Zamrzání notebooku na jiné wifi

[ChrisX]

Zdravím, mam problém, který mi vrtá hlavou už delší dobu. Když jsem doma, notebook mi zamrzne tak jednou za velmi dlouhou dobu. Když jsem ale na wifi u známých, tak mi notebook zamrzává snad každých 5 minut. Wifi je samozřejmě pod bezpečným heslem a síť je zvolena jako domácí, nikoli veřejná. Notebook mi nejčastěji zamrzává, když například něco stahuju na torrentu (žádný warez, například hru z oficiální stránky přes torrent). Ale úplně nejčastěji mi notebook zamrzá, když koukám na nějaké video (hlavně youtube). To mi notebook zamrzne snad při každém puštěném videu. Trvá to několik minut, někdy i několik vteřin. Spíše je doba mezi 3-7 minutama a nejde dělat absolutně nic. Když mám puštěný zvuk, tak to i divně vrčí.



Zde přikládám log z HJT
__________________________________________________________________________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:10:42, on 18.7.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Users\sXe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sXe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sXe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sXe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sXe\Desktop\hijackthis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.7\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7511 bytes

[Reklama]

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (file missing)


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

[ChrisX]

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Verze databáze: v2012.07.19.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
sXe :: SXE-PC [administrátor]

19.7.2012 16:33:10
mbam-log-2012-07-19 (16-33-10).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 186787
Uplynulý čas: 4 minut, 14 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

[Žbeky]

Co teď?

[ChrisX]

Vše probíhá v pohodě, ALE. Zkusil jsem náhodné video na youtube a hned v 1. vteřině opět zamrzl notebook cca na 2 minuty.

[Žbeky]

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

[ChrisX]

