14:08:27.0482 1824 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
14:08:27.0482 1824 msisadrv - ok
14:08:27.0513 1824 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:08:27.0513 1824 MSiSCSI - ok
14:08:27.0529 1824 msiserver - ok
14:08:27.0544 1824 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:08:27.0544 1824 MSKSSRV - ok
14:08:27.0560 1824 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:08:27.0576 1824 MSPCLOCK - ok
14:08:27.0591 1824 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:08:27.0591 1824 MSPQM - ok
14:08:27.0622 1824 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:08:27.0622 1824 MsRPC - ok
14:08:27.0638 1824 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:08:27.0638 1824 mssmbios - ok
14:08:27.0638 1824 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:08:27.0638 1824 MSTEE - ok
14:08:27.0669 1824 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
14:08:27.0669 1824 MTConfig - ok
14:08:27.0700 1824 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
14:08:27.0700 1824 Mup - ok
14:08:27.0732 1824 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
14:08:27.0778 1824 napagent - ok
14:08:27.0825 1824 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:08:27.0841 1824 NativeWifiP - ok
14:08:27.0872 1824 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:08:27.0888 1824 NDIS - ok
14:08:27.0903 1824 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:08:27.0903 1824 NdisCap - ok
14:08:27.0934 1824 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:08:27.0934 1824 NdisTapi - ok
14:08:27.0950 1824 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:08:27.0950 1824 Ndisuio - ok
14:08:27.0966 1824 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:08:27.0966 1824 NdisWan - ok
14:08:27.0981 1824 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:08:27.0981 1824 NDProxy - ok
14:08:27.0997 1824 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:08:27.0997 1824 NetBIOS - ok
14:08:28.0012 1824 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:08:28.0012 1824 NetBT - ok
14:08:28.0044 1824 [ F42309C4191C506B71DB5D1126D26318 ] Netlogon C:\Windows\system32\lsass.exe
14:08:28.0044 1824 Netlogon - ok
14:08:28.0090 1824 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
14:08:28.0106 1824 Netman - ok
14:08:28.0122 1824 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
14:08:28.0122 1824 netprofm - ok
14:08:28.0168 1824 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:08:28.0168 1824 NetTcpPortSharing - ok
14:08:28.0200 1824 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
14:08:28.0200 1824 nfrd960 - ok
14:08:28.0231 1824 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
14:08:28.0231 1824 NlaSvc - ok
14:08:28.0262 1824 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:08:28.0262 1824 Npfs - ok
14:08:28.0278 1824 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
14:08:28.0278 1824 nsi - ok
14:08:28.0293 1824 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:08:28.0293 1824 nsiproxy - ok
14:08:28.0340 1824 [ 3795DCD21F740EE799FB7223234215AF ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:08:28.0340 1824 Ntfs - ok
14:08:28.0356 1824 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
14:08:28.0356 1824 Null - ok
14:08:28.0402 1824 [ B5E37E31C053BC9950455A257526514B ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys
14:08:28.0402 1824 NVENETFD - ok
14:08:28.0761 1824 [ BD409DE5681C74C1DE51D72427DC202D ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:08:28.0839 1824 nvlddmkm - ok
14:08:28.0902 1824 [ 3F3D04B1D08D43C16EA7963954EC768D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
14:08:28.0902 1824 nvraid - ok
14:08:28.0933 1824 [ C99F251A5DE63C6F129CF71933ACED0F ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
14:08:28.0933 1824 nvstor - ok
14:08:28.0980 1824 [ E55877BE77A8A31B0416B4E7C3DBE3F2 ] NVSvc C:\Windows\system32\nvvsvc.exe
14:08:28.0980 1824 NVSvc - ok
14:08:29.0026 1824 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
14:08:29.0026 1824 nv_agp - ok
14:08:29.0042 1824 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
14:08:29.0042 1824 ohci1394 - ok
14:08:29.0073 1824 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:08:29.0073 1824 ose - ok
14:08:29.0120 1824 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:08:29.0136 1824 p2pimsvc - ok
14:08:29.0167 1824 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
14:08:29.0214 1824 p2psvc - ok
14:08:29.0229 1824 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:08:29.0229 1824 Parport - ok
14:08:29.0260 1824 [ FF4218952B51DE44FE910953A3E686B9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:08:29.0260 1824 partmgr - ok
14:08:29.0276 1824 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
14:08:29.0276 1824 Parvdm - ok
14:08:29.0292 1824 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:08:29.0307 1824 PcaSvc - ok
14:08:29.0323 1824 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys
