroot%\system32\svchost.exe -k wsappx -p 3
arcsas System32\drivers\arcsas.sys 0
ASP.NET -1
ASP.NET_2.0.50727 -1
ASP.NET_4.0.30319 -1
aspnet_state %systemroot%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 4
AssignedAccessManagerSvc %SystemRoot%\system32\svchost.exe -k AssignedAccessManagerSvc 3
aswRdr -1
AsyncMac \SystemRoot\System32\drivers\asyncmac.sys 3
atapi System32\drivers\atapi.sys 0
athur \SystemRoot\System32\drivers\athur.sys 3
AudioEndpointBuilder %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p 2
Audiosrv %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p 2
AxInstSV %SystemRoot%\system32\svchost.exe -k AxInstSVGroup 3
bam system32\drivers\bam.sys 1
BasicDisplay \SystemRoot\System32\drivers\BasicDisplay.sys 1
BasicRender \SystemRoot\System32\drivers\BasicRender.sys 1
BattC -1
bcmfn2 \SystemRoot\System32\drivers\bcmfn2.sys 3
BDESVC %SystemRoot%\System32\svchost.exe -k netsvcs -p 3
Beep -1
BFE %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork -p 2
BITS %SystemRoot%\System32\svchost.exe -k netsvcs -p 3
bowser system32\DRIVERS\bowser.sys 3
BrokerInfrastructure %SystemRoot%\system32\svchost.exe -k DcomLaunch -p 2
Browser %SystemRoot%\System32\svchost.exe -k netsvcs -p 3
BthAvrcpTg \SystemRoot\System32\drivers\BthAvrcpTg.sys 3
BthEnum -1
BthHFEnum \SystemRoot\System32\drivers\bthhfenum.sys 3
bthhfhid \SystemRoot\System32\drivers\BthHFHid.sys 3
BthHFSrv %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation 3
BTHMODEM \SystemRoot\System32\drivers\bthmodem.sys 3
BTHPORT -1
bthserv %SystemRoot%\system32\svchost.exe -k LocalService -p 3
buttonconverter \SystemRoot\System32\drivers\buttonconverter.sys 3
C-DillaCdaC11BA C:\Windows\system32\drivers\CDAC11BA.EXE 2
CAD \SystemRoot\System32\drivers\CAD.sys 3
camsvc %SystemRoot%\system32\svchost.exe -k appmodel -p 3
CapImg \SystemRoot\System32\drivers\capimg.sys 3
CdaC15BA \??\C:\Windows\system32\drivers\CDAC15BA.SYS 2
cdfs system32\DRIVERS\cdfs.sys 4
CDPSvc %SystemRoot%\system32\svchost.exe -k LocalService -p 2
CDPUserSvc %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup 2
cdrom \SystemRoot\System32\drivers\cdrom.sys 1
CertPropSvc %SystemRoot%\system32\svchost.exe -k netsvcs 3
circlass \SystemRoot\System32\drivers\circlass.sys 3
CldFlt system32\drivers\cldflt.sys 2
CLFS System32\drivers\CLFS.sys 0
ClipSVC %SystemRoot%\System32\svchost.exe -k wsappx -p 3
clr_optimization_v2.0.50727_32 -1
clr_optimization_v4.0.30319_32 -1
CmBatt \SystemRoot\System32\drivers\CmBatt.sys 3
CNG System32\Drivers\cng.sys 0
cnghwassist System32\DRIVERS\cnghwassist.sys 4
CompositeBus \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_x86_a83857ceb9491692\CompositeBus.sys 3
COMSysApp %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} 3
condrv System32\drivers\condrv.sys 3
CoreMessagingRegistrar %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork -p 2
CoreUI -1
CPK1HWU -1
CPK2HWU -1
crypt32 -1
CryptSvc %SystemRoot%\system32\svchost.exe -k NetworkService -p 2
CSC system32\drivers\csc.sys 1
CscService %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p 2
dam system32\drivers\dam.sys 1
dbupdate "C:\Program Files\Dropbox\Update\DropboxUpdate.exe" /svc 2
dbupdatem "C:\Program Files\Dropbox\Update\DropboxUpdate.exe" /medsvc 3
DbxSvc C:\WINDOWS\system32\DbxSvc.exe 2
DCLocator -1
DcomLaunch %SystemRoot%\system32\svchost.exe -k DcomLaunch -p 2
defragsvc %SystemRoot%\system32\svchost.exe -k defragsvc 3
DeviceAssociationService %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p 2
DeviceInstall %SystemRoot%\system32\svchost.exe -k DcomLaunch -p 3
DevicesFlowUserSvc %SystemRoot%\system32\svchost.exe -k DevicesFlow 3
DevQueryBroker %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p 3
Dfsc System32\Drivers\dfsc.sys 1
Dhcp %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p 2
diagnosticshub.standardcollector.service %SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe 3
diagsvc %SystemRoot%\System32\svchost.exe -k diagnostics 3
DiagTrack %SystemRoot%\System32\svchost.exe -k utcsvc -p 2
Disk System32\drivers\disk.sys 0
DmEnrollmentSvc %systemroot%\system32\svchost.exe -k netsvcs -p 3
dmvsc \SystemRoot\System32\drivers\dmvsc.sys 3
dmwappushservice %SystemRoot%\system32\svchost.exe -k netsvcs -p 3
Dnscache %SystemRoot%\system32\svchost.exe -k NetworkService -p 2
DoSvc %SystemRoot%\System32\svchost.exe -k NetworkService -p 2
dot3svc %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p 3
dot4 \SystemRoot\system32\DRIVERS\Dot4.sys 3
Dot4Print \SystemRoot\System32\drivers\Dot4Prt.sys 3
dot4usb \SystemRoot\system32\DRIVERS\dot4usb.sys 3
DPS %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork -p 2
drmkaud \SystemRoot\System32\drivers\drmkaud.sys 3
DsmSvc %SystemRoot%\system32\svchost.exe -k netsvcs -p 3
DsSvc %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p 3
DusmSvc %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p 2
DXGKrnl \SystemRoot\System32\drivers\dxgkrnl.sys 3
e1express \SystemRoot\System32\drivers\e1e6032.sys 3
Eaphost %SystemRoot%\System32\svchost.exe -k netsvcs -p 3
EFS %SystemRoot%\System32\lsass.exe 3
EhStorClass System32\drivers\EhStorClass.sys 0
EhStorTcgDrv System32\drivers\EhStorTcgDrv.sys 0
embeddedmode %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p 3
EntAppSvc %systemroot%\system32\svchost.exe -k appmodel -p 3
ErrDev \SystemRoot\System32\drivers\errdev.sys 3
es1371 \SystemRoot\system32\drivers\es1371mp.sys 3
ESENT -1
ESProtectionDriver \??\C:\WINDOWS\system32\drivers\mbae.sys 1
EventLog %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p 2
EventSystem %SystemRoot%\system32\svchost.exe -k LocalService -p 2
exfat -1
fastfat -1
Fax %systemroot%\system32\fxssvc.exe 3
fdc \SystemRoot\System32\drivers\fdc.sys 3
fdPHost %SystemRoot%\system32\svchost.exe -k LocalService -p 3
FDResPub %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation -p 3
fhsvc %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p 3
FileCrypt system32\drivers\filecrypt.sys 1
FileInfo System32\drivers\fileinfo.sys 0
Filetrace system32\drivers\filetrace.sys 3
FlexNet Licensing Service "C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe" 3
flpydisk \SystemRoot\System32\drivers\flpydisk.sys 3
FltMgr system32\drivers\fltmgr.sys 0
FontCache %SystemRoot%\system32\svchost.exe -k LocalService -p 2
FontCache3.0.0.0 %systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 3
