Prosím o kontrolu logů z TDSS a Combofix. NOD hlásí Win32/Wigon v operační paměti - soubor svchost.exe (1548). Díky
12:45:13.0375 2288 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
12:45:13.0546 2288 ============================================================
12:45:13.0546 2288 Current date / time: 2012/04/01 12:45:13.0546
12:45:13.0546 2288 SystemInfo:
12:45:13.0546 2288
12:45:13.0546 2288 OS Version: 5.1.2600 ServicePack: 3.0
12:45:13.0546 2288 Product type: Workstation
12:45:13.0546 2288 ComputerName: LOJZA
12:45:13.0546 2288 UserName: Jirka
12:45:13.0546 2288 Windows directory: C:\WINDOWS
12:45:13.0546 2288 System windows directory: C:\WINDOWS
12:45:13.0546 2288 Processor architecture: Intel x86
12:45:13.0546 2288 Number of processors: 2
12:45:13.0546 2288 Page size: 0x1000
12:45:13.0546 2288 Boot type: Normal boot
12:45:13.0546 2288 ============================================================
12:45:14.0843 2288 Drive \Device\Harddisk0\DR0 - Size: 0x132C570000 (76.69 Gb), SectorSize: 0x200, Cylinders: 0x271B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:45:14.0859 2288 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:45:14.0859 2288 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:45:14.0890 2288 Drive \Device\Harddisk3\DR3 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:45:14.0890 2288 \Device\Harddisk0\DR0:
12:45:14.0890 2288 MBR used
12:45:14.0890 2288 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x995C65B
12:45:14.0890 2288 \Device\Harddisk1\DR1:
12:45:14.0890 2288 MBR used
12:45:14.0906 2288 \Device\Harddisk2\DR2:
12:45:14.0906 2288 MBR used
12:45:14.0906 2288 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
12:45:14.0906 2288 \Device\Harddisk3\DR3:
12:45:14.0906 2288 MBR used
12:45:14.0906 2288 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
12:45:15.0109 2288 Initialize success
12:45:15.0109 2288 ============================================================
12:45:19.0437 4060 ============================================================
12:45:19.0437 4060 Scan started
12:45:19.0437 4060 Mode: Manual;
12:45:19.0437 4060 ============================================================
12:45:20.0234 4060 602XML Updater (f11d68e40ed62fdb7c460c445f1ec4e5) C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
12:45:20.0234 4060 602XML Updater - ok
12:45:20.0281 4060 Abiosdsk - ok
12:45:20.0312 4060 abp480n5 - ok
12:45:20.0343 4060 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
12:45:20.0343 4060 ACDaemon - ok
12:45:20.0390 4060 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:45:20.0406 4060 ACPI - ok
12:45:20.0437 4060 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:45:20.0437 4060 ACPIEC - ok
12:45:20.0515 4060 ACS (5ac144f03b31afab6717ad3622d1680d) C:\WINDOWS\system32\acs.exe
12:45:20.0515 4060 ACS - ok
12:45:20.0609 4060 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:45:20.0609 4060 AdobeFlashPlayerUpdateSvc - ok
12:45:20.0625 4060 adpu160m - ok
12:45:20.0687 4060 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:45:20.0687 4060 aec - ok
12:45:20.0734 4060 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:45:20.0734 4060 AFD - ok
12:45:20.0765 4060 Aha154x - ok
12:45:20.0781 4060 aic78u2 - ok
12:45:20.0812 4060 aic78xx - ok
12:45:20.0859 4060 Alerter (e0a6fa244b8624d78fe5ff6f56a33bae) C:\WINDOWS\system32\alrsvc.dll
12:45:20.0859 4060 Alerter - ok
12:45:20.0937 4060 ALG (88842de939a827577bf24243699ac80a) C:\WINDOWS\System32\alg.exe
12:45:20.0937 4060 ALG - ok
12:45:20.0953 4060 AliIde - ok
12:45:21.0093 4060 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
12:45:21.0109 4060 Ambfilt - ok
12:45:21.0187 4060 AmdK8 (99bd5596b5d06c2ead3cecc6f11999f5) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
12:45:21.0187 4060 AmdK8 - ok
12:45:21.0203 4060 amsint - ok
12:45:21.0265 4060 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\WINDOWS\system32\Drivers\ssadadb.sys
12:45:21.0265 4060 androidusb - ok
12:45:21.0312 4060 AppMgmt (6b8e7a90e576d4fe308f97c69060a171) C:\WINDOWS\System32\appmgmts.dll
12:45:21.0312 4060 AppMgmt - ok
12:45:21.0468 4060 AR9271 (8e2257584b2c52d44b4cb1949947d885) C:\WINDOWS\system32\DRIVERS\athuw.sys
12:45:21.0468 4060 AR9271 - ok
12:45:21.0515 4060 asc - ok
12:45:21.0531 4060 asc3350p - ok
12:45:21.0562 4060 asc3550 - ok
12:45:21.0640 4060 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:45:21.0640 4060 aspnet_state - ok
12:45:21.0718 4060 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:45:21.0718 4060 AsyncMac - ok
12:45:21.0750 4060 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:45:21.0750 4060 atapi - ok
12:45:21.0781 4060 Atdisk - ok
12:45:21.0828 4060 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:45:21.0828 4060 Atmarpc - ok
12:45:21.0875 4060 AudioSrv (de31b88962a8645dba5a37b993e7b0f1) C:\WINDOWS\System32\audiosrv.dll
12:45:21.0875 4060 AudioSrv - ok
12:45:21.0921 4060 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:45:21.0921 4060 audstub - ok
12:45:21.0984 4060 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:45:21.0984 4060 Beep - ok
12:45:22.0062 4060 BITS (19395d092fd85ddc2d9c7729cf5a2ac8) C:\WINDOWS\system32\qmgr.dll
12:45:22.0062 4060 BITS - ok
12:45:22.0109 4060 Browser (249276d3ef1e74b992299cb96099e4d7) C:\WINDOWS\System32\browser.dll
12:45:22.0109 4060 Browser - ok
12:45:22.0171 4060 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
12:45:22.0171 4060 BthEnum - ok
12:45:22.0203 4060 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
12:45:22.0203 4060 BTHMODEM - ok
12:45:22.0234 4060 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
12:45:22.0234 4060 BthPan - ok
12:45:22.0296 4060 BTHPORT (f338662a6c1fc11dd9508f6dff2c06a2) C:\WINDOWS\system32\Drivers\BTHport.sys
12:45:22.0296 4060 BTHPORT - ok
12:45:22.0343 4060 BthServ (70ca4b3f634c9dca200832f8da76e009) C:\WINDOWS\System32\bthserv.dll
12:45:22.0343 4060 BthServ - ok
12:45:22.0390 4060 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
12:45:22.0390 4060 BTHUSB - ok
12:45:22.0484 4060 catchme - ok
12:45:22.0562 4060 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:45:22.0562 4060 cbidf2k - ok
12:45:22.0640 4060 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:45:22.0640 4060 CCDECODE - ok
12:45:22.0656 4060 cd20xrnt - ok
12:45:22.0703 4060 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:45:22.0703 4060 Cdaudio - ok
12:45:22.0765 4060 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:45:22.0765 4060 Cdfs - ok
12:45:22.0828 4060 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:45:22.0828 4060 Cdrom - ok
12:45:22.0859 4060 Changer - ok
12:45:22.0906 4060 cisvc (e390dc1d7c461d7d56ec53402f329928) C:\WINDOWS\system32\cisvc.exe
12:45:22.0906 4060 cisvc - ok
12:45:22.0937 4060 ClipSrv (064507a8dfa8c5c7e2ffddd3e6f424fa) C:\WINDOWS\system32\clipsrv.exe
12:45:22.0937 4060 ClipSrv - ok
12:45:22.0984 4060 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:45:22.0984 4060 clr_optimization_v2.0.50727_32 - ok
12:45:23.0031 4060 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:45:23.0031 4060 clr_optimization_v4.0.30319_32 - ok
12:45:23.0062 4060 CmdIde - ok
12:45:23.0078 4060 COMSysApp - ok
12:45:23.0109 4060 Cpqarray - ok
12:45:23.0156 4060 CryptSvc (f3ab0933cbd166d271992f411c27ccaf) C:\WINDOWS\System32\cryptsvc.dll
12:45:23.0156 4060 CryptSvc - ok
12:45:23.0171 4060 dac2w2k - ok
12:45:23.0203 4060 dac960nt - ok
12:45:23.0265 4060 DcomLaunch (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\system32\rpcss.dll
12:45:23.0265 4060 DcomLaunch - ok
12:45:23.0328 4060 Dhcp (8c9a53e285ac5e6704844d0459ec85be) C:\WINDOWS\System32\dhcpcsvc.dll
12:45:23.0328 4060 Dhcp - ok
12:45:23.0390 4060 Dio06 (7b8ef391d8bf6cecc8c8712cd03170ad) C:\WINDOWS\system32\Drivers\Dio06.sys
12:45:23.0390 4060 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\Dio06.sys. md5: 7b8ef391d8bf6cecc8c8712cd03170ad
12:45:23.0390 4060 Dio06 ( LockedFile.Multi.Generic ) - warning
12:45:23.0390 4060 Dio06 - detected LockedFile.Multi.Generic (1)
12:45:23.0421 4060 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:45:23.0421 4060 Disk - ok
12:45:23.0453 4060 dmadmin - ok
12:45:23.0531 4060 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
12:45:23.0531 4060 dmboot - ok
12:45:23.0578 4060 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
12:45:23.0593 4060 dmio - ok
12:45:23.0656 4060 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:45:23.0656 4060 dmload - ok
12:45:23.0718 4060 dmserver (2bfefe9e865655a76982f050450b9591) C:\WINDOWS\System32\dmserver.dll
12:45:23.0718 4060 dmserver - ok
12:45:23.0781 4060 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:45:23.0781 4060 DMusic - ok
12:45:23.0843 4060 Dnscache (dfaa406bf19f4ee806a6f8d4342137f7) C:\WINDOWS\System32\dnsrslvr.dll
12:45:23.0843 4060 Dnscache - ok
12:45:23.0875 4060 Dot3svc (4a3e2bd20157a0946751229e92eb8621) C:\WINDOWS\System32\dot3svc.dll
12:45:23.0875 4060 Dot3svc - ok
12:45:23.0906 4060 dpti2o - ok
12:45:23.0921 4060 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:45:23.0921 4060 drmkaud - ok
12:45:23.0968 4060 eamon (9309c5c9831203436e64cf2ae605c5d7) C:\WINDOWS\system32\DRIVERS\eamon.sys
12:45:23.0984 4060 eamon - ok
12:45:24.0015 4060 EapHost (0887d9c2be8d940778cad1e3b85f2a41) C:\WINDOWS\System32\eapsvc.dll
12:45:24.0015 4060 EapHost - ok
12:45:24.0078 4060 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
12:45:24.0078 4060 ehdrv - ok
12:45:24.0187 4060 ekrn (c7bb95cf9631aa401e4aded1648f6af7) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
12:45:24.0187 4060 ekrn - ok
12:45:24.0281 4060 epfwtdir (06c65ac0a703cf8eea4f284d901a1550) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
12:45:24.0281 4060 epfwtdir - ok
12:45:24.0328 4060 ERSvc (a2a4912798f2be706abadd3d30800d16) C:\WINDOWS\System32\ersvc.dll
12:45:24.0328 4060 ERSvc - ok
12:45:24.0375 4060 Eventlog (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
12:45:24.0375 4060 Eventlog - ok
12:45:24.0406 4060 EventSystem (a371f11ef07653591c8de26afb13ce7f) C:\WINDOWS\System32\es.dll
12:45:24.0406 4060 EventSystem - ok
12:45:24.0500 4060 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:45:24.0500 4060 Fastfat - ok
12:45:24.0546 4060 FastUserSwitchingCompatibility (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
12:45:24.0546 4060 FastUserSwitchingCompatibility - ok
12:45:24.0593 4060 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:45:24.0593 4060 Fdc - ok
12:45:24.0640 4060 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
12:45:24.0640 4060 Fips - ok
12:45:24.0687 4060 FirebirdGuardianDefaultInstance - ok
12:45:24.0703 4060 FirebirdServerDefaultInstance - ok
12:45:24.0750 4060 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:45:24.0750 4060 Flpydisk - ok
12:45:24.0796 4060 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:45:24.0812 4060 FltMgr - ok
12:45:24.0875 4060 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:45:24.0875 4060 FontCache3.0.0.0 - ok
12:45:24.0953 4060 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:45:24.0953 4060 Fs_Rec - ok
12:45:25.0000 4060 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:45:25.0000 4060 Ftdisk - ok
12:45:25.0046 4060 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:45:25.0046 4060 Gpc - ok
12:45:25.0140 4060 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
12:45:25.0140 4060 gupdate - ok
12:45:25.0156 4060 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
12:45:25.0156 4060 gupdatem - ok
12:45:25.0187 4060 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:45:25.0187 4060 gusvc - ok
12:45:25.0281 4060 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:45:25.0281 4060 HDAudBus - ok
12:45:25.0328 4060 helpsvc (fcfe31fb75f8a6295b6b0af87a626282) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:45:25.0328 4060 helpsvc - ok
12:45:25.0390 4060 HidServ (00e25ee90166b3e1be6e74aebf858306) C:\WINDOWS\System32\hidserv.dll
