Mám problém na NB s USB, chipset nejde přeinstalit. Mrkněte prosím:
ComboFix 14-04-12.01 - petr.bibrle 14.04.2014 12:28:15.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3552.2018 [GMT 2:00]
Spuštěný z: c:\users\petr.bibrle\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\petr.bibrle\aaaaaaaa.exe
c:\users\zdenek.novak\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C669C7D0-D2FF-459C-A8B5-73A823A99B3B}.xps
c:\windows\SysWow64\aaaaaaaa.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\wpcap.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-03-14 do 2014-04-14 )))))))))))))))))))))))))))))))
.
.
2014-04-14 10:34 . 2014-04-14 10:34 -------- d-----w- c:\users\zdenek.novak\AppData\Local\temp
2014-04-14 10:34 . 2014-04-14 10:34 -------- d-----w- c:\users\klient\AppData\Local\temp
2014-04-14 10:34 . 2014-04-14 10:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-13 06:51 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A47AF878-C119-4022-951F-1992865CE811}\mpengine.dll
2014-04-11 07:33 . 2014-04-11 07:33 -------- d-----w- c:\users\petr.bibrle\AppData\Local\ElevatedDiagnostics
2014-04-07 09:03 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-04-03 12:21 . 2014-04-03 12:21 -------- d-----w- c:\program files (x86)\NirSoft
2014-04-03 08:37 . 2014-04-03 08:37 -------- d-----w- c:\windows\SysWow64\140403-103750
2014-04-03 08:07 . 2010-08-05 23:43 1001472 ----a-w- c:\windows\system32\drivers\mod7700.sys
2014-04-02 17:56 . 2014-04-03 07:18 -------- d-----w- c:\program files (x86)\O2
2014-04-02 17:45 . 2014-04-02 17:52 -------- d-----w- c:\users\petr.bibrle\AppData\Roaming\Tatara Systems
2014-04-02 17:44 . 2014-04-02 17:44 -------- d-----w- c:\programdata\O2CM-CE
2014-04-02 13:15 . 2014-04-02 13:15 -------- d-----w- c:\program files (x86)\FinalWire
2014-04-02 12:12 . 2011-01-30 10:20 212992 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2014-04-02 12:12 . 2011-01-30 10:19 69632 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2014-04-02 12:12 . 2011-01-30 10:19 28672 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2014-04-02 12:12 . 2011-01-30 10:19 98816 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2014-04-02 12:12 . 2011-01-30 10:19 86016 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2014-04-02 12:12 . 2010-12-23 01:48 421376 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys
2014-04-02 12:12 . 2010-09-26 10:09 22016 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2014-04-02 12:12 . 2010-07-27 01:52 117248 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2014-04-02 12:12 . 2010-03-20 04:06 13952 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2014-04-02 12:12 . 2014-04-02 12:12 -------- d-----w- C:\HUAWEI
2014-04-02 12:07 . 2014-04-02 12:07 -------- d-sh--we c:\windows\SysWow64\config\systemprofile\Soubory cookie
2014-04-02 12:07 . 2014-04-02 12:07 -------- d-sh--we c:\windows\SysWow64\config\systemprofile\Nabídka Start
2014-04-02 12:07 . 2014-04-02 12:07 -------- d-sh--we c:\windows\SysWow64\config\systemprofile\Data aplikací
2014-04-01 06:25 . 2014-04-03 08:34 -------- d-----w- c:\windows\SysWow64\140401-082538
2014-03-31 15:36 . 2014-04-03 08:34 -------- d-----w- c:\windows\SysWow64\140331-173630
2014-03-26 15:44 . 2014-02-20 07:46 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{808BB572-6522-4464-8592-785DC97A69EF}\gapaengine.dll
2014-03-23 09:02 . 2014-03-23 09:02 1409 ------w- c:\windows\SysWow64\tmpD1E9C.FOT
2014-03-19 16:22 . 2014-03-19 16:22 -------- d-----w- c:\program files\ATI Technologies
2014-03-19 12:05 . 2014-03-20 16:20 -------- d-----w- c:\users\petr.bibrle\AppData\Local\Samsung
2014-03-19 12:05 . 2014-03-20 16:20 -------- d-----w- c:\users\petr.bibrle\AppData\Roaming\Samsung
2014-03-19 12:04 . 2014-04-03 08:35 -------- d-----w- c:\program files (x86)\MyFree Codec
2014-03-19 11:42 . 2014-01-23 17:23 144664 ------w- c:\windows\SysWow64\secman.dll
2014-03-19 11:42 . 2014-01-23 17:23 4659712 ------w- c:\windows\SysWow64\Redemption.dll
2014-03-19 11:41 . 2014-03-20 16:20 -------- d-----w- c:\program files (x86)\Samsung
2014-03-19 11:33 . 2014-04-03 08:35 -------- d-----w- c:\users\petr.bibrle\AppData\Local\Downloaded Installations
2014-03-19 11:04 . 2010-12-21 05:55 1917416 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2014-03-19 11:04 . 2010-12-21 05:55 1917416 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll
2014-03-19 09:02 . 2014-04-03 08:35 -------- d-----w- c:\program files\SAMSUNG
2014-03-19 09:00 . 2014-03-20 16:20 -------- d-----w- c:\programdata\Samsung
2014-03-19 08:56 . 2014-03-19 08:56 -------- d-----w- c:\users\petr.bibrle\.android
2014-03-19 08:56 . 2014-04-14 09:44 -------- d-----w- c:\users\petr.bibrle\AppData\Roaming\newnext.me
2014-03-19 08:56 . 2014-04-03 08:35 -------- d-----w- c:\users\petr.bibrle\AppData\Local\genienext
2014-03-19 08:56 . 2014-03-19 11:19 -------- d-----w- c:\users\petr.bibrle\AppData\Local\Mobogenie
2014-03-19 08:56 . 2014-03-19 09:52 -------- d-----w- c:\users\petr.bibrle\AppData\Local\cache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-26 15:45 . 2014-03-14 11:44 280576 ----a-w- c:\windows\client64.dll
2014-03-14 11:44 . 2014-03-14 11:44 59904 ---ha-w- c:\windows\zlib1.dll
2014-03-14 11:44 . 2014-03-14 11:44 228864 ---ha-w- c:\windows\client.dll
2014-03-14 11:44 . 2014-03-14 11:44 12800 ---ha-w- c:\windows\aplib64.dll
2014-03-14 11:44 . 2014-03-14 11:44 11264 ---ha-w- c:\windows\aplib.dll
2014-03-12 07:12 . 2012-12-11 17:37 692616 ------w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-12 07:12 . 2011-12-15 06:23 71048 ------w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-20 07:46 . 2012-10-08 06:31 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-01-23 17:31 . 2014-01-23 17:31 45056 ------w- c:\windows\SysWow64\MACXMLProto.dll
2014-01-23 17:31 . 2014-01-23 17:31 135168 ------w- c:\windows\SysWow64\muzaf1.dll
2014-01-23 17:31 . 2014-01-23 17:31 974848 ------w- c:\windows\SysWow64\cis-2.4.dll
2014-01-23 17:31 . 2014-01-23 17:31 81920 ------w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2014-01-23 17:31 . 2014-01-23 17:31 65536 ------w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2014-01-23 17:31 . 2014-01-23 17:31 57344 ------w- c:\windows\SysWow64\MTXSYNCICON.dll
2014-01-23 17:31 . 2014-01-23 17:31 57344 ------w- c:\windows\SysWow64\MK_Lyric.dll
2014-01-23 17:31 . 2014-01-23 17:31 57344 ------w- c:\windows\SysWow64\issacapi_se-2.3.dll
2014-01-23 17:31 . 2014-01-23 17:31 569344 ------w- c:\windows\SysWow64\muzdecode.ax
2014-01-23 17:31 . 2014-01-23 17:31 491520 ------w- c:\windows\SysWow64\muzapp.dll
2014-01-23 17:31 . 2014-01-23 17:31 49152 ------w- c:\windows\SysWow64\MaJGUILib.dll
2014-01-23 17:31 . 2014-01-23 17:31 45320 ------w- c:\windows\SysWow64\MAMACExtract.dll
2014-01-23 17:31 . 2014-01-23 17:31 45056 ------w- c:\windows\SysWow64\MaXMLProto.dll
2014-01-23 17:31 . 2014-01-23 17:31 40960 ------w- c:\windows\SysWow64\MTTELECHIP.dll
2014-01-23 17:31 . 2014-01-23 17:31 352256 ------w- c:\windows\SysWow64\MSLUR71.dll
2014-01-23 17:31 . 2014-01-23 17:31 258048 ------w- c:\windows\SysWow64\muzoggsp.ax
2014-01-23 17:31 . 2014-01-23 17:31 245760 ------w- c:\windows\SysWow64\MSCLib.dll
