Prosím o kontrolu logu, Claro search + Vyřešeno

[Drevorubec]

"Dobrý den! Pořídil jsem si freeware program, jehož součástí byl Claro search. Já jsem odstranil jeho součásti z Přidat a odebrat programy, pak jsem ho odjebal z registrů dle návodu na internetu a posléze jsem použil Malwarebytes k čistění. Následovně jsem si změnil domovskou stránku Firefoxu, protože on mi ji předtím změnil na ten svůj search engine. Dále jsem ho vykopnul ve Správci vyhledávacích modulů. Ale ono mu to nestačí.

Pustím Firefox a je vše v pořádku, spustí se s prázdnou stránkou nebo s tím, co tam nastavím. Ale jakmile dám + Nový panel, tento nový panel se otevře s Claro searchem. Vůbec tedy nevím, jak se toho zbavit, víte, jak se toho zbavit?"

- Tak takový dotaz jsem položil v tématu viewtopic.php?f=47&t=97865

Bylo mi doporučeno vymazat Cookies, použít ATF, TFC, dále stránka s návodem http://www.ukash-virus.com/sk/odstranit ... arch-virus a Kaspersky virus removal.

Výsledek:
Použil jsem vše. Nic se nezměnilo s Cookiema, ATF, TFC, Kaspersky hlásil No threats, ve složkách a registrech uvedených v návodu žádné takové soubory nebyly! Jedině Spyhunter doporučený v tom návodu mi našel škodlivý doubleclick:

Kód: Vybrat vše

C:\Users\Spravce\AppData\Roaming\Microsoft\Windows\Cookies\6ZOY3N29.txt

Ale to snad není Claro Search?! Nicméně je to závažné: Spyhunter sice neodstraňuje ve free verzi, ale když zobrazí cestu, je možné soubor odstranit ručně. Problém nastal ve chvíli, kdy ve složce Windows nebyla složka Cookies.... :

Závěr:
Byl jsem tedy přesměrován do této sekce. Přikládám log z Hijackthis a prosím velmi a snažně o kontrolu a chtěl bych se zeptat, zda ten doubleclick souvisí s Claro search, nebo je to něco separátního, a chtěl bych se zeptat, jak obé odstranit....

Děkuji velmi!

Kód: Vybrat vše

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:53:53, on 4.12.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Program Files (x86)\Adobe\Adobe Audition CS5.5\Adobe Audition.exe
C:\Users\Spravce\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1723975183-3493544790-3980990944-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1723975183-3493544790-3980990944-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7094 bytes


Edit: V about configu jsem našel Newtab a tam byla zadána adresa při akci "Newtab", tu jsem změnil na About:blank jako minule. Ale to ještě neznamená, že jsem se ho zbavil, jen jsem změnil akci při newtabu......

[Reklama]

[Žbeky]

Nedávej logy do CODE, blbě se to čte

Fixni:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1723975183-3493544790-3980990944-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

[Drevorubec]

Ahojek! Děkuji za odpověď. Nebudu už dávat logy do kódu.

Log z Tdsskilleru je toto:

19:48:20.0685 3580 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:48:20.0763 3580 ============================================================
19:48:20.0763 3580 Current date / time: 2012/12/04 19:48:20.0763
19:48:20.0763 3580 SystemInfo:
19:48:20.0763 3580
19:48:20.0763 3580 OS Version: 6.1.7601 ServicePack: 1.0
19:48:20.0763 3580 Product type: Workstation
19:48:20.0763 3580 ComputerName: SPRAVCE-PC
19:48:20.0763 3580 UserName: Spravce
19:48:20.0763 3580 Windows directory: C:\Windows
19:48:20.0763 3580 System windows directory: C:\Windows
19:48:20.0763 3580 Running under WOW64
19:48:20.0763 3580 Processor architecture: Intel x64
19:48:20.0763 3580 Number of processors: 4
19:48:20.0763 3580 Page size: 0x1000
19:48:20.0763 3580 Boot type: Normal boot
19:48:20.0763 3580 ============================================================
19:48:21.0699 3580 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:48:21.0699 3580 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:48:21.0715 3580 ============================================================
19:48:21.0715 3580 \Device\Harddisk1\DR1:
19:48:21.0715 3580 MBR partitions:
19:48:21.0715 3580 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
19:48:21.0715 3580 \Device\Harddisk0\DR0:
19:48:21.0715 3580 MBR partitions:
19:48:21.0715 3580 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:48:21.0715 3580 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x74FE000
19:48:21.0715 3580 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x7530800, BlocksNum 0x32E54800
19:48:21.0715 3580 ============================================================
19:48:21.0761 3580 C: <-> \Device\Harddisk0\DR0\Partition2
19:48:21.0808 3580 D: <-> \Device\Harddisk0\DR0\Partition3
19:48:21.0808 3580 E: <-> \Device\Harddisk1\DR1\Partition1
19:48:21.0808 3580 ============================================================
19:48:21.0808 3580 Initialize success
19:48:21.0808 3580 ============================================================
19:48:24.0928 4032 ============================================================
19:48:24.0928 4032 Scan started
19:48:24.0928 4032 Mode: Manual;
19:48:24.0928 4032 ============================================================
19:48:25.0271 4032 ================ Scan system memory ========================
19:48:25.0271 4032 System memory - ok
19:48:25.0271 4032 ================ Scan services =============================
19:48:25.0412 4032 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:48:25.0427 4032 1394ohci - ok
19:48:25.0443 4032 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:48:25.0443 4032 ACPI - ok
19:48:25.0459 4032 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:48:25.0459 4032 AcpiPmi - ok
19:48:25.0490 4032 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys
19:48:25.0490 4032 adfs - ok
19:48:25.0568 4032 [ 4AE327C9C375D985FF2A2AAB92765218 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
19:48:25.0568 4032 Adobe LM Service - ok
19:48:25.0599 4032 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:48:25.0599 4032 adp94xx - ok
19:48:25.0615 4032 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:48:25.0630 4032 adpahci - ok
19:48:25.0646 4032 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:48:25.0646 4032 adpu320 - ok
19:48:25.0677 4032 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:48:25.0677 4032 AeLookupSvc - ok
19:48:25.0708 4032 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:48:25.0708 4032 AFD - ok
19:48:25.0739 4032 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:48:25.0739 4032 agp440 - ok
19:48:25.0755 4032 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:48:25.0755 4032 ALG - ok
19:48:25.0771 4032 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:48:25.0771 4032 aliide - ok
19:48:25.0786 4032 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:48:25.0786 4032 amdide - ok
19:48:25.0802 4032 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:48:25.0802 4032 AmdK8 - ok
19:48:25.0802 4032 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
19:48:25.0802 4032 AmdPPM - ok
19:48:25.0833 4032 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:48:25.0833 4032 amdsata - ok
19:48:25.0849 4032 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
19:48:25.0849 4032 amdsbs - ok
19:48:25.0880 4032 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:48:25.0880 4032 amdxata - ok
19:48:25.0895 4032 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:48:25.0895 4032 AppID - ok
19:48:25.0927 4032 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:48:25.0927 4032 AppIDSvc - ok
19:48:25.0958 4032 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:48:25.0958 4032 Appinfo - ok
19:48:25.0958 4032 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
19:48:25.0973 4032 arc - ok
19:48:25.0973 4032 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:48:25.0973 4032 arcsas - ok
19:48:26.0005 4032 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
19:48:26.0005 4032 aswFsBlk - ok
19:48:26.0036 4032 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
19:48:26.0036 4032 aswMonFlt - ok
19:48:26.0083 4032 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
19:48:26.0083 4032 aswRdr - ok
19:48:26.0114 4032 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
19:48:26.0114 4032 aswSnx - ok
19:48:26.0129 4032 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys
19:48:26.0129 4032 aswSP - ok
19:48:26.0145 4032 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
19:48:26.0145 4032 aswTdi - ok
19:48:26.0176 4032 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:48:26.0176 4032 AsyncMac - ok
19:48:26.0192 4032 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:48:26.0192 4032 atapi - ok
19:48:26.0254 4032 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:48:26.0270 4032 AudioEndpointBuilder - ok
19:48:26.0270 4032 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:48:26.0270 4032 AudioSrv - ok
19:48:26.0332 4032 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:48:26.0332 4032 avast! Antivirus - ok
19:48:26.0379 4032 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:48:26.0379 4032 AxInstSV - ok
19:48:26.0410 4032 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
19:48:26.0410 4032 b06bdrv - ok
19:48:26.0441 4032 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:48:26.0441 4032 b57nd60a - ok
19:48:26.0488 4032 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:48:26.0488 4032 BDESVC - ok
19:48:26.0488 4032 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:48:26.0488 4032 Beep - ok
19:48:26.0535 4032 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:48:26.0551 4032 BFE - ok
19:48:26.0597 4032 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:48:26.0629 4032 BITS - ok
19:48:26.0644 4032 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:48:26.0644 4032 blbdrive - ok
19:48:26.0675 4032 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:48:26.0675 4032 bowser - ok
19:48:26.0707 4032 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
19:48:26.0707 4032 BrFiltLo - ok
19:48:26.0722 4032 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
19:48:26.0722 4032 BrFiltUp - ok
19:48:26.0753 4032 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:48:26.0753 4032 Browser - ok
19:48:26.0769 4032 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:48:26.0769 4032 Brserid - ok
19:48:26.0785 4032 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:48:26.0785 4032 BrSerWdm - ok
19:48:26.0800 4032 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:48:26.0800 4032 BrUsbMdm - ok
19:48:26.0800 4032 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:48:26.0800 4032 BrUsbSer - ok
19:48:26.0831 4032 [ 832B121E4532919CC49F2438F1DCAA21 ] BthAvrcp C:\Windows\system32\DRIVERS\BthAvrcp.sys
19:48:26.0847 4032 BthAvrcp - ok
19:48:26.0878 4032 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
19:48:26.0894 4032 BthEnum - ok
19:48:26.0894 4032 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:48:26.0894 4032 BTHMODEM - ok
19:48:26.0941 4032 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:48:26.0941 4032 BthPan - ok
19:48:26.0972 4032 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
19:48:26.0972 4032 BTHPORT - ok
19:48:27.0003 4032 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:48:27.0019 4032 bthserv - ok
19:48:27.0034 4032 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
19:48:27.0034 4032 BTHUSB - ok
19:48:27.0065 4032 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:48:27.0065 4032 cdfs - ok
19:48:27.0097 4032 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:48:27.0097 4032 cdrom - ok
19:48:27.0128 4032 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:48:27.0128 4032 CertPropSvc - ok
19:48:27.0143 4032 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
19:48:27.0143 4032 circlass - ok
19:48:27.0159 4032 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:48:27.0159 4032 CLFS - ok
19:48:27.0221 4032 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:48:27.0237 4032 clr_optimization_v2.0.50727_32 - ok
19:48:27.0268 4032 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:48:27.0284 4032 clr_optimization_v2.0.50727_64 - ok
19:48:27.0362 4032 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:48:27.0377 4032 clr_optimization_v4.0.30319_32 - ok
19:48:27.0409 4032 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:48:27.0409 4032 clr_optimization_v4.0.30319_64 - ok