13:03:04.0316 3992 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
13:03:04.0909 3992 ============================================================
13:03:04.0909 3992 Current date / time: 2012/07/20 13:03:04.0909
13:03:04.0909 3992 SystemInfo:
13:03:04.0909 3992
13:03:04.0909 3992 OS Version: 6.1.7601 ServicePack: 1.0
13:03:04.0909 3992 Product type: Workstation
13:03:04.0909 3992 ComputerName: SXE-PC
13:03:04.0909 3992 UserName: sXe
13:03:04.0909 3992 Windows directory: C:\Windows
13:03:04.0909 3992 System windows directory: C:\Windows
13:03:04.0909 3992 Running under WOW64
13:03:04.0909 3992 Processor architecture: Intel x64
13:03:04.0909 3992 Number of processors: 1
13:03:04.0909 3992 Page size: 0x1000
13:03:04.0909 3992 Boot type: Normal boot
13:03:04.0909 3992 ============================================================
13:03:06.0937 3992 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:03:06.0999 3992 ============================================================
13:03:06.0999 3992 \Device\Harddisk0\DR0:
13:03:06.0999 3992 MBR partitions:
13:03:06.0999 3992 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1402800, BlocksNum 0x1BDC2800
13:03:06.0999 3992 ============================================================
13:03:07.0062 3992 C: <-> \Device\Harddisk0\DR0\Partition0
13:03:07.0109 3992 ============================================================
13:03:07.0109 3992 Initialize success
13:03:07.0109 3992 ============================================================
13:03:09.0885 1244 ============================================================
13:03:09.0885 1244 Scan started
13:03:09.0885 1244 Mode: Manual;
13:03:09.0885 1244 ============================================================
13:03:13.0364 1244 1394hub - ok
13:03:13.0442 1244 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:03:13.0551 1244 1394ohci - ok
13:03:13.0614 1244 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:03:13.0629 1244 ACPI - ok
13:03:13.0676 1244 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:03:13.0692 1244 AcpiPmi - ok
13:03:13.0988 1244 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:03:14.0019 1244 AdobeFlashPlayerUpdateSvc - ok
13:03:14.0144 1244 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:03:14.0441 1244 adp94xx - ok
13:03:14.0565 1244 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:03:14.0675 1244 adpahci - ok
13:03:14.0737 1244 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:03:14.0753 1244 adpu320 - ok
13:03:14.0799 1244 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:03:14.0799 1244 AeLookupSvc - ok
13:03:14.0924 1244 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:03:14.0940 1244 AFD - ok
13:03:14.0971 1244 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:03:15.0065 1244 agp440 - ok
13:03:15.0096 1244 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:03:15.0189 1244 ALG - ok
13:03:15.0221 1244 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:03:15.0283 1244 aliide - ok
13:03:15.0408 1244 AMD External Events Utility (a2f5bea5b45a8e7c4776f39c25e8699d) C:\Windows\system32\atiesrxx.exe
13:03:15.0439 1244 AMD External Events Utility - ok
13:03:15.0548 1244 AMD FUEL Service - ok
13:03:15.0579 1244 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:03:15.0611 1244 amdide - ok
13:03:15.0642 1244 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
13:03:15.0704 1244 amdiox64 - ok
13:03:15.0782 1244 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:03:15.0782 1244 AmdK8 - ok
13:03:16.0968 1244 amdkmdag (5b03217859b014b090cb5060c1d96875) C:\Windows\system32\DRIVERS\atikmdag.sys
13:03:17.0498 1244 amdkmdag - ok
13:03:17.0717 1244 amdkmdap (35d2184a99ad4cd5d17284d6c9f382c9) C:\Windows\system32\DRIVERS\atikmpag.sys
13:03:17.0748 1244 amdkmdap - ok
13:03:17.0841 1244 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:03:17.0904 1244 AmdPPM - ok
13:03:17.0951 1244 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:03:18.0029 1244 amdsata - ok
13:03:18.0075 1244 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:03:18.0107 1244 amdsbs - ok
13:03:18.0138 1244 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:03:18.0138 1244 amdxata - ok
13:03:18.0231 1244 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:03:18.0372 1244 AppID - ok
13:03:18.0419 1244 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:03:18.0465 1244 AppIDSvc - ok
13:03:18.0528 1244 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:03:18.0543 1244 Appinfo - ok
13:03:18.0637 1244 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:03:18.0668 1244 arc - ok
13:03:18.0699 1244 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:03:18.0715 1244 arcsas - ok
13:03:18.0918 1244 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:03:19.0011 1244 aspnet_state - ok
13:03:19.0058 1244 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:03:19.0105 1244 AsyncMac - ok
13:03:19.0152 1244 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:03:19.0152 1244 atapi - ok
13:03:19.0323 1244 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
13:03:19.0511 1244 athr - ok
13:03:19.0682 1244 AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\Windows\system32\drivers\AtihdW76.sys
13:03:19.0698 1244 AtiHDAudioService - ok
13:03:20.0743 1244 atikmdag (5b03217859b014b090cb5060c1d96875) C:\Windows\system32\DRIVERS\atikmdag.sys
13:03:20.0852 1244 atikmdag - ok
13:03:21.0102 1244 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:03:21.0102 1244 AudioEndpointBuilder - ok
13:03:21.0133 1244 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:03:21.0133 1244 AudioSrv - ok
13:03:21.0195 1244 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:03:21.0273 1244 AxInstSV - ok
13:03:21.0398 1244 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:03:21.0461 1244 b06bdrv - ok
13:03:21.0539 1244 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:03:21.0585 1244 b57nd60a - ok
13:03:21.0632 1244 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:03:21.0679 1244 BDESVC - ok
13:03:21.0710 1244 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:03:21.0804 1244 Beep - ok
13:03:21.0960 1244 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
13:03:22.0038 1244 BFE - ok
13:03:22.0163 1244 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
13:03:22.0350 1244 BITS - ok
13:03:22.0443 1244 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:03:22.0521 1244 blbdrive - ok
13:03:22.0584 1244 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:03:22.0599 1244 bowser - ok
13:03:22.0631 1244 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:03:22.0631 1244 BrFiltLo - ok
13:03:22.0662 1244 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:03:22.0693 1244 BrFiltUp - ok
13:03:22.0771 1244 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:03:22.0896 1244 BridgeMP - ok
13:03:22.0958 1244 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:03:23.0021 1244 Browser - ok
13:03:23.0067 1244 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:03:23.0130 1244 Brserid - ok
13:03:23.0161 1244 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:03:23.0208 1244 BrSerWdm - ok
13:03:23.0239 1244 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:03:23.0301 1244 BrUsbMdm - ok
13:03:23.0348 1244 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:03:23.0364 1244 BrUsbSer - ok
13:03:23.0411 1244 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:03:23.0442 1244 BTHMODEM - ok
13:03:23.0504 1244 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:03:23.0535 1244 bthserv - ok
13:03:23.0567 1244 catchme - ok
13:03:23.0598 1244 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:03:23.0613 1244 cdfs - ok
13:03:23.0691 1244 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:03:23.0738 1244 cdrom - ok
13:03:23.0801 1244 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:03:23.0863 1244 CertPropSvc - ok
13:03:23.0925 1244 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:03:23.0941 1244 circlass - ok
13:03:24.0003 1244 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:03:24.0050 1244 CLFS - ok
13:03:24.0128 1244 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:03:24.0159 1244 clr_optimization_v2.0.50727_32 - ok
13:03:24.0253 1244 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:03:24.0269 1244 clr_optimization_v2.0.50727_64 - ok
13:03:24.0393 1244 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:03:24.0690 1244 clr_optimization_v4.0.30319_32 - ok
13:03:24.0799 1244 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:03:24.0924 1244 clr_optimization_v4.0.30319_64 - ok
13:03:25.0002 1244 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:03:25.0064 1244 CmBatt - ok
13:03:25.0111 1244 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:03:25.0142 1244 cmdide - ok
13:03:25.0220 1244 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
13:03:25.0236 1244 CNG - ok
13:03:25.0267 1244 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:03:25.0267 1244 Compbatt - ok
13:03:25.0329 1244 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:03:25.0345 1244 CompositeBus - ok
13:03:25.0361 1244 COMSysApp - ok
13:03:25.0392 1244 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:03:25.0423 1244 crcdisk - ok
13:03:25.0501 1244 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
13:03:25.0517 1244 CryptSvc - ok
13:03:25.0610 1244 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:03:25.0626 1244 DcomLaunch - ok
13:03:25.0673 1244 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:03:25.0735 1244 defragsvc - ok
13:03:25.0829 1244 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:03:25.0844 1244 DfsC - ok
13:03:25.0985 1244 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:03:26.0016 1244 Dhcp - ok
13:03:26.0063 1244 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:03:26.0078 1244 discache - ok
13:03:26.0125 1244 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:03:26.0125 1244 Disk - ok
13:03:26.0172 1244 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:03:26.0187 1244 Dnscache - ok
13:03:26.0234 1244 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:03:26.0281 1244 dot3svc - ok
13:03:26.0328 1244 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:03:26.0328 1244 DPS - ok
13:03:26.0375 1244 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:03:26.0406 1244 drmkaud - ok
13:03:26.0453 1244 dump_wmimmc - ok
13:03:26.0593 1244 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:03:26.0718 1244 DXGKrnl - ok
13:03:26.0780 1244 EagleX64 - ok
13:03:26.0889 1244 eamonm (d00eae9c735a7dee8049e50d73d25434) C:\Windows\system32\DRIVERS\eamonm.sys
13:03:26.0905 1244 eamonm - ok
13:03:26.0983 1244 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:03:27.0014 1244 EapHost - ok
13:03:27.0357 1244 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:03:27.0498 1244 ebdrv - ok
13:03:27.0638 1244 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:03:27.0638 1244 EFS - ok
13:03:27.0747 1244 ehdrv (e5edde3c8158dd0cbc5812f201dcded0) C:\Windows\system32\DRIVERS\ehdrv.sys
13:03:27.0763 1244 ehdrv - ok