12:45:25.0390 4060 HidServ - ok
12:45:25.0437 4060 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:45:25.0437 4060 hidusb - ok
12:45:25.0484 4060 hkmsvc (7a6b320928f86bc851530d63c82965d9) C:\WINDOWS\System32\kmsvc.dll
12:45:25.0484 4060 hkmsvc - ok
12:45:25.0515 4060 hpn - ok
12:45:25.0531 4060 hpt3xx - ok
12:45:25.0593 4060 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:45:25.0593 4060 HTTP - ok
12:45:25.0640 4060 HTTPFilter (58fe2f2da3bc5573f4a35b3760d3125f) C:\WINDOWS\System32\w3ssl.dll
12:45:25.0640 4060 HTTPFilter - ok
12:45:25.0671 4060 i2omgmt - ok
12:45:25.0687 4060 i2omp - ok
12:45:25.0750 4060 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:45:25.0750 4060 i8042prt - ok
12:45:25.0828 4060 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:45:25.0828 4060 idsvc - ok
12:45:25.0921 4060 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:45:25.0921 4060 Imapi - ok
12:45:25.0968 4060 ImapiService (f7b93aafad33b2320954c17e26c8d361) C:\WINDOWS\system32\imapi.exe
12:45:25.0968 4060 ImapiService - ok
12:45:26.0000 4060 ini910u - ok
12:45:26.0265 4060 IntcAzAudAddService (09e73e7455e7eac14e25739b30e16b52) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:45:26.0296 4060 IntcAzAudAddService - ok
12:45:26.0375 4060 IntelIde - ok
12:45:26.0437 4060 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:45:26.0437 4060 ip6fw - ok
12:45:26.0468 4060 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:45:26.0468 4060 IpFilterDriver - ok
12:45:26.0484 4060 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:45:26.0484 4060 IpInIp - ok
12:45:26.0531 4060 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:45:26.0546 4060 IpNat - ok
12:45:26.0625 4060 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:45:26.0625 4060 IPSec - ok
12:45:26.0671 4060 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:45:26.0671 4060 IRENUM - ok
12:45:26.0703 4060 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:45:26.0703 4060 isapnp - ok
12:45:26.0812 4060 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
12:45:26.0812 4060 JavaQuickStarterService - ok
12:45:26.0890 4060 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:45:26.0890 4060 Kbdclass - ok
12:45:26.0921 4060 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:45:26.0921 4060 kbdhid - ok
12:45:26.0984 4060 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:45:26.0984 4060 kmixer - ok
12:45:27.0031 4060 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:45:27.0031 4060 KSecDD - ok
12:45:27.0109 4060 lanmanserver (3428e8f86f8add36b42fb23542c7b3e4) C:\WINDOWS\System32\srvsvc.dll
12:45:27.0109 4060 lanmanserver - ok
12:45:27.0171 4060 lanmanworkstation (936c1d110232d23b621cb0196e4f80f0) C:\WINDOWS\System32\wkssvc.dll
12:45:27.0171 4060 lanmanworkstation - ok
12:45:27.0187 4060 lbrtfdc - ok
12:45:27.0234 4060 LmHosts (0ab159f536e3e8f7f07113702a07cca5) C:\WINDOWS\System32\lmhsvc.dll
12:45:27.0234 4060 LmHosts - ok
12:45:27.0296 4060 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
12:45:27.0296 4060 MDM - ok
12:45:27.0390 4060 Messenger (221cd1c815b8a6b79389c3f5d1018de8) C:\WINDOWS\System32\msgsvc.dll
12:45:27.0390 4060 Messenger - ok
12:45:27.0468 4060 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
12:45:27.0468 4060 Microsoft Office Groove Audit Service - ok
12:45:27.0546 4060 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:45:27.0546 4060 mnmdd - ok
12:45:27.0593 4060 mnmsrvc (9a57d046f88f4b69751b11fd40088a61) C:\WINDOWS\System32\mnmsrvc.exe
12:45:27.0609 4060 mnmsrvc - ok
12:45:27.0640 4060 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
12:45:27.0640 4060 Modem - ok
12:45:27.0734 4060 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
12:45:27.0750 4060 Monfilt - ok
12:45:27.0812 4060 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:45:27.0812 4060 Mouclass - ok
12:45:27.0859 4060 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:45:27.0859 4060 mouhid - ok
12:45:27.0906 4060 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:45:27.0906 4060 MountMgr - ok
12:45:27.0968 4060 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
12:45:27.0968 4060 MPE - ok
12:45:28.0000 4060 mraid35x - ok
12:45:28.0046 4060 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:45:28.0046 4060 MRxDAV - ok
12:45:28.0125 4060 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:45:28.0125 4060 MRxSmb - ok
12:45:28.0203 4060 MSDTC (6db4d1521caba9a5ffab54ade0ae867d) C:\WINDOWS\System32\msdtc.exe
12:45:28.0203 4060 MSDTC - ok
12:45:28.0234 4060 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:45:28.0234 4060 Msfs - ok
12:45:28.0265 4060 MSIServer - ok
12:45:28.0328 4060 MSI_MSIBIOS_010507 (3846c05a66a3f5cd1d33e1a323c1762c) C:\Program Files\MSI\Live Update 5\msibios32_100507.sys
12:45:28.0328 4060 MSI_MSIBIOS_010507 - ok
12:45:28.0390 4060 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:45:28.0406 4060 MSKSSRV - ok
12:45:28.0437 4060 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:45:28.0437 4060 MSPCLOCK - ok
12:45:28.0484 4060 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:45:28.0484 4060 MSPQM - ok
12:45:28.0531 4060 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:45:28.0531 4060 mssmbios - ok
12:45:28.0593 4060 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:45:28.0593 4060 MSTEE - ok
12:45:28.0656 4060 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:45:28.0656 4060 Mup - ok
12:45:28.0703 4060 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:45:28.0703 4060 NABTSFEC - ok
12:45:28.0765 4060 napagent (6ea362e9db03d44f6b996f4d8be237e9) C:\WINDOWS\System32\qagentrt.dll
12:45:28.0765 4060 napagent - ok
12:45:28.0859 4060 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:45:28.0859 4060 NDIS - ok
12:45:28.0890 4060 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:45:28.0890 4060 NdisIP - ok
12:45:28.0937 4060 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:45:28.0937 4060 NdisTapi - ok
12:45:28.0984 4060 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:45:28.0984 4060 Ndisuio - ok
12:45:29.0046 4060 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:45:29.0046 4060 NdisWan - ok
12:45:29.0093 4060 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:45:29.0093 4060 NDProxy - ok
12:45:29.0125 4060 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:45:29.0125 4060 NetBIOS - ok
12:45:29.0156 4060 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:45:29.0156 4060 NetBT - ok
12:45:29.0203 4060 NetDDE (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
12:45:29.0203 4060 NetDDE - ok
12:45:29.0218 4060 NetDDEdsdm (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
12:45:29.0218 4060 NetDDEdsdm - ok
12:45:29.0296 4060 Netlogon (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
12:45:29.0296 4060 Netlogon - ok
12:45:29.0328 4060 Netman (72e1e9e2977be08bdeedb6d8fd9d4d40) C:\WINDOWS\System32\netman.dll
12:45:29.0328 4060 Netman - ok
12:45:29.0406 4060 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:45:29.0406 4060 NetTcpPortSharing - ok
12:45:29.0484 4060 Nla (39ee7c3bfbc64ba87cc8cf67386e814c) C:\WINDOWS\System32\mswsock.dll
12:45:29.0484 4060 Nla - ok
12:45:29.0546 4060 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:45:29.0546 4060 Npfs - ok
12:45:29.0593 4060 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:45:29.0593 4060 Ntfs - ok
12:45:29.0671 4060 NTIOLib_1_0_4 (cd2166c9511d336a058cde91778aaa69) C:\Program Files\MSI\Live Update 5\NTIOLib.sys
12:45:29.0671 4060 NTIOLib_1_0_4 - ok
12:45:29.0734 4060 NtLmSsp (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\System32\lsass.exe
12:45:29.0734 4060 NtLmSsp - ok
12:45:29.0796 4060 NtmsSvc (023dd70573d644f3d9c8b1258a7bfd08) C:\WINDOWS\system32\ntmssvc.dll
12:45:29.0796 4060 NtmsSvc - ok
12:45:29.0843 4060 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:45:29.0843 4060 Null - ok
12:45:30.0281 4060 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:45:30.0328 4060 nv - ok
12:45:30.0406 4060 NVENETFD (45ba510db13a0496db1cd16826519e03) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
12:45:30.0406 4060 NVENETFD - ok
12:45:30.0437 4060 nvnetbus (57cbdb934fb1afb7e03b413d151a6152) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
12:45:30.0437 4060 nvnetbus - ok
12:45:30.0500 4060 nvsvc (a2322c6207ebb0761a6c8cc9003ebacf) C:\WINDOWS\system32\nvsvc32.exe
12:45:30.0500 4060 nvsvc - ok
12:45:30.0656 4060 nvUpdatusService (844a25c9e3076edef2b12e0beded755d) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:45:30.0671 4060 nvUpdatusService - ok
12:45:30.0765 4060 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:45:30.0765 4060 NwlnkFlt - ok
12:45:30.0781 4060 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:45:30.0781 4060 NwlnkFwd - ok
12:45:30.0875 4060 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:45:30.0890 4060 odserv - ok
12:45:30.0906 4060 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:45:30.0906 4060 ose - ok
12:45:31.0171 4060 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:45:31.0203 4060 osppsvc - ok
12:45:31.0281 4060 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
12:45:31.0281 4060 Parport - ok
12:45:31.0312 4060 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:45:31.0312 4060 PartMgr - ok
12:45:31.0375 4060 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
12:45:31.0375 4060 ParVdm - ok
12:45:31.0406 4060 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
12:45:31.0406 4060 PCI - ok
12:45:31.0421 4060 PCIDump - ok
12:45:31.0468 4060 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:45:31.0468 4060 PCIIde - ok
12:45:31.0546 4060 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:45:31.0546 4060 Pcmcia - ok
12:45:31.0578 4060 PDCOMP - ok
12:45:31.0593 4060 PDFRAME - ok
12:45:31.0625 4060 PDRELI - ok
12:45:31.0640 4060 PDRFRAME - ok
12:45:31.0671 4060 perc2 - ok
12:45:31.0687 4060 perc2hib - ok
12:45:31.0750 4060 PlugPlay (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
12:45:31.0750 4060 PlugPlay - ok
12:45:31.0781 4060 PolicyAgent (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
12:45:31.0796 4060 PolicyAgent - ok
12:45:31.0828 4060 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:45:31.0828 4060 PptpMiniport - ok
12:45:31.0906 4060 Processor (7eb15dce4ec3a0220bd796a15c18186e) C:\WINDOWS\system32\DRIVERS\processr.sys
12:45:31.0906 4060 Processor - ok
12:45:31.0921 4060 ProtectedStorage (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
12:45:31.0921 4060 ProtectedStorage - ok
12:45:31.0968 4060 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:45:31.0968 4060 PSched - ok
12:45:32.0031 4060 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
12:45:32.0031 4060 PSI_SVC_2 - ok
12:45:32.0109 4060 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:45:32.0109 4060 Ptilink - ok
12:45:32.0171 4060 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:45:32.0171 4060 PxHelp20 - ok
12:45:32.0187 4060 ql1080 - ok
12:45:32.0218 4060 Ql10wnt - ok
12:45:32.0234 4060 ql12160 - ok
12:45:32.0265 4060 ql1240 - ok
12:45:32.0281 4060 ql1280 - ok
12:45:32.0312 4060 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:45:32.0312 4060 RasAcd - ok
12:45:32.0390 4060 RasAuto (2b5e44ea009f2f374b980e1e9a70635d) C:\WINDOWS\System32\rasauto.dll
12:45:32.0390 4060 RasAuto - ok
12:45:32.0468 4060 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:45:32.0468 4060 Rasl2tp - ok
12:45:32.0515 4060 RasMan (d57554c664b64604bd1ee13ea2c07e77) C:\WINDOWS\System32\rasmans.dll
12:45:32.0515 4060 RasMan - ok
12:45:32.0562 4060 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:45:32.0562 4060 RasPppoe - ok
12:45:32.0625 4060 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:45:32.0625 4060 Raspti - ok
12:45:32.0671 4060 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:45:32.0671 4060 Rdbss - ok
12:45:32.0703 4060 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:45:32.0703 4060 RDPCDD - ok