19:48:27.0440 4032 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
19:48:27.0440 4032 CmBatt - ok
19:48:27.0455 4032 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:48:27.0455 4032 cmdide - ok
19:48:27.0487 4032 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:48:27.0502 4032 CNG - ok
19:48:27.0502 4032 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
19:48:27.0502 4032 Compbatt - ok
19:48:27.0533 4032 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
19:48:27.0533 4032 CompositeBus - ok
19:48:27.0549 4032 COMSysApp - ok
19:48:27.0565 4032 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:48:27.0565 4032 crcdisk - ok
19:48:27.0596 4032 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:48:27.0596 4032 CryptSvc - ok
19:48:27.0627 4032 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:48:27.0627 4032 DcomLaunch - ok
19:48:27.0658 4032 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:48:27.0658 4032 defragsvc - ok
19:48:27.0674 4032 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:48:27.0674 4032 DfsC - ok
19:48:27.0705 4032 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:48:27.0705 4032 Dhcp - ok
19:48:27.0721 4032 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:48:27.0721 4032 discache - ok
19:48:27.0736 4032 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
19:48:27.0736 4032 Disk - ok
19:48:27.0767 4032 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:48:27.0767 4032 Dnscache - ok
19:48:27.0799 4032 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:48:27.0799 4032 dot3svc - ok
19:48:27.0814 4032 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:48:27.0814 4032 DPS - ok
19:48:27.0830 4032 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:48:27.0845 4032 drmkaud - ok
19:48:27.0861 4032 [ 400582B09E0BB557D0EC28A945150EEB ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:48:27.0861 4032 dtsoftbus01 - ok
19:48:27.0892 4032 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:48:27.0892 4032 DXGKrnl - ok
19:48:27.0908 4032 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:48:27.0908 4032 EapHost - ok
19:48:27.0970 4032 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
19:48:28.0033 4032 ebdrv - ok
19:48:28.0079 4032 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:48:28.0079 4032 EFS - ok
19:48:28.0142 4032 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:48:28.0173 4032 ehRecvr - ok
19:48:28.0189 4032 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:48:28.0189 4032 ehSched - ok
19:48:28.0220 4032 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:48:28.0235 4032 elxstor - ok
19:48:28.0251 4032 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:48:28.0251 4032 ErrDev - ok
19:48:28.0313 4032 esgiguard - ok
19:48:28.0345 4032 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:48:28.0360 4032 EventSystem - ok
19:48:28.0376 4032 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:48:28.0376 4032 exfat - ok
19:48:28.0391 4032 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:48:28.0407 4032 fastfat - ok
19:48:28.0423 4032 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:48:28.0438 4032 Fax - ok
19:48:28.0485 4032 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
19:48:28.0485 4032 fdc - ok
19:48:28.0501 4032 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:48:28.0501 4032 fdPHost - ok
19:48:28.0516 4032 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:48:28.0516 4032 FDResPub - ok
19:48:28.0532 4032 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:48:28.0532 4032 FileInfo - ok
19:48:28.0547 4032 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:48:28.0547 4032 Filetrace - ok
19:48:28.0610 4032 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:48:28.0625 4032 FLEXnet Licensing Service - ok
19:48:28.0672 4032 [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
19:48:28.0688 4032 FLEXnet Licensing Service 64 - ok
19:48:28.0703 4032 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
19:48:28.0703 4032 flpydisk - ok
19:48:28.0735 4032 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:48:28.0735 4032 FltMgr - ok
19:48:28.0781 4032 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:48:28.0797 4032 FontCache - ok
19:48:28.0828 4032 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:48:28.0844 4032 FontCache3.0.0.0 - ok
19:48:28.0859 4032 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:48:28.0859 4032 FsDepends - ok
19:48:28.0891 4032 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:48:28.0891 4032 Fs_Rec - ok
19:48:28.0906 4032 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:48:28.0922 4032 fvevol - ok
19:48:28.0937 4032 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:48:28.0937 4032 gagp30kx - ok
19:48:28.0984 4032 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:48:29.0000 4032 gpsvc - ok
19:48:29.0015 4032 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:48:29.0031 4032 hcw85cir - ok
19:48:29.0078 4032 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:48:29.0078 4032 HdAudAddService - ok
19:48:29.0093 4032 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:48:29.0093 4032 HDAudBus - ok
19:48:29.0109 4032 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
19:48:29.0109 4032 HidBatt - ok
19:48:29.0125 4032 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:48:29.0125 4032 HidBth - ok
19:48:29.0156 4032 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
19:48:29.0156 4032 HidIr - ok
19:48:29.0171 4032 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:48:29.0171 4032 hidserv - ok
19:48:29.0187 4032 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:48:29.0187 4032 HidUsb - ok
19:48:29.0203 4032 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:48:29.0203 4032 hkmsvc - ok
19:48:29.0218 4032 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:48:29.0218 4032 HomeGroupListener - ok
19:48:29.0249 4032 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:48:29.0249 4032 HomeGroupProvider - ok
19:48:29.0265 4032 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:48:29.0265 4032 HpSAMD - ok
19:48:29.0296 4032 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:48:29.0312 4032 HTTP - ok
19:48:29.0327 4032 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:48:29.0327 4032 hwpolicy - ok
19:48:29.0343 4032 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:48:29.0359 4032 i8042prt - ok
19:48:29.0374 4032 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:48:29.0390 4032 iaStorV - ok
19:48:29.0421 4032 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:48:29.0452 4032 idsvc - ok
19:48:29.0468 4032 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:48:29.0468 4032 iirsp - ok
19:48:29.0499 4032 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:48:29.0530 4032 IKEEXT - ok
19:48:29.0608 4032 [ CB7DADEF3D83FE2C12655A0BDCBA99F2 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:48:29.0624 4032 IntcAzAudAddService - ok
19:48:29.0639 4032 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:48:29.0639 4032 intelide - ok
19:48:29.0671 4032 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:48:29.0671 4032 intelppm - ok
19:48:29.0671 4032 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:48:29.0671 4032 IPBusEnum - ok
19:48:29.0702 4032 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:48:29.0702 4032 IpFilterDriver - ok
19:48:29.0749 4032 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:48:29.0764 4032 iphlpsvc - ok
19:48:29.0780 4032 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:48:29.0780 4032 IPMIDRV - ok
19:48:29.0780 4032 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:48:29.0780 4032 IPNAT - ok
19:48:29.0811 4032 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:48:29.0811 4032 IRENUM - ok
19:48:29.0811 4032 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:48:29.0811 4032 isapnp - ok
19:48:29.0842 4032 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:48:29.0842 4032 iScsiPrt - ok
19:48:29.0858 4032 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:48:29.0858 4032 kbdclass - ok
19:48:29.0858 4032 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:48:29.0858 4032 kbdhid - ok
19:48:29.0874 4032 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:48:29.0889 4032 KeyIso - ok
19:48:29.0936 4032 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:48:29.0952 4032 KSecDD - ok
19:48:29.0983 4032 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:48:30.0014 4032 KSecPkg - ok
19:48:30.0092 4032 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:48:30.0092 4032 ksthunk - ok
19:48:30.0139 4032 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:48:30.0139 4032 KtmRm - ok
19:48:30.0186 4032 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:48:30.0186 4032 LanmanServer - ok
19:48:30.0217 4032 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:48:30.0217 4032 LanmanWorkstation - ok
19:48:30.0248 4032 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:48:30.0248 4032 lltdio - ok
19:48:30.0279 4032 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:48:30.0279 4032 lltdsvc - ok
19:48:30.0310 4032 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:48:30.0310 4032 lmhosts - ok
19:48:30.0326 4032 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:48:30.0326 4032 LSI_FC - ok
19:48:30.0342 4032 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:48:30.0342 4032 LSI_SAS - ok