13:03:27.0919 1244 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:03:27.0950 1244 ehRecvr - ok
13:03:28.0013 1244 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:03:28.0028 1244 ehSched - ok
13:03:28.0262 1244 ekrn (ad4faade819e0da9933bea7c01d2c763) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
13:03:28.0325 1244 ekrn - ok
13:03:28.0481 1244 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:03:28.0543 1244 elxstor - ok
13:03:28.0637 1244 epfw (587f0f4145a1536a6e37efd769b7665f) C:\Windows\system32\DRIVERS\epfw.sys
13:03:28.0652 1244 epfw - ok
13:03:28.0699 1244 EpfwLWF (d2f812358ee8ee23cbb5c4daffb5b819) C:\Windows\system32\DRIVERS\EpfwLWF.sys
13:03:28.0777 1244 EpfwLWF - ok
13:03:28.0886 1244 epfwwfp (34bf55d69ab74d14c7e7a17259cb7df8) C:\Windows\system32\DRIVERS\epfwwfp.sys
13:03:28.0902 1244 epfwwfp - ok
13:03:28.0949 1244 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:03:28.0980 1244 ErrDev - ok
13:03:29.0073 1244 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:03:29.0089 1244 EventSystem - ok
13:03:29.0151 1244 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:03:29.0292 1244 exfat - ok
13:03:29.0339 1244 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:03:29.0354 1244 fastfat - ok
13:03:29.0495 1244 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:03:29.0510 1244 Fax - ok
13:03:29.0541 1244 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:03:29.0604 1244 fdc - ok
13:03:29.0651 1244 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:03:29.0697 1244 fdPHost - ok
13:03:29.0744 1244 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:03:29.0744 1244 FDResPub - ok
13:03:29.0791 1244 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:03:29.0807 1244 FileInfo - ok
13:03:29.0853 1244 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:03:29.0931 1244 Filetrace - ok
13:03:29.0963 1244 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:03:30.0009 1244 flpydisk - ok
13:03:30.0103 1244 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:03:30.0119 1244 FltMgr - ok
13:03:30.0290 1244 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:03:30.0368 1244 FontCache - ok
13:03:30.0509 1244 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:03:30.0540 1244 FontCache3.0.0.0 - ok
13:03:30.0680 1244 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:03:30.0774 1244 FsDepends - ok
13:03:30.0821 1244 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
13:03:30.0867 1244 Fs_Rec - ok
13:03:30.0992 1244 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:03:31.0039 1244 fvevol - ok
13:03:31.0117 1244 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:03:31.0195 1244 gagp30kx - ok
13:03:31.0304 1244 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:03:31.0335 1244 gpsvc - ok
13:03:31.0398 1244 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
13:03:31.0445 1244 hamachi - ok
13:03:31.0944 1244 Hamachi2Svc (21d24138b736983f6e23823e092e9428) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
13:03:31.0975 1244 Hamachi2Svc - ok
13:03:32.0162 1244 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:03:32.0162 1244 hcw85cir - ok
13:03:32.0256 1244 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:03:32.0271 1244 HdAudAddService - ok
13:03:32.0318 1244 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:03:32.0334 1244 HDAudBus - ok
13:03:32.0365 1244 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:03:32.0396 1244 HidBatt - ok
13:03:32.0443 1244 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:03:32.0490 1244 HidBth - ok
13:03:32.0505 1244 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:03:32.0552 1244 HidIr - ok
13:03:32.0599 1244 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
13:03:32.0646 1244 hidserv - ok
13:03:32.0739 1244 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:03:32.0786 1244 HidUsb - ok
13:03:32.0880 1244 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:03:32.0880 1244 hkmsvc - ok
13:03:32.0942 1244 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:03:32.0973 1244 HomeGroupListener - ok
13:03:33.0036 1244 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:03:33.0067 1244 HomeGroupProvider - ok
13:03:33.0129 1244 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:03:33.0129 1244 HpSAMD - ok
13:03:33.0239 1244 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:03:33.0254 1244 HTTP - ok
13:03:33.0317 1244 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:03:33.0317 1244 hwpolicy - ok
13:03:33.0348 1244 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:03:33.0363 1244 i8042prt - ok
13:03:33.0426 1244 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:03:33.0457 1244 iaStorV - ok
13:03:33.0675 1244 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:03:33.0722 1244 idsvc - ok
13:03:33.0769 1244 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:03:33.0800 1244 iirsp - ok
13:03:33.0941 1244 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:03:33.0987 1244 IKEEXT - ok
13:03:34.0050 1244 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:03:34.0050 1244 intelide - ok
13:03:34.0097 1244 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:03:34.0128 1244 intelppm - ok
13:03:34.0190 1244 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:03:34.0206 1244 IPBusEnum - ok
13:03:34.0253 1244 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:03:34.0331 1244 IpFilterDriver - ok
13:03:34.0424 1244 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:03:34.0440 1244 iphlpsvc - ok
13:03:34.0471 1244 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:03:34.0502 1244 IPMIDRV - ok
13:03:34.0549 1244 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:03:34.0627 1244 IPNAT - ok
13:03:34.0674 1244 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:03:34.0689 1244 IRENUM - ok
13:03:34.0721 1244 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:03:34.0736 1244 isapnp - ok
13:03:34.0799 1244 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:03:34.0923 1244 iScsiPrt - ok
13:03:34.0986 1244 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
13:03:35.0001 1244 kbdclass - ok
13:03:35.0048 1244 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
13:03:35.0048 1244 kbdhid - ok
13:03:35.0111 1244 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:03:35.0111 1244 KeyIso - ok
13:03:35.0173 1244 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
13:03:35.0204 1244 KSecDD - ok
13:03:35.0267 1244 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
13:03:35.0282 1244 KSecPkg - ok
13:03:35.0329 1244 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:03:35.0376 1244 ksthunk - ok
13:03:35.0438 1244 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:03:35.0485 1244 KtmRm - ok
13:03:35.0547 1244 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
13:03:35.0579 1244 LanmanServer - ok
13:03:35.0625 1244 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:03:35.0657 1244 LanmanWorkstation - ok
13:03:35.0703 1244 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:03:35.0750 1244 lltdio - ok
13:03:35.0797 1244 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:03:35.0828 1244 lltdsvc - ok
13:03:35.0844 1244 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:03:35.0875 1244 lmhosts - ok
13:03:35.0937 1244 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:03:36.0015 1244 LSI_FC - ok
13:03:36.0047 1244 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:03:36.0093 1244 LSI_SAS - ok
13:03:36.0125 1244 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:03:36.0187 1244 LSI_SAS2 - ok
13:03:36.0218 1244 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:03:36.0249 1244 LSI_SCSI - ok
13:03:36.0281 1244 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:03:36.0296 1244 luafv - ok
13:03:36.0359 1244 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
13:03:36.0405 1244 MBAMProtector - ok
13:03:36.0515 1244 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:03:36.0530 1244 MBAMService - ok
13:03:36.0577 1244 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:03:36.0624 1244 Mcx2Svc - ok
13:03:36.0655 1244 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:03:36.0702 1244 megasas - ok
13:03:36.0764 1244 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:03:36.0811 1244 MegaSR - ok
13:03:36.0936 1244 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
13:03:36.0967 1244 Microsoft Office Groove Audit Service - ok
13:03:37.0014 1244 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:03:37.0029 1244 MMCSS - ok
13:03:37.0061 1244 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:03:37.0092 1244 Modem - ok
13:03:37.0139 1244 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:03:37.0139 1244 monitor - ok
13:03:37.0201 1244 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:03:37.0201 1244 mouclass - ok
13:03:37.0248 1244 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:03:37.0248 1244 mouhid - ok
13:03:37.0326 1244 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:03:37.0357 1244 mountmgr - ok
13:03:37.0435 1244 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:03:37.0466 1244 MozillaMaintenance - ok
13:03:37.0529 1244 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:03:37.0544 1244 mpio - ok
13:03:37.0575 1244 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:03:37.0669 1244 mpsdrv - ok
13:03:37.0794 1244 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
13:03:37.0809 1244 MpsSvc - ok
13:03:37.0872 1244 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:03:37.0903 1244 MRxDAV - ok
13:03:37.0965 1244 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:03:37.0997 1244 mrxsmb - ok
13:03:38.0043 1244 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:03:38.0075 1244 mrxsmb10 - ok
13:03:38.0121 1244 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:03:38.0137 1244 mrxsmb20 - ok
13:03:38.0184 1244 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:03:38.0184 1244 msahci - ok
13:03:38.0262 1244 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:03:38.0293 1244 msdsm - ok
13:03:38.0340 1244 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:03:38.0355 1244 MSDTC - ok
13:03:38.0433 1244 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:03:38.0433 1244 Msfs - ok
13:03:38.0511 1244 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:03:38.0543 1244 mshidkmdf - ok
13:03:38.0574 1244 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:03:38.0574 1244 msisadrv - ok
13:03:38.0621 1244 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:03:38.0652 1244 MSiSCSI - ok
13:03:38.0667 1244 msiserver - ok
13:03:38.0714 1244 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:03:38.0730 1244 MSKSSRV - ok
13:03:38.0777 1244 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:03:38.0792 1244 MSPCLOCK - ok
13:03:38.0823 1244 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:03:38.0870 1244 MSPQM - ok
13:03:38.0948 1244 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:03:38.0964 1244 MsRPC - ok
13:03:38.0995 1244 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:03:38.0995 1244 mssmbios - ok
13:03:39.0026 1244 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:03:39.0042 1244 MSTEE - ok