12:45:32.0765 4060 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:45:32.0765 4060 rdpdr - ok
12:45:32.0843 4060 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
12:45:32.0843 4060 RDPWD - ok
12:45:32.0890 4060 RDSessMgr (c0d9d9711cb74ee9bc66353d8cbdab0e) C:\WINDOWS\system32\sessmgr.exe
12:45:32.0890 4060 RDSessMgr - ok
12:45:32.0953 4060 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:45:32.0953 4060 redbook - ok
12:45:33.0015 4060 RemoteAccess (127c26b5371651043450e52542099aba) C:\WINDOWS\System32\mprdim.dll
12:45:33.0015 4060 RemoteAccess - ok
12:45:33.0046 4060 RemoteRegistry (8f31505484a190d5b22274708799f4ec) C:\WINDOWS\system32\regsvc.dll
12:45:33.0046 4060 RemoteRegistry - ok
12:45:33.0093 4060 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
12:45:33.0093 4060 RFCOMM - ok
12:45:33.0140 4060 RpcLocator (718b3bdc0bc3c2f7d065a53d26202af9) C:\WINDOWS\System32\locator.exe
12:45:33.0140 4060 RpcLocator - ok
12:45:33.0234 4060 RpcSs (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\System32\rpcss.dll
12:45:33.0234 4060 RpcSs - ok
12:45:33.0281 4060 RSVP (09ab2e71e58b078038e3bfdba7ffc984) C:\WINDOWS\System32\rsvp.exe
12:45:33.0281 4060 RSVP - ok
12:45:33.0328 4060 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
12:45:33.0328 4060 RTL8023xp - ok
12:45:33.0375 4060 SamSs (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
12:45:33.0375 4060 SamSs - ok
12:45:33.0453 4060 SCardSvr (410046e401eb11e1e6749e9deea41d4a) C:\WINDOWS\System32\SCardSvr.exe
12:45:33.0453 4060 SCardSvr - ok
12:45:33.0484 4060 Schedule (3ff232a7731621b8902d81d42418c93c) C:\WINDOWS\system32\schedsvc.dll
12:45:33.0484 4060 Schedule - ok
12:45:33.0546 4060 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:45:33.0546 4060 Secdrv - ok
12:45:33.0578 4060 seclogon (477e2c3cc5e4a0d635bcb0ea8dcac3c6) C:\WINDOWS\System32\seclogon.dll
12:45:33.0578 4060 seclogon - ok
12:45:33.0609 4060 SENS (a530b75c10c23c9ab28fdb6ce719e21f) C:\WINDOWS\system32\sens.dll
12:45:33.0609 4060 SENS - ok
12:45:33.0687 4060 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:45:33.0687 4060 serenum - ok
12:45:33.0703 4060 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
12:45:33.0703 4060 Serial - ok
12:45:33.0750 4060 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:45:33.0750 4060 Sfloppy - ok
12:45:33.0796 4060 SharedAccess (f58faca9621d2db01bd0927d9a0a208e) C:\WINDOWS\System32\ipnathlp.dll
12:45:33.0796 4060 SharedAccess - ok
12:45:33.0843 4060 ShellHWDetection (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
12:45:33.0843 4060 ShellHWDetection - ok
12:45:33.0890 4060 Simbad - ok
12:45:33.0953 4060 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
12:45:33.0953 4060 SkypeUpdate - ok
12:45:34.0000 4060 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:45:34.0000 4060 SLIP - ok
12:45:34.0062 4060 Sony Ericsson PCCompanion (1a623f2b69e1f182f995f963c55db935) C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
12:45:34.0062 4060 Sony Ericsson PCCompanion - ok
12:45:34.0109 4060 Sparrow - ok
12:45:34.0156 4060 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:45:34.0156 4060 splitter - ok
12:45:34.0218 4060 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:45:34.0218 4060 Spooler - ok
12:45:34.0250 4060 sptd - ok
12:45:34.0296 4060 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
12:45:34.0296 4060 sr - ok
12:45:34.0359 4060 srservice (35b91147124f64ac8081a2edb9ea4dee) C:\WINDOWS\system32\srsvc.dll
12:45:34.0359 4060 srservice - ok
12:45:34.0406 4060 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:45:34.0406 4060 Srv - ok
12:45:34.0484 4060 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
12:45:34.0484 4060 ssadbus - ok
12:45:34.0515 4060 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
12:45:34.0515 4060 ssadmdfl - ok
12:45:34.0562 4060 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
12:45:34.0562 4060 ssadmdm - ok
12:45:34.0609 4060 ssadserd (1a5a397bc459f346ab56492b61ef79f6) C:\WINDOWS\system32\DRIVERS\ssadserd.sys
12:45:34.0609 4060 ssadserd - ok
12:45:34.0703 4060 sscdbus (069351a1d7d291013177a90ae6edccbc) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
12:45:34.0703 4060 sscdbus - ok
12:45:34.0734 4060 sscdmdfl (1c925be223a5c0f9f469252292a48df6) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
12:45:34.0734 4060 sscdmdfl - ok
12:45:34.0765 4060 sscdmdm (ae3e77ae0fbdb07eb1ac3fed74a0695e) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
12:45:34.0765 4060 sscdmdm - ok
12:45:34.0812 4060 SSDPSRV (becd5271dc4e3b7c3d035f790fcbc1e5) C:\WINDOWS\System32\ssdpsrv.dll
12:45:34.0812 4060 SSDPSRV - ok
12:45:34.0859 4060 SSPORT (ef3458337d7341a05169cefc73709264) C:\WINDOWS\system32\Drivers\SSPORT.sys
12:45:34.0859 4060 SSPORT - ok
12:45:34.0890 4060 stisvc (c1cdd9275f6a115bb0ae1d55d8d27ba6) C:\WINDOWS\system32\wiaservc.dll
12:45:34.0906 4060 stisvc - ok
12:45:34.0968 4060 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:45:34.0968 4060 streamip - ok
12:45:35.0015 4060 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:45:35.0015 4060 swenum - ok
12:45:35.0140 4060 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
12:45:35.0140 4060 SwitchBoard - ok
12:45:35.0234 4060 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:45:35.0234 4060 swmidi - ok
12:45:35.0250 4060 SwPrv - ok
12:45:35.0281 4060 symc810 - ok
12:45:35.0296 4060 symc8xx - ok
12:45:35.0328 4060 sym_hi - ok
12:45:35.0343 4060 sym_u3 - ok
12:45:35.0390 4060 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:45:35.0390 4060 sysaudio - ok
12:45:35.0453 4060 SysmonLog (ce06f01b88ace199a1bf460cac29c110) C:\WINDOWS\system32\smlogsvc.exe
12:45:35.0453 4060 SysmonLog - ok
12:45:35.0500 4060 TapiSrv (c2546cd7a398476f9df5614b2ae160e8) C:\WINDOWS\System32\tapisrv.dll
12:45:35.0500 4060 TapiSrv - ok
12:45:35.0593 4060 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:45:35.0593 4060 Tcpip - ok
12:45:35.0640 4060 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:45:35.0640 4060 TDPIPE - ok
12:45:35.0671 4060 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:45:35.0671 4060 TDTCP - ok
12:45:35.0750 4060 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:45:35.0750 4060 TermDD - ok
12:45:35.0812 4060 TermService (a75dd6fc3dbee4fff5ebc9f2c28bb66e) C:\WINDOWS\System32\termsrv.dll
12:45:35.0812 4060 TermService - ok
12:45:35.0859 4060 Themes (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
12:45:35.0859 4060 Themes - ok
12:45:35.0906 4060 TlntSvr (cd0cc7b167d78043a41c98d4921efb54) C:\WINDOWS\System32\tlntsvr.exe
12:45:35.0906 4060 TlntSvr - ok
12:45:35.0968 4060 TosIde - ok
12:45:36.0015 4060 TrkWks (38853304ccb938d30e0c4cde8d2c2a8a) C:\WINDOWS\system32\trkwks.dll
12:45:36.0015 4060 TrkWks - ok
12:45:36.0062 4060 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:45:36.0062 4060 Udfs - ok
12:45:36.0109 4060 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
12:45:36.0109 4060 UleadBurningHelper - ok
12:45:36.0171 4060 ultra - ok
12:45:36.0250 4060 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:45:36.0250 4060 Update - ok
12:45:36.0296 4060 upnphost (651bd90dcee5b7bdc74a2eb7c9266f9e) C:\WINDOWS\System32\upnphost.dll
12:45:36.0312 4060 upnphost - ok
12:45:36.0343 4060 UPS (20a0f6a11959e92908717d09e87d670d) C:\WINDOWS\System32\ups.exe
12:45:36.0343 4060 UPS - ok
12:45:36.0390 4060 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:45:36.0390 4060 usbccgp - ok
12:45:36.0468 4060 USBCCID (2825e0e294686a26506690059e1f437a) C:\WINDOWS\system32\DRIVERS\usbccid.sys
12:45:36.0468 4060 USBCCID - ok
12:45:36.0515 4060 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:45:36.0515 4060 usbehci - ok
12:45:36.0562 4060 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:45:36.0562 4060 usbhub - ok
12:45:36.0625 4060 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:45:36.0625 4060 usbohci - ok
12:45:36.0687 4060 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:45:36.0687 4060 usbprint - ok
12:45:36.0734 4060 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:45:36.0734 4060 usbscan - ok
12:45:36.0796 4060 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:45:36.0796 4060 USBSTOR - ok
12:45:36.0875 4060 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:45:36.0875 4060 VgaSave - ok
12:45:36.0906 4060 ViaIde - ok
12:45:36.0937 4060 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
12:45:36.0937 4060 VolSnap - ok
12:45:37.0000 4060 VSS (d6ba1a63d9e00933f1cd2a885573afb2) C:\WINDOWS\System32\vssvc.exe
12:45:37.0000 4060 VSS - ok
12:45:37.0078 4060 W32Time (fa4e1cdba256787f2149f4aad07bc91f) C:\WINDOWS\system32\w32time.dll
12:45:37.0078 4060 W32Time - ok
12:45:37.0125 4060 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:45:37.0125 4060 Wanarp - ok
12:45:37.0203 4060 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
12:45:37.0203 4060 Wdf01000 - ok
12:45:37.0265 4060 WDICA - ok
12:45:37.0312 4060 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:45:37.0312 4060 wdmaud - ok
12:45:37.0359 4060 WebClient (47ae51048a82dfa1cd6b51d369f7e169) C:\WINDOWS\System32\webclnt.dll
12:45:37.0359 4060 WebClient - ok
12:45:37.0406 4060 wfcxacap (0e507042ccefc40b8bb5dde75a7bd0c7) C:\WINDOWS\system32\DRIVERS\wfcxacap.sys
12:45:37.0406 4060 wfcxacap - ok
12:45:37.0484 4060 wfcxatun (b8acb6b48f928ff5e58b1a2dc3fa628c) C:\WINDOWS\system32\drivers\wfcxatun.sys
12:45:37.0500 4060 wfcxatun - ok
12:45:37.0515 4060 wfcxdtun (e32eeeac4ed0249474a2c9b71f1d5a73) C:\WINDOWS\system32\drivers\wfcxdtun.sys
12:45:37.0515 4060 wfcxdtun - ok
12:45:37.0546 4060 wfcxtcap (fc4f80b8c23dbf4d23a9a4ded38cf430) C:\WINDOWS\system32\drivers\wfcxtcap.sys
12:45:37.0562 4060 wfcxtcap - ok
12:45:37.0593 4060 WFCXVCAP (e9905845abc7b3521f642f9c8d08a03e) C:\WINDOWS\system32\drivers\wfcxvcap.sys
12:45:37.0593 4060 WFCXVCAP - ok
12:45:37.0625 4060 wfcxxbar (0aed0d6f83ade999fa6a8e485830e4c5) C:\WINDOWS\system32\drivers\wfcxxbar.sys
12:45:37.0625 4060 wfcxxbar - ok
12:45:37.0671 4060 WIBUKEY (afcea7939925378f867dde6af76f3924) C:\WINDOWS\system32\DRIVERS\WibuKey.sys
12:45:37.0671 4060 WIBUKEY - ok
12:45:37.0765 4060 winmgmt (e488332126e3b1182d2b8a0c35408ec6) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:45:37.0765 4060 winmgmt - ok
12:45:37.0859 4060 WinRM (4d34cedd74bdbf2b6a935eae3bf80543) C:\WINDOWS\system32\WsmSvc.dll
12:45:37.0859 4060 WinRM - ok
12:45:37.0953 4060 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
12:45:37.0953 4060 WinUSB - ok
12:45:38.0000 4060 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
12:45:38.0015 4060 WmdmPmSN - ok
12:45:38.0093 4060 Wmi (0171cff34bba8c5977f18c48d8aef8c6) C:\WINDOWS\System32\advapi32.dll
12:45:38.0093 4060 Wmi - ok
12:45:38.0187 4060 WmiApSrv (23f6f03272f7e5679f1f050aed5acee6) C:\WINDOWS\System32\wbem\wmiapsrv.exe
12:45:38.0187 4060 WmiApSrv - ok
12:45:38.0296 4060 WMPNetworkSvc (3739866d20abd42f26a7b85f9e2560af) C:\Program Files\Windows Media Player\WMPNetwk.exe
12:45:38.0296 4060 WMPNetworkSvc - ok
12:45:38.0375 4060 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
12:45:38.0375 4060 WpdUsb - ok
12:45:38.0468 4060 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:45:38.0468 4060 WPFFontCache_v0400 - ok
12:45:38.0515 4060 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:45:38.0515 4060 WS2IFSL - ok
12:45:38.0593 4060 wscsvc (4c86d5faf78194995af9cc1075f65dd3) C:\WINDOWS\system32\wscsvc.dll
12:45:38.0593 4060 wscsvc - ok
12:45:38.0656 4060 WSIMD (0091d78c5f8fde0cdf2b214823de6e48) C:\WINDOWS\system32\DRIVERS\wsimd.sys
12:45:38.0656 4060 WSIMD - ok
12:45:38.0703 4060 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:45:38.0703 4060 WSTCODEC - ok
12:45:38.0781 4060 wuauserv (c1364564800ee9784192145324a23308) C:\WINDOWS\system32\wuauserv.dll
12:45:38.0796 4060 wuauserv - ok
12:45:38.0843 4060 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:45:38.0843 4060 WudfPf - ok
12:45:38.0875 4060 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:45:38.0875 4060 WudfRd - ok