FoxitReaderService "C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe" 2
FrameServer %SystemRoot%\System32\svchost.exe -k Camera 3
FsDepends System32\drivers\FsDepends.sys 3
Fs_Rec -1
fvevol System32\DRIVERS\fvevol.sys 0
gencounter \SystemRoot\System32\drivers\vmgencounter.sys 3
genericusbfn \SystemRoot\System32\drivers\genericusbfn.sys 3
GPIO \SystemRoot\System32\drivers\iaiogpio.sys 3
GPIOClx0101 System32\Drivers\msgpioclx.sys 3
gpsvc %systemroot%\system32\svchost.exe -k netsvcs -p 2
GpuEnergyDrv System32\drivers\gpuenergydrv.sys 1
GraphicsPerfSvc %SystemRoot%\System32\svchost.exe -k GraphicsPerfSvcGroup 3
gupdate "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc 2
gupdatem "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc 3
HdAudAddService \SystemRoot\System32\drivers\HdAudio.sys 3
HDAudBus \SystemRoot\System32\drivers\HDAudBus.sys 3
HidBatt \SystemRoot\System32\drivers\HidBatt.sys 3
HidBth \SystemRoot\System32\drivers\hidbth.sys 3
hidi2c \SystemRoot\System32\drivers\hidi2c.sys 3
hidinterrupt \SystemRoot\System32\drivers\hidinterrupt.sys 3
HidIr \SystemRoot\System32\drivers\hidir.sys 3
hidserv %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p 3
HidUsb \SystemRoot\System32\drivers\hidusb.sys 3
HomeGroupListener %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p 3
HomeGroupProvider %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p 3
hpqcxs08 C:\Windows\system32\svchost.exe -k hpdevmgmt 3
hpqddsvc C:\Windows\system32\svchost.exe -k hpdevmgmt 2
HpSAMD System32\drivers\HpSAMD.sys 0
HPSLPSVC C:\Windows\system32\svchost.exe -k HPService 2
HPSupportSolutionsFrameworkService "C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" 2
HTTP system32\drivers\HTTP.sys 3
HWiNFO32 \??\C:\WINDOWS\system32\drivers\HWiNFO32.SYS 1
HwNClx0101 System32\Drivers\mshwnclx.sys 3
hwpolicy System32\drivers\hwpolicy.sys 0
hyperkbd \SystemRoot\System32\drivers\hyperkbd.sys 3
HyperVideo \SystemRoot\System32\drivers\HyperVideo.sys 3
i8042prt \SystemRoot\System32\drivers\i8042prt.sys 3
iagpio \SystemRoot\System32\drivers\iagpio.sys 3
iai2c \SystemRoot\System32\drivers\iai2c.sys 3
iaioi2c \SystemRoot\System32\drivers\iaioi2c.sys 3
iaStorAV System32\drivers\iaStorAV.sys 0
iaStorV System32\drivers\iaStorV.sys 0
icssvc %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p 3
IDriverT "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" 3
idsvc -1
igfx \SystemRoot\system32\DRIVERS\igdkmd32.sys 3
IKEEXT %systemroot%\system32\svchost.exe -k netsvcs -p 3
IndirectKmd \SystemRoot\System32\drivers\IndirectKmd.sys 3
inetaccs -1
InetInfo -1
InstallService %SystemRoot%\System32\svchost.exe -k netsvcs -p 3
IntcAzAudAddService \SystemRoot\system32\drivers\RTKVHDA.sys 3
intelide System32\drivers\intelide.sys 0
intelpep System32\drivers\intelpep.sys 0
intelppm \SystemRoot\System32\drivers\intelppm.sys 3
iorate system32\drivers\iorate.sys 0
IpFilterDriver system32\DRIVERS\ipfltdrv.sys 3
iphlpsvc %SystemRoot%\System32\svchost.exe -k NetSvcs -p 2
IPMIDRV \SystemRoot\System32\drivers\IPMIDrv.sys 3
IPNAT System32\drivers\ipnat.sys 3
IPT \SystemRoot\System32\drivers\ipt.sys 3
IpxlatCfgSvc %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p 3
irda \SystemRoot\system32\drivers\irda.sys 3
IRENUM system32\drivers\irenum.sys 3
irmon %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p 3
isapnp System32\drivers\isapnp.sys 0
iScsiPrt \SystemRoot\System32\drivers\msiscsi.sys 3
iteatapi System32\drivers\iteatapi.sys 0
kbdclass \SystemRoot\System32\drivers\kbdclass.sys 3
kbdhid \SystemRoot\System32\drivers\kbdhid.sys 3
kdnic \SystemRoot\System32\drivers\kdnic.sys 3
KeyIso %SystemRoot%\system32\lsass.exe 3
KSecDD System32\Drivers\ksecdd.sys 0
KSecPkg System32\Drivers\ksecpkg.sys 0
KtmRm %SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation -p 3
LanmanServer %SystemRoot%\system32\svchost.exe -k netsvcs -p 2
LanmanWorkstation %SystemRoot%\System32\svchost.exe -k NetworkService -p 2
ldap -1
lfsvc %SystemRoot%\system32\svchost.exe -k netsvcs -p 3
libusbK \SystemRoot\System32\drivers\libusbK.sys 3
LicenseManager %SystemRoot%\System32\svchost.exe -k LocalService -p 3
lltdio system32\drivers\lltdio.sys 2
lltdsvc %SystemRoot%\System32\svchost.exe -k LocalService -p 3
lmhosts %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p 3
Lsa -1
LSI_SAS System32\drivers\lsi_sas.sys 0
LSI_SAS2i System32\drivers\lsi_sas2i.sys 0
LSI_SAS3i System32\drivers\lsi_sas3i.sys 0
LSI_SSS System32\drivers\lsi_sss.sys 0
LSM %SystemRoot%\system32\svchost.exe -k DcomLaunch -p 2
luafv \SystemRoot\system32\drivers\luafv.sys 2
MapsBroker %SystemRoot%\System32\svchost.exe -k NetworkService -p 2
mausbhost \SystemRoot\System32\drivers\mausbhost.sys 3
mausbip \SystemRoot\System32\drivers\mausbip.sys 3
MBAMChameleon \SystemRoot\System32\Drivers\MbamChameleon.sys 2
MBAMFarflt system32\DRIVERS\farflt.sys 3
MBAMProtection \SystemRoot\system32\DRIVERS\mbam.sys 3
MBAMService "C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe" 2
MBAMSwissArmy \SystemRoot\System32\Drivers\mbamswissarmy.sys 3
MBAMWebProtection \SystemRoot\system32\DRIVERS\mwac.sys 3
megasas System32\drivers\megasas.sys 0
megasas2i System32\drivers\MegaSas2i.sys 0
megasr System32\drivers\megasr.sys 0
MessagingService %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup 3
Microsoft Office Groove Audit Service "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe" 3
MMCSS \SystemRoot\system32\drivers\mmcss.sys 2
Modem system32\drivers\modem.sys 3
monitor \SystemRoot\System32\drivers\monitor.sys 3
mouclass \SystemRoot\System32\drivers\mouclass.sys 3
mouhid \SystemRoot\System32\drivers\mouhid.sys 3
mountmgr System32\drivers\mountmgr.sys 0
mpsdrv System32\drivers\mpsdrv.sys 3
MpsSvc %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork -p 2
MQAC system32\drivers\mqac.sys 3
MRxDAV \SystemRoot\system32\drivers\mrxdav.sys 3
mrxsmb system32\DRIVERS\mrxsmb.sys 3
mrxsmb10 system32\DRIVERS\mrxsmb10.sys 2
mrxsmb20 system32\DRIVERS\mrxsmb20.sys 3
MsBridge System32\drivers\bridge.sys 3
MSDTC %SystemRoot%\System32\msdtc.exe 3
MSDTC Bridge 3.0.0.0 -1
MSDTC Bridge 4.0.0.0 -1
Msfs -1
msgpiowin32 \SystemRoot\System32\drivers\msgpiowin32.sys 3
mshidkmdf \SystemRoot\System32\drivers\mshidkmdf.sys 3
mshidumdf \SystemRoot\System32\drivers\mshidumdf.sys 3
msisadrv System32\drivers\msisadrv.sys 0