13:03:39.0073 1244 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:03:39.0073 1244 MTConfig - ok
13:03:39.0104 1244 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:03:39.0104 1244 Mup - ok
13:03:39.0167 1244 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:03:39.0198 1244 napagent - ok
13:03:39.0260 1244 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:03:39.0369 1244 NativeWifiP - ok
13:03:39.0572 1244 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:03:39.0603 1244 NDIS - ok
13:03:39.0650 1244 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:03:39.0728 1244 NdisCap - ok
13:03:39.0775 1244 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:03:39.0775 1244 NdisTapi - ok
13:03:39.0822 1244 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:03:39.0837 1244 Ndisuio - ok
13:03:39.0931 1244 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:03:40.0025 1244 NdisWan - ok
13:03:40.0071 1244 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:03:40.0134 1244 NDProxy - ok
13:03:40.0196 1244 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:03:40.0227 1244 NetBIOS - ok
13:03:40.0305 1244 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:03:40.0321 1244 NetBT - ok
13:03:40.0383 1244 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:03:40.0383 1244 Netlogon - ok
13:03:40.0477 1244 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:03:40.0539 1244 Netman - ok
13:03:40.0711 1244 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:03:40.0820 1244 NetMsmqActivator - ok
13:03:40.0851 1244 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:03:40.0851 1244 NetPipeActivator - ok
13:03:40.0961 1244 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:03:41.0007 1244 netprofm - ok
13:03:41.0054 1244 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:03:41.0070 1244 NetTcpActivator - ok
13:03:41.0085 1244 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:03:41.0085 1244 NetTcpPortSharing - ok
13:03:41.0163 1244 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:03:41.0210 1244 nfrd960 - ok
13:03:41.0288 1244 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:03:41.0319 1244 NlaSvc - ok
13:03:41.0351 1244 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:03:41.0366 1244 Npfs - ok
13:03:41.0382 1244 NPPTNT2 - ok
13:03:41.0413 1244 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:03:41.0444 1244 nsi - ok
13:03:41.0475 1244 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:03:41.0475 1244 nsiproxy - ok
13:03:41.0647 1244 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:03:41.0725 1244 Ntfs - ok
13:03:41.0897 1244 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:03:41.0943 1244 Null - ok
13:03:41.0990 1244 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:03:42.0021 1244 nvraid - ok
13:03:42.0068 1244 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:03:42.0115 1244 nvstor - ok
13:03:42.0177 1244 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:03:42.0224 1244 nv_agp - ok
13:03:42.0411 1244 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:03:42.0427 1244 odserv - ok
13:03:42.0458 1244 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:03:42.0489 1244 ohci1394 - ok
13:03:42.0552 1244 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:03:42.0583 1244 ose - ok
13:03:42.0645 1244 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:03:42.0677 1244 p2pimsvc - ok
13:03:42.0723 1244 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:03:42.0770 1244 p2psvc - ok
13:03:42.0801 1244 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:03:42.0833 1244 Parport - ok
13:03:42.0895 1244 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
13:03:42.0895 1244 partmgr - ok
13:03:42.0942 1244 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:03:42.0973 1244 PcaSvc - ok
13:03:43.0020 1244 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:03:43.0067 1244 pci - ok
13:03:43.0098 1244 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:03:43.0098 1244 pciide - ok
13:03:43.0145 1244 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:03:43.0269 1244 pcmcia - ok
13:03:43.0285 1244 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:03:43.0301 1244 pcw - ok
13:03:43.0363 1244 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:03:43.0441 1244 PEAUTH - ok
13:03:43.0566 1244 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:03:43.0581 1244 PerfHost - ok
13:03:43.0769 1244 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:03:43.0831 1244 pla - ok
13:03:43.0909 1244 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:03:43.0925 1244 PlugPlay - ok
13:03:43.0956 1244 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:03:44.0034 1244 PNRPAutoReg - ok
13:03:44.0127 1244 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:03:44.0143 1244 PNRPsvc - ok
13:03:44.0221 1244 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:03:44.0268 1244 PolicyAgent - ok
13:03:44.0315 1244 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:03:44.0346 1244 Power - ok
13:03:44.0439 1244 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:03:44.0564 1244 PptpMiniport - ok
13:03:44.0627 1244 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:03:44.0673 1244 Processor - ok
13:03:44.0751 1244 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
13:03:44.0798 1244 ProfSvc - ok
13:03:44.0845 1244 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:03:44.0861 1244 ProtectedStorage - ok
13:03:44.0907 1244 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:03:44.0923 1244 Psched - ok
13:03:45.0079 1244 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:03:45.0126 1244 ql2300 - ok
13:03:45.0266 1244 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:03:45.0282 1244 ql40xx - ok
13:03:45.0360 1244 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:03:45.0407 1244 QWAVE - ok
13:03:45.0438 1244 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:03:46.0670 1244 QWAVEdrv - ok
13:03:46.0748 1244 RapiMgr (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
13:03:46.0764 1244 RapiMgr - ok
13:03:46.0811 1244 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:03:46.0842 1244 RasAcd - ok
13:03:46.0920 1244 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:03:46.0935 1244 RasAgileVpn - ok
13:03:46.0982 1244 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:03:46.0998 1244 RasAuto - ok
13:03:47.0076 1244 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:03:47.0154 1244 Rasl2tp - ok
13:03:47.0232 1244 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:03:47.0279 1244 RasMan - ok
13:03:47.0325 1244 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:03:47.0341 1244 RasPppoe - ok
13:03:47.0372 1244 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:03:47.0403 1244 RasSstp - ok
13:03:47.0450 1244 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:03:47.0466 1244 rdbss - ok
13:03:47.0481 1244 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:03:47.0528 1244 rdpbus - ok
13:03:47.0559 1244 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:03:47.0559 1244 RDPCDD - ok
13:03:47.0606 1244 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:03:47.0606 1244 RDPENCDD - ok
13:03:47.0637 1244 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:03:47.0637 1244 RDPREFMP - ok
13:03:47.0700 1244 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
13:03:47.0793 1244 RDPWD - ok
13:03:47.0871 1244 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:03:47.0887 1244 rdyboost - ok
13:03:47.0934 1244 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:03:47.0996 1244 RemoteAccess - ok
13:03:48.0043 1244 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:03:48.0090 1244 RemoteRegistry - ok
13:03:48.0137 1244 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:03:48.0168 1244 RpcEptMapper - ok
13:03:48.0199 1244 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:03:48.0230 1244 RpcLocator - ok
13:03:48.0308 1244 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:03:48.0308 1244 RpcSs - ok
13:03:48.0386 1244 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:03:48.0417 1244 rspndr - ok
13:03:48.0527 1244 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:03:48.0620 1244 RTL8167 - ok
13:03:48.0683 1244 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:03:48.0683 1244 SamSs - ok
13:03:48.0714 1244 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:03:48.0776 1244 sbp2port - ok
13:03:48.0839 1244 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:03:48.0885 1244 SCardSvr - ok
13:03:48.0948 1244 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:03:49.0041 1244 scfilter - ok
13:03:49.0197 1244 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:03:49.0229 1244 Schedule - ok
13:03:49.0291 1244 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:03:49.0291 1244 SCPolicySvc - ok
13:03:49.0338 1244 ScreamBAudioSvc - ok
13:03:49.0385 1244 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:03:49.0431 1244 SDRSVC - ok
13:03:49.0463 1244 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:03:49.0494 1244 secdrv - ok
13:03:49.0541 1244 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:03:49.0556 1244 seclogon - ok
13:03:49.0603 1244 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
13:03:49.0619 1244 SENS - ok
13:03:49.0650 1244 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:03:49.0681 1244 SensrSvc - ok
13:03:49.0728 1244 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:03:49.0790 1244 Serenum - ok
13:03:49.0806 1244 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:03:49.0899 1244 Serial - ok
13:03:49.0946 1244 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:03:49.0977 1244 sermouse - ok
13:03:50.0055 1244 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:03:50.0118 1244 SessionEnv - ok
13:03:50.0165 1244 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:03:50.0196 1244 sffdisk - ok
13:03:50.0227 1244 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:03:50.0243 1244 sffp_mmc - ok
13:03:50.0274 1244 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:03:50.0274 1244 sffp_sd - ok
13:03:50.0321 1244 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:03:50.0352 1244 sfloppy - ok
13:03:50.0430 1244 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:03:50.0445 1244 SharedAccess - ok
13:03:50.0508 1244 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:03:50.0539 1244 ShellHWDetection - ok
13:03:50.0586 1244 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:03:50.0648 1244 SiSRaid2 - ok
13:03:50.0679 1244 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:03:50.0711 1244 SiSRaid4 - ok
13:03:50.0851 1244 SkypeUpdate (ea396139541706b4b433641d62ea53ce) C:\Program Files (x86)\Skype\Updater\Updater.exe
13:03:50.0851 1244 SkypeUpdate - ok
13:03:50.0913 1244 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:03:50.0929 1244 Smb - ok
13:03:50.0991 1244 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:03:51.0023 1244 SNMPTRAP - ok
13:03:51.0069 1244 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:03:51.0069 1244 spldr - ok