12:45:38.0921 4060 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
12:45:38.0921 4060 WudfSvc - ok
12:45:39.0015 4060 WZCSVC (a27d4ba7264c0bf52f32d10405bea1d4) C:\WINDOWS\System32\wzcsvc.dll
12:45:39.0015 4060 WZCSVC - ok
12:45:39.0078 4060 xmlprov (eaa4bb9edb3fb10cf8979fe65e63658f) C:\WINDOWS\System32\xmlprov.dll
12:45:39.0078 4060 xmlprov - ok
12:45:39.0093 4060 MBR (0x1B8) (faacde0542989a34aaea8650dd223935) \Device\Harddisk0\DR0
12:45:39.0125 4060 \Device\Harddisk0\DR0 - ok
12:45:39.0125 4060 MBR (0x1B8) (8548a4bd85bff9512789e36382a4c809) \Device\Harddisk1\DR1
12:45:39.0156 4060 \Device\Harddisk1\DR1 - ok
12:45:39.0156 4060 MBR (0x1B8) (faacde0542989a34aaea8650dd223935) \Device\Harddisk2\DR2
12:45:39.0171 4060 \Device\Harddisk2\DR2 - ok
12:45:39.0578 4060 MBR (0x1B8) (faacde0542989a34aaea8650dd223935) \Device\Harddisk3\DR3
12:45:39.0625 4060 \Device\Harddisk3\DR3 - ok
12:45:39.0625 4060 Boot (0x1200) (33ed982f6ce5e41dc63b77efcc5b4bf9) \Device\Harddisk0\DR0\Partition0
12:45:39.0625 4060 \Device\Harddisk0\DR0\Partition0 - ok
12:45:39.0625 4060 Boot (0x1200) (7398844371f2804edac43da9e0d912b9) \Device\Harddisk2\DR2\Partition0
12:45:39.0640 4060 \Device\Harddisk2\DR2\Partition0 - ok
12:45:39.0687 4060 Boot (0x1200) (072255499779b0f88ca647eb00dcc86c) \Device\Harddisk3\DR3\Partition0
12:45:39.0687 4060 \Device\Harddisk3\DR3\Partition0 - ok
12:45:39.0687 4060 ============================================================
12:45:39.0687 4060 Scan finished
12:45:39.0687 4060 ============================================================
12:45:39.0703 4020 Detected object count: 1
12:45:39.0703 4020 Actual detected object count: 1
12:45:49.0656 4020 Dio06 ( LockedFile.Multi.Generic ) - skipped by user
12:45:49.0656 4020 Dio06 ( LockedFile.Multi.Generic ) - User select action: Skip
12:45:57.0921 2104 Deinitialize success
ComboFix 12-03-30.06 - Jirka 01.04.2012 12:25:16.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2590 [GMT 2:00]
Spuštěný z: e:\pc\Antiviry\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Dvbpws.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-01 do 2012-04-01 )))))))))))))))))))))))))))))))
.
.
2012-03-30 17:06 . 2012-03-30 17:06 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-28 11:21 . 2012-03-28 11:21 -------- d-----w- c:\program files\ESET
2012-03-28 11:21 . 2012-03-28 11:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2012-03-26 14:16 . 2012-03-26 14:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Protexis
2012-03-26 14:16 . 2012-03-26 14:16 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\Corel
2012-03-26 14:06 . 2012-03-26 14:06 348256 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\1033\ResourceCache.dll
2012-03-26 14:05 . 2012-03-26 14:05 348256 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VSTAHost\CorelDRAW\9.0\1033\ResourceCache.dll
2012-03-26 14:04 . 2012-03-28 19:12 416 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2012-03-26 14:03 . 2012-03-26 14:03 -------- d-----w- c:\program files\Microsoft SDKs
2012-03-26 14:03 . 2012-03-26 14:03 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-03-26 14:02 . 2012-03-26 14:02 -------- d-----w- c:\program files\gs
2012-03-26 14:02 . 2012-03-26 14:02 -------- d-----w- c:\program files\Common Files\Corel
2012-03-26 14:01 . 2012-03-26 14:01 -------- d-----w- c:\program files\Common Files\Protexis
2012-03-26 14:01 . 2012-03-26 14:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Corel
2012-03-26 13:57 . 2012-03-26 13:57 -------- d-----w- c:\program files\Corel
2012-03-26 09:58 . 2012-03-26 09:58 -------- d-----w- c:\program files\Common Files\Skype
2012-03-26 07:48 . 2012-03-28 11:09 53632 ----a-w- c:\windows\system32\drivers\Dio06.sys
2012-03-20 23:20 . 2010-07-09 22:38 61440 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-20 23:20 . 2010-07-09 22:38 13549568 ----a-w- c:\windows\system32\nvoglnt.dll
2012-03-20 23:20 . 2010-07-09 22:38 4595712 ----a-w- c:\windows\system32\nvcuda.dll
2012-03-20 23:20 . 2010-07-09 22:38 2914408 ----a-w- c:\windows\system32\nvcuvid.dll
2012-03-20 23:20 . 2010-07-09 22:38 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-03-20 23:20 . 2010-07-09 22:38 236136 ----a-w- c:\windows\system32\nvcodins.dll
2012-03-20 23:20 . 2010-07-09 22:38 236136 ----a-w- c:\windows\system32\nvcod.dll
2012-03-20 23:20 . 2010-07-09 22:38 2195030 ----a-w- c:\windows\system32\nvdata.bin
2012-03-20 23:20 . 2010-07-09 22:38 1388544 ----a-w- c:\windows\system32\nvapi.dll
2012-03-20 23:20 . 2010-07-09 22:38 10260480 ----a-w- c:\windows\system32\nvcompiler.dll
2012-03-20 23:20 . 2012-03-20 23:20 -------- d-----w- C:\NVIDIA
2012-03-19 22:20 . 2012-03-19 22:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NVIDIA
2012-03-19 22:20 . 2012-03-19 22:20 -------- d-----w- c:\documents and settings\UpdatusUser
2012-03-19 21:09 . 2012-03-19 21:09 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\DDMSettings
2012-03-18 19:37 . 2012-03-18 19:37 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 19:37 . 2012-03-18 19:37 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-13 22:48 . 2012-03-13 22:48 -------- d-----w- c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2012-03-13 22:47 . 2012-03-20 23:24 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-03-13 22:47 . 2012-03-20 23:24 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-03-13 22:47 . 2012-03-20 23:24 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-03-13 20:14 . 2012-03-19 22:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NVIDIA Corporation
2012-03-13 20:11 . 2012-02-29 23:58 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-03-13 20:11 . 2012-02-29 23:58 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-03-12 08:44 . 2012-03-12 08:44 -------- d-----w- c:\program files\GeoGet
2012-03-12 08:37 . 2012-03-28 17:34 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\GeoGet
2012-03-10 20:52 . 1996-09-30 17:46 24576 ------w- c:\windows\UniFISH.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-30 17:06 . 2011-10-03 14:59 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-25 09:53 . 2012-02-25 09:53 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-02-15 22:02 . 2012-02-15 22:02 409600 ----a-r- c:\documents and settings\Jirka\Data aplikací\Microsoft\Installer\{24BA79B5-53F9-475C-9D49-EC4BDE8B09CF}\NewShortcut3_6D20AC6FF7844F04BE4C6D94A1805157.exe
2012-02-15 22:02 . 2012-02-15 22:02 409600 ----a-r- c:\documents and settings\Jirka\Data aplikací\Microsoft\Installer\{24BA79B5-53F9-475C-9D49-EC4BDE8B09CF}\NewShortcut2_6D20AC6FF7844F04BE4C6D94A1805157.exe
2012-02-15 22:02 . 2012-02-15 22:02 409600 ----a-r- c:\documents and settings\Jirka\Data aplikací\Microsoft\Installer\{24BA79B5-53F9-475C-9D49-EC4BDE8B09CF}\ARPPRODUCTICON.exe
2012-02-03 09:57 . 2001-10-25 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:07 . 2012-02-18 18:09 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2011-10-03 06:37 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2012-03-18 19:37 . 2011-10-03 07:35 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-30_22.13.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-01 10:05 . 2012-04-01 10:05 16384 c:\windows\Temp\Perflib_Perfdata_290.dat
+ 2012-03-31 19:38 . 2012-03-31 19:38 3620808 c:\windows\system32\FNTCACHE.DAT
- 2012-03-29 08:48 . 2012-03-29 08:48 3620808 c:\windows\system32\FNTCACHE.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2011-08-17 20064872]
"TWCU"="c:\program files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe" [2010-05-21 561263]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Nika\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\Jirka\Nabídka Start\Programy\Po spuštění\
MailWasherPro.lnk - c:\program files\FireTrust\MailWasher Pro\MailWasher.exe [2012-2-13 18097128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dio06.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Graphisoft\\ArchiCAD 11\\ArchiCAD.exe"=
"e:\\NIKA dokumenty\\Unreal Tournament 2004\\System\\UT2004.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"e:\\WOW\\World of Warcraft\\WoW-3.2.0-enGB-downloader.exe"=
"e:\\WOW\\World of Warcraft\\Launcher.exe"=
"e:\\WOW\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Common Files\\soft602\\langserv.exe"=
"c:\\Program Files\\Common Files\\Common Desktop Agent\\CDASrv.exe"=
"c:\\Program Files\\Samsung\\Easy Printer Manager\\IDS.Application.exe"=
"c:\\Program Files\\Samsung\\Easy Printer Manager\\OrderSupplies.exe"=
"c:\\Program Files\\Samsung\\Easy Printer Manager\\IDSAlert.exe"=
"c:\\Program Files\\Samsung\\Easy Printer Manager\\CDAS2PC\\CDAS2PC.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 Dio06;Dio06;c:\windows\system32\drivers\Dio06.sys [26.3.2012 9:48 53632]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 9:20 103112]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\drivers\wfcxacap.sys [1.5.2011 23:36 9856]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [10.10.2011 14:55 85344]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [22.9.2011 12:03 974944]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\bin\fbguard.exe -s --> c:\program files\Firebird\bin\fbguard.exe -s [?]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [23.12.2010 8:06 5120]
R2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys [1.5.2011 23:36 31744]
R2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [1.5.2011 23:36 167040]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [16.12.2011 22:38 1714176]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\bin\fbserver.exe -s --> c:\program files\Firebird\bin\fbserver.exe -s [?]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 22:37 4640000]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys [1.5.2011 23:36 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [1.5.2011 23:36 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys [1.5.2011 23:36 10496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23.1.2012 23:53 136176]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [20.3.2012 0:20 2348352]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 8:50 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30.3.2012 19:06 253600]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3.10.2011 17:24 1691480]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [14.12.2011 22:50 30312]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [23.1.2012 23:53 136176]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files\MSI\Live Update 5\msibios32_100507.sys [3.10.2011 18:18 25912]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\MSI\Live Update 5\NTIOLib.sys [3.10.2011 18:18 7680]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [4.10.2011 21:14 155344]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [14.12.2011 22:50 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [14.12.2011 22:50 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [14.12.2011 22:50 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [14.12.2011 22:50 114280]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [25.10.2001 14:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 17:06]
.
2012-01-21 c:\windows\Tasks\AdobeAAMUpdater-1.0-LOJZA-Nika.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-09-16 13:04]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-23 21:53]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-23 21:53]
.
.
------- Doplňkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\dn1qh2zu.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 4
.
.
------- Asociace souborů -------
.
txtfile="c:\program files\Metapad\metapad.exe" "%1"
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-01 12:33
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2012-04-01 12:34:34
ComboFix-quarantined-files.txt 2012-04-01 10:34
ComboFix2.txt 2012-03-31 18:58
ComboFix3.txt 2012-03-30 22:14
.