14:08:29.0323 1824 pci - ok
14:08:29.0338 1824 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys
14:08:29.0338 1824 pciide - ok
14:08:29.0370 1824 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:08:29.0370 1824 pcmcia - ok
14:08:29.0401 1824 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
14:08:29.0401 1824 pcw - ok
14:08:29.0432 1824 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:08:29.0432 1824 PEAUTH - ok
14:08:29.0479 1824 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
14:08:29.0494 1824 PeerDistSvc - ok
14:08:29.0588 1824 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
14:08:29.0650 1824 pla - ok
14:08:29.0682 1824 [ 2CC2008F1296968FBA162ED9F9AFE328 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:08:29.0697 1824 PlugPlay - ok
14:08:29.0713 1824 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:08:29.0713 1824 PNRPAutoReg - ok
14:08:29.0744 1824 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:08:29.0744 1824 PNRPsvc - ok
14:08:29.0775 1824 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:08:29.0791 1824 PolicyAgent - ok
14:08:29.0806 1824 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
14:08:29.0806 1824 Power - ok
14:08:29.0838 1824 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:08:29.0853 1824 PptpMiniport - ok
14:08:29.0853 1824 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:08:29.0869 1824 Processor - ok
14:08:29.0884 1824 [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc C:\Windows\system32\profsvc.dll
14:08:29.0884 1824 ProfSvc - ok
14:08:29.0900 1824 [ F42309C4191C506B71DB5D1126D26318 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:08:29.0900 1824 ProtectedStorage - ok
14:08:29.0931 1824 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:08:29.0931 1824 Psched - ok
14:08:29.0978 1824 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:08:29.0994 1824 ql2300 - ok
14:08:30.0009 1824 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:08:30.0025 1824 ql40xx - ok
14:08:30.0040 1824 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
14:08:30.0056 1824 QWAVE - ok
14:08:30.0072 1824 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:08:30.0072 1824 QWAVEdrv - ok
14:08:30.0072 1824 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:08:30.0087 1824 RasAcd - ok
14:08:30.0103 1824 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:08:30.0103 1824 RasAgileVpn - ok
14:08:30.0118 1824 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
14:08:30.0134 1824 RasAuto - ok
14:08:30.0150 1824 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:08:30.0150 1824 Rasl2tp - ok
14:08:30.0212 1824 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
14:08:30.0243 1824 RasMan - ok
14:08:30.0274 1824 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:08:30.0274 1824 RasPppoe - ok
14:08:30.0290 1824 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:08:30.0290 1824 RasSstp - ok
14:08:30.0321 1824 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:08:30.0321 1824 rdbss - ok
14:08:30.0337 1824 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:08:30.0337 1824 rdpbus - ok
14:08:30.0337 1824 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:08:30.0352 1824 RDPCDD - ok
14:08:30.0368 1824 [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
14:08:30.0368 1824 RDPDR - ok
14:08:30.0384 1824 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:08:30.0384 1824 RDPENCDD - ok
14:08:30.0399 1824 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:08:30.0399 1824 RDPREFMP - ok
14:08:30.0415 1824 [ 801371BA9782282892D00AADB08EE367 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:08:30.0430 1824 RDPWD - ok
14:08:30.0430 1824 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:08:30.0430 1824 rdyboost - ok
14:08:30.0462 1824 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
14:08:30.0462 1824 RemoteAccess - ok
14:08:30.0493 1824 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:08:30.0493 1824 RemoteRegistry - ok
14:08:30.0508 1824 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:08:30.0524 1824 RpcEptMapper - ok
14:08:30.0555 1824 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
14:08:30.0555 1824 RpcLocator - ok
14:08:30.0586 1824 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
14:08:30.0602 1824 RpcSs - ok
14:08:30.0618 1824 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:08:30.0618 1824 rspndr - ok
14:08:30.0664 1824 [ 247B0A8164069CD4FE6F3094C581B13B ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
14:08:30.0680 1824 RSUSBSTOR - ok
14:08:30.0696 1824 [ 5423D8437051E89DD34749F242C98648 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
14:08:30.0711 1824 s3cap - ok
14:08:30.0742 1824 [ F42309C4191C506B71DB5D1126D26318 ] SamSs C:\Windows\system32\lsass.exe
14:08:30.0742 1824 SamSs - ok
14:08:30.0774 1824 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
14:08:30.0774 1824 sbp2port - ok