2014-01-23 17:31 . 2014-01-23 17:31 24576 ------w- c:\windows\SysWow64\MASetupCleaner.exe
2014-01-23 17:31 . 2014-01-23 17:31 200704 ------w- c:\windows\SysWow64\muzwmts.dll
2014-01-23 17:31 . 2014-01-23 17:31 172032 ------w- c:\windows\SysWow64\muzapp.exe
2014-01-23 17:31 . 2014-01-23 17:31 155648 ------w- c:\windows\SysWow64\MSFLib.dll
2014-01-23 17:31 . 2014-01-23 17:31 143360 ------w- c:\windows\SysWow64\3DAudio.ax
2014-01-23 17:31 . 2014-01-23 17:31 131072 ------w- c:\windows\SysWow64\muzmpgsp.ax
2014-01-23 17:31 . 2014-01-23 17:31 122880 ------w- c:\windows\SysWow64\muzeffect.ax
2014-01-23 17:31 . 2014-01-23 17:31 118784 ------w- c:\windows\SysWow64\MaDRM.dll
2014-01-23 17:31 . 2014-01-23 17:31 110592 ------w- c:\windows\SysWow64\muzmp4sp.ax
2014-01-20 04:00 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\atapi.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\asyncmac.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\kbdclass.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\ndis.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\ntfs.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\null.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\tcpip.sys
.
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\drivers\tdx.sys
.
[7] 2012-08-30 . 948F0B444CB6CC35FE5F9DE52420CB95 . 3914096 . . [6.1.7601.17944] .. c:\windows\erdnt\cache86\ntoskrnl.exe
[7] 2012-08-30 . 948F0B444CB6CC35FE5F9DE52420CB95 . 3914096 . . [6.1.7601.17944] .. c:\windows\SysWOW64\ntoskrnl.exe
[7] 2012-08-30 . 948F0B444CB6CC35FE5F9DE52420CB95 . 3914096 . . [6.1.7601.17944] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17944_none_6e176360127d73e2\ntoskrnl.exe
[7] 2012-08-30 . 5355A85D26EECFA3A68B1F55B0C59A20 . 3917168 . . [6.1.7601.22103] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22103_none_6ecb17b32b7bbdd3\ntoskrnl.exe
[7] 2012-03-31 . 28F44480E411C3DDF04B63F6560E6EF4 . 3913072 . . [6.1.7601.17803] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntoskrnl.exe
[7] 2012-03-31 . 2E02A17E8965AD671E4987E503AD38B1 . 3916656 . . [6.1.7601.21955] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntoskrnl.exe
[7] 2011-12-15 . FB58ABD5E1F75A2CF713C9DFF0EC0804 . 3912576 . . [6.1.7601.17640] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntoskrnl.exe
[7] 2011-12-15 . 90EFDB506F6140EEA9DEE398D9449D86 . 3912576 . . [6.1.7601.21755] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntoskrnl.exe
[7] 2011-07-25 . 5D21C487F79F8245E799071589E035BF . 3912576 . . [6.1.7601.17592] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_6ddf4b9812a7d84d\ntoskrnl.exe
[7] 2011-07-25 . D385343510B75545EC5DB3A64C2D2492 . 3912576 . . [6.1.7601.21701] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_6ec9394b2b7d606e\ntoskrnl.exe
[7] 2010-11-21 . 2088D9994332583EDB3C561DE31EA5AD . 3911040 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntoskrnl.exe
[-] 1601-01-01 00:00 . !HASH: COULD NOT OPEN FILE !!!!! . 0 . . [------] .. c:\windows\system32\ntoskrnl.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NextLive"="c:\users\petr.bibrle\AppData\Roaming\newnext.me\nengine.dll" [2014-01-06 1283584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-26 343168]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-05-23 103992]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-04-22 658424]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-05-14 318520]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2013-08-26 1989920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-4-24 1132320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 huyvsitf;huyvsitf;c:\windows\system32\drivers\huyvsitf.sys;c:\windows\SYSNATIVE\drivers\huyvsitf.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AtiDCM;AtiDCM;c:\users\petr.bibrle\AppData\Local\Temp\atdcm64a.sys;c:\users\petr.bibrle\AppData\Local\Temp\atdcm64a.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys;c:\windows\SYSNATIVE\DRIVERS\ewdcsc.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 NANMp50;NANMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NANMp50.sys;c:\windows\SYSNATIVE\Drivers\NANMp50.sys [x]
R3 NANSp50;NANSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NANSp50.sys;c:\windows\SYSNATIVE\Drivers\NANSp50.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WSDScan;Podpora skenování WSD přes UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird2\bin\fb_inet_server.exe;c:\program files\Firebird2\bin\fb_inet_server.exe [x]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [x]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftVCapture.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys;c:\windows\SYSNATIVE\DRIVERS\johci.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - 3b20518395812800
.
Obsah adresáře 'Naplánované úlohy'
.
2014-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-11 07:12]
.
2014-04-14 c:\windows\Tasks\HPCeeScheduleForpetr.bibrle.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 03:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11\WLTRAY.exe" [2012-03-01 7168000]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-03-17 13880]
.
------- Doplňkový sken -------
.
uStart Page = https://www.google.cz/?rlz=1W4CHBA_csCZ549
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.bing.com?pc=CMNTDF
mStart Page = hxxp://www.bing.com?pc=CMNTDF
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 89.190.65.200 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\3b20518395812800]
"ImagePath"="\SystemRoot\System32\Drivers\3b20518395812800.sys"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\*]
@="?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\*]
@="?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\*]
@="?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\*]
@="?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\*]
@="?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\*]
@="?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2014-04-14 12:38:26
ComboFix-quarantined-files.txt 2014-04-14 10:38
.
Před spuštěním: Volných bajtů: 401 882 034 176
Po spuštění: Volných bajtů: 401 460 649 984
.
- - End Of File - - 141127C402B26B446D0CCBC347B25DE6
A36C5E4F47E84449FF07ED3517B43A31
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
kouknete na LOG combofix?
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119537
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kouknete na LOG combofix?
Zdravím!
Proč spouštíte ComboFix, utilitu určenou pouze profesinálům? Jste na fóru už dost dlouho na to, abyste si přečetl pravidla: http://forum.viry.cz/viewtopic.php?f=12&t=5601 , bod 3.
Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
Proč spouštíte ComboFix, utilitu určenou pouze profesinálům? Jste na fóru už dost dlouho na to, abyste si přečetl pravidla: http://forum.viry.cz/viewtopic.php?f=12&t=5601 , bod 3.
Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak je myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.KillAll::
Collect::
C:\windows\system32\drivers\huyvsitf.sys
Driver::
huyvsitf
3b20518395812800
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
Regnull::
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\*]
Reboot::
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: kouknete na LOG combofix?