Před spuštěním: Volných bajtů: 44 973 641 728
Po spuštění: Volných bajtů: 44 955 942 912
.
- - End Of File - - B3C0FE523E076C654B0121B90DC20F7F
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Kontrola logu, prosím, Wigon v operační paměti
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Kontrola logu, prosím, Wigon v operační paměti
Díky, jdu na to.
Re: Kontrola logu, prosím, Wigon v operační paměti
Předchozí log z comfixu
ComboFix 12-03-30.06 - Jirka 31.03.2012 0:08.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2646 [GMT 2:00]
Spuštěný z: e:\pc\Antiviry\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Documents
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\muzapp.exe
E:\install.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-28 do 2012-03-30 )))))))))))))))))))))))))))))))
.
.
2012-03-30 17:06 . 2012-03-30 17:06 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-28 11:21 . 2012-03-28 11:21 -------- d-----w- c:\program files\ESET
2012-03-28 11:21 . 2012-03-28 11:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2012-03-26 14:16 . 2012-03-26 14:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Protexis
2012-03-26 14:16 . 2012-03-26 14:16 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\Corel
2012-03-26 14:06 . 2012-03-26 14:06 348256 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\1033\ResourceCache.dll
2012-03-26 14:05 . 2012-03-26 14:05 348256 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VSTAHost\CorelDRAW\9.0\1033\ResourceCache.dll
2012-03-26 14:04 . 2012-03-28 19:12 416 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2012-03-26 14:03 . 2012-03-26 14:03 -------- d-----w- c:\program files\Microsoft SDKs
2012-03-26 14:03 . 2012-03-26 14:03 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-03-26 14:02 . 2012-03-26 14:02 -------- d-----w- c:\program files\gs
2012-03-26 14:02 . 2012-03-26 14:02 -------- d-----w- c:\program files\Common Files\Corel
2012-03-26 14:01 . 2012-03-26 14:01 -------- d-----w- c:\program files\Common Files\Protexis
2012-03-26 14:01 . 2012-03-26 14:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Corel
2012-03-26 13:57 . 2012-03-26 13:57 -------- d-----w- c:\program files\Corel
2012-03-26 09:58 . 2012-03-26 09:58 -------- d-----w- c:\program files\Common Files\Skype
2012-03-26 07:48 . 2012-03-28 11:09 53632 ----a-w- c:\windows\system32\drivers\Dio06.sys
2012-03-20 23:20 . 2010-07-09 22:38 61440 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-20 23:20 . 2010-07-09 22:38 13549568 ----a-w- c:\windows\system32\nvoglnt.dll
2012-03-20 23:20 . 2010-07-09 22:38 4595712 ----a-w- c:\windows\system32\nvcuda.dll
2012-03-20 23:20 . 2010-07-09 22:38 2914408 ----a-w- c:\windows\system32\nvcuvid.dll
2012-03-20 23:20 . 2010-07-09 22:38 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-03-20 23:20 . 2010-07-09 22:38 236136 ----a-w- c:\windows\system32\nvcodins.dll
2012-03-20 23:20 . 2010-07-09 22:38 236136 ----a-w- c:\windows\system32\nvcod.dll
2012-03-20 23:20 . 2010-07-09 22:38 2195030 ----a-w- c:\windows\system32\nvdata.bin
2012-03-20 23:20 . 2010-07-09 22:38 1388544 ----a-w- c:\windows\system32\nvapi.dll
2012-03-20 23:20 . 2010-07-09 22:38 10260480 ----a-w- c:\windows\system32\nvcompiler.dll
2012-03-20 23:20 . 2012-03-20 23:20 -------- d-----w- C:\NVIDIA
2012-03-19 22:20 . 2012-03-19 22:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NVIDIA
2012-03-19 22:20 . 2012-03-19 22:20 -------- d-----w- c:\documents and settings\UpdatusUser
2012-03-19 21:09 . 2012-03-19 21:09 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\DDMSettings
2012-03-18 19:37 . 2012-03-18 19:37 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 19:37 . 2012-03-18 19:37 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-13 22:48 . 2012-03-13 22:48 -------- d-----w- c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2012-03-13 22:47 . 2012-03-20 23:24 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-03-13 22:47 . 2012-03-20 23:24 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-03-13 22:47 . 2012-03-20 23:24 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-03-13 20:14 . 2012-03-19 22:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NVIDIA Corporation
2012-03-13 20:11 . 2012-02-29 23:58 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-03-13 20:11 . 2012-02-29 23:58 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-03-12 08:44 . 2012-03-12 08:44 -------- d-----w- c:\program files\GeoGet
2012-03-12 08:37 . 2012-03-28 17:34 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\GeoGet
2012-03-10 20:52 . 1996-09-30 17:46 24576 ------w- c:\windows\UniFISH.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-30 17:06 . 2011-10-03 14:59 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-25 09:53 . 2012-02-25 09:53 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-02-15 22:02 . 2012-02-15 22:02 409600 ----a-r- c:\documents and settings\Jirka\Data aplikací\Microsoft\Installer\{24BA79B5-53F9-475C-9D49-EC4BDE8B09CF}\NewShortcut3_6D20AC6FF7844F04BE4C6D94A1805157.exe
2012-02-15 22:02 . 2012-02-15 22:02 409600 ----a-r- c:\documents and settings\Jirka\Data aplikací\Microsoft\Installer\{24BA79B5-53F9-475C-9D49-EC4BDE8B09CF}\NewShortcut2_6D20AC6FF7844F04BE4C6D94A1805157.exe
2012-02-15 22:02 . 2012-02-15 22:02 409600 ----a-r- c:\documents and settings\Jirka\Data aplikací\Microsoft\Installer\{24BA79B5-53F9-475C-9D49-EC4BDE8B09CF}\ARPPRODUCTICON.exe
2012-02-03 09:57 . 2001-10-25 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:07 . 2012-02-18 18:09 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2011-10-03 06:37 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2012-03-18 19:37 . 2011-10-03 07:35 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2011-08-17 20064872]
"TWCU"="c:\program files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe" [2010-05-21 561263]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Nika\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\Jirka\Nabídka Start\Programy\Po spuštění\
MailWasherPro.lnk - c:\program files\FireTrust\MailWasher Pro\MailWasher.exe [2012-2-13 18097128]
Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dio06.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Graphisoft\\ArchiCAD 11\\ArchiCAD.exe"=
"e:\\NIKA dokumenty\\Unreal Tournament 2004\\System\\UT2004.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"e:\\WOW\\World of Warcraft\\WoW-3.2.0-enGB-downloader.exe"=
"e:\\WOW\\World of Warcraft\\Launcher.exe"=
"e:\\WOW\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Common Files\\soft602\\langserv.exe"=
"c:\\Program Files\\Common Files\\Common Desktop Agent\\CDASrv.exe"=
"c:\\Program Files\\Samsung\\Easy Printer Manager\\IDS.Application.exe"=
"c:\\Program Files\\Samsung\\Easy Printer Manager\\OrderSupplies.exe"=
"c:\\Program Files\\Samsung\\Easy Printer Manager\\IDSAlert.exe"=
"c:\\Program Files\\Samsung\\Easy Printer Manager\\CDAS2PC\\CDAS2PC.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 Dio06;Dio06;c:\windows\system32\drivers\Dio06.sys [26.3.2012 9:48 53632]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 9:20 103112]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\drivers\wfcxacap.sys [1.5.2011 23:36 9856]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [10.10.2011 14:55 85344]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [22.9.2011 12:03 974944]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\bin\fbguard.exe -s --> c:\program files\Firebird\bin\fbguard.exe -s [?]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [23.12.2010 8:06 5120]
R2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys [1.5.2011 23:36 31744]
R2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [1.5.2011 23:36 167040]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [16.12.2011 22:38 1714176]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\bin\fbserver.exe -s --> c:\program files\Firebird\bin\fbserver.exe -s [?]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys [1.5.2011 23:36 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [1.5.2011 23:36 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys [1.5.2011 23:36 10496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23.1.2012 23:53 136176]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [20.3.2012 0:20 2348352]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 8:50 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30.3.2012 19:06 253600]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3.10.2011 17:24 1691480]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [14.12.2011 22:50 30312]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [23.1.2012 23:53 136176]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files\MSI\Live Update 5\msibios32_100507.sys [3.10.2011 18:18 25912]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\MSI\Live Update 5\NTIOLib.sys [3.10.2011 18:18 7680]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 22:37 4640000]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [4.10.2011 21:14 155344]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [14.12.2011 22:50 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [14.12.2011 22:50 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [14.12.2011 22:50 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [14.12.2011 22:50 114280]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [25.10.2001 14:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 17:06]
.
2012-01-21 c:\windows\Tasks\AdobeAAMUpdater-1.0-LOJZA-Nika.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-09-16 13:04]
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-23 21:53]
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-23 21:53]
.
.
------- Doplňkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\dn1qh2zu.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 4
.
.
------- Asociace souborů -------
.
txtfile="c:\program files\Metapad\metapad.exe" "%1"
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{4857813C-C591-4B72-8695-91ECEA588323} - (no file)
AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver - c:\program files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL
AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView - c:\program files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL
AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX - c:\program files\NVIDIA Corporation\Installer2\installer.1\NVI2.DLL
AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update - c:\program files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-31 00:13
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2012-03-31 00:14:47
ComboFix-quarantined-files.txt 2012-03-30 22:14
.
Před spuštěním: Volných bajtů: 38 153 814 016
Po spuštění: Volných bajtů: 38 223 233 024
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer
.
- - End Of File - - D43BFF75835D972D14752E08A6E18EDC
ComboFix 12-03-30.06 - Jirka 31.03.2012 0:08.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2646 [GMT 2:00]
Spuštěný z: e:\pc\Antiviry\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Documents
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\muzapp.exe
E:\install.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-02-28 do 2012-03-30 )))))))))))))))))))))))))))))))
.
.