13:03:51.0210 1244 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:03:51.0241 1244 Spooler - ok
13:03:51.0569 1244 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:03:51.0615 1244 sppsvc - ok
13:03:51.0787 1244 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:03:51.0803 1244 sppuinotify - ok
13:03:51.0943 1244 sptd (dfc4e2081324e505ca479e473a78d893) C:\Windows\System32\Drivers\sptd.sys
13:03:51.0974 1244 sptd - ok
13:03:52.0068 1244 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:03:52.0115 1244 srv - ok
13:03:52.0208 1244 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:03:52.0255 1244 srv2 - ok
13:03:52.0302 1244 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:03:52.0317 1244 srvnet - ok
13:03:52.0380 1244 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:03:52.0380 1244 SSDPSRV - ok
13:03:52.0411 1244 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:03:52.0442 1244 SstpSvc - ok
13:03:52.0567 1244 StarWindServiceAE (e5c796b621f6fba8616511063d7f0ffe) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
13:03:52.0614 1244 StarWindServiceAE - ok
13:03:52.0692 1244 Steam Client Service - ok
13:03:52.0723 1244 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:03:52.0739 1244 stexstor - ok
13:03:52.0832 1244 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:03:52.0863 1244 stisvc - ok
13:03:52.0910 1244 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:03:52.0926 1244 swenum - ok
13:03:53.0019 1244 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:03:53.0035 1244 swprv - ok
13:03:53.0238 1244 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:03:53.0269 1244 SysMain - ok
13:03:53.0472 1244 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:03:53.0519 1244 TabletInputService - ok
13:03:53.0612 1244 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:03:53.0628 1244 TapiSrv - ok
13:03:53.0675 1244 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:03:53.0675 1244 TBS - ok
13:03:53.0877 1244 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
13:03:53.0955 1244 Tcpip - ok
13:03:54.0205 1244 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
13:03:54.0221 1244 TCPIP6 - ok
13:03:54.0345 1244 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:03:54.0408 1244 tcpipreg - ok
13:03:54.0455 1244 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:03:54.0548 1244 TDPIPE - ok
13:03:54.0595 1244 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:03:54.0642 1244 TDTCP - ok
13:03:54.0704 1244 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:03:54.0751 1244 tdx - ok
13:03:54.0813 1244 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:03:54.0829 1244 TermDD - ok
13:03:54.0923 1244 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:03:54.0954 1244 TermService - ok
13:03:55.0001 1244 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:03:55.0001 1244 Themes - ok
13:03:55.0047 1244 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:03:55.0063 1244 THREADORDER - ok
13:03:55.0110 1244 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:03:55.0141 1244 TrkWks - ok
13:03:55.0235 1244 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:03:55.0281 1244 TrustedInstaller - ok
13:03:55.0328 1244 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:03:55.0328 1244 tssecsrv - ok
13:03:55.0437 1244 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:03:55.0515 1244 TsUsbFlt - ok
13:03:55.0625 1244 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:03:55.0671 1244 tunnel - ok
13:03:55.0734 1244 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:03:55.0765 1244 uagp35 - ok
13:03:55.0827 1244 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:03:55.0859 1244 udfs - ok
13:03:55.0905 1244 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:03:55.0921 1244 UI0Detect - ok
13:03:55.0968 1244 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:03:55.0999 1244 uliagpkx - ok
13:03:56.0030 1244 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
13:03:56.0061 1244 umbus - ok
13:03:56.0077 1244 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:03:56.0108 1244 UmPass - ok
13:03:56.0155 1244 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:03:56.0171 1244 upnphost - ok
13:03:56.0202 1244 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:03:56.0249 1244 usbccgp - ok
13:03:56.0311 1244 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:03:56.0358 1244 usbcir - ok
13:03:56.0389 1244 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
13:03:56.0420 1244 usbehci - ok
13:03:56.0483 1244 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:03:56.0529 1244 usbhub - ok
13:03:56.0592 1244 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
13:03:56.0623 1244 usbohci - ok
13:03:56.0670 1244 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:03:56.0701 1244 usbprint - ok
13:03:56.0732 1244 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:03:56.0732 1244 USBSTOR - ok
13:03:56.0763 1244 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:03:56.0779 1244 usbuhci - ok
13:03:56.0873 1244 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
13:03:56.0951 1244 usbvideo - ok
13:03:57.0013 1244 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
13:03:57.0044 1244 usb_rndisx - ok
13:03:57.0091 1244 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:03:57.0122 1244 UxSms - ok
13:03:57.0169 1244 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:03:57.0169 1244 VaultSvc - ok
13:03:57.0247 1244 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:03:57.0263 1244 vdrvroot - ok
13:03:57.0356 1244 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:03:57.0387 1244 vds - ok
13:03:57.0419 1244 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:03:57.0419 1244 vga - ok
13:03:57.0465 1244 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:03:57.0497 1244 VgaSave - ok
13:03:57.0543 1244 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:03:57.0590 1244 vhdmp - ok
13:03:57.0606 1244 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:03:57.0637 1244 viaide - ok
13:03:57.0668 1244 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:03:57.0668 1244 volmgr - ok
13:03:57.0746 1244 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:03:57.0762 1244 volmgrx - ok
13:03:57.0809 1244 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:03:57.0824 1244 volsnap - ok
13:03:57.0887 1244 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:03:57.0918 1244 vsmraid - ok
13:03:58.0105 1244 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:03:58.0136 1244 VSS - ok
13:03:58.0292 1244 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:03:58.0355 1244 vwifibus - ok
13:03:58.0417 1244 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:03:58.0417 1244 vwififlt - ok
13:03:58.0495 1244 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:03:58.0526 1244 W32Time - ok
13:03:58.0573 1244 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:03:58.0589 1244 WacomPen - ok
13:03:58.0667 1244 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:03:58.0698 1244 WANARP - ok
13:03:58.0713 1244 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:03:58.0713 1244 Wanarpv6 - ok
13:03:58.0901 1244 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:03:58.0947 1244 WatAdminSvc - ok
13:03:59.0088 1244 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:03:59.0197 1244 wbengine - ok
13:03:59.0369 1244 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:03:59.0431 1244 WbioSrvc - ok
13:03:59.0525 1244 WcesComm (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
13:03:59.0571 1244 WcesComm - ok
13:03:59.0649 1244 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:03:59.0665 1244 wcncsvc - ok
13:03:59.0696 1244 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:03:59.0727 1244 WcsPlugInService - ok
13:03:59.0790 1244 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:03:59.0805 1244 Wd - ok
13:03:59.0883 1244 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:03:59.0899 1244 Wdf01000 - ok
13:03:59.0930 1244 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:03:59.0946 1244 WdiServiceHost - ok
13:03:59.0961 1244 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:03:59.0961 1244 WdiSystemHost - ok
13:04:00.0039 1244 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:04:00.0102 1244 WebClient - ok
13:04:00.0164 1244 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:04:00.0180 1244 Wecsvc - ok
13:04:00.0211 1244 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:04:00.0211 1244 wercplsupport - ok
13:04:00.0258 1244 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:04:00.0273 1244 WerSvc - ok
13:04:00.0367 1244 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:04:00.0398 1244 WfpLwf - ok
13:04:00.0429 1244 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:04:00.0461 1244 WIMMount - ok
13:04:00.0523 1244 WinDefend - ok
13:04:00.0554 1244 WinHttpAutoProxySvc - ok
13:04:00.0710 1244 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:04:00.0726 1244 Winmgmt - ok
13:04:00.0929 1244 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:04:01.0022 1244 WinRM - ok
13:04:01.0241 1244 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
13:04:01.0319 1244 WinUsb - ok
13:04:01.0428 1244 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:04:01.0459 1244 Wlansvc - ok
13:04:01.0537 1244 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:04:01.0553 1244 WmiAcpi - ok
13:04:01.0646 1244 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:04:01.0677 1244 wmiApSrv - ok
13:04:01.0740 1244 WMPNetworkSvc - ok
13:04:01.0818 1244 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:04:01.0833 1244 WPCSvc - ok
13:04:01.0927 1244 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:04:01.0943 1244 WPDBusEnum - ok
13:04:02.0005 1244 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:04:02.0005 1244 ws2ifsl - ok
13:04:02.0036 1244 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
13:04:02.0067 1244 wscsvc - ok
13:04:02.0083 1244 WSearch - ok
13:04:02.0317 1244 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
13:04:02.0379 1244 wuauserv - ok
13:04:02.0567 1244 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:04:02.0598 1244 WudfPf - ok
13:04:02.0629 1244 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:04:02.0660 1244 WUDFRd - ok
13:04:02.0707 1244 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:04:02.0738 1244 wudfsvc - ok
13:04:02.0801 1244 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:04:02.0832 1244 WwanSvc - ok
13:04:02.0910 1244 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:04:03.0674 1244 \Device\Harddisk0\DR0 - ok
13:04:03.0674 1244 Boot (0x1200) (6479745c4feae13ea016c40313ff268a) \Device\Harddisk0\DR0\Partition0
13:04:03.0690 1244 \Device\Harddisk0\DR0\Partition0 - ok
13:04:03.0690 1244 ============================================================
13:04:03.0690 1244 Scan finished
13:04:03.0690 1244 ============================================================
13:04:03.0705 5836 Detected object count: 0
13:04:03.0705 5836 Actual detected object count: 0
13:04:12.0426 5888 Deinitialize success