Díky za pomoc, tady je log po provedení:
ComboFix 14-04-12.01 - petr.bibrle 14.04.2014 22:00:27.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3552.1716 [GMT 2:00]
Spuštěný z: c:\users\petr.bibrle\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\petr.bibrle\Desktop\CFScript.txt.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Installer\{652F58BF-6AC1-95E9-702F-19314FDB19A9}\syshost.exe . . . . nemohl být smazán
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_3B20518395812800
-------\Service_3b20518395812800
-------\Service_huyvsitf
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-03-14 do 2014-04-14 )))))))))))))))))))))))))))))))
.
.
2014-04-14 20:09 . 2014-04-14 20:09 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A47AF878-C119-4022-951F-1992865CE811}\offreg.dll
2014-04-14 20:06 . 2014-04-14 20:06 -------- d-----w- c:\users\zdenek.novak\AppData\Local\temp
2014-04-14 20:06 . 2014-04-14 20:06 -------- d-----w- c:\users\klient\AppData\Local\temp
2014-04-14 20:06 . 2014-04-14 20:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-13 06:51 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A47AF878-C119-4022-951F-1992865CE811}\mpengine.dll
2014-04-11 07:33 . 2014-04-11 07:33 -------- d-----w- c:\users\petr.bibrle\AppData\Local\ElevatedDiagnostics
2014-04-07 09:03 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-04-03 12:21 . 2014-04-03 12:21 -------- d-----w- c:\program files (x86)\NirSoft
2014-04-03 08:37 . 2014-04-03 08:37 -------- d-----w- c:\windows\SysWow64\140403-103750
2014-04-03 08:07 . 2010-08-05 23:43 1001472 ----a-w- c:\windows\system32\drivers\mod7700.sys
2014-04-02 17:56 . 2014-04-03 07:18 -------- d-----w- c:\program files (x86)\O2
2014-04-02 17:45 . 2014-04-02 17:52 -------- d-----w- c:\users\petr.bibrle\AppData\Roaming\Tatara Systems
2014-04-02 17:44 . 2014-04-02 17:44 -------- d-----w- c:\programdata\O2CM-CE
2014-04-02 13:15 . 2014-04-02 13:15 -------- d-----w- c:\program files (x86)\FinalWire
2014-04-02 12:12 . 2011-01-30 10:20 212992 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2014-04-02 12:12 . 2011-01-30 10:19 69632 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2014-04-02 12:12 . 2011-01-30 10:19 28672 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2014-04-02 12:12 . 2011-01-30 10:19 98816 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2014-04-02 12:12 . 2011-01-30 10:19 86016 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2014-04-02 12:12 . 2010-12-23 01:48 421376 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys
2014-04-02 12:12 . 2010-09-26 10:09 22016 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2014-04-02 12:12 . 2010-07-27 01:52 117248 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2014-04-02 12:12 . 2010-03-20 04:06 13952 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2014-04-02 12:12 . 2014-04-02 12:12 -------- d-----w- C:\HUAWEI
2014-04-02 12:07 . 2014-04-02 12:07 -------- d-sh--we c:\windows\SysWow64\config\systemprofile\Soubory cookie
2014-04-02 12:07 . 2014-04-02 12:07 -------- d-sh--we c:\windows\SysWow64\config\systemprofile\Nabídka Start
2014-04-02 12:07 . 2014-04-02 12:07 -------- d-sh--we c:\windows\SysWow64\config\systemprofile\Data aplikací
2014-04-01 06:25 . 2014-04-03 08:34 -------- d-----w- c:\windows\SysWow64\140401-082538
2014-03-31 15:36 . 2014-04-03 08:34 -------- d-----w- c:\windows\SysWow64\140331-173630
2014-03-26 15:44 . 2014-02-20 07:46 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{808BB572-6522-4464-8592-785DC97A69EF}\gapaengine.dll
2014-03-23 09:02 . 2014-03-23 09:02 1409 ------w- c:\windows\SysWow64\tmpD1E9C.FOT
2014-03-19 16:22 . 2014-03-19 16:22 -------- d-----w- c:\program files\ATI Technologies
2014-03-19 12:05 . 2014-03-20 16:20 -------- d-----w- c:\users\petr.bibrle\AppData\Local\Samsung
2014-03-19 12:05 . 2014-03-20 16:20 -------- d-----w- c:\users\petr.bibrle\AppData\Roaming\Samsung
2014-03-19 12:04 . 2014-04-03 08:35 -------- d-----w- c:\program files (x86)\MyFree Codec
2014-03-19 11:42 . 2014-01-23 17:23 144664 ------w- c:\windows\SysWow64\secman.dll
2014-03-19 11:42 . 2014-01-23 17:23 4659712 ------w- c:\windows\SysWow64\Redemption.dll
2014-03-19 11:41 . 2014-03-20 16:20 -------- d-----w- c:\program files (x86)\Samsung
2014-03-19 11:33 . 2014-04-03 08:35 -------- d-----w- c:\users\petr.bibrle\AppData\Local\Downloaded Installations
2014-03-19 11:04 . 2010-12-21 05:55 1917416 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2014-03-19 11:04 . 2010-12-21 05:55 1917416 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll
2014-03-19 09:02 . 2014-04-03 08:35 -------- d-----w- c:\program files\SAMSUNG
2014-03-19 09:00 . 2014-03-20 16:20 -------- d-----w- c:\programdata\Samsung
2014-03-19 08:56 . 2014-03-19 08:56 -------- d-----w- c:\users\petr.bibrle\.android
2014-03-19 08:56 . 2014-04-14 20:10 -------- d-----w- c:\users\petr.bibrle\AppData\Roaming\newnext.me
2014-03-19 08:56 . 2014-04-03 08:35 -------- d-----w- c:\users\petr.bibrle\AppData\Local\genienext
2014-03-19 08:56 . 2014-03-19 11:19 -------- d-----w- c:\users\petr.bibrle\AppData\Local\Mobogenie
2014-03-19 08:56 . 2014-03-19 09:52 -------- d-----w- c:\users\petr.bibrle\AppData\Local\cache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-26 15:45 . 2014-03-14 11:44 280576 ----a-w- c:\windows\client64.dll
2014-03-14 11:44 . 2014-03-14 11:44 59904 ---ha-w- c:\windows\zlib1.dll
2014-03-14 11:44 . 2014-03-14 11:44 228864 ---ha-w- c:\windows\client.dll
2014-03-14 11:44 . 2014-03-14 11:44 12800 ---ha-w- c:\windows\aplib64.dll
2014-03-14 11:44 . 2014-03-14 11:44 11264 ---ha-w- c:\windows\aplib.dll
2014-03-12 07:12 . 2012-12-11 17:37 692616 ------w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-12 07:12 . 2011-12-15 06:23 71048 ------w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-20 07:46 . 2012-10-08 06:31 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-01-23 17:31 . 2014-01-23 17:31 45056 ------w- c:\windows\SysWow64\MACXMLProto.dll
2014-01-23 17:31 . 2014-01-23 17:31 135168 ------w- c:\windows\SysWow64\muzaf1.dll
2014-01-23 17:31 . 2014-01-23 17:31 974848 ------w- c:\windows\SysWow64\cis-2.4.dll
2014-01-23 17:31 . 2014-01-23 17:31 81920 ------w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2014-01-23 17:31 . 2014-01-23 17:31 65536 ------w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2014-01-23 17:31 . 2014-01-23 17:31 57344 ------w- c:\windows\SysWow64\MTXSYNCICON.dll
2014-01-23 17:31 . 2014-01-23 17:31 57344 ------w- c:\windows\SysWow64\MK_Lyric.dll
2014-01-23 17:31 . 2014-01-23 17:31 57344 ------w- c:\windows\SysWow64\issacapi_se-2.3.dll
2014-01-23 17:31 . 2014-01-23 17:31 569344 ------w- c:\windows\SysWow64\muzdecode.ax
2014-01-23 17:31 . 2014-01-23 17:31 491520 ------w- c:\windows\SysWow64\muzapp.dll
2014-01-23 17:31 . 2014-01-23 17:31 49152 ------w- c:\windows\SysWow64\MaJGUILib.dll
2014-01-23 17:31 . 2014-01-23 17:31 45320 ------w- c:\windows\SysWow64\MAMACExtract.dll
2014-01-23 17:31 . 2014-01-23 17:31 45056 ------w- c:\windows\SysWow64\MaXMLProto.dll