MSiSCSI %systemroot%\system32\svchost.exe -k netsvcs -p 3
msiserver %systemroot%\system32\msiexec.exe /V 3
MSKSSRV \SystemRoot\System32\drivers\MSKSSRV.sys 3
MsLldp system32\drivers\mslldp.sys 2
MSMQ %systemroot%\system32\mqsvc.exe 2
MSPCLOCK \SystemRoot\System32\drivers\MSPCLOCK.sys 3
MSPQM \SystemRoot\System32\drivers\MSPQM.sys 3
MsRPC -1
MSSCNTRS -1
MsSecFlt system32\drivers\mssecflt.sys 0
mssmbios \SystemRoot\System32\drivers\mssmbios.sys 1
MSTEE \SystemRoot\System32\drivers\MSTEE.sys 3
MTConfig \SystemRoot\System32\drivers\MTConfig.sys 3
MTsensor \SystemRoot\system32\DRIVERS\ASACPI.sys 3
Mup System32\Drivers\mup.sys 0
mvumis System32\drivers\mvumis.sys 0
napagent -1
NativeWifiP system32\DRIVERS\nwifi.sys 3
NaturalAuthentication %SystemRoot%\system32\svchost.exe -k netsvcs -p 3
NcaSvc %SystemRoot%\System32\svchost.exe -k NetSvcs -p 3
NcbService %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p 3
NcdAutoSetup %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork -p 3
NDIS system32\drivers\ndis.sys 0
NdisCap System32\drivers\ndiscap.sys 3
NdisImPlatform System32\drivers\NdisImPlatform.sys 3
NdisTapi System32\DRIVERS\ndistapi.sys 3
Ndisuio system32\drivers\ndisuio.sys 3
NdisVirtualBus \SystemRoot\System32\drivers\NdisVirtualBus.sys 3
NdisWan \SystemRoot\System32\drivers\ndiswan.sys 3
ndiswanlegacy System32\DRIVERS\ndiswan.sys 3
ndproxy System32\DRIVERS\NDProxy.sys 3
Ndu system32\drivers\Ndu.sys 2
Net Driver HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 2
NetAdapterCx system32\drivers\NetAdapterCx.sys 3
NetBIOS system32\drivers\netbios.sys 1
NetbiosSmb -1
NetBT System32\DRIVERS\netbt.sys 1
Netlogon %systemroot%\system32\lsass.exe 3
Netman %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p 3
NetMsmqActivator "%systemroot%\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator 2
NetPipeActivator %systemroot%\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 2
netprofm %SystemRoot%\System32\svchost.exe -k LocalService -p 3
netr28u \SystemRoot\System32\drivers\netr28u.sys 3
NetSetupSvc %SystemRoot%\System32\svchost.exe -k netsvcs -p 3
NetTcpActivator %systemroot%\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 2
NetTcpPortSharing %systemroot%\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 3
netvsc \SystemRoot\System32\drivers\netvsc.sys 3
netvscvfpp -1
NgcCtnrSvc %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p 3
NgcSvc %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p 3
NlaSvc %SystemRoot%\System32\svchost.exe -k NetworkService -p 2
Npfs -1
npsvctrig \SystemRoot\System32\drivers\npsvctrig.sys 1
nsi %systemroot%\system32\svchost.exe -k LocalService -p 2
nsiproxy system32\drivers\nsiproxy.sys 1
NTDS -1
NTFS -1
Null -1
nvraid System32\drivers\nvraid.sys 0
nvstor System32\drivers\nvstor.sys 0
odserv "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" 3
OneSyncSvc %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup 2
ose "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" 3
osrss %systemroot%\system32\svchost.exe -k osrss 2
Outlook -1
p2pimsvc %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet 3
p2psvc %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet 3
Parport \SystemRoot\System32\drivers\parport.sys 3
Partizan system32\drivers\Partizan.sys 3
partmgr System32\drivers\partmgr.sys 0
Parvdm \SystemRoot\System32\drivers\parvdm.sys 2
PcaSvc %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p 3
pci System32\drivers\pci.sys 0
pciide System32\drivers\pciide.sys 0
pcmcia System32\drivers\pcmcia.sys 0
pcw System32\drivers\pcw.sys 0
pdc system32\drivers\pdc.sys 0
PEAuth system32\drivers\peauth.sys 2
PeerDistSvc %SystemRoot%\System32\svchost.exe -k PeerDist 3
percsas2i System32\drivers\percsas2i.sys 0
percsas3i System32\drivers\percsas3i.sys 0
PerfDisk -1
PerfNet -1
PerfOS -1
PerfProc -1
PhoneSvc %SystemRoot%\system32\svchost.exe -k LocalService -p 3
PimIndexMaintenanceSvc %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup 3
pla %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork -p 3
PlugPlay %SystemRoot%\system32\svchost.exe -k DcomLaunch -p 3
Pml Driver HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 2
pneteth \SystemRoot\System32\drivers\pneteth.sys 3
PNPMEM \SystemRoot\System32\drivers\pnpmem.sys 3
PNRPAutoReg %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet 3
PNRPsvc %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet 3
PolicyAgent %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted -p 3
PortProxy -1
Power %SystemRoot%\system32\svchost.exe -k DcomLaunch -p 2
PptpMiniport \SystemRoot\System32\drivers\raspptp.sys 3
PrintNotify %SystemRoot%\system32\svchost.exe -k print 3
PrintWorkflowUserSvc %SystemRoot%\system32\svchost.exe -k PrintWorkflow 3
Processor \SystemRoot\System32\drivers\processr.sys 3
ProfSvc %systemroot%\system32\svchost.exe -k netsvcs -p 2
Psched System32\drivers\pacer.sys 1
PushToInstall %SystemRoot%\System32\svchost.exe -k netsvcs -p 3
QWAVE %windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation -p 3
QWAVEdrv \SystemRoot\system32\drivers\qwavedrv.sys 3
Ramdisk system32\DRIVERS\ramdisk.sys 0
RasAcd System32\DRIVERS\rasacd.sys 3
RasAgileVpn \SystemRoot\System32\drivers\AgileVpn.sys 3
RasAuto %SystemRoot%\System32\svchost.exe -k netsvcs -p 3
Rasl2tp \SystemRoot\System32\drivers\rasl2tp.sys 3
RasMan %SystemRoot%\System32\svchost.exe -k netsvcs 2
RasPppoe System32\DRIVERS\raspppoe.sys 3
RasSstp \SystemRoot\System32\drivers\rassstp.sys 3
rdbss system32\DRIVERS\rdbss.sys 1
RDMANDK -1
rdpbus \SystemRoot\System32\drivers\rdpbus.sys 3
RDPDR System32\drivers\rdpdr.sys 3
RDPNP -1
RDPUDD -1
RdpVideoMiniport System32\drivers\rdpvideominiport.sys 3
rdyboost System32\drivers\rdyboost.sys 0
RemoteAccess %SystemRoot%\System32\svchost.exe -k netsvcs 4
RemoteRegistry %SystemRoot%\system32\svchost.exe -k localService -p 4
RetailDemo %SystemRoot%\System32\svchost.exe -k rdxgroup 3
rhproxy \SystemRoot\System32\drivers\rhproxy.sys 3
RmSvc %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted 3
RpcEptMapper %SystemRoot%\system32\svchost.exe -k RPCSS -p 2
RpcLocator %SystemRoot%\system32\locator.exe 3
RpcSs %SystemRoot%\system32\svchost.exe -k rpcss -p 2
rspndr system32\drivers\rspndr.sys 2
s3cap \SystemRoot\System32\drivers\vms3cap.sys 3
SamSs %SystemRoot%\system32\lsass.exe 2
sbp2port System32\drivers\sbp2port.sys 0