2012-03-30 17:06 . 2012-03-30 17:06 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-28 11:21 . 2012-03-28 11:21 -------- d-----w- c:\program files\ESET
2012-03-28 11:21 . 2012-03-28 11:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2012-03-26 14:16 . 2012-03-26 14:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Protexis
2012-03-26 14:16 . 2012-03-26 14:16 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\Corel
2012-03-26 14:06 . 2012-03-26 14:06 348256 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\1033\ResourceCache.dll
2012-03-26 14:05 . 2012-03-26 14:05 348256 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VSTAHost\CorelDRAW\9.0\1033\ResourceCache.dll
2012-03-26 14:04 . 2012-03-28 19:12 416 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2012-03-26 14:03 . 2012-03-26 14:03 -------- d-----w- c:\program files\Microsoft SDKs
2012-03-26 14:03 . 2012-03-26 14:03 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-03-26 14:02 . 2012-03-26 14:02 -------- d-----w- c:\program files\gs
2012-03-26 14:02 . 2012-03-26 14:02 -------- d-----w- c:\program files\Common Files\Corel
2012-03-26 14:01 . 2012-03-26 14:01 -------- d-----w- c:\program files\Common Files\Protexis
2012-03-26 14:01 . 2012-03-26 14:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Corel
2012-03-26 13:57 . 2012-03-26 13:57 -------- d-----w- c:\program files\Corel
2012-03-26 09:58 . 2012-03-26 09:58 -------- d-----w- c:\program files\Common Files\Skype
2012-03-26 07:48 . 2012-03-28 11:09 53632 ----a-w- c:\windows\system32\drivers\Dio06.sys
2012-03-20 23:20 . 2010-07-09 22:38 61440 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-20 23:20 . 2010-07-09 22:38 13549568 ----a-w- c:\windows\system32\nvoglnt.dll
2012-03-20 23:20 . 2010-07-09 22:38 4595712 ----a-w- c:\windows\system32\nvcuda.dll
2012-03-20 23:20 . 2010-07-09 22:38 2914408 ----a-w- c:\windows\system32\nvcuvid.dll
2012-03-20 23:20 . 2010-07-09 22:38 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-03-20 23:20 . 2010-07-09 22:38 236136 ----a-w- c:\windows\system32\nvcodins.dll
2012-03-20 23:20 . 2010-07-09 22:38 236136 ----a-w- c:\windows\system32\nvcod.dll
2012-03-20 23:20 . 2010-07-09 22:38 2195030 ----a-w- c:\windows\system32\nvdata.bin
2012-03-20 23:20 . 2010-07-09 22:38 1388544 ----a-w- c:\windows\system32\nvapi.dll
2012-03-20 23:20 . 2010-07-09 22:38 10260480 ----a-w- c:\windows\system32\nvcompiler.dll
2012-03-20 23:20 . 2012-03-20 23:20 -------- d-----w- C:\NVIDIA
2012-03-19 22:20 . 2012-03-19 22:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NVIDIA
2012-03-19 22:20 . 2012-03-19 22:20 -------- d-----w- c:\documents and settings\UpdatusUser
2012-03-19 21:09 . 2012-03-19 21:09 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\DDMSettings
2012-03-18 19:37 . 2012-03-18 19:37 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 19:37 . 2012-03-18 19:37 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-13 22:48 . 2012-03-13 22:48 -------- d-----w- c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
2012-03-13 22:47 . 2012-03-20 23:24 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-03-13 22:47 . 2012-03-20 23:24 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-03-13 22:47 . 2012-03-20 23:24 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-03-13 20:14 . 2012-03-19 22:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NVIDIA Corporation
2012-03-13 20:11 . 2012-02-29 23:58 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-03-13 20:11 . 2012-02-29 23:58 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-03-12 08:44 . 2012-03-12 08:44 -------- d-----w- c:\program files\GeoGet
2012-03-12 08:37 . 2012-03-28 17:34 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\GeoGet
2012-03-10 20:52 . 1996-09-30 17:46 24576 ------w- c:\windows\UniFISH.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-30 17:06 . 2011-10-03 14:59 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-25 09:53 . 2012-02-25 09:53 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-02-15 22:02 . 2012-02-15 22:02 409600 ----a-r- c:\documents and settings\Jirka\Data aplikací\Microsoft\Installer\{24BA79B5-53F9-475C-9D49-EC4BDE8B09CF}\NewShortcut3_6D20AC6FF7844F04BE4C6D94A1805157.exe
2012-02-15 22:02 . 2012-02-15 22:02 409600 ----a-r- c:\documents and settings\Jirka\Data aplikací\Microsoft\Installer\{24BA79B5-53F9-475C-9D49-EC4BDE8B09CF}\NewShortcut2_6D20AC6FF7844F04BE4C6D94A1805157.exe
2012-02-15 22:02 . 2012-02-15 22:02 409600 ----a-r- c:\documents and settings\Jirka\Data aplikací\Microsoft\Installer\{24BA79B5-53F9-475C-9D49-EC4BDE8B09CF}\ARPPRODUCTICON.exe
2012-02-03 09:57 . 2001-10-25 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:07 . 2012-02-18 18:09 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2011-10-03 06:37 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2012-03-18 19:37 . 2011-10-03 07:35 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2011-08-17 20064872]
"TWCU"="c:\program files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe" [2010-05-21 561263]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Nika\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\Jirka\Nabídka Start\Programy\Po spuštění\
MailWasherPro.lnk - c:\program files\FireTrust\MailWasher Pro\MailWasher.exe [2012-2-13 18097128]
Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dio06.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Graphisoft\\ArchiCAD 11\\ArchiCAD.exe"=
"e:\\NIKA dokumenty\\Unreal Tournament 2004\\System\\UT2004.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"e:\\WOW\\World of Warcraft\\WoW-3.2.0-enGB-downloader.exe"=
"e:\\WOW\\World of Warcraft\\Launcher.exe"=
"e:\\WOW\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Common Files\\soft602\\langserv.exe"=
"c:\\Program Files\\Common Files\\Common Desktop Agent\\CDASrv.exe"=
"c:\\Program Files\\Samsung\\Easy Printer Manager\\IDS.Application.exe"=
"c:\\Program Files\\Samsung\\Easy Printer Manager\\OrderSupplies.exe"=
"c:\\Program Files\\Samsung\\Easy Printer Manager\\IDSAlert.exe"=
"c:\\Program Files\\Samsung\\Easy Printer Manager\\CDAS2PC\\CDAS2PC.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 Dio06;Dio06;c:\windows\system32\drivers\Dio06.sys [26.3.2012 9:48 53632]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 9:20 103112]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\drivers\wfcxacap.sys [1.5.2011 23:36 9856]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [10.10.2011 14:55 85344]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [22.9.2011 12:03 974944]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\bin\fbguard.exe -s --> c:\program files\Firebird\bin\fbguard.exe -s [?]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [23.12.2010 8:06 5120]
R2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys [1.5.2011 23:36 31744]
R2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [1.5.2011 23:36 167040]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [16.12.2011 22:38 1714176]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\bin\fbserver.exe -s --> c:\program files\Firebird\bin\fbserver.exe -s [?]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys [1.5.2011 23:36 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [1.5.2011 23:36 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys [1.5.2011 23:36 10496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23.1.2012 23:53 136176]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [20.3.2012 0:20 2348352]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 8:50 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30.3.2012 19:06 253600]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3.10.2011 17:24 1691480]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [14.12.2011 22:50 30312]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [23.1.2012 23:53 136176]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files\MSI\Live Update 5\msibios32_100507.sys [3.10.2011 18:18 25912]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\MSI\Live Update 5\NTIOLib.sys [3.10.2011 18:18 7680]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 22:37 4640000]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [4.10.2011 21:14 155344]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [14.12.2011 22:50 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [14.12.2011 22:50 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [14.12.2011 22:50 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [14.12.2011 22:50 114280]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [25.10.2001 14:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
.
2012-03-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 17:06]
.
2012-01-21 c:\windows\Tasks\AdobeAAMUpdater-1.0-LOJZA-Nika.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-09-16 13:04]
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-23 21:53]
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-23 21:53]
.
.
------- Doplňkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\dn1qh2zu.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 4
.
.
------- Asociace souborů -------
.
txtfile="c:\program files\Metapad\metapad.exe" "%1"
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{4857813C-C591-4B72-8695-91ECEA588323} - (no file)
AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver - c:\program files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL
AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView - c:\program files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL
AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX - c:\program files\NVIDIA Corporation\Installer2\installer.1\NVI2.DLL
AddRemove-{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update - c:\program files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-31 00:13
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2012-03-31 00:14:47
ComboFix-quarantined-files.txt 2012-03-30 22:14
.
Před spuštěním: Volných bajtů: 38 153 814 016
Po spuštění: Volných bajtů: 38 223 233 024
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /usepmtimer
.
- - End Of File - - D43BFF75835D972D14752E08A6E18EDC
Re: Kontrola logu, prosím, Wigon v operační paměti
A ještě log z TDSS
23:35:04.0203 1720 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
23:35:04.0359 1720 ============================================================
23:35:04.0359 1720 Current date / time: 2012/03/30 23:35:04.0359
23:35:04.0359 1720 SystemInfo:
23:35:04.0359 1720
23:35:04.0359 1720 OS Version: 5.1.2600 ServicePack: 3.0
23:35:04.0359 1720 Product type: Workstation
23:35:04.0359 1720 ComputerName: LOJZA
23:35:04.0359 1720 UserName: Jirka
23:35:04.0359 1720 Windows directory: C:\WINDOWS
23:35:04.0359 1720 System windows directory: C:\WINDOWS
23:35:04.0359 1720 Processor architecture: Intel x86
23:35:04.0359 1720 Number of processors: 2
23:35:04.0359 1720 Page size: 0x1000
23:35:04.0359 1720 Boot type: Normal boot
23:35:04.0359 1720 ============================================================
23:35:05.0546 1720 Drive \Device\Harddisk0\DR0 - Size: 0x132C570000 (76.69 Gb), SectorSize: 0x200, Cylinders: 0x271B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:35:08.0703 1720 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:35:08.0718 1720 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:35:08.0734 1720 Drive \Device\Harddisk3\DR3 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:35:08.0750 1720 Drive \Device\Harddisk8\DR18 - Size: 0x75E00000 (1.84 Gb), SectorSize: 0x200, Cylinders: 0xF0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:35:08.0750 1720 \Device\Harddisk0\DR0:
23:35:08.0750 1720 MBR used
23:35:08.0750 1720 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x995C65B
23:35:08.0750 1720 \Device\Harddisk1\DR1:
23:35:08.0750 1720 MBR used
23:35:08.0765 1720 \Device\Harddisk2\DR2:
23:35:08.0765 1720 MBR used
23:35:08.0765 1720 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
23:35:08.0765 1720 \Device\Harddisk3\DR3:
23:35:08.0781 1720 MBR used
23:35:08.0781 1720 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
23:35:08.0781 1720 \Device\Harddisk8\DR18:
23:35:08.0781 1720 MBR used
23:35:08.0781 1720 \Device\Harddisk8\DR18\Partition0: MBR, Type 0x6, StartLBA 0x87, BlocksNum 0x3AE039
23:35:08.0937 1720 Initialize success
23:35:08.0937 1720 ============================================================
23:35:11.0750 3340 ============================================================
23:35:11.0750 3340 Scan started
23:35:11.0750 3340 Mode: Manual;
23:35:11.0750 3340 ============================================================
23:35:12.0093 3340 602XML Updater (f11d68e40ed62fdb7c460c445f1ec4e5) C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
23:35:12.0093 3340 602XML Updater - ok
23:35:12.0140 3340 Abiosdsk - ok
23:35:12.0171 3340 abp480n5 - ok
23:35:12.0187 3340 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
23:35:12.0203 3340 ACDaemon - ok
23:35:12.0250 3340 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:35:12.0250 3340 ACPI - ok
23:35:12.0296 3340 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:35:12.0296 3340 ACPIEC - ok
23:35:12.0359 3340 ACS (5ac144f03b31afab6717ad3622d1680d) C:\WINDOWS\system32\acs.exe
23:35:12.0375 3340 ACS - ok
23:35:12.0484 3340 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:35:12.0484 3340 AdobeFlashPlayerUpdateSvc - ok
23:35:12.0500 3340 adpu160m - ok