19:48:30.0357 4032 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
19:48:30.0357 4032 LSI_SAS2 - ok
19:48:30.0373 4032 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:48:30.0373 4032 LSI_SCSI - ok
19:48:30.0388 4032 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:48:30.0388 4032 luafv - ok
19:48:30.0435 4032 [ B3B7C5F26F3F8C7992350B7EDE64F5C9 ] Magic Tune C:\Windows\system32\Drivers\MtiCtwl.sys
19:48:30.0435 4032 Magic Tune - ok
19:48:30.0466 4032 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:48:30.0466 4032 Mcx2Svc - ok
19:48:30.0482 4032 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
19:48:30.0482 4032 megasas - ok
19:48:30.0529 4032 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
19:48:30.0529 4032 MegaSR - ok
19:48:30.0560 4032 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:48:30.0560 4032 MMCSS - ok
19:48:30.0607 4032 [ F17A01637E2A4FC1046338210ACAF6DE ] mod7700 C:\Windows\system32\Drivers\dvb7700all.sys
19:48:30.0622 4032 mod7700 - ok
19:48:30.0638 4032 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:48:30.0638 4032 Modem - ok
19:48:30.0669 4032 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:48:30.0669 4032 monitor - ok
19:48:30.0685 4032 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:48:30.0685 4032 mouclass - ok
19:48:30.0716 4032 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:48:30.0716 4032 mouhid - ok
19:48:30.0732 4032 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:48:30.0732 4032 mountmgr - ok
19:48:30.0747 4032 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:48:30.0747 4032 mpio - ok
19:48:30.0763 4032 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:48:30.0763 4032 mpsdrv - ok
19:48:30.0794 4032 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:48:30.0825 4032 MpsSvc - ok
19:48:30.0841 4032 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:48:30.0856 4032 MRxDAV - ok
19:48:30.0888 4032 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:48:30.0888 4032 mrxsmb - ok
19:48:30.0903 4032 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:48:30.0903 4032 mrxsmb10 - ok
19:48:30.0919 4032 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:48:30.0919 4032 mrxsmb20 - ok
19:48:30.0934 4032 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:48:30.0934 4032 msahci - ok
19:48:30.0950 4032 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:48:30.0966 4032 msdsm - ok
19:48:30.0981 4032 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:48:30.0981 4032 MSDTC - ok
19:48:30.0997 4032 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:48:30.0997 4032 Msfs - ok
19:48:31.0012 4032 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:48:31.0012 4032 mshidkmdf - ok
19:48:31.0028 4032 MSICDSetup - ok
19:48:31.0044 4032 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:48:31.0044 4032 msisadrv - ok
19:48:31.0075 4032 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:48:31.0075 4032 MSiSCSI - ok
19:48:31.0075 4032 msiserver - ok
19:48:31.0106 4032 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:48:31.0106 4032 MSKSSRV - ok
19:48:31.0122 4032 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:48:31.0122 4032 MSPCLOCK - ok
19:48:31.0137 4032 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:48:31.0137 4032 MSPQM - ok
19:48:31.0153 4032 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:48:31.0168 4032 MsRPC - ok
19:48:31.0168 4032 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:48:31.0168 4032 mssmbios - ok
19:48:31.0184 4032 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:48:31.0184 4032 MSTEE - ok
19:48:31.0184 4032 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
19:48:31.0184 4032 MTConfig - ok
19:48:31.0215 4032 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:48:31.0215 4032 Mup - ok
19:48:31.0246 4032 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:48:31.0246 4032 napagent - ok
19:48:31.0293 4032 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:48:31.0293 4032 NativeWifiP - ok
19:48:31.0340 4032 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:48:31.0356 4032 NDIS - ok
19:48:31.0371 4032 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:48:31.0371 4032 NdisCap - ok
19:48:31.0387 4032 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:48:31.0387 4032 NdisTapi - ok
19:48:31.0418 4032 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:48:31.0418 4032 Ndisuio - ok
19:48:31.0418 4032 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:48:31.0418 4032 NdisWan - ok
19:48:31.0434 4032 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:48:31.0434 4032 NDProxy - ok
19:48:31.0449 4032 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:48:31.0449 4032 NetBIOS - ok
19:48:31.0465 4032 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:48:31.0465 4032 NetBT - ok
19:48:31.0480 4032 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:48:31.0480 4032 Netlogon - ok
19:48:31.0512 4032 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:48:31.0512 4032 Netman - ok
19:48:31.0543 4032 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:48:31.0543 4032 netprofm - ok
19:48:31.0574 4032 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:48:31.0574 4032 NetTcpPortSharing - ok
19:48:31.0605 4032 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:48:31.0605 4032 nfrd960 - ok
19:48:31.0621 4032 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:48:31.0621 4032 NlaSvc - ok
19:48:31.0636 4032 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:48:31.0636 4032 Npfs - ok
19:48:31.0636 4032 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:48:31.0636 4032 nsi - ok
19:48:31.0652 4032 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:48:31.0652 4032 nsiproxy - ok
19:48:31.0699 4032 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:48:31.0730 4032 Ntfs - ok
19:48:31.0761 4032 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:48:31.0761 4032 Null - ok
19:48:31.0808 4032 [ 8D4AAC74B571FC356560E5B308955E93 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
19:48:31.0808 4032 NVHDA - ok
19:48:32.0089 4032 [ 9C1996DD3C0469BC8933321F15709F5A ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:48:32.0136 4032 nvlddmkm - ok
19:48:32.0151 4032 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:48:32.0167 4032 nvraid - ok
19:48:32.0167 4032 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:48:32.0167 4032 nvstor - ok
19:48:32.0214 4032 [ 34E5498528BB3D5A951F889F8756AD26 ] nvsvc C:\Windows\system32\nvvsvc.exe
19:48:32.0245 4032 nvsvc - ok
19:48:32.0338 4032 [ CD0BFAA6872CFE38C908D313AE17C350 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:48:32.0338 4032 nvUpdatusService - ok
19:48:32.0385 4032 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:48:32.0385 4032 nv_agp - ok
19:48:32.0479 4032 [ E54AA592A65F317390EEE386A8821692 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:48:32.0479 4032 odserv - ok
19:48:32.0479 4032 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:48:32.0479 4032 ohci1394 - ok
19:48:32.0510 4032 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:48:32.0510 4032 ose - ok
19:48:32.0557 4032 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:48:32.0557 4032 p2pimsvc - ok
19:48:32.0588 4032 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:48:32.0588 4032 p2psvc - ok
19:48:32.0619 4032 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:48:32.0619 4032 Parport - ok
19:48:32.0650 4032 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:48:32.0650 4032 partmgr - ok
19:48:32.0666 4032 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:48:32.0666 4032 PcaSvc - ok
19:48:32.0682 4032 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:48:32.0682 4032 pci - ok
19:48:32.0682 4032 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:48:32.0682 4032 pciide - ok
19:48:32.0697 4032 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:48:32.0697 4032 pcmcia - ok
19:48:32.0713 4032 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:48:32.0713 4032 pcw - ok
19:48:32.0728 4032 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:48:32.0744 4032 PEAUTH - ok
19:48:32.0838 4032 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:48:32.0838 4032 PerfHost - ok
19:48:32.0884 4032 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:48:32.0916 4032 pla - ok
19:48:32.0994 4032 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:48:32.0994 4032 PlugPlay - ok
19:48:33.0009 4032 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:48:33.0009 4032 PNRPAutoReg - ok
19:48:33.0025 4032 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:48:33.0025 4032 PNRPsvc - ok
19:48:33.0072 4032 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:48:33.0072 4032 PolicyAgent - ok
19:48:33.0103 4032 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:48:33.0103 4032 Power - ok
19:48:33.0134 4032 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:48:33.0134 4032 PptpMiniport - ok
19:48:33.0150 4032 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
19:48:33.0150 4032 Processor - ok
19:48:33.0181 4032 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:48:33.0181 4032 ProfSvc - ok
19:48:33.0196 4032 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:48:33.0196 4032 ProtectedStorage - ok
19:48:33.0228 4032 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:48:33.0228 4032 Psched - ok