SCardSvr %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation 4
SCDEmu -1
ScDeviceEnum %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted 3
scfilter System32\DRIVERS\scfilter.sys 3
Schedule %systemroot%\system32\svchost.exe -k netsvcs -p 2
SCPolicySvc %SystemRoot%\system32\svchost.exe -k netsvcs 3
sdbus \SystemRoot\System32\drivers\sdbus.sys 3
SDRSVC %SystemRoot%\system32\svchost.exe -k SDRSVC 3
sdstor \SystemRoot\System32\drivers\sdstor.sys 3
seclogon %windir%\system32\svchost.exe -k netsvcs -p 3
SecurityHealthService %SystemRoot%\system32\SecurityHealthService.exe 2
SEMgrSvc %SystemRoot%\system32\svchost.exe -k LocalService -p 3
SENS %SystemRoot%\system32\svchost.exe -k netsvcs -p 2
Sense "%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe" 3
SensorDataService %SystemRoot%\System32\SensorDataService.exe 3
SensorService %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p 3
SensrSvc %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation -p 3
Ser2plx86 \SystemRoot\system32\DRIVERS\ser2pl.sys 3
SerCx system32\drivers\SerCx.sys 3
SerCx2 system32\drivers\SerCx2.sys 3
Serenum \SystemRoot\System32\drivers\serenum.sys 3
Serial \SystemRoot\System32\drivers\serial.sys 3
sermouse \SystemRoot\System32\drivers\sermouse.sys 3
ServiceModelEndpoint 3.0.0.0 -1
ServiceModelOperation 3.0.0.0 -1
ServiceModelService 3.0.0.0 -1
SessionEnv %SystemRoot%\System32\svchost.exe -k netsvcs -p 3
Sffp_Mmc -1
Sffp_Sd -1
sfloppy \SystemRoot\System32\drivers\sfloppy.sys 3
SharedAccess %SystemRoot%\System32\svchost.exe -k netsvcs -p 3
SharedRealitySvc %SystemRoot%\system32\svchost.exe -k LocalService -p 3
ShellHWDetection %SystemRoot%\System32\svchost.exe -k netsvcs -p 2
shpamsvc %SystemRoot%\System32\svchost.exe -k netsvcs -p 4
silabenm \SystemRoot\System32\drivers\silabenm.sys 3
silabser \SystemRoot\system32\DRIVERS\silabser.sys 3
SiSRaid2 System32\drivers\SiSRaid2.sys 0
SiSRaid4 System32\drivers\sisraid4.sys 0
smphost %SystemRoot%\System32\svchost.exe -k smphost 3
SmsRouter %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p 3
SMSvcHost 3.0.0.0 -1
SMSvcHost 4.0.0.0 -1
SNMP -1
SNMPTRAP %SystemRoot%\System32\snmptrap.exe 3
spaceport System32\drivers\spaceport.sys 0
SpbCx system32\drivers\SpbCx.sys 3
spectrum %systemroot%\system32\spectrum.exe 3
Spooler %SystemRoot%\System32\spoolsv.exe 2
sppsvc %SystemRoot%\system32\sppsvc.exe 2
SpyRemoverService "C:\Program Files\Support King LLC\SpyRemover Pro\Service\SpyRemoverService.exe" 2
srv System32\DRIVERS\srv.sys 2
srv2 System32\DRIVERS\srv2.sys 3
srvnet System32\DRIVERS\srvnet.sys 3
SSDPSRV %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation -p 3
SstpSvc %SystemRoot%\system32\svchost.exe -k LocalService -p 3
StateRepository %SystemRoot%\system32\svchost.exe -k appmodel -p 3
stexstor System32\drivers\stexstor.sys 0
StiSvc %SystemRoot%\system32\svchost.exe -k imgsvc 2
storahci System32\drivers\storahci.sys 0
storflt System32\drivers\vmstorfl.sys 0
stornvme System32\drivers\stornvme.sys 0
storqosflt system32\drivers\storqosflt.sys 2
StorSvc %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p 3
storufs System32\drivers\storufs.sys 0
storvsc System32\drivers\storvsc.sys 0
STTub30 \SystemRoot\System32\Drivers\STTub30.sys 3
svsvc %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p 3
swenum \SystemRoot\System32\drivers\swenum.sys 3
swprv %SystemRoot%\System32\svchost.exe -k swprv 3
Synth3dVsc \SystemRoot\System32\drivers\Synth3dVsc.sys 3
SysMain %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p 2
SystemEventsBroker %SystemRoot%\system32\svchost.exe -k DcomLaunch -p 2
TabletInputService %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p 3
TapiSrv %SystemRoot%\System32\svchost.exe -k NetworkService -p 3
Tcpip System32\drivers\tcpip.sys 0
Tcpip6 System32\drivers\tcpip.sys 3
TCPIP6TUNNEL -1
tcpipreg System32\drivers\tcpipreg.sys 2
TCPIPTUNNEL -1
tdx \SystemRoot\system32\DRIVERS\tdx.sys 1
TeamViewer "C:\Program Files\TeamViewer\TeamViewer_Service.exe" 2
terminpt \SystemRoot\System32\drivers\terminpt.sys 3
TermService %SystemRoot%\System32\svchost.exe -k NetworkService 3
Themes %SystemRoot%\System32\svchost.exe -k netsvcs -p 2
TieringEngineService %SystemRoot%\system32\TieringEngineService.exe 3
tiledatamodelsvc %systemroot%\system32\svchost.exe -k appmodel -p 3
TimeBrokerSvc %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p 3
TokenBroker %SystemRoot%\system32\svchost.exe -k netsvcs -p 3
TPM \SystemRoot\System32\drivers\tpm.sys 3
TrkWks %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p 2
TrustedInstaller %SystemRoot%\servicing\TrustedInstaller.exe 3
TSDDD -1
TsUsbFlt system32\drivers\tsusbflt.sys 3
TsUsbGD \SystemRoot\System32\drivers\TsUsbGD.sys 3
tsusbhub system32\drivers\tsusbhub.sys 3
tunnel \SystemRoot\System32\drivers\tunnel.sys 3
tzautoupdate %SystemRoot%\system32\svchost.exe -k LocalService -p 4
UASPStor \SystemRoot\System32\drivers\uaspstor.sys 3
UcmCx0101 System32\Drivers\UcmCx.sys 3
UcmTcpciCx0101 System32\Drivers\UcmTcpciCx.sys 3
UcmUcsi \SystemRoot\System32\drivers\UcmUcsi.sys 3
Ucx01000 system32\drivers\ucx01000.sys 3
UdeCx system32\drivers\udecx.sys 3
udfs system32\DRIVERS\udfs.sys 4
UEFI \SystemRoot\System32\drivers\UEFI.sys 3
UevAgentDriver \SystemRoot\system32\drivers\UevAgentDriver.sys 4
UevAgentService %systemroot%\system32\AgentService.exe 4
Ufx01000 system32\drivers\ufx01000.sys 3
UfxChipidea \SystemRoot\System32\drivers\UfxChipidea.sys 3
ufxsynopsys \SystemRoot\System32\drivers\ufxsynopsys.sys 3
UGatherer -1
UGTHRSVC -1
UI0Detect %SystemRoot%\system32\UI0Detect.exe 3
umbus \SystemRoot\System32\drivers\umbus.sys 3
UmPass \SystemRoot\System32\drivers\umpass.sys 3
UmRdpService %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p 3
UnistoreSvc %SystemRoot%\System32\svchost.exe -k UnistackSvcGroup 3
upnphost %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation -p 3
UrsChipidea \SystemRoot\System32\drivers\urschipidea.sys 3
UrsCx01000 system32\drivers\urscx01000.sys 3
UrsSynopsys \SystemRoot\System32\drivers\urssynopsys.sys 3
usbaudio \SystemRoot\system32\drivers\usbaudio.sys 3
usbccgp \SystemRoot\System32\drivers\usbccgp.sys 3
usbcir \SystemRoot\System32\drivers\usbcir.sys 3
usbehci \SystemRoot\System32\drivers\usbehci.sys 3
usbhub \SystemRoot\System32\drivers\usbhub.sys 3
USBHUB3 \SystemRoot\System32\drivers\UsbHub3.sys 3