14:08:30.0805 1824 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:08:30.0820 1824 SCardSvr - ok
14:08:30.0836 1824 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:08:30.0836 1824 scfilter - ok
14:08:30.0867 1824 [ 3E8B0C453E25613A1F59762A5C42AA75 ] Schedule C:\Windows\system32\schedsvc.dll
14:08:30.0898 1824 Schedule - ok
14:08:30.0930 1824 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
14:08:30.0930 1824 SCPolicySvc - ok
14:08:30.0945 1824 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:08:30.0945 1824 SDRSVC - ok
14:08:30.0976 1824 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:08:30.0976 1824 secdrv - ok
14:08:30.0992 1824 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
14:08:31.0008 1824 seclogon - ok
14:08:31.0023 1824 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
14:08:31.0039 1824 SENS - ok
14:08:31.0054 1824 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:08:31.0054 1824 SensrSvc - ok
14:08:31.0086 1824 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:08:31.0086 1824 Serenum - ok
14:08:31.0101 1824 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:08:31.0101 1824 Serial - ok
14:08:31.0117 1824 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:08:31.0117 1824 sermouse - ok
14:08:31.0164 1824 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
14:08:31.0164 1824 SessionEnv - ok
14:08:31.0179 1824 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
14:08:31.0179 1824 sffdisk - ok
14:08:31.0195 1824 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
14:08:31.0195 1824 sffp_mmc - ok
14:08:31.0210 1824 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
14:08:31.0210 1824 sffp_sd - ok
14:08:31.0210 1824 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:08:31.0210 1824 sfloppy - ok
14:08:31.0273 1824 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:08:31.0273 1824 SharedAccess - ok
14:08:31.0304 1824 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:08:31.0320 1824 ShellHWDetection - ok
14:08:31.0335 1824 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
14:08:31.0335 1824 sisagp - ok
14:08:31.0366 1824 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:08:31.0366 1824 SiSRaid2 - ok
14:08:31.0382 1824 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:08:31.0382 1824 SiSRaid4 - ok
14:08:31.0460 1824 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
14:08:31.0460 1824 SkypeUpdate - ok
14:08:31.0507 1824 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:08:31.0507 1824 Smb - ok
14:08:31.0554 1824 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:08:31.0569 1824 SNMPTRAP - ok
14:08:31.0585 1824 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
14:08:31.0585 1824 spldr - ok
14:08:31.0616 1824 [ 49B6DD6AB3715B7A67965F17194E98A9 ] Spooler C:\Windows\System32\spoolsv.exe
14:08:31.0632 1824 Spooler - ok
14:08:31.0741 1824 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
14:08:31.0834 1824 sppsvc - ok
14:08:31.0850 1824 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:08:31.0866 1824 sppuinotify - ok
14:08:31.0881 1824 [ 2BA4EBC7DFBA845A1EDBE1F75913BE33 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:08:31.0881 1824 srv - ok
14:08:31.0897 1824 [ DCE7E10FEAABD4CAE95948B3DE5340BB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:08:31.0897 1824 srv2 - ok
14:08:31.0944 1824 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
14:08:31.0944 1824 SrvHsfHDA - ok
14:08:31.0990 1824 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
14:08:31.0990 1824 SrvHsfV92 - ok
14:08:32.0022 1824 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
14:08:32.0022 1824 SrvHsfWinac - ok
14:08:32.0037 1824 [ B5665BAA2120B8A54E22E9CD07C05106 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:08:32.0037 1824 srvnet - ok
14:08:32.0053 1824 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:08:32.0053 1824 SSDPSRV - ok
14:08:32.0068 1824 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:08:32.0084 1824 SstpSvc - ok
14:08:32.0162 1824 [ 8D01686AE82B466F4CD074F31F2942CA ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:08:32.0162 1824 Stereo Service - ok
14:08:32.0193 1824 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:08:32.0193 1824 stexstor - ok
14:08:32.0240 1824 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
14:08:32.0271 1824 StiSvc - ok
14:08:32.0287 1824 [ 957E346CA948668F2496A6CCF6FF82CC ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
14:08:32.0302 1824 storflt - ok
14:08:32.0318 1824 [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
14:08:32.0318 1824 storvsc - ok
14:08:32.0334 1824 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:08:32.0334 1824 swenum - ok
14:08:32.0365 1824 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
14:08:32.0380 1824 swprv - ok
14:08:32.0427 1824 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
14:08:32.0474 1824 SysMain - ok
14:08:32.0505 1824 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:08:32.0505 1824 TabletInputService - ok