19:48:33.0274 4032 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:48:33.0306 4032 ql2300 - ok
19:48:33.0337 4032 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:48:33.0337 4032 ql40xx - ok
19:48:33.0352 4032 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:48:33.0368 4032 QWAVE - ok
19:48:33.0368 4032 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:48:33.0368 4032 QWAVEdrv - ok
19:48:33.0430 4032 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
19:48:33.0430 4032 RapiMgr - ok
19:48:33.0446 4032 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:48:33.0446 4032 RasAcd - ok
19:48:33.0477 4032 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:48:33.0477 4032 RasAgileVpn - ok
19:48:33.0508 4032 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:48:33.0508 4032 RasAuto - ok
19:48:33.0508 4032 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:48:33.0508 4032 Rasl2tp - ok
19:48:33.0540 4032 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:48:33.0555 4032 RasMan - ok
19:48:33.0555 4032 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:48:33.0555 4032 RasPppoe - ok
19:48:33.0555 4032 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:48:33.0571 4032 RasSstp - ok
19:48:33.0586 4032 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:48:33.0586 4032 rdbss - ok
19:48:33.0602 4032 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
19:48:33.0602 4032 rdpbus - ok
19:48:33.0618 4032 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:48:33.0633 4032 RDPCDD - ok
19:48:33.0633 4032 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:48:33.0633 4032 RDPENCDD - ok
19:48:33.0633 4032 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:48:33.0633 4032 RDPREFMP - ok
19:48:33.0664 4032 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:48:33.0664 4032 RDPWD - ok
19:48:33.0680 4032 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:48:33.0680 4032 rdyboost - ok
19:48:33.0711 4032 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:48:33.0727 4032 RemoteAccess - ok
19:48:33.0742 4032 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:48:33.0742 4032 RemoteRegistry - ok
19:48:33.0774 4032 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:48:33.0774 4032 RFCOMM - ok
19:48:33.0805 4032 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:48:33.0805 4032 RpcEptMapper - ok
19:48:33.0836 4032 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:48:33.0836 4032 RpcLocator - ok
19:48:33.0852 4032 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:48:33.0852 4032 RpcSs - ok
19:48:33.0883 4032 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:48:33.0883 4032 rspndr - ok
19:48:33.0914 4032 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:48:33.0930 4032 RTL8167 - ok
19:48:33.0930 4032 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:48:33.0930 4032 SamSs - ok
19:48:33.0945 4032 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:48:33.0945 4032 sbp2port - ok
19:48:33.0961 4032 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:48:33.0976 4032 SCardSvr - ok
19:48:33.0992 4032 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:48:33.0992 4032 scfilter - ok
19:48:34.0008 4032 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:48:34.0039 4032 Schedule - ok
19:48:34.0054 4032 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:48:34.0054 4032 SCPolicySvc - ok
19:48:34.0070 4032 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:48:34.0086 4032 SDRSVC - ok
19:48:34.0101 4032 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:48:34.0101 4032 secdrv - ok
19:48:34.0117 4032 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:48:34.0117 4032 seclogon - ok
19:48:34.0164 4032 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:48:34.0164 4032 SENS - ok
19:48:34.0164 4032 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:48:34.0179 4032 SensrSvc - ok
19:48:34.0195 4032 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:48:34.0195 4032 Serenum - ok
19:48:34.0226 4032 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:48:34.0226 4032 Serial - ok
19:48:34.0242 4032 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:48:34.0257 4032 sermouse - ok
19:48:34.0273 4032 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:48:34.0273 4032 SessionEnv - ok
19:48:34.0288 4032 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:48:34.0288 4032 sffdisk - ok
19:48:34.0304 4032 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:48:34.0304 4032 sffp_mmc - ok
19:48:34.0320 4032 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:48:34.0320 4032 sffp_sd - ok
19:48:34.0320 4032 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:48:34.0320 4032 sfloppy - ok
19:48:34.0335 4032 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:48:34.0351 4032 SharedAccess - ok
19:48:34.0382 4032 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:48:34.0382 4032 ShellHWDetection - ok
19:48:34.0382 4032 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
19:48:34.0382 4032 SiSRaid2 - ok
19:48:34.0382 4032 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:48:34.0398 4032 SiSRaid4 - ok
19:48:34.0413 4032 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:48:34.0413 4032 Smb - ok
19:48:34.0429 4032 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:48:34.0429 4032 SNMPTRAP - ok
19:48:34.0444 4032 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:48:34.0444 4032 spldr - ok
19:48:34.0476 4032 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:48:34.0507 4032 Spooler - ok
19:48:34.0585 4032 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:48:34.0647 4032 sppsvc - ok
19:48:34.0678 4032 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:48:34.0678 4032 sppuinotify - ok
19:48:34.0694 4032 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:48:34.0710 4032 srv - ok
19:48:34.0725 4032 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:48:34.0725 4032 srv2 - ok
19:48:34.0756 4032 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:48:34.0756 4032 srvnet - ok
19:48:34.0788 4032 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:48:34.0788 4032 SSDPSRV - ok
19:48:34.0803 4032 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:48:34.0819 4032 SstpSvc - ok
19:48:34.0850 4032 [ 8544A200C40447E465F06E58687428BB ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:48:34.0866 4032 Stereo Service - ok
19:48:34.0881 4032 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
19:48:34.0881 4032 stexstor - ok
19:48:34.0912 4032 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:48:34.0928 4032 stisvc - ok
19:48:34.0959 4032 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:48:34.0959 4032 swenum - ok
19:48:34.0975 4032 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:48:34.0975 4032 swprv - ok
19:48:35.0006 4032 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:48:35.0022 4032 SysMain - ok
19:48:35.0037 4032 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:48:35.0037 4032 TabletInputService - ok
19:48:35.0053 4032 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:48:35.0053 4032 TapiSrv - ok
19:48:35.0068 4032 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:48:35.0068 4032 TBS - ok
19:48:35.0146 4032 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:48:35.0209 4032 Tcpip - ok
19:48:35.0271 4032 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:48:35.0271 4032 TCPIP6 - ok
19:48:35.0302 4032 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:48:35.0302 4032 tcpipreg - ok
19:48:35.0302 4032 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:48:35.0302 4032 TDPIPE - ok
19:48:35.0334 4032 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:48:35.0334 4032 TDTCP - ok
19:48:35.0349 4032 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:48:35.0349 4032 tdx - ok
19:48:35.0365 4032 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:48:35.0365 4032 TermDD - ok
19:48:35.0396 4032 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:48:35.0412 4032 TermService - ok
19:48:35.0427 4032 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:48:35.0427 4032 Themes - ok
19:48:35.0443 4032 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:48:35.0458 4032 THREADORDER - ok
19:48:35.0458 4032 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:48:35.0474 4032 TrkWks - ok
19:48:35.0521 4032 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:48:35.0521 4032 TrustedInstaller - ok
19:48:35.0521 4032 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:48:35.0521 4032 tssecsrv - ok
19:48:35.0568 4032 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:48:35.0568 4032 TsUsbFlt - ok
19:48:35.0583 4032 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
19:48:35.0583 4032 TsUsbGD - ok
19:48:35.0614 4032 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:48:35.0614 4032 tunnel - ok
19:48:35.0630 4032 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:48:35.0630 4032 uagp35 - ok
19:48:35.0646 4032 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:48:35.0661 4032 udfs - ok
19:48:35.0692 4032 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:48:35.0692 4032 UI0Detect - ok
19:48:35.0724 4032 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:48:35.0724 4032 uliagpkx - ok
19:48:35.0739 4032 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:48:35.0739 4032 umbus - ok
19:48:35.0739 4032 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
19:48:35.0755 4032 UmPass - ok