usbohci \SystemRoot\System32\drivers\usbohci.sys 3
usbprint \SystemRoot\System32\drivers\usbprint.sys 3
usbscan \SystemRoot\system32\DRIVERS\usbscan.sys 3
usbser \SystemRoot\System32\drivers\usbser.sys 3
USBSTOR \SystemRoot\System32\drivers\USBSTOR.SYS 3
usbuhci \SystemRoot\System32\drivers\usbuhci.sys 3
USBXHCI \SystemRoot\System32\drivers\USBXHCI.SYS 3
UserDataSvc %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup 3
UserManager %SystemRoot%\system32\svchost.exe -k netsvcs -p 2
UsoSvc %systemroot%\system32\svchost.exe -k netsvcs 3
VaultSvc %SystemRoot%\system32\lsass.exe 3
vdrvroot System32\drivers\vdrvroot.sys 0
vds %SystemRoot%\System32\vds.exe 3
VerifierExt system32\drivers\VerifierExt.sys 3
vhdmp \SystemRoot\System32\drivers\vhdmp.sys 3
vhf \SystemRoot\System32\drivers\vhf.sys 3
ViaC7 \SystemRoot\System32\drivers\viac7.sys 3
vjoy \SystemRoot\System32\drivers\vjoy.sys 3
vmbus System32\drivers\vmbus.sys 0
VMBusHID \SystemRoot\System32\drivers\VMBusHID.sys 3
vmgid \SystemRoot\System32\drivers\vmgid.sys 3
vmicguestinterface %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p 3
vmicheartbeat %systemroot%\system32\svchost.exe -k ICService -p 3
vmickvpexchange %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p 3
vmicrdv %systemroot%\system32\svchost.exe -k ICService -p 3
vmicshutdown %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p 3
vmictimesync %systemroot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p 3
vmicvmsession %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p 3
vmicvss %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p 3
volmgr System32\drivers\volmgr.sys 0
volmgrx System32\drivers\volmgrx.sys 0
volsnap System32\drivers\volsnap.sys 0
volume System32\drivers\volume.sys 0
VSBC \SystemRoot\System32\drivers\evsbc.sys 3
vsmraid System32\drivers\vsmraid.sys 0
VSS %systemroot%\system32\vssvc.exe 3
VSTXRAID System32\drivers\vstxraid.sys 0
vwifibus \SystemRoot\System32\drivers\vwifibus.sys 3
vwififlt System32\drivers\vwififlt.sys 1
vwifimp \SystemRoot\System32\drivers\vwifimp.sys 3
W32Time %SystemRoot%\system32\svchost.exe -k LocalService 3
w3logsvc %windir%\system32\svchost.exe -k apphost 3
W3SVC %windir%\system32\svchost.exe -k iissvcs 2
WacomPen \SystemRoot\System32\drivers\wacompen.sys 3
WalletService %SystemRoot%\System32\svchost.exe -k appmodel -p 3
wanarp System32\DRIVERS\wanarp.sys 2
wanarpv6 System32\DRIVERS\wanarp.sys 3
WarpJITSvc %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted 3
WAS %windir%\system32\svchost.exe -k iissvcs 3
wbengine "%systemroot%\system32\wbengine.exe" 3
WbioSrvc %SystemRoot%\system32\svchost.exe -k WbioSvcGroup 3
wcifs \SystemRoot\system32\drivers\wcifs.sys 2
Wcmsvc %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p 2
wcncsvc %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation -p 3
wcnfs \SystemRoot\system32\drivers\wcnfs.sys 3
WdBoot system32\drivers\wd\WdBoot.sys 0
WDC_SAM \SystemRoot\System32\drivers\wdcsam.sys 3
Wdf01000 system32\drivers\Wdf01000.sys 0
WdFilter system32\drivers\wd\WdFilter.sys 0
WdiServiceHost %SystemRoot%\System32\svchost.exe -k LocalService -p 3
WdiSystemHost %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p 3
wdiwifi system32\DRIVERS\wdiwifi.sys 3
wdm_usb \SystemRoot\system32\DRIVERS\usb2ser.sys 3
WdNisDrv system32\drivers\wd\WdNisDrv.sys 3
WdNisSvc "%ProgramData%\Microsoft\Windows Defender\platform\4.12.17007.18022-0\NisSrv.exe" 3
wdnsfltr system32\drivers\wdnsfltr.sys 3
WebClient %SystemRoot%\system32\svchost.exe -k LocalService -p 3
Wecsvc %SystemRoot%\system32\svchost.exe -k NetworkService -p 3
WEPHOSTSVC %systemroot%\system32\svchost.exe -k WepHostSvcGroup 3
wercplsupport %SystemRoot%\System32\svchost.exe -k netsvcs -p 3
WerSvc %SystemRoot%\System32\svchost.exe -k WerSvcGroup 3
WFDSConMgrSvc %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p 3
WFPLWFS System32\drivers\wfplwfs.sys 0
WiaRpc %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p 3
WIMMount system32\drivers\wimmount.sys 3
WinDefend "C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MsMpEng.exe" 2
Windows Workflow Foundation 3.0.0.0 -1
Windows Workflow Foundation 4.0.0.0 -1
WindowsTrustedRT system32\drivers\WindowsTrustedRT.sys 0
WindowsTrustedRTProxy System32\drivers\WindowsTrustedRTProxy.sys 0
WinHttpAutoProxySvc %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p 3
winmgmt %systemroot%\system32\svchost.exe -k netsvcs -p 2
WinNat system32\drivers\winnat.sys 3
WinRM %SystemRoot%\System32\svchost.exe -k NetworkService -p 3
Winsock -1
WinSock2 -1
WINUSB \SystemRoot\System32\drivers\WinUSB.SYS 3
wisvc %systemroot%\system32\svchost.exe -k netsvcs -p 3
Wlansvc %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p 2
wlidsvc %SystemRoot%\system32\svchost.exe -k netsvcs -p 3
wlpasvc %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p 3
WmiAcpi \SystemRoot\System32\drivers\wmiacpi.sys 3
WmiApRpl -1
wmiApSrv %systemroot%\system32\wbem\WmiApSrv.exe 3
WMPNetworkSvc "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" 3
Wof -1
workerdd -1
workfolderssvc %SystemRoot%\System32\svchost.exe -k LocalService -p 3
WPDBusEnum %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p 3
WpdUpFltr System32\drivers\WpdUpFltr.sys 3
WpnService %systemroot%\system32\svchost.exe -k netsvcs -p 2
WpnUserService %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup 2
ws2ifsl \SystemRoot\system32\drivers\ws2ifsl.sys 4
wscsvc %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p 2
WSearch %systemroot%\system32\SearchIndexer.exe /Embedding 2
WSearchIdxPi -1
wuauserv %systemroot%\system32\svchost.exe -k netsvcs 3
WudfPf system32\drivers\WudfPf.sys 3
WUDFRd \SystemRoot\System32\drivers\WUDFRd.sys 3
WUDFWpdFs \SystemRoot\system32\DRIVERS\WUDFRd.sys 3
WUDFWpdMtp \SystemRoot\system32\DRIVERS\WUDFRd.sys 3
WwanSvc %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork -p 3
xbgm %SystemRoot%\system32\xbgmsvc.exe 3
XblAuthManager %SystemRoot%\system32\svchost.exe -k netsvcs -p 3
XblGameSave %SystemRoot%\system32\svchost.exe -k netsvcs -p 3
xboxgip \SystemRoot\System32\drivers\xboxgip.sys 3
XboxGipSvc %SystemRoot%\system32\svchost.exe -k netsvcs -p 3
XboxNetApiSvc %SystemRoot%\system32\svchost.exe -k netsvcs -p 3
xinputhid \SystemRoot\System32\drivers\xinputhid.sys 3
xmlprov -1
ZAM_Guard \??\C:\Windows\System32\drivers\zamguard32.sys 1