[ChrisX]

ComboFix 12-07-20.01 - sXe 20.07.2012 13:22:10.6.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2812.1779 [GMT 2:00]
Spuštěný z: c:\users\sXe\Desktop\ComboFix.exe
AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-20 do 2012-07-20 )))))))))))))))))))))))))))))))
.
.
2012-07-20 11:32 . 2012-07-20 11:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-19 14:29 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-19 14:29 . 2012-07-19 14:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-19 11:28 . 2012-07-20 11:34 -------- d-----w- c:\program files (x86)\Steam
2012-07-18 17:16 . 2012-07-18 17:17 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-18 17:16 . 2012-07-18 17:17 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-17 21:17 . 2012-07-17 21:17 -------- d-----w- c:\windows\SysWow64\Adobe
2012-07-17 20:59 . 2012-07-17 20:59 -------- d-----w- c:\program files\ESET
2012-07-14 23:31 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2012-07-11 13:35 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 11:49 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 11:49 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 11:49 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 11:49 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 11:49 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 11:49 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-11 11:49 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-30 09:50 . 2012-06-30 09:50 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-06-27 22:36 . 2012-06-27 22:36 484176 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-06-21 07:03 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 07:03 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 07:03 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 07:03 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 07:02 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 07:02 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 07:02 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 07:02 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 07:02 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 13:28 . 2011-08-18 01:05 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-29 22:03 . 2012-05-01 21:45 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-06-27 22:36 . 2012-05-01 21:45 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-06-02 05:45 . 2012-07-11 11:48 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:40 . 2012-07-11 11:48 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-05-31 10:25 . 2011-08-18 00:32 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-20 15:55 . 2011-09-28 15:27 235 ----a-w- c:\windows\SysWow64\nxEuUninstall.bat
2012-05-20 15:55 . 2011-09-28 15:27 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2012-05-16 22:16 . 2012-05-16 22:16 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-05-08 18:59 . 2012-05-08 18:59 796672 ----a-w- c:\windows\GPInstall.exe
2012-05-04 11:06 . 2012-06-13 03:17 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 03:17 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 03:17 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 03:17 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 03:17 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 03:17 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 03:17 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 03:17 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 03:17 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 03:17 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 03:17 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 03:17 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 03:17 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 03:17 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-03 17417392]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-18 880496]
"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2012-05-19 438272]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-07-19 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 250056]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\NCsoft\Lineage II\system\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-10 129976]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-18 1255736]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 62496]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 38288]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-28 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 361984]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 913144]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-28 9980416]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-28 309248]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 17:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 4081008]
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://www.google.com
mLocal Page = %SystemRoot%\system32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files (x86)\Free Download Manager\dlall.htm
FF - ProfilePath - c:\users\sXe\AppData\Roaming\Mozilla\Firefox\Profiles\2jp3fwjw.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-ICQ - c:\program files (x86)\ICQ7.7\ICQ.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"=hex:51,66,7a,6c,4c,1d,38,12,55,e2,d0,
7e,f8,75,36,04,cc,26,b5,2d,be,5d,85,a1
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}"=hex:51,66,7a,6c,4c,1d,38,12,4d,a0,e0,
7c,bc,37,84,0f,e5,41,cb,b4,b5,01,91,c9
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:db,08,16,11,1d,fa,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe
c:\users\sXe\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\sXe\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\sXe\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\sXe\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\sXe\AppData\Local\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Celkový čas: 2012-07-20 13:51:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-07-20 11:51
ComboFix2.txt 2012-04-12 17:33
.
Před spuštěním: Volných bajtů: 152 847 663 104
Po spuštění: Volných bajtů: 152 071 647 232
.
- - End Of File - - 10BA565557D55523F5A5A6C747F9DDB0