14:08:32.0536 1824 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
14:08:32.0552 1824 TapiSrv - ok
14:08:32.0568 1824 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
14:08:32.0583 1824 TBS - ok
14:08:32.0630 1824 [ 2CC3D75488ABD3EC628BBB9A4FC84EFC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:08:32.0630 1824 Tcpip - ok
14:08:32.0692 1824 [ 2CC3D75488ABD3EC628BBB9A4FC84EFC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:08:32.0692 1824 TCPIP6 - ok
14:08:32.0708 1824 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:08:32.0708 1824 tcpipreg - ok
14:08:32.0739 1824 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:08:32.0739 1824 TDPIPE - ok
14:08:32.0755 1824 [ 7551E91EA999EE9A8E9C331D5A9C31F3 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:08:32.0755 1824 TDTCP - ok
14:08:32.0786 1824 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:08:32.0786 1824 tdx - ok
14:08:32.0802 1824 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:08:32.0802 1824 TermDD - ok
14:08:32.0848 1824 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
14:08:32.0848 1824 TermService - ok
14:08:32.0880 1824 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
14:08:32.0880 1824 Themes - ok
14:08:32.0895 1824 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
14:08:32.0895 1824 THREADORDER - ok
14:08:32.0926 1824 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
14:08:32.0926 1824 TrkWks - ok
14:08:32.0989 1824 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:08:32.0989 1824 TrustedInstaller - ok
14:08:33.0036 1824 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:08:33.0036 1824 tssecsrv - ok
14:08:33.0098 1824 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:08:33.0098 1824 tunnel - ok
14:08:33.0129 1824 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:08:33.0129 1824 uagp35 - ok
14:08:33.0145 1824 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:08:33.0160 1824 udfs - ok
14:08:33.0176 1824 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:08:33.0192 1824 UI0Detect - ok
14:08:33.0207 1824 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
14:08:33.0223 1824 uliagpkx - ok
14:08:33.0238 1824 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:08:33.0254 1824 umbus - ok
14:08:33.0270 1824 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:08:33.0270 1824 UmPass - ok
14:08:33.0285 1824 [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService C:\Windows\System32\umrdp.dll
14:08:33.0301 1824 UmRdpService - ok
14:08:33.0316 1824 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
14:08:33.0348 1824 upnphost - ok
14:08:33.0363 1824 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:08:33.0363 1824 usbccgp - ok
14:08:33.0379 1824 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
14:08:33.0379 1824 usbcir - ok
14:08:33.0394 1824 [ 1C333BFD60F2FED2C7AD5DAF533CB742 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:08:33.0394 1824 usbehci - ok
14:08:33.0410 1824 [ EE6EF93CCFA94FAE8C6AB298273D8AE2 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:08:33.0426 1824 usbhub - ok
14:08:33.0426 1824 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
14:08:33.0426 1824 usbohci - ok
14:08:33.0457 1824 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:08:33.0457 1824 usbprint - ok
14:08:33.0472 1824 [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:08:33.0472 1824 USBSTOR - ok
14:08:33.0488 1824 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
14:08:33.0488 1824 usbuhci - ok
14:08:33.0519 1824 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
14:08:33.0519 1824 UxSms - ok
14:08:33.0535 1824 [ F42309C4191C506B71DB5D1126D26318 ] VaultSvc C:\Windows\system32\lsass.exe
14:08:33.0535 1824 VaultSvc - ok
14:08:33.0550 1824 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
14:08:33.0550 1824 vdrvroot - ok
14:08:33.0582 1824 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
14:08:33.0582 1824 vds - ok
14:08:33.0597 1824 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:08:33.0597 1824 vga - ok
14:08:33.0613 1824 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
14:08:33.0613 1824 VgaSave - ok
14:08:33.0644 1824 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
14:08:33.0644 1824 vhdmp - ok
14:08:33.0660 1824 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
14:08:33.0660 1824 viaagp - ok
14:08:33.0675 1824 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
14:08:33.0675 1824 ViaC7 - ok
14:08:33.0691 1824 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys
14:08:33.0691 1824 viaide - ok
14:08:33.0722 1824 [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
14:08:33.0722 1824 vmbus - ok
14:08:33.0738 1824 [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
14:08:33.0738 1824 VMBusHID - ok
14:08:33.0753 1824 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
14:08:33.0769 1824 volmgr - ok
14:08:33.0784 1824 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:08:33.0784 1824 volmgrx - ok