2014-01-23 17:31 . 2014-01-23 17:31 40960 ------w- c:\windows\SysWow64\MTTELECHIP.dll
2014-01-23 17:31 . 2014-01-23 17:31 352256 ------w- c:\windows\SysWow64\MSLUR71.dll
2014-01-23 17:31 . 2014-01-23 17:31 258048 ------w- c:\windows\SysWow64\muzoggsp.ax
2014-01-23 17:31 . 2014-01-23 17:31 245760 ------w- c:\windows\SysWow64\MSCLib.dll
2014-01-23 17:31 . 2014-01-23 17:31 24576 ------w- c:\windows\SysWow64\MASetupCleaner.exe
2014-01-23 17:31 . 2014-01-23 17:31 200704 ------w- c:\windows\SysWow64\muzwmts.dll
2014-01-23 17:31 . 2014-01-23 17:31 172032 ------w- c:\windows\SysWow64\muzapp.exe
2014-01-23 17:31 . 2014-01-23 17:31 155648 ------w- c:\windows\SysWow64\MSFLib.dll
2014-01-23 17:31 . 2014-01-23 17:31 143360 ------w- c:\windows\SysWow64\3DAudio.ax
2014-01-23 17:31 . 2014-01-23 17:31 131072 ------w- c:\windows\SysWow64\muzmpgsp.ax
2014-01-23 17:31 . 2014-01-23 17:31 122880 ------w- c:\windows\SysWow64\muzeffect.ax
2014-01-23 17:31 . 2014-01-23 17:31 118784 ------w- c:\windows\SysWow64\MaDRM.dll
2014-01-23 17:31 . 2014-01-23 17:31 110592 ------w- c:\windows\SysWow64\muzmp4sp.ax
2014-01-20 04:00 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NextLive"="c:\users\petr.bibrle\AppData\Roaming\newnext.me\nengine.dll" [2014-01-06 1283584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-26 343168]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-05-23 103992]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-04-22 658424]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-05-14 318520]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2013-08-26 1989920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-4-24 1132320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
R3 AtiDCM;AtiDCM;c:\users\petr.bibrle\AppData\Local\Temp\atdcm64a.sys;c:\users\petr.bibrle\AppData\Local\Temp\atdcm64a.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys;c:\windows\SYSNATIVE\DRIVERS\ewdcsc.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 NANMp50;NANMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NANMp50.sys;c:\windows\SYSNATIVE\Drivers\NANMp50.sys [x]
R3 NANSp50;NANSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NANSp50.sys;c:\windows\SYSNATIVE\Drivers\NANSp50.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WSDScan;Podpora skenování WSD přes UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird2\bin\fb_inet_server.exe;c:\program files\Firebird2\bin\fb_inet_server.exe [x]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [x]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftVCapture.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys;c:\windows\SYSNATIVE\DRIVERS\johci.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - 3B20518395812800
*NewlyCreated* - WS2IFSL
*Deregistered* - 3b20518395812800
.
Obsah adresáře 'Naplánované úlohy'
.
2014-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-11 07:12]
.
2014-04-14 c:\windows\Tasks\HPCeeScheduleForpetr.bibrle.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 03:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11\WLTRAY.exe" [2012-03-01 7168000]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-03-17 13880]
.
------- Doplňkový sken -------
.
uStart Page = https://www.google.cz/?rlz=1W4CHBA_csCZ549
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.bing.com?pc=CMNTDF
mStart Page = hxxp://www.bing.com?pc=CMNTDF
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 89.190.65.200 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\3b20518395812800]
"ImagePath"="\SystemRoot\System32\Drivers\3b20518395812800.sys"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\*]
@="?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\*]
@="?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\*]
@="?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\*]
@="?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\*]
@="?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\*]
@="?"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
.
**************************************************************************
.
Celkový čas: 2014-04-14 22:13:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-04-14 20:13
ComboFix2.txt 2014-04-14 10:38
.
Před spuštěním: Volných bajtů: 401 135 136 768
Po spuštění: Volných bajtů: 400 603 373 568
.
- - End Of File - - 15A832B2414D3E92D492E973FF1249D7
A36C5E4F47E84449FF07ED3517B43A31
ComboFix 14-04-12.01 - petr.bibrle 14.04.2014 22:00:27.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3552.1716 [GMT 2:00]
Spuštěný z: c:\users\petr.bibrle\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\petr.bibrle\Desktop\CFScript.txt.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Installer\{652F58BF-6AC1-95E9-702F-19314FDB19A9}\syshost.exe . . . . nemohl být smazán
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_3B20518395812800
-------\Service_3b20518395812800
-------\Service_huyvsitf
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-03-14 do 2014-04-14 )))))))))))))))))))))))))))))))
.
.
2014-04-14 20:09 . 2014-04-14 20:09 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A47AF878-C119-4022-951F-1992865CE811}\offreg.dll
2014-04-14 20:06 . 2014-04-14 20:06 -------- d-----w- c:\users\zdenek.novak\AppData\Local\temp
2014-04-14 20:06 . 2014-04-14 20:06 -------- d-----w- c:\users\klient\AppData\Local\temp
2014-04-14 20:06 . 2014-04-14 20:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-13 06:51 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A47AF878-C119-4022-951F-1992865CE811}\mpengine.dll
2014-04-11 07:33 . 2014-04-11 07:33 -------- d-----w- c:\users\petr.bibrle\AppData\Local\ElevatedDiagnostics
2014-04-07 09:03 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-04-03 12:21 . 2014-04-03 12:21 -------- d-----w- c:\program files (x86)\NirSoft
2014-04-03 08:37 . 2014-04-03 08:37 -------- d-----w- c:\windows\SysWow64\140403-103750
2014-04-03 08:07 . 2010-08-05 23:43 1001472 ----a-w- c:\windows\system32\drivers\mod7700.sys
2014-04-02 17:56 . 2014-04-03 07:18 -------- d-----w- c:\program files (x86)\O2
2014-04-02 17:45 . 2014-04-02 17:52 -------- d-----w- c:\users\petr.bibrle\AppData\Roaming\Tatara Systems
2014-04-02 17:44 . 2014-04-02 17:44 -------- d-----w- c:\programdata\O2CM-CE
2014-04-02 13:15 . 2014-04-02 13:15 -------- d-----w- c:\program files (x86)\FinalWire
2014-04-02 12:12 . 2011-01-30 10:20 212992 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2014-04-02 12:12 . 2011-01-30 10:19 69632 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2014-04-02 12:12 . 2011-01-30 10:19 28672 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2014-04-02 12:12 . 2011-01-30 10:19 98816 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2014-04-02 12:12 . 2011-01-30 10:19 86016 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2014-04-02 12:12 . 2010-12-23 01:48 421376 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys
2014-04-02 12:12 . 2010-09-26 10:09 22016 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2014-04-02 12:12 . 2010-07-27 01:52 117248 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2014-04-02 12:12 . 2010-03-20 04:06 13952 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2014-04-02 12:12 . 2014-04-02 12:12 -------- d-----w- C:\HUAWEI