23:35:12.0562 3340 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:35:12.0578 3340 aec - ok
23:35:12.0625 3340 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:35:12.0625 3340 AFD - ok
23:35:12.0671 3340 Aha154x - ok
23:35:12.0703 3340 aic78u2 - ok
23:35:12.0734 3340 aic78xx - ok
23:35:12.0765 3340 Alerter (e0a6fa244b8624d78fe5ff6f56a33bae) C:\WINDOWS\system32\alrsvc.dll
23:35:12.0765 3340 Alerter - ok
23:35:12.0796 3340 ALG (88842de939a827577bf24243699ac80a) C:\WINDOWS\System32\alg.exe
23:35:12.0812 3340 ALG - ok
23:35:12.0828 3340 AliIde - ok
23:35:12.0937 3340 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
23:35:13.0000 3340 Ambfilt - ok
23:35:13.0062 3340 AmdK8 (99bd5596b5d06c2ead3cecc6f11999f5) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
23:35:13.0078 3340 AmdK8 - ok
23:35:13.0093 3340 amsint - ok
23:35:13.0156 3340 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\WINDOWS\system32\Drivers\ssadadb.sys
23:35:13.0156 3340 androidusb - ok
23:35:13.0203 3340 AppMgmt (6b8e7a90e576d4fe308f97c69060a171) C:\WINDOWS\System32\appmgmts.dll
23:35:13.0203 3340 AppMgmt - ok
23:35:13.0312 3340 AR9271 (8e2257584b2c52d44b4cb1949947d885) C:\WINDOWS\system32\DRIVERS\athuw.sys
23:35:13.0375 3340 AR9271 - ok
23:35:13.0421 3340 asc - ok
23:35:13.0453 3340 asc3350p - ok
23:35:13.0484 3340 asc3550 - ok
23:35:13.0531 3340 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:35:13.0546 3340 aspnet_state - ok
23:35:13.0578 3340 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:35:13.0578 3340 AsyncMac - ok
23:35:13.0609 3340 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:35:13.0609 3340 atapi - ok
23:35:13.0656 3340 Atdisk - ok
23:35:13.0718 3340 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:35:13.0734 3340 Atmarpc - ok
23:35:13.0781 3340 AudioSrv (de31b88962a8645dba5a37b993e7b0f1) C:\WINDOWS\System32\audiosrv.dll
23:35:13.0781 3340 AudioSrv - ok
23:35:13.0828 3340 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:35:13.0843 3340 audstub - ok
23:35:13.0890 3340 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:35:13.0890 3340 Beep - ok
23:35:13.0984 3340 BITS (19395d092fd85ddc2d9c7729cf5a2ac8) C:\WINDOWS\system32\qmgr.dll
23:35:13.0984 3340 BITS - ok
23:35:14.0031 3340 Browser (249276d3ef1e74b992299cb96099e4d7) C:\WINDOWS\System32\browser.dll
23:35:14.0031 3340 Browser - ok
23:35:14.0078 3340 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
23:35:14.0093 3340 BthEnum - ok
23:35:14.0171 3340 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
23:35:14.0187 3340 BTHMODEM - ok
23:35:14.0234 3340 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
23:35:14.0250 3340 BthPan - ok
23:35:14.0296 3340 BTHPORT (f338662a6c1fc11dd9508f6dff2c06a2) C:\WINDOWS\system32\Drivers\BTHport.sys
23:35:14.0312 3340 BTHPORT - ok
23:35:14.0359 3340 BthServ (70ca4b3f634c9dca200832f8da76e009) C:\WINDOWS\System32\bthserv.dll
23:35:14.0359 3340 BthServ - ok
23:35:14.0406 3340 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
23:35:14.0421 3340 BTHUSB - ok
23:35:14.0484 3340 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:35:14.0484 3340 cbidf2k - ok
23:35:14.0515 3340 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:35:14.0531 3340 CCDECODE - ok
23:35:14.0546 3340 cd20xrnt - ok
23:35:14.0593 3340 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:35:14.0593 3340 Cdaudio - ok
23:35:14.0640 3340 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:35:14.0640 3340 Cdfs - ok
23:35:14.0703 3340 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:35:14.0718 3340 Cdrom - ok
23:35:14.0734 3340 Changer - ok
23:35:14.0781 3340 cisvc (e390dc1d7c461d7d56ec53402f329928) C:\WINDOWS\System32\cisvc.exe
23:35:14.0781 3340 cisvc - ok
23:35:14.0828 3340 ClipSrv (064507a8dfa8c5c7e2ffddd3e6f424fa) C:\WINDOWS\system32\clipsrv.exe
23:35:14.0828 3340 ClipSrv - ok
23:35:14.0859 3340 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:35:14.0906 3340 clr_optimization_v2.0.50727_32 - ok
23:35:15.0015 3340 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:35:15.0015 3340 clr_optimization_v4.0.30319_32 - ok
23:35:15.0046 3340 CmdIde - ok
23:35:15.0062 3340 COMSysApp - ok
23:35:15.0093 3340 Cpqarray - ok
23:35:15.0140 3340 CryptSvc (f3ab0933cbd166d271992f411c27ccaf) C:\WINDOWS\System32\cryptsvc.dll
23:35:15.0140 3340 CryptSvc - ok
23:35:15.0171 3340 dac2w2k - ok
23:35:15.0187 3340 dac960nt - ok
23:35:15.0265 3340 DcomLaunch (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\system32\rpcss.dll
23:35:15.0265 3340 DcomLaunch - ok
23:35:15.0312 3340 Dhcp (8c9a53e285ac5e6704844d0459ec85be) C:\WINDOWS\System32\dhcpcsvc.dll
23:35:15.0312 3340 Dhcp - ok
23:35:15.0390 3340 Dio06 (7b8ef391d8bf6cecc8c8712cd03170ad) C:\WINDOWS\system32\Drivers\Dio06.sys
23:35:15.0390 3340 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\Dio06.sys. md5: 7b8ef391d8bf6cecc8c8712cd03170ad
23:35:15.0390 3340 Dio06 ( LockedFile.Multi.Generic ) - warning
23:35:15.0390 3340 Dio06 - detected LockedFile.Multi.Generic (1)
23:35:15.0437 3340 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:35:15.0437 3340 Disk - ok
23:35:15.0468 3340 dmadmin - ok
23:35:15.0515 3340 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
23:35:15.0562 3340 dmboot - ok
23:35:15.0609 3340 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
23:35:15.0609 3340 dmio - ok
23:35:15.0656 3340 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:35:15.0656 3340 dmload - ok
23:35:15.0703 3340 dmserver (2bfefe9e865655a76982f050450b9591) C:\WINDOWS\System32\dmserver.dll
23:35:15.0703 3340 dmserver - ok
23:35:15.0765 3340 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:35:15.0765 3340 DMusic - ok
23:35:15.0812 3340 Dnscache (dfaa406bf19f4ee806a6f8d4342137f7) C:\WINDOWS\System32\dnsrslvr.dll
23:35:15.0812 3340 Dnscache - ok
23:35:15.0859 3340 Dot3svc (4a3e2bd20157a0946751229e92eb8621) C:\WINDOWS\System32\dot3svc.dll
23:35:15.0875 3340 Dot3svc - ok
23:35:15.0906 3340 dpti2o - ok
23:35:15.0921 3340 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:35:15.0937 3340 drmkaud - ok
23:35:15.0984 3340 eamon (9309c5c9831203436e64cf2ae605c5d7) C:\WINDOWS\system32\DRIVERS\eamon.sys
23:35:15.0984 3340 eamon - ok
23:35:16.0015 3340 EapHost (0887d9c2be8d940778cad1e3b85f2a41) C:\WINDOWS\System32\eapsvc.dll
23:35:16.0015 3340 EapHost - ok
23:35:16.0078 3340 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
23:35:16.0093 3340 ehdrv - ok
23:35:16.0203 3340 ekrn (c7bb95cf9631aa401e4aded1648f6af7) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
23:35:16.0218 3340 ekrn - ok
23:35:16.0281 3340 epfwtdir (06c65ac0a703cf8eea4f284d901a1550) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
23:35:16.0312 3340 epfwtdir - ok
23:35:16.0359 3340 ERSvc (a2a4912798f2be706abadd3d30800d16) C:\WINDOWS\System32\ersvc.dll
23:35:16.0359 3340 ERSvc - ok
23:35:16.0406 3340 Eventlog (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
23:35:16.0406 3340 Eventlog - ok
23:35:16.0468 3340 EventSystem (a371f11ef07653591c8de26afb13ce7f) C:\WINDOWS\System32\es.dll
23:35:16.0468 3340 EventSystem - ok
23:35:16.0546 3340 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:35:16.0546 3340 Fastfat - ok
23:35:16.0593 3340 FastUserSwitchingCompatibility (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
23:35:16.0593 3340 FastUserSwitchingCompatibility - ok
23:35:16.0640 3340 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:35:16.0656 3340 Fdc - ok
23:35:16.0703 3340 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
23:35:16.0703 3340 Fips - ok
23:35:16.0765 3340 FirebirdGuardianDefaultInstance - ok
23:35:16.0765 3340 FirebirdServerDefaultInstance - ok
23:35:16.0796 3340 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:35:16.0812 3340 Flpydisk - ok
23:35:16.0875 3340 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:35:16.0875 3340 FltMgr - ok
23:35:16.0937 3340 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:35:16.0937 3340 FontCache3.0.0.0 - ok
23:35:16.0984 3340 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:35:16.0984 3340 Fs_Rec - ok
23:35:17.0015 3340 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:35:17.0015 3340 Ftdisk - ok
23:35:17.0062 3340 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:35:17.0078 3340 Gpc - ok
23:35:17.0187 3340 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
23:35:17.0203 3340 gupdate - ok
23:35:17.0203 3340 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
23:35:17.0203 3340 gupdatem - ok
23:35:17.0265 3340 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:35:17.0265 3340 gusvc - ok
23:35:17.0406 3340 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:35:17.0406 3340 HDAudBus - ok
23:35:17.0484 3340 helpsvc (fcfe31fb75f8a6295b6b0af87a626282) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:35:17.0484 3340 helpsvc - ok
23:35:17.0515 3340 HidServ (00e25ee90166b3e1be6e74aebf858306) C:\WINDOWS\System32\hidserv.dll
23:35:17.0515 3340 HidServ - ok
23:35:17.0578 3340 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:35:17.0593 3340 hidusb - ok
23:35:17.0640 3340 hkmsvc (7a6b320928f86bc851530d63c82965d9) C:\WINDOWS\System32\kmsvc.dll
23:35:17.0640 3340 hkmsvc - ok
23:35:17.0671 3340 hpn - ok
23:35:17.0703 3340 hpt3xx - ok
23:35:17.0750 3340 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:35:17.0765 3340 HTTP - ok
23:35:17.0796 3340 HTTPFilter (58fe2f2da3bc5573f4a35b3760d3125f) C:\WINDOWS\System32\w3ssl.dll
23:35:17.0796 3340 HTTPFilter - ok
23:35:17.0828 3340 i2omgmt - ok
23:35:17.0843 3340 i2omp - ok
23:35:17.0890 3340 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:35:17.0906 3340 i8042prt - ok
23:35:18.0000 3340 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:35:18.0031 3340 idsvc - ok
23:35:18.0109 3340 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:35:18.0125 3340 Imapi - ok
23:35:18.0187 3340 ImapiService (f7b93aafad33b2320954c17e26c8d361) C:\WINDOWS\System32\imapi.exe
23:35:18.0187 3340 ImapiService - ok
23:35:18.0218 3340 ini910u - ok
23:35:18.0484 3340 IntcAzAudAddService (09e73e7455e7eac14e25739b30e16b52) C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:35:18.0546 3340 IntcAzAudAddService - ok
23:35:18.0593 3340 IntelIde - ok
23:35:18.0656 3340 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:35:18.0687 3340 ip6fw - ok
23:35:18.0718 3340 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:35:18.0750 3340 IpFilterDriver - ok
23:35:18.0765 3340 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:35:18.0781 3340 IpInIp - ok
23:35:18.0828 3340 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:35:18.0843 3340 IpNat - ok
23:35:18.0906 3340 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:35:18.0921 3340 IPSec - ok
23:35:18.0953 3340 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:35:18.0968 3340 IRENUM - ok
23:35:19.0000 3340 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:35:19.0000 3340 isapnp - ok
23:35:19.0109 3340 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
23:35:19.0109 3340 JavaQuickStarterService - ok
23:35:19.0187 3340 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:35:19.0203 3340 Kbdclass - ok
23:35:19.0234 3340 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:35:19.0250 3340 kbdhid - ok
23:35:19.0312 3340 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:35:19.0312 3340 kmixer - ok
23:35:19.0359 3340 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:35:19.0359 3340 KSecDD - ok
23:35:19.0453 3340 lanmanserver (3428e8f86f8add36b42fb23542c7b3e4) C:\WINDOWS\System32\srvsvc.dll
23:35:19.0453 3340 lanmanserver - ok
23:35:19.0515 3340 lanmanworkstation (936c1d110232d23b621cb0196e4f80f0) C:\WINDOWS\System32\wkssvc.dll
23:35:19.0515 3340 lanmanworkstation - ok
23:35:19.0531 3340 lbrtfdc - ok
23:35:19.0578 3340 LmHosts (0ab159f536e3e8f7f07113702a07cca5) C:\WINDOWS\System32\lmhsvc.dll
23:35:19.0593 3340 LmHosts - ok
23:35:19.0640 3340 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
23:35:19.0656 3340 MDM - ok
23:35:19.0734 3340 Messenger (221cd1c815b8a6b79389c3f5d1018de8) C:\WINDOWS\System32\msgsvc.dll
23:35:19.0734 3340 Messenger - ok
23:35:19.0812 3340 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
23:35:19.0812 3340 Microsoft Office Groove Audit Service - ok
23:35:19.0875 3340 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:35:19.0875 3340 mnmdd - ok
23:35:19.0953 3340 mnmsrvc (9a57d046f88f4b69751b11fd40088a61) C:\WINDOWS\System32\mnmsrvc.exe
23:35:19.0953 3340 mnmsrvc - ok
23:35:19.0984 3340 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
23:35:19.0984 3340 Modem - ok
23:35:20.0078 3340 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
23:35:20.0125 3340 Monfilt - ok
23:35:20.0250 3340 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:35:20.0312 3340 Mouclass - ok
23:35:20.0359 3340 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:35:20.0375 3340 mouhid - ok
23:35:20.0437 3340 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:35:20.0437 3340 MountMgr - ok
23:35:20.0484 3340 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
23:35:20.0500 3340 MPE - ok
23:35:20.0531 3340 mraid35x - ok
23:35:20.0562 3340 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:35:20.0562 3340 MRxDAV - ok
23:35:20.0625 3340 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:35:20.0640 3340 MRxSmb - ok
23:35:20.0687 3340 MSDTC (6db4d1521caba9a5ffab54ade0ae867d) C:\WINDOWS\System32\msdtc.exe
23:35:20.0687 3340 MSDTC - ok