[Kodlz]

otevri prosim v textovem editoru soubor C:\WINDOWS\winstart.bat a vloz mi sem jeho obsah.

[lupenair]

Našel jsem, ale soubor je prázdný. Dal jsem upravit, otevřel se notepad a v něm nic.
L.

[Kodlz]

radil jsem se s kolegou a ma par otazek a doporuceni:

Od kdy problem pozoruje?

MBAM napojeni detekuje hned po prihlaseni nebo az kdyz spusti napr. Chrome?

Odinstaloval bych Exterminate It, SpyRemover Pro, UnHackMe... tyhle programy ti klidne do hosts muzou sahat.

MBAM detekuje spojeni prostrednictvim Chromu, na zkousku bych zazalohoval zalozky a hesla chromu a chrome preinstaloval.

[lupenair]

Ahoj kluci, omlouvám se, že jsem se dýl neozval, ale mráz a vítr mi někde narušily kabel k AP na střeše. Tož jsem musel chca nechca v mrazu na střechu
Po nějaké době co jsem dělal v Adminovi jsem se včera přihlásil na svůj user účet a mrknul do chromu. A ejhle, chrom byl přeinstalován a v základu. Tož jsem v něm chvíli dělal a hlášky o napojení na RU servery se už neobjevili, ale možná je to taky tím, že mi vypršel Malwarebytes FREE Čím bych mohl monitorovat možné, nežádoucí pokusy o napojování na servery *.ru?
Ještě bych měl jeden dotaz, po naběhnutí windows mi naskakuje toto okno. Nějak nemohu najít co to je Pomůžete?
Díky L.

[Kodlz]

takze jestli chapu dobre, tak ti to delal jen chrome a jen pod tvym uctem,ano?

posli mi prosim obsah souboru C:\WINDOWS\system32\Drivers\etc\hosts



na ten error zkus:

klikni na start->dej vyhledat cmd a ten pres prave mysitko pust jako administrator-> zadej prikaz "sfc /scannow"

[lupenair]