14:08:33.0800 1824 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
14:08:33.0800 1824 volsnap - ok
14:08:33.0831 1824 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:08:33.0831 1824 vsmraid - ok
14:08:33.0909 1824 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
14:08:33.0940 1824 VSS - ok
14:08:33.0956 1824 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:08:33.0972 1824 vwifibus - ok
14:08:34.0003 1824 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:08:34.0003 1824 vwififlt - ok
14:08:34.0018 1824 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
14:08:34.0034 1824 W32Time - ok
14:08:34.0050 1824 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:08:34.0050 1824 WacomPen - ok
14:08:34.0096 1824 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:08:34.0096 1824 WANARP - ok
14:08:34.0096 1824 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:08:34.0096 1824 Wanarpv6 - ok
14:08:34.0159 1824 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
14:08:34.0174 1824 wbengine - ok
14:08:34.0190 1824 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:08:34.0221 1824 WbioSrvc - ok
14:08:34.0252 1824 [ D0F88AA11EE1A62BCC6D6A8A7783CA11 ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:08:34.0268 1824 wcncsvc - ok
14:08:34.0284 1824 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:08:34.0299 1824 WcsPlugInService - ok
14:08:34.0315 1824 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:08:34.0315 1824 Wd - ok
14:08:34.0346 1824 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:08:34.0346 1824 Wdf01000 - ok
14:08:34.0362 1824 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:08:34.0362 1824 WdiServiceHost - ok
14:08:34.0377 1824 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:08:34.0377 1824 WdiSystemHost - ok
14:08:34.0408 1824 [ D87C7D2C517F82A5AB7A73E203063D9E ] WebClient C:\Windows\System32\webclnt.dll
14:08:34.0408 1824 WebClient - ok
14:08:34.0440 1824 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:08:34.0440 1824 Wecsvc - ok
14:08:34.0471 1824 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:08:34.0471 1824 wercplsupport - ok
14:08:34.0502 1824 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
14:08:34.0518 1824 WerSvc - ok
14:08:34.0533 1824 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:08:34.0549 1824 WfpLwf - ok
14:08:34.0564 1824 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:08:34.0564 1824 WIMMount - ok
14:08:34.0627 1824 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
14:08:34.0642 1824 WinDefend - ok
14:08:34.0658 1824 WinHttpAutoProxySvc - ok
14:08:34.0736 1824 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:08:34.0752 1824 Winmgmt - ok
14:08:34.0798 1824 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
14:08:34.0814 1824 WinRM - ok
14:08:34.0845 1824 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:08:34.0861 1824 WinUsb - ok
14:08:34.0892 1824 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:08:34.0923 1824 Wlansvc - ok
14:08:34.0954 1824 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
14:08:34.0954 1824 WmiAcpi - ok
14:08:34.0986 1824 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:08:34.0986 1824 wmiApSrv - ok
14:08:35.0064 1824 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
14:08:35.0079 1824 WMPNetworkSvc - ok
14:08:35.0110 1824 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:08:35.0142 1824 WPCSvc - ok
14:08:35.0157 1824 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:08:35.0173 1824 WPDBusEnum - ok
14:08:35.0188 1824 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:08:35.0188 1824 ws2ifsl - ok
14:08:35.0204 1824 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
14:08:35.0220 1824 wscsvc - ok
14:08:35.0220 1824 WSearch - ok
14:08:35.0298 1824 [ A33408CC036F9C08142B11BE5E93F0A1 ] wuauserv C:\Windows\system32\wuaueng.dll
14:08:35.0313 1824 wuauserv - ok
14:08:35.0344 1824 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:08:35.0344 1824 WudfPf - ok
14:08:35.0376 1824 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:08:35.0391 1824 WUDFRd - ok
14:08:35.0422 1824 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:08:35.0438 1824 wudfsvc - ok
14:08:35.0454 1824 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
14:08:35.0469 1824 WwanSvc - ok
14:08:35.0485 1824 ================ Scan global ===============================
14:08:35.0532 1824 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
14:08:35.0547 1824 [ 827E4F75901CA3F990B1487D3301841E ] C:\Windows\system32\winsrv.dll
14:08:35.0563 1824 [ 827E4F75901CA3F990B1487D3301841E ] C:\Windows\system32\winsrv.dll
14:08:35.0610 1824 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
14:08:35.0641 1824 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
14:08:35.0641 1824 [Global] - ok
14:08:35.0641 1824 ================ Scan MBR ==================================
14:08:35.0656 1824 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:08:35.0844 1824 \Device\Harddisk0\DR0 - ok