pokračuje

[Drevorubec]

pokračuje:

19:48:35.0770 4032 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:48:35.0770 4032 upnphost - ok
19:48:35.0802 4032 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:48:35.0817 4032 usbccgp - ok
19:48:35.0817 4032 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:48:35.0817 4032 usbcir - ok
19:48:35.0833 4032 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:48:35.0833 4032 usbehci - ok
19:48:35.0864 4032 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:48:35.0864 4032 usbhub - ok
19:48:35.0880 4032 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:48:35.0880 4032 usbohci - ok
19:48:35.0895 4032 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:48:35.0895 4032 usbprint - ok
19:48:35.0926 4032 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:48:35.0926 4032 usbscan - ok
19:48:35.0958 4032 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:48:35.0958 4032 USBSTOR - ok
19:48:35.0958 4032 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:48:35.0958 4032 usbuhci - ok
19:48:35.0973 4032 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:48:35.0989 4032 UxSms - ok
19:48:36.0004 4032 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:48:36.0004 4032 VaultSvc - ok
19:48:36.0036 4032 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:48:36.0036 4032 vdrvroot - ok
19:48:36.0067 4032 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:48:36.0082 4032 vds - ok
19:48:36.0114 4032 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:48:36.0129 4032 vga - ok
19:48:36.0129 4032 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:48:36.0129 4032 VgaSave - ok
19:48:36.0145 4032 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:48:36.0145 4032 vhdmp - ok
19:48:36.0160 4032 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:48:36.0160 4032 viaide - ok
19:48:36.0176 4032 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:48:36.0176 4032 volmgr - ok
19:48:36.0192 4032 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:48:36.0192 4032 volmgrx - ok
19:48:36.0223 4032 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:48:36.0223 4032 volsnap - ok
19:48:36.0238 4032 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:48:36.0238 4032 vsmraid - ok
19:48:36.0285 4032 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:48:36.0316 4032 VSS - ok
19:48:36.0348 4032 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:48:36.0363 4032 vwifibus - ok
19:48:36.0394 4032 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:48:36.0394 4032 W32Time - ok
19:48:36.0410 4032 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:48:36.0410 4032 WacomPen - ok
19:48:36.0441 4032 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:48:36.0441 4032 WANARP - ok
19:48:36.0457 4032 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:48:36.0457 4032 Wanarpv6 - ok
19:48:36.0519 4032 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:48:36.0550 4032 WatAdminSvc - ok
19:48:36.0613 4032 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:48:36.0644 4032 wbengine - ok
19:48:36.0691 4032 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:48:36.0691 4032 WbioSrvc - ok
19:48:36.0738 4032 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
19:48:36.0738 4032 WcesComm - ok
19:48:36.0753 4032 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:48:36.0753 4032 wcncsvc - ok
19:48:36.0769 4032 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:48:36.0769 4032 WcsPlugInService - ok
19:48:36.0800 4032 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
19:48:36.0800 4032 Wd - ok
19:48:36.0831 4032 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:48:36.0847 4032 Wdf01000 - ok
19:48:36.0847 4032 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:48:36.0862 4032 WdiServiceHost - ok
19:48:36.0862 4032 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:48:36.0862 4032 WdiSystemHost - ok
19:48:36.0878 4032 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:48:36.0878 4032 WebClient - ok
19:48:36.0894 4032 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:48:36.0894 4032 Wecsvc - ok
19:48:36.0909 4032 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:48:36.0925 4032 wercplsupport - ok
19:48:36.0940 4032 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:48:36.0940 4032 WerSvc - ok
19:48:36.0972 4032 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:48:36.0972 4032 WfpLwf - ok
19:48:37.0003 4032 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:48:37.0003 4032 WIMMount - ok
19:48:37.0003 4032 WinDefend - ok
19:48:37.0003 4032 WinHttpAutoProxySvc - ok
19:48:37.0065 4032 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:48:37.0065 4032 Winmgmt - ok
19:48:37.0112 4032 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:48:37.0159 4032 WinRM - ok
19:48:37.0206 4032 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:48:37.0237 4032 Wlansvc - ok
19:48:37.0252 4032 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:48:37.0252 4032 WmiAcpi - ok
19:48:37.0268 4032 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:48:37.0268 4032 wmiApSrv - ok
19:48:37.0299 4032 WMPNetworkSvc - ok
19:48:37.0315 4032 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:48:37.0315 4032 WPCSvc - ok
19:48:37.0330 4032 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:48:37.0330 4032 WPDBusEnum - ok
19:48:37.0346 4032 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:48:37.0362 4032 ws2ifsl - ok
19:48:37.0377 4032 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:48:37.0377 4032 wscsvc - ok
19:48:37.0377 4032 WSearch - ok
19:48:37.0440 4032 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:48:37.0455 4032 wuauserv - ok
19:48:37.0471 4032 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:48:37.0471 4032 WudfPf - ok
19:48:37.0502 4032 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:48:37.0502 4032 WUDFRd - ok
19:48:37.0518 4032 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:48:37.0518 4032 wudfsvc - ok
19:48:37.0533 4032 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:48:37.0533 4032 WwanSvc - ok
19:48:37.0549 4032 ================ Scan global ===============================
19:48:37.0580 4032 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:48:37.0611 4032 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
19:48:37.0611 4032 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
19:48:37.0642 4032 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:48:37.0658 4032 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:48:37.0674 4032 [Global] - ok
19:48:37.0674 4032 ================ Scan MBR ==================================
19:48:37.0674 4032 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk1\DR1
19:48:37.0674 4032 \Device\Harddisk1\DR1 - ok
19:48:37.0689 4032 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:48:37.0861 4032 \Device\Harddisk0\DR0 - ok
19:48:37.0861 4032 ================ Scan VBR ==================================
19:48:37.0861 4032 [ 37AF52E1E5DF5C335571B205666C2AB7 ] \Device\Harddisk1\DR1\Partition1
19:48:37.0861 4032 \Device\Harddisk1\DR1\Partition1 - ok
19:48:37.0861 4032 [ 385AB50D336025C589D2290D222F5630 ] \Device\Harddisk0\DR0\Partition1
19:48:37.0861 4032 \Device\Harddisk0\DR0\Partition1 - ok
19:48:37.0876 4032 [ DBCCBEE745A46367FDB190DC75F97DFC ] \Device\Harddisk0\DR0\Partition2
19:48:37.0876 4032 \Device\Harddisk0\DR0\Partition2 - ok
19:48:37.0892 4032 [ EA8B23739DAC5FDC92817C67D189C687 ] \Device\Harddisk0\DR0\Partition3
19:48:37.0908 4032 \Device\Harddisk0\DR0\Partition3 - ok
19:48:37.0908 4032 ============================================================
19:48:37.0908 4032 Scan finished
19:48:37.0908 4032 ============================================================
19:48:37.0908 3348 Detected object count: 0
19:48:37.0908 3348 Actual detected object count: 0
19:48:47.0720 3552 Deinitialize success

Konec logu!


Log z ComboFixu je toto:

ComboFix 12-12-04.01 - Spravce 04.12.2012 19:55:33.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.16366.14501 [GMT 1:00]
Spuštěný z: c:\users\Spravce\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-04 do 2012-12-04 )))))))))))))))))))))))))))))))
.
.
2012-12-04 19:00 . 2012-12-04 19:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-04 19:00 . 2012-12-04 19:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-04 15:33 . 2012-12-04 15:33 -------- d-----w- c:\programdata\Kaspersky Lab
2012-12-04 15:20 . 2012-12-04 15:41 -------- d-----w- c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2012-12-04 15:10 . 2012-12-04 15:10 -------- d-----w- c:\users\Spravce\AppData\Local\Adobe
2012-12-04 14:41 . 2012-12-04 14:41 -------- d-----w- c:\users\Spravce\AppData\Roaming\Malwarebytes
2012-12-04 13:33 . 2012-12-04 13:33 -------- d-----w- c:\program files (x86)\Enigma Software Group
2012-12-04 13:19 . 2012-12-04 13:19 -------- d-----w- c:\program files\Enigma Software Group
2012-12-04 13:18 . 2012-12-04 13:33 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-12-04 13:05 . 2012-12-04 13:05 -------- d-----w- c:\programdata\Malwarebytes
2012-12-03 23:35 . 2012-12-03 23:35 -------- d-----w- c:\users\Spravce\AppData\Local\Downloaded Installations
2012-12-03 23:35 . 2012-12-04 13:08 -------- d-----w- c:\users\Spravce\AppData\Local\SwvUpdater
2012-12-03 23:34 . 2012-12-03 23:34 -------- d-----w- c:\users\Spravce\AppData\Roaming\Babylon
2012-12-03 23:34 . 2012-12-03 23:34 -------- d-----w- c:\programdata\Babylon
2012-12-02 22:29 . 2012-12-02 22:29 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-11-25 13:51 . 2012-11-25 13:51 -------- d-----w- c:\users\Spravce\AppData\Local\Native Instruments
2012-11-25 13:48 . 2012-12-03 19:08 -------- d-----w- c:\program files\Native Instruments
2012-11-24 21:57 . 2012-11-25 13:48 -------- d-----w- c:\programdata\Native Instruments
2012-11-24 21:56 . 2012-12-03 19:09 -------- d-----w- c:\program files\Common Files\Native Instruments
2012-11-17 11:50 . 2012-01-22 11:03 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll
2012-11-14 03:16 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2947A055-AF15-4308-A148-4CB343FD0999}\mpengine.dll
2012-11-07 22:01 . 2012-11-07 22:05 -------- d-----w- c:\users\Spravce\AppData\Roaming\Audacity
2012-11-07 22:00 . 2012-11-07 22:00 -------- d-----w- c:\program files (x86)\Audacity
2012-11-07 19:26 . 2012-11-07 19:26 2560 ----a-w- c:\windows\_MSRSTRT.EXE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-30 22:51 . 2012-01-20 20:44 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-01-20 20:44 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-01-20 20:44 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-01-20 20:43 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-01-20 20:44 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-01-20 20:43 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-01-20 20:43 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2012-01-20 20:43 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-27 17:18 . 2012-03-22 16:33 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-10-27 17:18 . 2012-03-22 16:33 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-10-27 17:18 . 2012-03-22 16:33 121880 ----a-w- c:\windows\system32\OpenAL32.dll
2012-10-27 17:18 . 2012-03-22 16:33 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-10-15 16:59 . 2012-04-13 23:30 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-13 23:25 . 2012-07-26 23:59 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-13 23:25 . 2012-07-26 16:48 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-27 22:18 . 2012-01-21 20:35 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-14 19:19 . 2012-10-24 14:33 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-24 14:33 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 29184]
R3 esgiguard;esgiguard;c:\program files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-01-22 1038088]
R3 MSICDSetup;MSICDSetup;E:\CDriver64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-21 1255736]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-21 279616]
S1 Magic Tune;MagicTune;c:\windows\system32\Drivers\MtiCtwl.sys [2008-11-04 23096]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-08-15 7288424]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.46.172.36 192.168.0.1
FF - ProfilePath - c:\users\Spravce\AppData\Roaming\Mozilla\Firefox\Profiles\tzhlleg7.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: 2012-11-17 12:50; {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{01D57CF6-B5BC-4D03-AFF5-7960CFBD05A9} - c:\programdata\{9327ACE9-CC82-4A33-9B33-291ACA1E267B}\Guitar Rig 5 Setup PC.exe
AddRemove-{0886900B-B2F3-452C-B580-60F1253F7F80} - c:\programdata\{DCC412E7-393B-4016-91FB-9307F059AFB6}\Controller Editor Setup PC.exe
AddRemove-{0B8565BA-BAD5-4732-B122-5FD78EFC50A9} - c:\programdata\{49FAB1E7-7D4E-4015-BBCA-E52669133FB7}\Service Center Setup PC.exe
AddRemove-{2930FB47-6452-4476-BF16-D77F748646DB} - c:\programdata\{4F32CAF7-963B-404D-BF13-C48BA3F5F6A7}\GuitarRig Mobile IO Driver Setup.exe
AddRemove-{7930FB47-6452-4476-BF16-D77F748646DB} - c:\programdata\{AC46DC4F-66BD-4733-A8B4-0B69418C12D0}\Session IO Driver Setup.exe
AddRemove-{B962AD08-335F-46f7-A182-257D37672E5C} - c:\programdata\{EC98E512-708C-4C3B-9F07-B58768C1DD8A}\Rig Kontrol 3 Driver Setup.exe
AddRemove-{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E} - c:\programdata\{D69A48BF-7653-4AA8-94BC-5847522A4573}\Guitar Rig 4 Setup PC.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1723975183-3493544790-3980990944-1000\Software\SecuROM\License information*]
"datasecu"=hex:ad,b2,73,85,30,7e,53,51,bd,8a,79,95,96,57,60,06,52,52,63,63,b5,
94,f8,cd,e2,70,a1,d3,ee,b3,70,f7,4e,b4,99,82,c0,7d,1f,9e,8a,8b,c4,2f,81,3e,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-12-04 20:01:56
ComboFix-quarantined-files.txt 2012-12-04 19:01
.
Před spuštěním: Volných bajtů: 12 270 780 416
Po spuštění: Volných bajtů: 12 009 074 688
.
- - End Of File - - ECC77C1A5A10F1D1FA29CA5C2918A00E