[memphisto]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
DDS::
uLocal Page = %SystemRoot%\system32\blank.htm
uStart Page = hxxp://start.icq.com/
mLocal Page = %SystemRoot%\system32\blank.htm

Firefox::
FF - ProfilePath - c:\users\sXe\AppData\Roaming\Mozilla\Firefox\Profiles\2jp3fwjw.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť?.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[ChrisX]

ComboFix 12-07-20.01 - sXe 20.07.2012 15:27:13.7.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.2812.1895 [GMT 2:00]
Spuštěný z: c:\users\sXe\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\sXe\Desktop\CFScript.txt
AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-20 do 2012-07-20 )))))))))))))))))))))))))))))))
.
.
2012-07-20 13:36 . 2012-07-20 13:36 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-20 13:36 . 2012-07-20 13:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-19 14:29 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-19 14:29 . 2012-07-19 14:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-19 11:28 . 2012-07-20 13:39 -------- d-----w- c:\program files (x86)\Steam
2012-07-18 17:16 . 2012-07-18 17:17 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-18 17:16 . 2012-07-18 17:17 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-17 21:17 . 2012-07-17 21:17 -------- d-----w- c:\windows\SysWow64\Adobe
2012-07-17 20:59 . 2012-07-17 20:59 -------- d-----w- c:\program files\ESET
2012-07-14 23:31 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2012-07-11 13:35 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 11:49 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 11:49 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 11:49 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 11:49 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 11:49 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 11:49 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-11 11:49 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-30 09:50 . 2012-06-30 09:50 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-06-27 22:36 . 2012-06-27 22:36 484176 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-06-21 07:03 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 07:03 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 07:03 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 07:03 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 07:02 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 07:02 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 07:02 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 07:02 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 07:02 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-16 00:40 . 2012-07-20 12:03 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{00D00024-3835-4BE3-8CE6-E964B2636BFE}\mpengine.dll
2012-07-11 13:28 . 2011-08-18 01:05 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-29 22:03 . 2012-05-01 21:45 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-06-27 22:36 . 2012-05-01 21:45 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-06-02 05:45 . 2012-07-11 11:48 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:40 . 2012-07-11 11:48 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-05-31 10:25 . 2011-08-18 00:32 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-20 15:55 . 2011-09-28 15:27 235 ----a-w- c:\windows\SysWow64\nxEuUninstall.bat
2012-05-20 15:55 . 2011-09-28 15:27 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe
2012-05-16 22:16 . 2012-05-16 22:16 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-05-08 18:59 . 2012-05-08 18:59 796672 ----a-w- c:\windows\GPInstall.exe
2012-05-04 11:06 . 2012-06-13 03:17 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 03:17 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 03:17 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 03:17 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 03:17 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 03:17 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 03:17 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 03:17 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 03:17 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 03:17 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 03:17 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 03:17 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 03:17 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 03:17 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-20_11.34.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-18 00:15 . 2012-07-20 13:40 45394 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-20 13:40 52346 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-18 00:02 . 2012-07-20 13:40 18394 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1665541734-1154544650-2013233065-1000_UserData.bin
+ 2012-07-20 13:38 . 2012-07-20 13:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-20 11:33 . 2012-07-20 11:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-20 11:33 . 2012-07-20 11:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-20 13:38 . 2012-07-20 13:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-12 12:07 . 2012-07-20 11:32 227400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-04-12 12:07 . 2012-07-20 13:37 227400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-07-20 11:32 389728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-20 13:37 389728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-22 23:06 . 2012-07-20 13:37 11243908 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1665541734-1154544650-2013233065-1000-12288.dat
- 2011-11-22 23:06 . 2012-07-20 11:32 11243908 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1665541734-1154544650-2013233065-1000-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-03 17417392]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-18 880496]
"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2012-05-19 438272]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-07-19 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 250056]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\NCsoft\Lineage II\system\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-10 129976]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-18 1255736]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 62496]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 38288]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-28 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 361984]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 913144]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-28 9980416]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-28 309248]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 17:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 4081008]
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = %SystemRoot%\system32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Stáhnout Free Download Managerem - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files (x86)\Free Download Manager\dlall.htm
FF - ProfilePath - c:\users\sXe\AppData\Roaming\Mozilla\Firefox\Profiles\2jp3fwjw.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"=hex:51,66,7a,6c,4c,1d,38,12,55,e2,d0,
7e,f8,75,36,04,cc,26,b5,2d,be,5d,85,a1
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}"=hex:51,66,7a,6c,4c,1d,38,12,4d,a0,e0,
7c,bc,37,84,0f,e5,41,cb,b4,b5,01,91,c9
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:db,08,16,11,1d,fa,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
.
**************************************************************************
.
Celkový čas: 2012-07-20 15:52:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-07-20 13:52
ComboFix2.txt 2012-07-20 11:51
ComboFix3.txt 2012-04-12 17:33
.
Před spuštěním: Volných bajtů: 152 066 514 944
Po spuštění: Volných bajtů: 151 760 551 936
.
- - End Of File - - 0B3223B198CDEDDEE2473CA9D40D54DB