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
# BlockPUPs Start 2.220 43177
0.0.0.0 12finance.com
0.0.0.0 12kotov.ru
0.0.0.0 1dnscontrol.com
0.0.0.0 adsrvr.org
0.0.0.0 adsymptotic.com
0.0.0.0 adturtle.biz
0.0.0.0 advertising.com
0.0.0.0 advmaker.su
0.0.0.0 agkn.com
0.0.0.0 akisho.ru
0.0.0.0 alphashoppers.com
0.0.0.0 altocloudmedia.com
0.0.0.0 amtomil.ru
0.0.0.0 appchucklegift.com
0.0.0.0 artolpo.ru
0.0.0.0 asedownloadgate.com
0.0.0.0 atwola.com
0.0.0.0 backupcdn.com
0.0.0.0 barrowsauer.bid
0.0.0.0 bestapps4ever161.download
0.0.0.0 bet-booom.ru
0.0.0.0 bfmio.com
0.0.0.0 bluekai.com
0.0.0.0 bundlessafevault.com
0.0.0.0 butcaketforthen.com
0.0.0.0 buzzrin.de
0.0.0.0 bywinners.men
0.0.0.0 carettuz.info
0.0.0.0 cbbgdep.biz
0.0.0.0 cdndepot.com
0.0.0.0 cd-sec.com
0.0.0.0 celebritytrends.tv
0.0.0.0 clapflab.ru
0.0.0.0 click-now-on.me
0.0.0.0 company-target.com
0.0.0.0 corulu.com
0.0.0.0 coupplayoffgame.com
0.0.0.0 cushionneck.bid
0.0.0.0 d3jx96othz2l8y.cloudfront.net
0.0.0.0 deliverydlcenter.com
0.0.0.0 deloton.com
0.0.0.0 directadvert.ru
0.0.0.0 directdownloader.com
0.0.0.0 distero.com
0.0.0.0 downloadadmin.com
0.0.0.0 downloadscentralbundles.com
0.0.0.0 drenisam.net
0.0.0.0 driversupport.com
0.0.0.0 duba.com
0.0.0.0 efrodom.ru
0.0.0.0 elhoumaupload.com
0.0.0.0 exelator.com
0.0.0.0 exosrv.com
0.0.0.0 firewall-gateway.com
0.0.0.0 flterapibe.ru
0.0.0.0 freshy.com
0.0.0.0 fs9mail.ru
0.0.0.0 gake.gdn
0.0.0.0 gamblingluck.net
0.0.0.0 gameorplay.info
0.0.0.0 gdcbghvjyqy7jclk.onion
0.0.0.0 hao.169x.cn
0.0.0.0 hao123.com
0.0.0.0 hemailaccessonline.com
0.0.0.0 hitechnovation.com
0.0.0.0 hlatomer.net
0.0.0.0 hompatraflim.ru
0.0.0.0 champlaintechnology.com
0.0.0.0 chromesearch.win
0.0.0.0 installeranalytics.com
0.0.0.0 internetquickaccess.com
0.0.0.0 iola.me
0.0.0.0 iyfnzgb.com
0.0.0.0 jajajapa.com
0.0.0.0 kaidandll.com
0.0.0.0 krxd.net
0.0.0.0 ladomainadeserver.com
0.0.0.0 landabcgghtraffghandr.com
0.0.0.0 laserveradedomaina.com
0.0.0.0 launchpage.org
0.0.0.0 letrebone.com
0.0.0.0 linkmyc.com
0.0.0.0 lkqd.net
0.0.0.0 loadingdata.site
0.0.0.0 lucky-gambler.net
0.0.0.0 luxurygamebonus.com
0.0.0.0 masflabiet.ru
0.0.0.0 matchthrill.bid
0.0.0.0 money-slots.net
0.0.0.0 moneywinners.net
0.0.0.0 mrbasic.com
0.0.0.0 mypcbackup.com
0.0.0.0 myspservices.com
0.0.0.0 newtabtv.com
0.0.0.0 newtabtvsearch.com
0.0.0.0 nomoreransom.coin
0.0.0.0 notatolol2.com
0.0.0.0 oclasrv.com
0.0.0.0 omicroncetipro.com
0.0.0.0 onclasrv.com
0.0.0.0 onclkds.com
0.0.0.0 online.io
0.0.0.0 onlineappupdater.com
0.0.0.0 otzo.com
0.0.0.0 paradiskus.com
0.0.0.0 parimatchgoal7.com
0.0.0.0 payae8moon9.com
0.0.0.0 pcopysy.ru
0.0.0.0 perfectmoneyland.com
0.0.0.0 piet2eix3l.com
0.0.0.0 pipeschannels.com
0.0.0.0 piroga.space
0.0.0.0 playgroundcable.bid
0.0.0.0 popads.net
0.0.0.0 powerdry.info
0.0.0.0 powerstring.bid
0.0.0.0 printscreens.info
0.0.0.0 pubmatic.com
0.0.0.0 qfind.net
0.0.0.0 quantumsystemm.biz
0.0.0.0 quantumsystemm.org
0.0.0.0 railquince.bid
0.0.0.0 recoveryalerts.win
0.0.0.0 reimageplus.com
0.0.0.0 reportsmaxis.com
0.0.0.0 roastfiles2017.com
0.0.0.0 runtnc.net
0.0.0.0 safesslpool.com
0.0.0.0 samplehighz.net
0.0.0.0 scorecardresearch.com
0.0.0.0 searchlsw-akt.ru
0.0.0.0 searchquicknow.com
0.0.0.0 securestudies.com
0.0.0.0 smartinf.ru
0.0.0.0 smartpcmechanics.com
0.0.0.0 solikenezw.com
0.0.0.0 sorinnohoun.com
0.0.0.0 springserve.com
0.0.0.0 srvmd7.com
0.0.0.0 srvmd9.com
0.0.0.0 stickyadstv.com
0.0.0.0 strak.xyz
0.0.0.0 systemhealerhost.net
0.0.0.0 tc-clicks.com
0.0.0.0 technologievimy.com
0.0.0.0 traffic-media.co
0.0.0.0 trafilabes-go.ru
0.0.0.0 tranflabs.ru
0.0.0.0 trapflabs.ru
0.0.0.0 tremorhub.com
0.0.0.0 tribalfusion.com
0.0.0.0 trraflab.ru
0.0.0.0 twoclickdeal.com
0.0.0.0 uablaptrap.ru
0.0.0.0 ucozucoznet.ucoz.net
0.0.0.0 usatrylabe.ru
0.0.0.0 validdomain.xyz
0.0.0.0 video-systems-free.life
0.0.0.0 vidible.tv
0.0.0.0 vlk2game.com
0.0.0.0 vostok3.org
0.0.0.0 vrfuckdolls.com
0.0.0.0 wantdown.com
0.0.0.0 warspade.bid
0.0.0.0 waudeesestew.com
0.0.0.0 wildelet.com
0.0.0.0 win-fast.com
0.0.0.0 workno.ru
0.0.0.0 xvidvideocodecs.com
0.0.0.0 x-vulkan.net
0.0.0.0 yeawindows.com
# BlockPUPs End
# Anti-WebMiner Start 1.55 43177
0.0.0.0 0x1f4b0.com
0.0.0.0 1q2w3.fun
0.0.0.0 1q2w3.website
0.0.0.0 2giga.link
0.0.0.0 8jd2lfsq.me
0.0.0.0 aalbbh84.info
0.0.0.0 adless.io
0.0.0.0 ad-miner.com
0.0.0.0 adrenali.gq
0.0.0.0 afflow.18-plus.net
0.0.0.0 afminer.com
0.0.0.0 ajcryptominer.com
0.0.0.0 ajplugins.com
0.0.0.0 akvideo.stream
0.0.0.0 altavista.ovh
0.0.0.0 analytics.blue
0.0.0.0 andlache.com
0.0.0.0 anime.reactor.cc
0.0.0.0 a-o.ninja
0.0.0.0 api.inwemo.com
0.0.0.0 aservices.party
0.0.0.0 audioknigi.club
0.0.0.0 auroramine.com
0.0.0.0 authedmine.com
0.0.0.0 azvjudwr.info
0.0.0.0 bablace.com
0.0.0.0 baiduccdn1.com
0.0.0.0 becanium.com
0.0.0.0 befirstcdn.com
0.0.0.0 berateveng.ru
0.0.0.0 bestmobiworld.com
0.0.0.0 bestsecurepractice.com
0.0.0.0 bewaslac.com
0.0.0.0 bewhoyouare.gq
0.0.0.0 bhzejltg.info
0.0.0.0 biberukalap.com
0.0.0.0 bmst.pw
0.0.0.0 bowithow.com
0.0.0.0 brominer.com
0.0.0.0 butcalve.com
0.0.0.0 c7e935.netlify.com
0.0.0.0 candid.zone
0.0.0.0 capodannoinversilia.com
0.0.0.0 cdn.cloudcoins.co
0.0.0.0 cdn.jquery-uim.download
0.0.0.0 cdn-analytics.pl
0.0.0.0 cdn-code.host
0.0.0.0 cfcd.duckdns.org
0.0.0.0 cfcdist.gdn
0.0.0.0 cfcdist.loan
0.0.0.0 cfceu.duckdns.org
0.0.0.0 cfcnet.gdn
0.0.0.0 cfcs1.duckdns.org
0.0.0.0 cieh.mx
0.0.0.0 clod.pw
0.0.0.0 cloudcdn.gdn
0.0.0.0 cloudcoins.co
0.0.0.0 cnhv.co
0.0.0.0 coinblind.com
0.0.0.0 coiner.site
0.0.0.0 coinerra.com
0.0.0.0 coin-have.com
0.0.0.0 coinhive.com
0.0.0.0 coin-hive.com
0.0.0.0 coinhive-manager.com
0.0.0.0 coinimp.com
0.0.0.0 coinlab.biz
0.0.0.0 coinminerz.com
0.0.0.0 coinnebula.com
0.0.0.0 coinpirate.cf
0.0.0.0 coinpot.co
0.0.0.0 coinrail.io
0.0.0.0 coin-service.com
0.0.0.0 cookiescript.info
0.0.0.0 cookiescriptcdn.pro
0.0.0.0 cpu2cash.link
0.0.0.0 cpufan.club
0.0.0.0 cryptobara.com
0.0.0.0 crypto-loot.com
0.0.0.0 cryptoloot.pro
0.0.0.0 cryptonoter.com