2014-04-02 12:07 . 2014-04-02 12:07 -------- d-sh--we c:\windows\SysWow64\config\systemprofile\Soubory cookie
2014-04-02 12:07 . 2014-04-02 12:07 -------- d-sh--we c:\windows\SysWow64\config\systemprofile\Nabídka Start
2014-04-02 12:07 . 2014-04-02 12:07 -------- d-sh--we c:\windows\SysWow64\config\systemprofile\Data aplikací
2014-04-01 06:25 . 2014-04-03 08:34 -------- d-----w- c:\windows\SysWow64\140401-082538
2014-03-31 15:36 . 2014-04-03 08:34 -------- d-----w- c:\windows\SysWow64\140331-173630
2014-03-26 15:44 . 2014-02-20 07:46 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{808BB572-6522-4464-8592-785DC97A69EF}\gapaengine.dll
2014-03-23 09:02 . 2014-03-23 09:02 1409 ------w- c:\windows\SysWow64\tmpD1E9C.FOT
2014-03-19 16:22 . 2014-03-19 16:22 -------- d-----w- c:\program files\ATI Technologies
2014-03-19 12:05 . 2014-03-20 16:20 -------- d-----w- c:\users\petr.bibrle\AppData\Local\Samsung
2014-03-19 12:05 . 2014-03-20 16:20 -------- d-----w- c:\users\petr.bibrle\AppData\Roaming\Samsung
2014-03-19 12:04 . 2014-04-03 08:35 -------- d-----w- c:\program files (x86)\MyFree Codec
2014-03-19 11:42 . 2014-01-23 17:23 144664 ------w- c:\windows\SysWow64\secman.dll
2014-03-19 11:42 . 2014-01-23 17:23 4659712 ------w- c:\windows\SysWow64\Redemption.dll
2014-03-19 11:41 . 2014-03-20 16:20 -------- d-----w- c:\program files (x86)\Samsung
2014-03-19 11:33 . 2014-04-03 08:35 -------- d-----w- c:\users\petr.bibrle\AppData\Local\Downloaded Installations
2014-03-19 11:04 . 2010-12-21 05:55 1917416 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2014-03-19 11:04 . 2010-12-21 05:55 1917416 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll
2014-03-19 09:02 . 2014-04-03 08:35 -------- d-----w- c:\program files\SAMSUNG
2014-03-19 09:00 . 2014-03-20 16:20 -------- d-----w- c:\programdata\Samsung
2014-03-19 08:56 . 2014-03-19 08:56 -------- d-----w- c:\users\petr.bibrle\.android
2014-03-19 08:56 . 2014-04-14 20:10 -------- d-----w- c:\users\petr.bibrle\AppData\Roaming\newnext.me
2014-03-19 08:56 . 2014-04-03 08:35 -------- d-----w- c:\users\petr.bibrle\AppData\Local\genienext
2014-03-19 08:56 . 2014-03-19 11:19 -------- d-----w- c:\users\petr.bibrle\AppData\Local\Mobogenie
2014-03-19 08:56 . 2014-03-19 09:52 -------- d-----w- c:\users\petr.bibrle\AppData\Local\cache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-26 15:45 . 2014-03-14 11:44 280576 ----a-w- c:\windows\client64.dll
2014-03-14 11:44 . 2014-03-14 11:44 59904 ---ha-w- c:\windows\zlib1.dll
2014-03-14 11:44 . 2014-03-14 11:44 228864 ---ha-w- c:\windows\client.dll
2014-03-14 11:44 . 2014-03-14 11:44 12800 ---ha-w- c:\windows\aplib64.dll
2014-03-14 11:44 . 2014-03-14 11:44 11264 ---ha-w- c:\windows\aplib.dll
2014-03-12 07:12 . 2012-12-11 17:37 692616 ------w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-12 07:12 . 2011-12-15 06:23 71048 ------w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-20 07:46 . 2012-10-08 06:31 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-01-23 17:31 . 2014-01-23 17:31 45056 ------w- c:\windows\SysWow64\MACXMLProto.dll
2014-01-23 17:31 . 2014-01-23 17:31 135168 ------w- c:\windows\SysWow64\muzaf1.dll
2014-01-23 17:31 . 2014-01-23 17:31 974848 ------w- c:\windows\SysWow64\cis-2.4.dll
2014-01-23 17:31 . 2014-01-23 17:31 81920 ------w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2014-01-23 17:31 . 2014-01-23 17:31 65536 ------w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2014-01-23 17:31 . 2014-01-23 17:31 57344 ------w- c:\windows\SysWow64\MTXSYNCICON.dll
2014-01-23 17:31 . 2014-01-23 17:31 57344 ------w- c:\windows\SysWow64\MK_Lyric.dll
2014-01-23 17:31 . 2014-01-23 17:31 57344 ------w- c:\windows\SysWow64\issacapi_se-2.3.dll
2014-01-23 17:31 . 2014-01-23 17:31 569344 ------w- c:\windows\SysWow64\muzdecode.ax
2014-01-23 17:31 . 2014-01-23 17:31 491520 ------w- c:\windows\SysWow64\muzapp.dll
2014-01-23 17:31 . 2014-01-23 17:31 49152 ------w- c:\windows\SysWow64\MaJGUILib.dll
2014-01-23 17:31 . 2014-01-23 17:31 45320 ------w- c:\windows\SysWow64\MAMACExtract.dll
2014-01-23 17:31 . 2014-01-23 17:31 45056 ------w- c:\windows\SysWow64\MaXMLProto.dll
2014-01-23 17:31 . 2014-01-23 17:31 40960 ------w- c:\windows\SysWow64\MTTELECHIP.dll
2014-01-23 17:31 . 2014-01-23 17:31 352256 ------w- c:\windows\SysWow64\MSLUR71.dll
2014-01-23 17:31 . 2014-01-23 17:31 258048 ------w- c:\windows\SysWow64\muzoggsp.ax
2014-01-23 17:31 . 2014-01-23 17:31 245760 ------w- c:\windows\SysWow64\MSCLib.dll
2014-01-23 17:31 . 2014-01-23 17:31 24576 ------w- c:\windows\SysWow64\MASetupCleaner.exe
2014-01-23 17:31 . 2014-01-23 17:31 200704 ------w- c:\windows\SysWow64\muzwmts.dll
2014-01-23 17:31 . 2014-01-23 17:31 172032 ------w- c:\windows\SysWow64\muzapp.exe
2014-01-23 17:31 . 2014-01-23 17:31 155648 ------w- c:\windows\SysWow64\MSFLib.dll
2014-01-23 17:31 . 2014-01-23 17:31 143360 ------w- c:\windows\SysWow64\3DAudio.ax
2014-01-23 17:31 . 2014-01-23 17:31 131072 ------w- c:\windows\SysWow64\muzmpgsp.ax
2014-01-23 17:31 . 2014-01-23 17:31 122880 ------w- c:\windows\SysWow64\muzeffect.ax
2014-01-23 17:31 . 2014-01-23 17:31 118784 ------w- c:\windows\SysWow64\MaDRM.dll
2014-01-23 17:31 . 2014-01-23 17:31 110592 ------w- c:\windows\SysWow64\muzmp4sp.ax
2014-01-20 04:00 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NextLive"="c:\users\petr.bibrle\AppData\Roaming\newnext.me\nengine.dll" [2014-01-06 1283584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-26 343168]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-05-23 103992]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-04-22 658424]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-05-14 318520]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2013-08-26 1989920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-4-24 1132320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
R3 AtiDCM;AtiDCM;c:\users\petr.bibrle\AppData\Local\Temp\atdcm64a.sys;c:\users\petr.bibrle\AppData\Local\Temp\atdcm64a.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys;c:\windows\SYSNATIVE\DRIVERS\ewdcsc.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 NANMp50;NANMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NANMp50.sys;c:\windows\SYSNATIVE\Drivers\NANMp50.sys [x]
R3 NANSp50;NANSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NANSp50.sys;c:\windows\SYSNATIVE\Drivers\NANSp50.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WSDScan;Podpora skenování WSD přes UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird2\bin\fb_inet_server.exe;c:\program files\Firebird2\bin\fb_inet_server.exe [x]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [x]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftVCapture.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys;c:\windows\SYSNATIVE\DRIVERS\johci.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - 3B20518395812800
*NewlyCreated* - WS2IFSL
*Deregistered* - 3b20518395812800
.