14:08:35.0844 1824 ================ Scan VBR ==================================
14:08:35.0859 1824 [ 9DFA8BFDDD2B2E2CC615E630CFD5FD54 ] \Device\Harddisk0\DR0\Partition1
14:08:35.0859 1824 \Device\Harddisk0\DR0\Partition1 - ok
14:08:35.0875 1824 [ A2A29AD740488A1CC3E2FEF4A7EECC24 ] \Device\Harddisk0\DR0\Partition2
14:08:35.0875 1824 \Device\Harddisk0\DR0\Partition2 - ok
14:08:35.0890 1824 [ A65537265D6E07CC14C550A1E4D36766 ] \Device\Harddisk0\DR0\Partition3
14:08:35.0890 1824 \Device\Harddisk0\DR0\Partition3 - ok
14:08:35.0890 1824 ============================================================
14:08:35.0890 1824 Scan finished
14:08:35.0890 1824 ============================================================
14:08:35.0937 1052 Detected object count: 0
14:08:35.0937 1052 Actual detected object count: 0
14:08:43.0943 1984 Deinitialize success
prosim o kontrolu logu vo pred dik
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosim o kontrolu logu vo pred dik
Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje "Smazání skončeno "
- Klikni na "Zprávy " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje "Smazání skončeno "
- Klikni na "Zprávy " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: prosim o kontrolu logu vo pred dik
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/fi ... guekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : Monika [Admin rights]
Mode : Remove -- Date : 05/12/2013 10:47:53
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD2500BEVS-22UST0 ATA Device +++++
--- User ---
[MBR] f22b398378269d76867b6c6795be1f6f
[BSP] a4811d90cc4e4ecf4387b09c23876b46 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 40374 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 82892800 | Size: 197999 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[4]_D_05122013_02d1047.txt >>
RKreport[1]_S_05112013_02d1400.txt ; RKreport[2]_S_05112013_02d1405.txt ; RKreport[3]_S_05122013_02d1046.txt ; RKreport[4]_D_05122013_02d1047.txt
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/fi ... guekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : Monika [Admin rights]
Mode : Remove -- Date : 05/12/2013 10:47:53
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD2500BEVS-22UST0 ATA Device +++++
--- User ---
[MBR] f22b398378269d76867b6c6795be1f6f
[BSP] a4811d90cc4e4ecf4387b09c23876b46 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 40374 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 82892800 | Size: 197999 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[4]_D_05122013_02d1047.txt >>
RKreport[1]_S_05112013_02d1400.txt ; RKreport[2]_S_05112013_02d1405.txt ; RKreport[3]_S_05122013_02d1046.txt ; RKreport[4]_D_05122013_02d1047.txt
Re: prosim o kontrolu logu vo pred dik
ComboFix 13-05-11.01 - Monika . 05. 2013 11:07:02.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1033.18.2047.1104 [GMT 2:00]
Running from: c:\users\Monika\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-04-12 to 2013-05-12 )))))))))))))))))))))))))))))))
.
.
2013-05-12 09:15 . 2013-05-12 09:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-12 08:27 . 2013-05-12 08:27 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD450587-AD4F-4EA2-8EB7-2B1D1599CFA2}\offreg.dll
2013-05-11 11:10 . 2013-05-11 11:10 97 ----a-w- c:\windows\DeleteOnReboot.bat
2013-05-11 10:26 . 2013-05-11 10:26 -------- d-----w- c:\programdata\BrowserProtect
2013-05-11 10:25 . 2013-05-11 10:26 -------- d-----w- c:\program files\CrystalDiskInfo
2013-05-11 10:05 . 2013-05-11 10:05 -------- d-----w- c:\users\Monika\AppData\Roaming\Malwarebytes
2013-05-11 10:04 . 2013-05-11 10:04 -------- d-----w- c:\programdata\Malwarebytes
2013-05-11 10:04 . 2013-05-11 10:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-11 10:04 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-11 10:04 . 2013-05-11 10:04 -------- d-----w- c:\users\Monika\AppData\Local\Programs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-25 18:35 . 2012-02-21 16:36 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2013-03-24 09:15 . 2012-02-09 18:40 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2013-03-24 09:15 . 2012-02-09 18:40 458064 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-03-22 12:00 . 2012-03-08 16:18 458064 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-21 08:07 . 2011-12-25 17:32 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
"Mobile Partner"="c:\program files\Mobile Partner\Mobile Partner.exe" [2009-06-15 114688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TaskTray"="" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-12-23 9972328]
"fspuip"="c:\program files\FSP\fspuip.exe" [2010-06-07 3371008]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 fspad_wlh32;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\DRIVERS\fspad_wlh32.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - TrueSight
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-26 09:25]
.