0.0.0.0 crypto-webminer.com
0.0.0.0 cryptown.netlify.com
0.0.0.0 cryweb.github.io
0.0.0.0 crywebber.github.io
0.0.0.0 d1e1rbybdt265x.cloudfront.net
0.0.0.0 d3iz6lralvg77g.cloudfront.net
0.0.0.0 datasecu.download
0.0.0.0 devappgrant.space
0.0.0.0 didnkinrab.com
0.0.0.0 digxmr.com
0.0.0.0 dmdamedia.hu
0.0.0.0 doubleclick1.xyz
0.0.0.0 doubleclick2.xyz
0.0.0.0 doubleclick3.xyz
0.0.0.0 doubleclick4.xyz
0.0.0.0 doubleclick5.xyz
0.0.0.0 doubleclick6.xyz
0.0.0.0 dzizsih.ru
0.0.0.0 edgeno.de
0.0.0.0 elthamely.com
0.0.0.0 estream.to
0.0.0.0 etacontent.com
0.0.0.0 etzbnfuigipwvs.ru
0.0.0.0 evengparme.com
0.0.0.0 ewtuyytdf45.com
0.0.0.0 exdynsrv.com
0.0.0.0 fatisin.ru
0.0.0.0 fbcdnxy.net
0.0.0.0 fili.tv
0.0.0.0 filmgoo.org
0.0.0.0 firmware.center
0.0.0.0 formulawire.com
0.0.0.0 freecontent.bid
0.0.0.0 freecontent.loan
0.0.0.0 freecontent.racing
0.0.0.0 freecontent.stream
0.0.0.0 fresh-js.bitbucket.io
0.0.0.0 fruitice.realnetwrk.com
0.0.0.0 futeboltv.com
0.0.0.0 gasolina.ml
0.0.0.0 g-content.bid
0.0.0.0 goldoffer.online
0.0.0.0 goodkino.biz
0.0.0.0 goodolddownloads.com
0.0.0.0 googleanalytcs.com
0.0.0.0 goredirect.party
0.0.0.0 graftpool.ovh
0.0.0.0 greenindex.dynamic-dns.net
0.0.0.0 gridcash.net
0.0.0.0 gridiogrid.com
0.0.0.0 gus.host
0.0.0.0 gustaver.ddns.net
0.0.0.0 hallaert.online
0.0.0.0 harvest.surge.sh
0.0.0.0 hashforcash.us
0.0.0.0 hashing.win
0.0.0.0 hatcalter.com
0.0.0.0 hatevery.info
0.0.0.0 hegrinhar.com
0.0.0.0 hemnes.win
0.0.0.0 hhb123.tk
0.0.0.0 hit.gemius.pl
0.0.0.0 hjnbvg.ru
0.0.0.0 hodlers.party
0.0.0.0 hodling.faith
0.0.0.0 host.d-ns.ga
0.0.0.0 chainblock.science
0.0.0.0 chmproxy.bid
0.0.0.0 igrid.org
0.0.0.0 ingorob.com
0.0.0.0 interestingz.pw
0.0.0.0 intersportv.com
0.0.0.0 joyreactor.cc
0.0.0.0 jquery-cdn.download
0.0.0.0 jroqvbvw.info
0.0.0.0 jsccnn.com
0.0.0.0 jscdndel.com
0.0.0.0 jsecoin.com
0.0.0.0 jyhfuqoh.info
0.0.0.0 kalipasindra.online
0.0.0.0 kdowqlpt.info
0.0.0.0 kedtise.com
0.0.0.0 kickass.cd
0.0.0.0 kinohabr.net
0.0.0.0 kinoprofi.org
0.0.0.0 kissdoujin.com
0.0.0.0 kisshentai.net
0.0.0.0 kiwifarms.net
0.0.0.0 kjli.fi
0.0.0.0 l33tsite.info
0.0.0.0 ledhenone.com
0.0.0.0 ledinund.com
0.0.0.0 lewd.ninja
0.0.0.0 listat.biz
0.0.0.0 lmodr.biz
0.0.0.0 losital.ru
0.0.0.0 machieved.com
0.0.0.0 marcycoin.org
0.0.0.0 mas-onjs.github.io
0.0.0.0 mataharirama.xyz
0.0.0.0 mebablo.com
0.0.0.0 mine.nahnoji.cz
0.0.0.0 minecrunch.co
0.0.0.0 minemytraffic.com
0.0.0.0 miner.pr0gramm.com
0.0.0.0 minero.cc
0.0.0.0 minero.pw
0.0.0.0 minero-proxy-01.now.sh
0.0.0.0 minero-proxy-02.now.sh
0.0.0.0 minero-proxy-03.now.sh
0.0.0.0 minescripts.info
0.0.0.0 minr.pw
0.0.0.0 monerise.com
0.0.0.0 monero-miner.com
0.0.0.0 monerominer.rocks
0.0.0.0 monitoringservice.co
0.0.0.0 monkeyminer.net
0.0.0.0 moonsade.com
0.0.0.0 morningdigit.com
0.0.0.0 msg-2.me
0.0.0.0 mutuza.win
0.0.0.0 nablabee.com
0.0.0.0 nametraff.com
0.0.0.0 nddmcconmqsy.ru
0.0.0.0 nebabrop.com
0.0.0.0 never.ovh
0.0.0.0 nexttime.ovh
0.0.0.0 ningtoldrop.ru
0.0.0.0 noblock.pro
0.0.0.0 norespar.ru
0.0.0.0 nullrefexcep.com
0.0.0.0 nunu-001.now.sh
0.0.0.0 oinkinns.tk
0.0.0.0 okexysylgzo.ru
0.0.0.0 oload.info
0.0.0.0 openkatalog.com
0.0.0.0 pan.whathyx.com
0.0.0.0 panelsave.com
0.0.0.0 papoto.com
0.0.0.0 party-nngvitbizn.now.sh
0.0.0.0 party-vqgdyvoycc.now.sh
0.0.0.0 pearno.com
0.0.0.0 pertholin.com
0.0.0.0 piti.bplaced.net
0.0.0.0 player.h-cdn.com
0.0.0.0 playerassets.info
0.0.0.0 ppoi.org
0.0.0.0 premiumstats.xyz
0.0.0.0 projectpoi.com
0.0.0.0 punchsub.net
0.0.0.0 pzoifaum.info
0.0.0.0 questionfly.com
0.0.0.0 rapidvideo.com
0.0.0.0 reasedoper.pw
0.0.0.0 refresh-js.bitbucket.io
0.0.0.0 refunevent.com
0.0.0.0 rencohep.com
0.0.0.0 renhertfo.com
0.0.0.0 retadint.com
0.0.0.0 rineventrec.com
0.0.0.0 rintindown.com
0.0.0.0 rintinwa.com
0.0.0.0 rocks.io
0.0.0.0 ron.si
0.0.0.0 rove.cl
0.0.0.0 rowherthat.ru
0.0.0.0 safelinkconverter.com
0.0.0.0 salamaleyum.com
0.0.0.0 sen-to-zdrowie.ml
0.0.0.0 serie-vostfr.com
0.0.0.0 shrink-service.it
0.0.0.0 sighash.info
0.0.0.0 silimbompom.com
0.0.0.0 sleazyneasy.com
0.0.0.0 smartoffer.site
0.0.0.0 sparechange.io
0.0.0.0 stati.bid
0.0.0.0 static-cnt.bid
0.0.0.0 staticsfs.host
0.0.0.0 statistic.date
0.0.0.0 sunhd.info
0.0.0.0 synconnector.com
0.0.0.0 techhome-js.github.io
0.0.0.0 terethat.ru
0.0.0.0 tgtvbngp.ru
0.0.0.0 thathislitt.ru
0.0.0.0 thatresha.com
0.0.0.0 thevideo.ch
0.0.0.0 thevideo.me
0.0.0.0 thevideo.us
0.0.0.0 toftofcal.com
0.0.0.0 tokyodrift.ga
0.0.0.0 torrent.pw
0.0.0.0 traffic.tc-clicks.com
0.0.0.0 traffic-optical-service.info
0.0.0.0 traffic-service.info
0.0.0.0 tubetitties.com
0.0.0.0 tulip18.com
0.0.0.0 turnsocial.com
0.0.0.0 turnsocial.now.sh
0.0.0.0 unrummaged.com
0.0.0.0 vcfs6ip5h6.bid
0.0.0.0 veritrol.com
0.0.0.0 verresof.com
0.0.0.0 vidfile.net
0.0.0.0 vidzi.tv
0.0.0.0 vzhjnorkudcxbiy.com
0.0.0.0 web.dle-news.pw
0.0.0.0 webassembly.stream
0.0.0.0 webmine.cz
0.0.0.0 webmine.pro
0.0.0.0 webminepool.com
0.0.0.0 webminepool.tk
0.0.0.0 webminerpool.com
0.0.0.0 webmining.co
0.0.0.0 webwidgetz.duckdns.org
0.0.0.0 wildianing.ru
0.0.0.0 wilf.cn
0.0.0.0 witthethim.com
0.0.0.0 worker.salon.com
0.0.0.0 wp-monero-miner.de
0.0.0.0 wqgkainysj.ru
0.0.0.0 wronpeci.com
0.0.0.0 xbasfbno.info
0.0.0.0 xmrminingproxy.com
0.0.0.0 yourporn.sexy
0.0.0.0 zlx.com.br
0.0.0.0 zona.video
# Anti-WebMiner End

[Kodlz]

dobre, dostal jsem dalsi rady od kolegy.
... takze obsah HOSTS jsou adresy, ktere mas blokovane, nejspis nejaky bezpecnostni tool ti je tam doplnuje, takze pokud Ti to nevadi tak to neni zadny problem.

pokud jde o MBAM, jestli ti tam sviti cerveny banner vyzyvajici Te ke koupi licence, tak Ti skoncila trial verze.
V tomto pripade doporucuji nainstalovat nejaky AV a FW.

Poprosim Te jeste pustit ESET Online Scanner pod uctem, kde Ti vyskakovalo hlaseni o pripojovani na ruske stranky.

error, ktery si vyfotil, casto zpusoboval program Fences... pokud ho nemas, zkus ho nainstalovat a odinstalovat... pokud ho v PC mas, tak ho zkus odinstalovat. Doporucuji odinstalovat pres Ccleaner, rovnou si muzes procistit PC