Obsah adresáře 'Naplánované úlohy'
.
2014-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-11 07:12]
.
2014-04-14 c:\windows\Tasks\HPCeeScheduleForpetr.bibrle.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 03:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11\WLTRAY.exe" [2012-03-01 7168000]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-03-17 13880]
.
------- Doplňkový sken -------
.
uStart Page = https://www.google.cz/?rlz=1W4CHBA_csCZ549
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.bing.com?pc=CMNTDF
mStart Page = hxxp://www.bing.com?pc=CMNTDF
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 89.190.65.200 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\3b20518395812800]
"ImagePath"="\SystemRoot\System32\Drivers\3b20518395812800.sys"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\*]
@="?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\*]
@="?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\*]
@="?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\*]
@="?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\*]
@="?"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\*]
@="?"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
.
**************************************************************************
.
Celkový čas: 2014-04-14 22:13:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-04-14 20:13
ComboFix2.txt 2014-04-14 10:38
.
Před spuštěním: Volných bajtů: 401 135 136 768
Po spuštění: Volných bajtů: 400 603 373 568
.
- - End Of File - - 15A832B2414D3E92D492E973FF1249D7
A36C5E4F47E84449FF07ED3517B43A31
-
Rudy
- Site Admin
- Příspěvky: 119537
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kouknete na LOG combofix?
Ještě tam něco zbylo. Spusťte MBAR a dejte log:
Stáhněte Malwarebytes Anti-Rootkit http://www.malwarebytes.org/products/mbar/
Uložte nejlépe na Plochu a rozbalte
Spusťte kliknutím na mbar
Nyní postupně klikněte na Next a Update
Po dokončení update (aktualizace) databáze klikněte opět na Next
Nechte zaškrtnute všechny tři možnosti a kliněte na Scan čímž spustíte prohledavani PC
Po dokončeni skenu (cca 5 minutek) zkontrolujte, zda-li je u všech nalezů (samozrejme pokud budou) zatržítko
Tež zkontrolujte, jestli je zatržitko u Create Restore point
Nyní klikněte na CleanUp čímž nalezenou infekci odstraníme
PC bude restartován
Složka mbar by měla obsahovat log (a zřejmě se i sám otevře) mbar-log-rok-měsíc-den (hodina-minuta-sekunda).txt, ten mi sem dejte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: kouknete na LOG combofix?
Výborně (?). NAšel ještě 2 malware. Scanoval to po restartu těsně před plným spuštěním. To je asi dobře, že?
Tady je log:
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 1.696000 GHz
Memory total: 3724718080, free: 2207879168
Could not load protection driver
Downloaded database version: v2014.04.15.02
Downloaded database version: v2014.03.27.01
=======================================
Initializing...
DDA Driver installation error.
Driver installed on boot. Reboot required.
System shutdown occurred
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 1.696000 GHz
Memory total: 3724718080, free: 2729709568
=======================================
Initializing...
Done!
Module: \??\C:\windows\system32\ntoskrnl.exe could not be loadedModule: \??\C:\windows\system32\drivers\CLASSPNP.SYS could not be loadedModule: \??\C:\windows\system32\drivers\CLASSPNP.SYS could not be loadedModule: \??\C:\windows\system32\drivers\CLASSPNP.SYS could not be loadedModule: \??\C:\windows\system32\drivers\CLASSPNP.SYS could not be loadedModule: \??\C:\windows\system32\drivers\CLASSPNP.SYS could not be loadedModule: \??\C:\windows\system32\drivers\CLASSPNP.SYS could not be loadedModule: \??\C:\windows\system32\drivers\CLASSPNP.SYS could not be loadedModule: \??\C:\windows\system32\drivers\CLASSPNP.SYS could not be loadedModule: \??\C:\windows\system32\drivers\CLASSPNP.SYS could not be loadedModule: \??\C:\windows\system32\drivers\CLASSPNP.SYS could not be loadedModule: \??\C:\windows\system32\drivers\CLASSPNP.SYS could not be loaded<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004d4e790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000079\
Lower Device Object: 0xfffffa8004b19650
Lower Device Driver Name: \Driver\amd_sata\
Module: \??\C:\windows\system32\drivers\storport.sys could not be loadedModule: \??\C:\windows\system32\drivers\storport.sys could not be loadedModule: \??\C:\windows\system32\drivers\storport.sys could not be loadedModule: \??\C:\windows\system32\drivers\storport.sys could not be loadedModule: \??\C:\windows\system32\drivers\storport.sys could not be loadedModule: \??\C:\windows\system32\drivers\storport.sys could not be loadedModule: \??\C:\windows\system32\drivers\amd_sata.sys could not be loaded<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004d4e790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004d4f040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004d4e790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004d4e040, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa8004b218c0, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa8004b1f600, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8004b19650, DeviceName: \Device\00000079\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File user open failed: C:\WINDOWS\SYSTEM32\drivers\1394bus.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\3b20518395812800.sys (0x0000007b)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\Accelerometer.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\acpi.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\adp94xx.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\adpahci.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\adpu320.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\afd.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ataport.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\AtihdW76.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\atikmdag.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\atikmpag.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\b57nd60a.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\battc.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\bcm42rly.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\BCMWL664.SYS (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\beep.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\blbdrive.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\bowser.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\BrFiltLo.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\BrFiltUp.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\bridge.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\BrSerId.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\BrSerWdm.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\BrUsbMdm.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\cmdide.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\cng.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\compbatt.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\crashdmp.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\crcdisk.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\csc.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\DAMDrv64.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\dfsc.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\discache.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\disk.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\Diskdump.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\dmvsc.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\drmk.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\Dumpata.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\dumpfve.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\dxapi.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\dxg.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\dxgkrnl.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\dxgmms1.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\elxstor.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\errdev.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\evbda.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ewdcsc.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ewusbdev.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ewusbmdm.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ewusbnet.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\exfat.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\fastfat.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\fdc.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\hidclass.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\hidir.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\hidparse.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\hidusb.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\hpdskflt.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\HpqKbFiltr.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\HpSAMD.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\http.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\hwpolicy.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\iaStorV.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\igdkmd64.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\iirsp.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\intelide.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\intelppm.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ipfltdrv.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\IPMIDrv.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ipnat.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\irda.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\irenum.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\isapnp.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\jmcr.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\johci.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ksecdd.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ksecpkg.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ksthunk.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\lltdio.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\lsi_fc.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\lsi_sas.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\lsi_sas2.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\lsi_scsi.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\luafv.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\mcd.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\megasas.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\MegaSR.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\MfeEpeHb.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\MfeEpePc.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\modem.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\monitor.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\mouclass.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\mouhid.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\mountmgr.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\mpio.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\mpsdrv.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\agilevpn.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\atapi.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\BrUsbSer.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\fileinfo.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\hidbth.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ks.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\mrxdav.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ndisuio.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\pcw.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\rmcast.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\spsys.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\volmgrx.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\mrxsmb.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\mrxsmb10.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\mrxsmb20.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\msahci.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\msdsm.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\msfs.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ndiswan.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ndproxy.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\netbios.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\netbt.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\netio.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\nfrd960.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\NisDrvWFP.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\npfs.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\nsiproxy.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ntfs.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\null.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\nvraid.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\nvstor.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\NV_AGP.SYS (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\nwifi.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ohci1394.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\pacer.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\parport.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\partmgr.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\pccsmcfdx64.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\pci.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\pciide.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\pciidex.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\PEAuth.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\portcls.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\processr.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\psd.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\PxHlpa64.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ql2300.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ql40xx.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\qwavedrv.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\rasacd.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\rasl2tp.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\raspppoe.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\raspptp.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\rassstp.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\rdbss.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\RDPCDD.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\rdpdr.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\RDPENCDD.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\RDPREFMP.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\rdpwd.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\rdyboost.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\rfcomm.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\RNDISMP.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\rootmdm.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\rspndr.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\Rt64win7.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\scfilter.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\scsiport.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sdbus.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\secdrv.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\serenum.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\serial.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sermouse.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sffdisk.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sffp_mmc.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sffp_sd.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sisraid2.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sisraid4.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\smb.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\smclib.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sncduvc.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\snp2uvc.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\spldr.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\srv.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\srv2.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\srvnet.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\stexstor.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\storport.