2013-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-26 09:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 217.119.113.244 87.244.248.13 217.119.113.245
FF - ProfilePath - c:\users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\7nda640f.default\
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-12 11:17:14
ComboFix-quarantined-files.txt 2013-05-12 09:17
.
Pre-Run: 20 147 978 240 bytes free
Post-Run: 20 100 972 544 bytes free
.
- - End Of File - - 1A43668FE89CE69621E4301B2754C0AA
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1033.18.2047.1104 [GMT 2:00]
Running from: c:\users\Monika\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-04-12 to 2013-05-12 )))))))))))))))))))))))))))))))
.
.
2013-05-12 09:15 . 2013-05-12 09:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-12 08:27 . 2013-05-12 08:27 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD450587-AD4F-4EA2-8EB7-2B1D1599CFA2}\offreg.dll
2013-05-11 11:10 . 2013-05-11 11:10 97 ----a-w- c:\windows\DeleteOnReboot.bat
2013-05-11 10:26 . 2013-05-11 10:26 -------- d-----w- c:\programdata\BrowserProtect
2013-05-11 10:25 . 2013-05-11 10:26 -------- d-----w- c:\program files\CrystalDiskInfo
2013-05-11 10:05 . 2013-05-11 10:05 -------- d-----w- c:\users\Monika\AppData\Roaming\Malwarebytes
2013-05-11 10:04 . 2013-05-11 10:04 -------- d-----w- c:\programdata\Malwarebytes
2013-05-11 10:04 . 2013-05-11 10:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-11 10:04 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-11 10:04 . 2013-05-11 10:04 -------- d-----w- c:\users\Monika\AppData\Local\Programs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-25 18:35 . 2012-02-21 16:36 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2013-03-24 09:15 . 2012-02-09 18:40 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2013-03-24 09:15 . 2012-02-09 18:40 458064 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-03-22 12:00 . 2012-03-08 16:18 458064 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-21 08:07 . 2011-12-25 17:32 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
"Mobile Partner"="c:\program files\Mobile Partner\Mobile Partner.exe" [2009-06-15 114688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TaskTray"="" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-12-23 9972328]
"fspuip"="c:\program files\FSP\fspuip.exe" [2010-06-07 3371008]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 fspad_wlh32;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\DRIVERS\fspad_wlh32.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - TrueSight
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-26 09:25]
.
2013-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-26 09:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 217.119.113.244 87.244.248.13 217.119.113.245
FF - ProfilePath - c:\users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\7nda640f.default\
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-12 11:17:14
ComboFix-quarantined-files.txt 2013-05-12 09:17
.
Pre-Run: 20 147 978 240 bytes free
Post-Run: 20 100 972 544 bytes free
.
- - End Of File - - 1A43668FE89CE69621E4301B2754C0AA
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: prosim o kontrolu logu vo pred dik
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upus.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
Driver::
SkypeUpdate
Folder::
c:\program files\Skype\Updater
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
Firefox::
FF - ProfilePath - c:\users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\7nda640f.default\
FF - prefs.js: network.proxy.type - 0
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upus.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: prosim o kontrolu logu vo pred dik
ComboFix 13-05-11.01 - Monika . 05. 2013 15:00:42.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1033.18.2047.1225 [GMT 2:00]
Running from: c:\users\Monika\Desktop\ComboFix.exe
Command switches used :: c:\users\Monika\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.dll
c:\program files\Skype\Updater\Updater.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Files Created from 2013-04-13 to 2013-05-13 )))))))))))))))))))))))))))))))
.
.