Konec logu!

Dále se stalo, že se mi po spuštění nepustil ovladač grafiky. V MSConfigu bylo nastaveno Výběrové spuštění, které jsem ale já nenastavil. Při Normálním spuštění se grafika spustila.

Děkuji za kontrolu logu, Dřevorubík

[Drevorubec]

Je totiž povoleno 60k znaků, tak se to tam nevešlo =)

V původním tématu jsem byl ještě požádán o log z Adwcleaner, který jsem tam měl dát, ale jsem nucen jej dát i sem, když jsou tu ta dvě témata. Nu, kdyby mne napadlo rovnou udělat HJT a dát ho sem, nemusel jsem zakládat ještě to původní téma vedle

Log z adw je toto:

# AdwCleaner v2.011 - Logfile created 12/04/2012 at 20:17:39
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Spravce - SPRAVCE-PC
# Boot Mode : Normal
# Running from : C:\Users\Spravce\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\Users\Spravce\AppData\Local\SwvUpdater
Folder Found : C:\Users\Spravce\AppData\Roaming\Babylon

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16450

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (cs)

Profile name : default
File : C:\Users\Spravce\AppData\Roaming\Mozilla\Firefox\Profiles\tzhlleg7.default\prefs.js

Found : user_pref("extensions.BabylonToolbar_i.newTab", false);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "about:blank");

*************************

AdwCleaner[R1].txt - [1625 octets] - [04/12/2012 20:17:39]

########## EOF - C:\AdwCleaner[R1].txt - [1685 octets] ##########

[jaro3]

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
Klikni na „ Delete“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

File::
c:\windows\_MSRSTRT.EXE

Folder::
c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
c:\users\Spravce\AppData\Roaming\Babylon
c:\programdata\Babylon

DirLook::
c:\users\Spravce\AppData\Local\SwvUpdater

RegLock::
FF - ProfilePath - c:\users\Spravce\AppData\Roaming\Mozilla\Firefox\Profiles\tzhlleg7.default\
FF - ExtSQL: 2012-11-17 12:50; {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[Drevorubec]

Děkuji za odpověď!

Log z ADW je toto:

# AdwCleaner v2.011 - Logfile created 12/04/2012 at 23:41:26
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Spravce - SPRAVCE-PC
# Boot Mode : Normal
# Running from : C:\Users\Spravce\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\Spravce\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Spravce\AppData\Roaming\Babylon

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16450

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (cs)

Profile name : default
File : C:\Users\Spravce\AppData\Roaming\Mozilla\Firefox\Profiles\tzhlleg7.default\prefs.js

Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "about:blank");

*************************

AdwCleaner[R1].txt - [1754 octets] - [04/12/2012 20:17:39]
AdwCleaner[S1].txt - [1717 octets] - [04/12/2012 23:41:26]

########## EOF - C:\AdwCleaner[S1].txt - [1777 octets] ##########

[Drevorubec]

Log z Combofixu je toto:

ComboFix 12-12-04.01 - Spravce 04.12.2012 23:57:56.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.16366.14356 [GMT 1:00]
Spuštěný z: c:\users\Spravce\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Spravce\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\_MSRSTRT.EXE"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-04 do 2012-12-04 )))))))))))))))))))))))))))))))
.
.
2012-12-04 23:00 . 2012-12-04 23:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-04 23:00 . 2012-12-04 23:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-04 22:46 . 2012-12-04 22:46 -------- d-----w- c:\users\Spravce\AppData\Local\CrashDumps
2012-12-04 15:33 . 2012-12-04 15:33 -------- d-----w- c:\programdata\Kaspersky Lab
2012-12-04 15:10 . 2012-12-04 15:10 -------- d-----w- c:\users\Spravce\AppData\Local\Adobe
2012-12-04 14:41 . 2012-12-04 14:41 -------- d-----w- c:\users\Spravce\AppData\Roaming\Malwarebytes
2012-12-04 13:33 . 2012-12-04 13:33 -------- d-----w- c:\program files (x86)\Enigma Software Group
2012-12-04 13:19 . 2012-12-04 13:19 -------- d-----w- c:\program files\Enigma Software Group
2012-12-04 13:18 . 2012-12-04 13:33 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-12-04 13:05 . 2012-12-04 13:05 -------- d-----w- c:\programdata\Malwarebytes
2012-12-03 23:35 . 2012-12-03 23:35 -------- d-----w- c:\users\Spravce\AppData\Local\Downloaded Installations
2012-12-02 22:29 . 2012-12-02 22:29 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-11-25 13:51 . 2012-11-25 13:51 -------- d-----w- c:\users\Spravce\AppData\Local\Native Instruments
2012-11-25 13:48 . 2012-12-03 19:08 -------- d-----w- c:\program files\Native Instruments
2012-11-24 21:57 . 2012-11-25 13:48 -------- d-----w- c:\programdata\Native Instruments
2012-11-24 21:56 . 2012-12-03 19:09 -------- d-----w- c:\program files\Common Files\Native Instruments
2012-11-17 11:50 . 2012-01-22 11:03 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll
2012-11-14 03:16 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2947A055-AF15-4308-A148-4CB343FD0999}\mpengine.dll
2012-11-07 22:01 . 2012-11-07 22:05 -------- d-----w- c:\users\Spravce\AppData\Roaming\Audacity
2012-11-07 22:00 . 2012-11-07 22:00 -------- d-----w- c:\program files (x86)\Audacity
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-30 22:51 . 2012-01-20 20:44 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-01-20 20:44 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2012-01-20 20:44 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2012-01-20 20:43 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-01-20 20:44 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2012-01-20 20:43 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2012-01-20 20:43 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2012-01-20 20:43 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-27 17:18 . 2012-03-22 16:33 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-10-27 17:18 . 2012-03-22 16:33 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-10-27 17:18 . 2012-03-22 16:33 121880 ----a-w- c:\windows\system32\OpenAL32.dll
2012-10-27 17:18 . 2012-03-22 16:33 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-10-15 16:59 . 2012-04-13 23:30 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-13 23:25 . 2012-07-26 23:59 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-13 23:25 . 2012-07-26 16:48 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-27 22:18 . 2012-01-21 20:35 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-14 19:19 . 2012-10-24 14:33 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-24 14:33 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Spravce\AppData\Local\SwvUpdater ----
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 29184]
R3 esgiguard;esgiguard;c:\program files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-01-22 1038088]
R3 MSICDSetup;MSICDSetup;E:\CDriver64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-21 1255736]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-21 279616]
S1 Magic Tune;MagicTune;c:\windows\system32\Drivers\MtiCtwl.sys [2008-11-04 23096]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-08-15 7288424]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.46.172.36 192.168.0.1
FF - ProfilePath - c:\users\Spravce\AppData\Roaming\Mozilla\Firefox\Profiles\tzhlleg7.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: 2012-11-17 12:50; {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{01D57CF6-B5BC-4D03-AFF5-7960CFBD05A9} - c:\programdata\{9327ACE9-CC82-4A33-9B33-291ACA1E267B}\Guitar Rig 5 Setup PC.exe
AddRemove-{0886900B-B2F3-452C-B580-60F1253F7F80} - c:\programdata\{DCC412E7-393B-4016-91FB-9307F059AFB6}\Controller Editor Setup PC.exe
AddRemove-{0B8565BA-BAD5-4732-B122-5FD78EFC50A9} - c:\programdata\{49FAB1E7-7D4E-4015-BBCA-E52669133FB7}\Service Center Setup PC.exe
AddRemove-{2930FB47-6452-4476-BF16-D77F748646DB} - c:\programdata\{4F32CAF7-963B-404D-BF13-C48BA3F5F6A7}\GuitarRig Mobile IO Driver Setup.exe
AddRemove-{7930FB47-6452-4476-BF16-D77F748646DB} - c:\programdata\{AC46DC4F-66BD-4733-A8B4-0B69418C12D0}\Session IO Driver Setup.exe
AddRemove-{B962AD08-335F-46f7-A182-257D37672E5C} - c:\programdata\{EC98E512-708C-4C3B-9F07-B58768C1DD8A}\Rig Kontrol 3 Driver Setup.exe
AddRemove-{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E} - c:\programdata\{D69A48BF-7653-4AA8-94BC-5847522A4573}\Guitar Rig 4 Setup PC.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1723975183-3493544790-3980990944-1000\Software\SecuROM\License information*]
"datasecu"=hex:ad,b2,73,85,30,7e,53,51,bd,8a,79,95,96,57,60,06,52,52,63,63,b5,
94,f8,cd,e2,70,a1,d3,ee,b3,70,f7,4e,b4,99,82,c0,7d,1f,9e,8a,8b,c4,2f,81,3e,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Celkový čas: 2012-12-05 00:01:18
ComboFix-quarantined-files.txt 2012-12-04 23:01
ComboFix2.txt 2012-12-04 22:54
ComboFix3.txt 2012-12-04 19:01
.
Před spuštěním: Volných bajtů: 12 225 441 792
Po spuštění: Volných bajtů: 12 160 036 864
.
- - End Of File - - 08C9E0E31A9FFE9A8DC0831C2F6ABFFE

[Drevorubec]

Log z Hijacku je toto:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:03:19, on 5.12.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Spravce\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKUS\S-1-5-21-1723975183-3493544790-3980990944-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5222 bytes

[Drevorubec]

Log z ASW je toto:

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-05 00:04:52
-----------------------------
00:04:52.854 OS Version: Windows x64 6.1.7601 Service Pack 1
00:04:52.854 Number of processors: 4 586 0x2A07
00:04:52.854 ComputerName: SPRAVCE-PC UserName: Spravce
00:04:53.587 Initialize success
00:04:53.634 AVAST engine defs: 12120400
00:04:54.741 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
00:04:54.741 Disk 0 Vendor: WDC_WD5000AAVS-00ZTB0 01.01B01 Size: 476940MB BusType: 3
00:04:54.757 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
00:04:54.757 Disk 1 Vendor: SAMSUNG_HD502HI 1AG01113 Size: 476940MB BusType: 3
00:04:54.772 Disk 0 MBR read successfully
00:04:54.772 Disk 0 MBR scan
00:04:54.772 Disk 0 Windows 7 default MBR code
00:04:54.788 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
00:04:54.788 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 59900 MB offset 206848
00:04:54.804 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 416937 MB offset 122882048
00:04:54.835 Disk 0 scanning C:\Windows\system32\drivers
00:04:59.764 Service scanning
00:05:11.777 Modules scanning
00:05:12.276 Disk 0 trace - called modules:
00:05:12.291 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
00:05:12.291 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800deb2060]
00:05:12.291 3 CLASSPNP.SYS[fffff8800185243f] -> nt!IofCallDriver -> [0xfffffa800db644b0]
00:05:12.291 5 ACPI.sys[fffff88000f997a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa800db4e680]
00:05:12.572 AVAST engine scan C:\Windows
00:05:13.742 AVAST engine scan C:\Windows\system32
00:06:39.199 AVAST engine scan C:\Windows\system32\drivers
00:06:45.657 AVAST engine scan C:\Users\Spravce
00:08:01.130 AVAST engine scan C:\ProgramData
00:08:31.223 Scan finished successfully
00:10:37.864 Disk 0 MBR has been saved successfully to "C:\Users\Spravce\Desktop\MBR.dat"
00:10:37.864 The log file has been saved successfully to "C:\Users\Spravce\Desktop\aswMBR.txt"


Děkuji za kontrolu logu!

[jaro3]

c:\users\Spravce\AppData\Local\SwvUpdater--tuto složku smaž!


ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem

Stáhni si OTC

na plochu. Poklepej na něj. Potom klikni na Clean up!.
Restartuj PC , pokud Ti bude doporučeno.

Aktualizuj javu:
Java SE Runtime Environment 7

Klikni na Accept License Agreement
Vyber si OS (Windows nebo Windows x64, Offline Installation)
jre-7-windows-i586-p.exe nebo
jre-7-windows-x64.exe
Stáhni ( download) a nainstaluj.
Ostatní javy odeber v přidat/odebrat programy.

Jak to vypadá nyní?

[Drevorubec]

Ahojek! Dobrý den! Děkuji za odpověď!

Jenomže tam žádná taková složka není

Systém jsem vyčistil. Použil jsem OTC. Aktualizoval jsem javu. Odstranil jsem původní javu.

Browser vypadá dobře (záložky), ale jsou zde sporné body: Mám tam doplněk Java Deployment kit 6.0.300.12, což je java, ale nepodařilo se mi ji dát pryč (ono to ani nejde, odinstalovat plugin z firefoxu). Dále mám doplněk Java Platform SE 6 U30 6.0.300.12, který je sám od sebe zastavený s vykřičníkem (ne až od teď, ale již od dřív), protože prý způsobuje bezpečnostní a výkonové problémy Nu, a pak ještě ta složka, kterou mám vymazat, ale nikde není A to je asi vše