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\storvsc.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\stream.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\stwrt64.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\swenum.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\SynTP.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\tape.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\tcpip.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\tcpipreg.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\tdi.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\tdpipe.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\tdtcp.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\tdx.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\termdd.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\tpm.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\tssecsrv.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\TsUsbFlt.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\tunnel.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\UAGP35.SYS (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\udfs.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ULIAGPKX.SYS (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\umbus.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\umpass.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\usb8023.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\USBCAMD2.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\usbcir.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\usbd.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\usbehci.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\usbhub.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\usbohci.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\usbport.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\usbprint.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\usbrpm.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\usbser.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\usbser_lowerfltjx64.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\usbser_lowerfltx64.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\usbvideo.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\vga.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\vgapnp.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\viaide.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\videoprt.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\vmbus.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\VMBusHID.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\vms3cap.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\vmstorfl.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\volmgr.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\volsnap.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\vpchbus.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\vpcnfltr.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\vpcusb.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\vpcvmm.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\vsmraid.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\vwififlt.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\vwifimp.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\wacompen.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\wanarp.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\watchdog.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\wd.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\Wdf01000.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\WdfLdr.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\wfplwf.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\wimmount.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\winhv.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\winusb.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\wmilib.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ws2ifsl.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\WSDPrint.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\WSDScan.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\WUDFPf.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\WUDFRd.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\mshidkmdf.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\mskssrv.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\mspclock.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\mspqm.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\msrpc.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\mstee.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\mup.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ndis.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ndiscap.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ndistapi.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\bthenum.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\bthpan.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\bthport.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\BTHUSB.SYS (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\btwampfl.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\btwaudio.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\btwavdt.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\btwl2cap.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\btwrchid.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\bxvbda.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ccdcmbox64.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ccdcmbx64.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\cdfs.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\cdr4_xp.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\cdralw2k.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\cdrom.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\circlass.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\Classpnp.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\AGP440.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\agrsm64.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\aliide.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\amdide.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\amdk8.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\amdppm.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\amdsata.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\amdsbs.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\amdxata.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\amd_sata.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\amd_xata.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\appid.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\arc.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\arcsas.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ArcSoftVCapture.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\asyncmac.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\filetrace.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\fltMgr.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\fsdepends.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\fs_rec.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\fvevol.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\FWPKCLNT.SYS (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\GAGP30KX.SYS (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ggflt.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ggsemc.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\hcw85cir.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\HdAudio.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys (0x00000005)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: FD2C355C
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 614400
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 616448 Numsec = 934731776
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 935348224 Numsec = 30932992
Partition 3 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 966281216 Numsec = 10475520
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Infected: C:\Windows\client.dll --> [Backdoor.Papras]
Infected: C:\Windows\Installer\{652F58BF-6AC1-95E9-702F-19314FDB19A9}\syshost.exe --> [Trojan.Backdoor.FSGen]
Scan finished
Creating System Restore point...
Cleaning up...
Failed to write a cleanupn script C:\ProgramData\Malwarebytes' Anti-Malware (portable)\queue.mbam
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
Tady je log:
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 1.696000 GHz
Memory total: 3724718080, free: 2207879168
Could not load protection driver
Downloaded database version: v2014.04.15.02
Downloaded database version: v2014.03.27.01
=======================================
Initializing...
DDA Driver installation error.
Driver installed on boot. Reboot required.
System shutdown occurred
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 1.696000 GHz
Memory total: 3724718080, free: 2729709568
=======================================
Initializing...
Done!
Module: \??\C:\windows\system32\ntoskrnl.exe could not be loadedModule: \??\C:\windows\system32\drivers\CLASSPNP.SYS could not be loadedModule: \??\C:\windows\system32\drivers\CLASSPNP.SYS could not be loadedModule: \??\C:\windows\system32\drivers\CLASSPNP.SYS could not be loadedModule: \??\C:\windows\system32\drivers\CLASSPNP.SYS could not be loadedModule: \??\C:\windows\system32\drivers\CLASSPNP.SYS could not be loadedModule: \??\C:\windows\system32\drivers\CLASSPNP.SYS could not be loadedModule: \??\C:\windows\system32\drivers\CLASSPNP.SYS could not be loadedModule: \??\C:\windows\system32\drivers\CLASSPNP.SYS could not be loadedModule: \??\C:\windows\system32\drivers\CLASSPNP.SYS could not be loadedModule: \??\C:\windows\system32\drivers\CLASSPNP.SYS could not be loadedModule: \??\C:\windows\system32\drivers\CLASSPNP.SYS could not be loaded<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004d4e790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000079\
Lower Device Object: 0xfffffa8004b19650
Lower Device Driver Name: \Driver\amd_sata\
Module: \??\C:\windows\system32\drivers\storport.sys could not be loadedModule: \??\C:\windows\system32\drivers\storport.sys could not be loadedModule: \??\C:\windows\system32\drivers\storport.sys could not be loadedModule: \??\C:\windows\system32\drivers\storport.sys could not be loadedModule: \??\C:\windows\system32\drivers\storport.sys could not be loadedModule: \??\C:\windows\system32\drivers\storport.sys could not be loadedModule: \??\C:\windows\system32\drivers\amd_sata.sys could not be loaded<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004d4e790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004d4f040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004d4e790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004d4e040, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa8004b218c0, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa8004b1f600, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8004b19650, DeviceName: \Device\00000079\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File user open failed: C:\WINDOWS\SYSTEM32\drivers\1394bus.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\3b20518395812800.sys (0x0000007b)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\Accelerometer.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\acpi.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\adp94xx.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\adpahci.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\adpu320.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\afd.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ataport.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\AtihdW76.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\atikmdag.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\atikmpag.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\b57nd60a.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\battc.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\bcm42rly.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\BCMWL664.SYS (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\beep.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\blbdrive.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\bowser.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\BrFiltLo.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\BrFiltUp.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\bridge.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\BrSerId.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\BrSerWdm.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\BrUsbMdm.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\cmdide.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\cng.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\compbatt.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\crashdmp.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\crcdisk.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\csc.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\DAMDrv64.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\dfsc.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\discache.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\disk.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\Diskdump.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\dmvsc.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\drmk.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\Dumpata.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\dumpfve.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\dxapi.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\dxg.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\dxgkrnl.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\dxgmms1.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\elxstor.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\errdev.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\evbda.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ewdcsc.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ewusbdev.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ewusbmdm.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ewusbnet.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\exfat.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\fastfat.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\fdc.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\hidclass.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\hidir.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\hidparse.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\hidusb.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\hpdskflt.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\HpqKbFiltr.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\HpSAMD.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\http.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\hwpolicy.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\iaStorV.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\igdkmd64.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\iirsp.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\intelide.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\intelppm.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ipfltdrv.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\IPMIDrv.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ipnat.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\irda.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\irenum.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\isapnp.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\jmcr.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\johci.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ksecdd.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ksecpkg.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ksthunk.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\lltdio.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\lsi_fc.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\lsi_sas.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\lsi_sas2.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\lsi_scsi.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\luafv.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\mcd.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\megasas.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\MegaSR.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\MfeEpeHb.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\MfeEpePc.