2013-05-13 13:07 . 2013-05-13 13:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-13 12:41 . 2013-05-13 12:41 -------- d-----w- c:\users\Monika\AppData\Local\Adobe
2013-05-13 12:15 . 2013-05-13 13:09 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD450587-AD4F-4EA2-8EB7-2B1D1599CFA2}\offreg.dll
2013-05-11 11:10 . 2013-05-11 11:10 97 ----a-w- c:\windows\DeleteOnReboot.bat
2013-05-11 10:26 . 2013-05-11 10:26 -------- d-----w- c:\programdata\BrowserProtect
2013-05-11 10:25 . 2013-05-11 10:26 -------- d-----w- c:\program files\CrystalDiskInfo
2013-05-11 10:05 . 2013-05-11 10:05 -------- d-----w- c:\users\Monika\AppData\Roaming\Malwarebytes
2013-05-11 10:04 . 2013-05-11 10:04 -------- d-----w- c:\programdata\Malwarebytes
2013-05-11 10:04 . 2013-05-11 10:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-11 10:04 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-11 10:04 . 2013-05-11 10:04 -------- d-----w- c:\users\Monika\AppData\Local\Programs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-25 18:35 . 2012-02-21 16:36 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2013-03-24 09:15 . 2012-02-09 18:40 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2013-03-24 09:15 . 2012-02-09 18:40 458064 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-03-22 12:00 . 2012-03-08 16:18 458064 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-21 08:07 . 2011-12-25 17:32 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
"Mobile Partner"="c:\program files\Mobile Partner\Mobile Partner.exe" [2009-06-15 114688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TaskTray"="" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-12-23 9972328]
"fspuip"="c:\program files\FSP\fspuip.exe" [2010-06-07 3371008]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 fspad_wlh32;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\DRIVERS\fspad_wlh32.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-26 09:25]
.
2013-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-26 09:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 217.119.113.244 87.244.248.13 217.119.113.245
FF - ProfilePath - c:\users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\7nda640f.default\
.
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\system32\sppsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2013-05-13 15:13:16 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-13 13:13
ComboFix2.txt 2013-05-12 09:17
.
Pre-Run: 19 211 366 400 bytes free
Post-Run: 19 061 059 584 bytes free
.
- - End Of File - - E40DC130CD9B30108350081CF590A100
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1033.18.2047.1225 [GMT 2:00]
Running from: c:\users\Monika\Desktop\ComboFix.exe
Command switches used :: c:\users\Monika\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Skype\Updater
c:\program files\Skype\Updater\Updater.dll
c:\program files\Skype\Updater\Updater.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Files Created from 2013-04-13 to 2013-05-13 )))))))))))))))))))))))))))))))
.
.
2013-05-13 13:07 . 2013-05-13 13:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-13 12:41 . 2013-05-13 12:41 -------- d-----w- c:\users\Monika\AppData\Local\Adobe
2013-05-13 12:15 . 2013-05-13 13:09 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD450587-AD4F-4EA2-8EB7-2B1D1599CFA2}\offreg.dll
2013-05-11 11:10 . 2013-05-11 11:10 97 ----a-w- c:\windows\DeleteOnReboot.bat
2013-05-11 10:26 . 2013-05-11 10:26 -------- d-----w- c:\programdata\BrowserProtect
2013-05-11 10:25 . 2013-05-11 10:26 -------- d-----w- c:\program files\CrystalDiskInfo
2013-05-11 10:05 . 2013-05-11 10:05 -------- d-----w- c:\users\Monika\AppData\Roaming\Malwarebytes
2013-05-11 10:04 . 2013-05-11 10:04 -------- d-----w- c:\programdata\Malwarebytes
2013-05-11 10:04 . 2013-05-11 10:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-11 10:04 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-11 10:04 . 2013-05-11 10:04 -------- d-----w- c:\users\Monika\AppData\Local\Programs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-25 18:35 . 2012-02-21 16:36 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2013-03-24 09:15 . 2012-02-09 18:40 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2013-03-24 09:15 . 2012-02-09 18:40 458064 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-03-22 12:00 . 2012-03-08 16:18 458064 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-21 08:07 . 2011-12-25 17:32 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
"Mobile Partner"="c:\program files\Mobile Partner\Mobile Partner.exe" [2009-06-15 114688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TaskTray"="" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-12-23 9972328]
"fspuip"="c:\program files\FSP\fspuip.exe" [2010-06-07 3371008]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 fspad_wlh32;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\DRIVERS\fspad_wlh32.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-26 09:25]
.
2013-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-26 09:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 217.119.113.244 87.244.248.13 217.119.113.245
FF - ProfilePath - c:\users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\7nda640f.default\
.
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\system32\sppsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2013-05-13 15:13:16 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-13 13:13
ComboFix2.txt 2013-05-12 09:17
.
Pre-Run: 19 211 366 400 bytes free
Post-Run: 19 061 059 584 bytes free
.
- - End Of File - - E40DC130CD9B30108350081CF590A100
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: prosim o kontrolu logu vo pred dik
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Zkopíruj do něj následující celý text označený zeleně:
Kód: Vybrat vše
ClearJavaCache::
KillAll::
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\DeleteOnReboot.bat
DirLook::
c:\programdata\BrowserProtect
Folder::
c:\program files\Google\UpdateZvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 118 hostů