[ChrisX]

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-20 15:55:28
-----------------------------
15:55:28.745 OS Version: Windows x64 6.1.7601 Service Pack 1
15:55:28.745 Number of processors: 1 586 0x7C02
15:55:28.745 ComputerName: SXE-PC UserName: sXe
15:55:30.212 Initialize success
15:55:35.311 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
15:55:35.311 Disk 0 Vendor: WDC_WD2500BEVT-00ZCT0 11.01A11 Size: 238475MB BusType: 11
15:55:35.342 Disk 0 MBR read successfully
15:55:35.342 Disk 0 MBR scan
15:55:35.342 Disk 0 Windows 7 default MBR code
15:55:35.358 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10244 MB offset 63
15:55:35.373 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 228229 MB offset 20981760
15:55:35.404 Disk 0 scanning C:\Windows\system32\drivers
15:55:51.488 Service scanning
15:56:11.721 Modules scanning
15:56:11.737 Disk 0 trace - called modules:
15:56:11.768 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80021902c0]<<sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
15:56:11.784 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800311a060]
15:56:11.799 3 CLASSPNP.SYS[fffff88001b8643f] -> nt!IofCallDriver -> [0xfffffa8002fb0520]
15:56:12.330 5 ACPI.sys[fffff88000f8c7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa8002f62680]
15:56:12.345 \Driver\atapi[0xfffffa8002f58920] -> IRP_MJ_CREATE -> 0xfffffa80021902c0
15:56:12.361 Scan finished successfully
15:56:24.467 Disk 0 MBR has been saved successfully to "C:\Users\sXe\Desktop\MBR.dat"
15:56:24.482 The log file has been saved successfully to "C:\Users\sXe\Desktop\aswMBR.txt"

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

KillAll::
RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"=hex:51,66,7a,6c,4c,1d,38,12,55,e2,d0,
 7e,f8,75,36,04,cc,26,b5,2d,be,5d,85,a1
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
 36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}"=hex:51,66,7a,6c,4c,1d,38,12,4d,a0,e0,
 7c,bc,37,84,0f,e5,41,cb,b4,b5,01,91,c9
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
 df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
 fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
 b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:db,08,16,11,1d,fa,cc,01


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.