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\modem.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\monitor.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\mouclass.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\mouhid.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\mountmgr.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\mpio.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\mpsdrv.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\agilevpn.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\atapi.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\BrUsbSer.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\fileinfo.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\hidbth.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ks.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\mrxdav.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ndisuio.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\pcw.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\rmcast.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\spsys.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\volmgrx.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\mrxsmb.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\mrxsmb10.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\mrxsmb20.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\msahci.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\msdsm.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\msfs.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ndiswan.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ndproxy.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\netbios.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\netbt.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\netio.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\nfrd960.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\NisDrvWFP.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\npfs.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\nsiproxy.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ntfs.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\null.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\nvraid.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\nvstor.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\NV_AGP.SYS (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\nwifi.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ohci1394.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\pacer.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\parport.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\partmgr.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\pccsmcfdx64.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\pci.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\pciide.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\pciidex.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\PEAuth.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\portcls.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\processr.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\psd.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\PxHlpa64.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ql2300.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ql40xx.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\qwavedrv.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\rasacd.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\rasl2tp.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\raspppoe.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\raspptp.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\rassstp.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\rdbss.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\RDPCDD.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\rdpdr.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\RDPENCDD.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\RDPREFMP.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\rdpwd.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\rdyboost.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\rfcomm.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\RNDISMP.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\rootmdm.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\rspndr.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\Rt64win7.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\scfilter.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\scsiport.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sdbus.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\secdrv.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\serenum.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\serial.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sermouse.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sffdisk.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sffp_mmc.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sffp_sd.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sisraid2.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sisraid4.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\smb.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\smclib.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sncduvc.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\snp2uvc.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\spldr.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\srv.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\srv2.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\srvnet.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\stexstor.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\storport.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\storvsc.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\stream.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\stwrt64.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\swenum.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\SynTP.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\tape.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\tcpip.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\tcpipreg.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\tdi.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\tdpipe.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\tdtcp.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\tdx.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\termdd.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\tpm.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\tssecsrv.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\TsUsbFlt.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\tunnel.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\UAGP35.SYS (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\udfs.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ULIAGPKX.SYS (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\umbus.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\umpass.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\usb8023.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\USBCAMD2.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\usbcir.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\usbd.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\usbehci.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\usbhub.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\usbohci.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\usbport.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\usbprint.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\usbrpm.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\usbser.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\usbser_lowerfltjx64.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\usbser_lowerfltx64.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\usbvideo.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\vga.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\vgapnp.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\viaide.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\videoprt.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\vmbus.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\VMBusHID.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\vms3cap.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\vmstorfl.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\volmgr.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\volsnap.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\vpchbus.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\vpcnfltr.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\vpcusb.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\vpcvmm.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\vsmraid.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\vwififlt.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\vwifimp.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\wacompen.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\wanarp.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\watchdog.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\wd.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\Wdf01000.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\WdfLdr.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\wfplwf.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\wimmount.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\winhv.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\winusb.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\wmilib.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ws2ifsl.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\WSDPrint.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\WSDScan.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\WUDFPf.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\WUDFRd.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\mshidkmdf.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\mskssrv.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\mspclock.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\mspqm.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\msrpc.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\mstee.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\mup.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ndis.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ndiscap.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ndistapi.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\bthenum.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\bthpan.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\bthport.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\BTHUSB.SYS (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\btwampfl.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\btwaudio.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\btwavdt.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\btwl2cap.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\btwrchid.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\bxvbda.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ccdcmbox64.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ccdcmbx64.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\cdfs.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\cdr4_xp.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\cdralw2k.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\cdrom.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\circlass.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\Classpnp.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\AGP440.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\agrsm64.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\aliide.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\amdide.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\amdk8.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\amdppm.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\amdsata.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\amdsbs.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\amdxata.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\amd_sata.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\amd_xata.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\appid.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\arc.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\arcsas.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ArcSoftVCapture.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\asyncmac.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\filetrace.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\fltMgr.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\fsdepends.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\fs_rec.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\fvevol.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\FWPKCLNT.SYS (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\GAGP30KX.SYS (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ggflt.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\ggsemc.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\hcw85cir.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\HdAudio.sys (0x00000005)
File user open failed: C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys (0x00000005)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: FD2C355C
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 614400
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 616448 Numsec = 934731776
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 935348224 Numsec = 30932992
Partition 3 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 966281216 Numsec = 10475520
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Infected: C:\Windows\client.dll --> [Backdoor.Papras]
Infected: C:\Windows\Installer\{652F58BF-6AC1-95E9-702F-19314FDB19A9}\syshost.exe --> [Trojan.Backdoor.FSGen]
Scan finished
Creating System Restore point...
Cleaning up...
Failed to write a cleanupn script C:\ProgramData\Malwarebytes' Anti-Malware (portable)\queue.mbam
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
-
Rudy
- Site Admin
- Příspěvky: 119537
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kouknete na LOG combofix?
Jj. To by mělo být vše. Jak se nyní PC chová?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: kouknete na LOG combofix?
Hmm, špatně. On se chová normálně, až na problém s USB porty. Někdy při uvedení NB do spánku po jeho vzbuzení nefunguje myš a cokoliv do USB zastrčené. Nebo se změní schéma napájení - ztmavne display při připojené nabíječce, po odpojení se rozjasní.
Největší problém je ale s modemem Huawei, který nejde - hlásí to hlášku, že Přístup k zařízení byl odmítnut, nebo nejsou nainstalovány správně ovladače. ALe fungovalo to OK, připojoval jsem se k O2 intrnetu na cestách. Při pokusu přeintalovat chipset to odmítne instalaci - "Nelze načíst ovladače detekce".....
Takže jsem v koncích...
Největší problém je ale s modemem Huawei, který nejde - hlásí to hlášku, že Přístup k zařízení byl odmítnut, nebo nejsou nainstalovány správně ovladače. ALe fungovalo to OK, připojoval jsem se k O2 intrnetu na cestách. Při pokusu přeintalovat chipset to odmítne instalaci - "Nelze načíst ovladače detekce".....
Takže jsem v koncích...
-
Rudy
- Site Admin
- Příspěvky: 119537
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kouknete na LOG combofix?
Zkuste obnovu systému k datu, kdy korektně fungoval. Je ale možné, že se jedná o systémovou chybu.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: kouknete na LOG combofix?
Hmm, obávám se, že máte pravdu. Matně si uvědomuji, že jsem poprvé připojil Samsung GT-S7710 a instaloval ovladače a v tom někdo volal a od té doby jsem ho již nepřipojil. Nevím ale, jestli od této doby taky nejde Huawei, nebo už nešel dříve. Asi dříve, ale krk za to nedám. Nechce se mi přeinstalovávat systém, mám v tom pár programů, které potřebuji a jejich reinstalace je zase na dlouhé lokte. Bod obnovení bohužel není.... Vůbec se mi nelíbí, že tam mám MS Essencial a ještě nějaké blbosti od HP, zlatý Avast... no, asi to budu muset přeinstalit....
-
Rudy
- Site Admin
- Příspěvky: 119537
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kouknete na LOG combofix?
Pak budete muset zkusit opravu systému z instal. média, nebo pomocí Win7Manageru: http://www.yamicsoft.com/windows7manager/ .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?