23:35:20.0750 3340 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:35:20.0750 3340 Msfs - ok
23:35:20.0765 3340 MSIServer - ok
23:35:20.0843 3340 MSI_MSIBIOS_010507 (3846c05a66a3f5cd1d33e1a323c1762c) C:\Program Files\MSI\Live Update 5\msibios32_100507.sys
23:35:20.0843 3340 MSI_MSIBIOS_010507 - ok
23:35:20.0875 3340 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:35:20.0890 3340 MSKSSRV - ok
23:35:20.0921 3340 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:35:20.0937 3340 MSPCLOCK - ok
23:35:20.0984 3340 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:35:21.0000 3340 MSPQM - ok
23:35:21.0046 3340 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:35:21.0046 3340 mssmbios - ok
23:35:21.0078 3340 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
23:35:21.0093 3340 MSTEE - ok
23:35:21.0156 3340 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:35:21.0156 3340 Mup - ok
23:35:21.0265 3340 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:35:21.0281 3340 NABTSFEC - ok
23:35:21.0359 3340 napagent (6ea362e9db03d44f6b996f4d8be237e9) C:\WINDOWS\System32\qagentrt.dll
23:35:21.0375 3340 napagent - ok
23:35:21.0421 3340 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:35:21.0421 3340 NDIS - ok
23:35:21.0500 3340 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:35:21.0500 3340 NdisIP - ok
23:35:21.0562 3340 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:35:21.0562 3340 NdisTapi - ok
23:35:21.0593 3340 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:35:21.0609 3340 Ndisuio - ok
23:35:21.0625 3340 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:35:21.0656 3340 NdisWan - ok
23:35:21.0703 3340 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:35:21.0703 3340 NDProxy - ok
23:35:21.0781 3340 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:35:21.0781 3340 NetBIOS - ok
23:35:21.0828 3340 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:35:21.0843 3340 NetBT - ok
23:35:21.0890 3340 NetDDE (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
23:35:21.0890 3340 NetDDE - ok
23:35:21.0906 3340 NetDDEdsdm (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
23:35:21.0906 3340 NetDDEdsdm - ok
23:35:21.0953 3340 Netlogon (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\System32\lsass.exe
23:35:21.0953 3340 Netlogon - ok
23:35:22.0015 3340 Netman (72e1e9e2977be08bdeedb6d8fd9d4d40) C:\WINDOWS\System32\netman.dll
23:35:22.0015 3340 Netman - ok
23:35:22.0062 3340 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:35:22.0062 3340 NetTcpPortSharing - ok
23:35:22.0125 3340 Nla (39ee7c3bfbc64ba87cc8cf67386e814c) C:\WINDOWS\System32\mswsock.dll
23:35:22.0125 3340 Nla - ok
23:35:22.0203 3340 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:35:22.0203 3340 Npfs - ok
23:35:22.0375 3340 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:35:22.0406 3340 Ntfs - ok
23:35:22.0484 3340 NTIOLib_1_0_4 (cd2166c9511d336a058cde91778aaa69) C:\Program Files\MSI\Live Update 5\NTIOLib.sys
23:35:22.0484 3340 NTIOLib_1_0_4 - ok
23:35:22.0578 3340 NtLmSsp (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\System32\lsass.exe
23:35:22.0578 3340 NtLmSsp - ok
23:35:22.0640 3340 NtmsSvc (023dd70573d644f3d9c8b1258a7bfd08) C:\WINDOWS\system32\ntmssvc.dll
23:35:22.0640 3340 NtmsSvc - ok
23:35:22.0687 3340 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:35:22.0687 3340 Null - ok
23:35:23.0109 3340 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:35:23.0546 3340 nv - ok
23:35:23.0625 3340 NVENETFD (45ba510db13a0496db1cd16826519e03) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
23:35:23.0640 3340 NVENETFD - ok
23:35:23.0671 3340 nvnetbus (57cbdb934fb1afb7e03b413d151a6152) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
23:35:23.0687 3340 nvnetbus - ok
23:35:23.0734 3340 nvsvc (a2322c6207ebb0761a6c8cc9003ebacf) C:\WINDOWS\system32\nvsvc32.exe
23:35:23.0734 3340 nvsvc - ok
23:35:23.0906 3340 nvUpdatusService (844a25c9e3076edef2b12e0beded755d) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
23:35:23.0921 3340 nvUpdatusService - ok
23:35:24.0015 3340 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:35:24.0031 3340 NwlnkFlt - ok
23:35:24.0062 3340 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:35:24.0078 3340 NwlnkFwd - ok
23:35:24.0203 3340 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:35:24.0203 3340 odserv - ok
23:35:24.0281 3340 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:35:24.0281 3340 ose - ok
23:35:24.0515 3340 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:35:24.0531 3340 osppsvc - ok
23:35:24.0625 3340 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
23:35:24.0640 3340 Parport - ok
23:35:24.0703 3340 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:35:24.0703 3340 PartMgr - ok
23:35:24.0750 3340 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
23:35:24.0750 3340 ParVdm - ok
23:35:24.0781 3340 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
23:35:24.0781 3340 PCI - ok
23:35:24.0812 3340 PCIDump - ok
23:35:24.0843 3340 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:35:24.0843 3340 PCIIde - ok
23:35:24.0890 3340 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:35:24.0890 3340 Pcmcia - ok
23:35:24.0953 3340 PDCOMP - ok
23:35:24.0984 3340 PDFRAME - ok
23:35:25.0000 3340 PDRELI - ok
23:35:25.0031 3340 PDRFRAME - ok
23:35:25.0062 3340 perc2 - ok
23:35:25.0078 3340 perc2hib - ok
23:35:25.0125 3340 PlugPlay (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
23:35:25.0140 3340 PlugPlay - ok
23:35:25.0171 3340 PolicyAgent (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\System32\lsass.exe
23:35:25.0171 3340 PolicyAgent - ok
23:35:25.0218 3340 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:35:25.0234 3340 PptpMiniport - ok
23:35:25.0296 3340 Processor (7eb15dce4ec3a0220bd796a15c18186e) C:\WINDOWS\system32\DRIVERS\processr.sys
23:35:25.0312 3340 Processor - ok
23:35:25.0359 3340 ProtectedStorage (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
23:35:25.0359 3340 ProtectedStorage - ok
23:35:25.0390 3340 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:35:25.0421 3340 PSched - ok
23:35:25.0500 3340 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
23:35:25.0500 3340 PSI_SVC_2 - ok
23:35:25.0562 3340 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:35:25.0578 3340 Ptilink - ok
23:35:25.0625 3340 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:35:25.0625 3340 PxHelp20 - ok
23:35:25.0656 3340 ql1080 - ok
23:35:25.0671 3340 Ql10wnt - ok
23:35:25.0703 3340 ql12160 - ok
23:35:25.0734 3340 ql1240 - ok
23:35:25.0750 3340 ql1280 - ok
23:35:25.0781 3340 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:35:25.0796 3340 RasAcd - ok
23:35:25.0843 3340 RasAuto (2b5e44ea009f2f374b980e1e9a70635d) C:\WINDOWS\System32\rasauto.dll
23:35:25.0843 3340 RasAuto - ok
23:35:25.0921 3340 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:35:25.0937 3340 Rasl2tp - ok
23:35:26.0000 3340 RasMan (d57554c664b64604bd1ee13ea2c07e77) C:\WINDOWS\System32\rasmans.dll
23:35:26.0000 3340 RasMan - ok
23:35:26.0031 3340 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:35:26.0046 3340 RasPppoe - ok
23:35:26.0078 3340 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:35:26.0093 3340 Raspti - ok
23:35:26.0171 3340 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:35:26.0171 3340 Rdbss - ok
23:35:26.0250 3340 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:35:26.0265 3340 RDPCDD - ok
23:35:26.0343 3340 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:35:26.0375 3340 rdpdr - ok
23:35:26.0437 3340 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
23:35:26.0437 3340 RDPWD - ok
23:35:26.0484 3340 RDSessMgr (c0d9d9711cb74ee9bc66353d8cbdab0e) C:\WINDOWS\system32\sessmgr.exe
23:35:26.0484 3340 RDSessMgr - ok
23:35:26.0562 3340 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:35:26.0578 3340 redbook - ok
23:35:26.0609 3340 RemoteAccess (127c26b5371651043450e52542099aba) C:\WINDOWS\System32\mprdim.dll
23:35:26.0625 3340 RemoteAccess - ok
23:35:26.0656 3340 RemoteRegistry (8f31505484a190d5b22274708799f4ec) C:\WINDOWS\system32\regsvc.dll
23:35:26.0656 3340 RemoteRegistry - ok
23:35:26.0750 3340 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
23:35:26.0765 3340 RFCOMM - ok
23:35:26.0812 3340 RpcLocator (718b3bdc0bc3c2f7d065a53d26202af9) C:\WINDOWS\System32\locator.exe
23:35:26.0812 3340 RpcLocator - ok
23:35:26.0875 3340 RpcSs (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\system32\rpcss.dll
23:35:26.0890 3340 RpcSs - ok
23:35:26.0953 3340 RSVP (09ab2e71e58b078038e3bfdba7ffc984) C:\WINDOWS\System32\rsvp.exe
23:35:26.0953 3340 RSVP - ok
23:35:26.0984 3340 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
23:35:27.0000 3340 RTL8023xp - ok
23:35:27.0046 3340 SamSs (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
23:35:27.0046 3340 SamSs - ok
23:35:27.0093 3340 SCardSvr (410046e401eb11e1e6749e9deea41d4a) C:\WINDOWS\System32\SCardSvr.exe
23:35:27.0109 3340 SCardSvr - ok
23:35:27.0218 3340 Schedule (3ff232a7731621b8902d81d42418c93c) C:\WINDOWS\system32\schedsvc.dll
23:35:27.0218 3340 Schedule - ok
23:35:27.0343 3340 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:35:27.0359 3340 Secdrv - ok
23:35:27.0437 3340 seclogon (477e2c3cc5e4a0d635bcb0ea8dcac3c6) C:\WINDOWS\System32\seclogon.dll
23:35:27.0437 3340 seclogon - ok
23:35:27.0468 3340 SENS (a530b75c10c23c9ab28fdb6ce719e21f) C:\WINDOWS\system32\sens.dll
23:35:27.0484 3340 SENS - ok
23:35:27.0515 3340 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:35:27.0531 3340 serenum - ok
23:35:27.0578 3340 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
23:35:27.0609 3340 Serial - ok
23:35:27.0687 3340 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:35:27.0687 3340 Sfloppy - ok
23:35:27.0750 3340 SharedAccess (f58faca9621d2db01bd0927d9a0a208e) C:\WINDOWS\System32\ipnathlp.dll
23:35:27.0750 3340 SharedAccess - ok
23:35:27.0781 3340 ShellHWDetection (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
23:35:27.0781 3340 ShellHWDetection - ok
23:35:27.0812 3340 Simbad - ok
23:35:27.0875 3340 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
23:35:27.0875 3340 SkypeUpdate - ok
23:35:27.0937 3340 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:35:27.0953 3340 SLIP - ok
23:35:28.0015 3340 Sony Ericsson PCCompanion (1a623f2b69e1f182f995f963c55db935) C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
23:35:28.0015 3340 Sony Ericsson PCCompanion - ok
23:35:28.0046 3340 Sparrow - ok
23:35:28.0093 3340 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:35:28.0109 3340 splitter - ok
23:35:28.0187 3340 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
23:35:28.0187 3340 Spooler - ok
23:35:28.0265 3340 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
23:35:28.0265 3340 sr - ok
23:35:28.0343 3340 srservice (35b91147124f64ac8081a2edb9ea4dee) C:\WINDOWS\System32\srsvc.dll
23:35:28.0343 3340 srservice - ok
23:35:28.0406 3340 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:35:28.0421 3340 Srv - ok
23:35:28.0500 3340 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
23:35:28.0515 3340 ssadbus - ok
23:35:28.0546 3340 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
23:35:28.0562 3340 ssadmdfl - ok
23:35:28.0609 3340 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
23:35:28.0640 3340 ssadmdm - ok
23:35:28.0687 3340 ssadserd (1a5a397bc459f346ab56492b61ef79f6) C:\WINDOWS\system32\DRIVERS\ssadserd.sys
23:35:28.0703 3340 ssadserd - ok
23:35:28.0781 3340 sscdbus (069351a1d7d291013177a90ae6edccbc) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
23:35:28.0796 3340 sscdbus - ok
23:35:28.0843 3340 sscdmdfl (1c925be223a5c0f9f469252292a48df6) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
23:35:28.0859 3340 sscdmdfl - ok
23:35:28.0890 3340 sscdmdm (ae3e77ae0fbdb07eb1ac3fed74a0695e) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
23:35:28.0906 3340 sscdmdm - ok
23:35:28.0953 3340 SSDPSRV (becd5271dc4e3b7c3d035f790fcbc1e5) C:\WINDOWS\System32\ssdpsrv.dll
23:35:28.0953 3340 SSDPSRV - ok
23:35:29.0000 3340 SSPORT (ef3458337d7341a05169cefc73709264) C:\WINDOWS\system32\Drivers\SSPORT.sys
23:35:29.0000 3340 SSPORT - ok
23:35:29.0031 3340 stisvc (c1cdd9275f6a115bb0ae1d55d8d27ba6) C:\WINDOWS\system32\wiaservc.dll
23:35:29.0031 3340 stisvc - ok
23:35:29.0109 3340 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:35:29.0109 3340 streamip - ok
23:35:29.0171 3340 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:35:29.0203 3340 swenum - ok
23:35:29.0312 3340 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
23:35:29.0328 3340 SwitchBoard - ok
23:35:29.0484 3340 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:35:29.0546 3340 swmidi - ok
23:35:29.0578 3340 SwPrv - ok
23:35:29.0609 3340 symc810 - ok
23:35:29.0640 3340 symc8xx - ok
23:35:29.0656 3340 sym_hi - ok
23:35:29.0687 3340 sym_u3 - ok
23:35:29.0718 3340 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:35:29.0718 3340 sysaudio - ok
23:35:29.0765 3340 SysmonLog (ce06f01b88ace199a1bf460cac29c110) C:\WINDOWS\system32\smlogsvc.exe
23:35:29.0765 3340 SysmonLog - ok
23:35:29.0812 3340 TapiSrv (c2546cd7a398476f9df5614b2ae160e8) C:\WINDOWS\System32\tapisrv.dll
23:35:29.0812 3340 TapiSrv - ok
23:35:29.0875 3340 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:35:29.0890 3340 Tcpip - ok
23:35:30.0000 3340 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:35:30.0000 3340 TDPIPE - ok
23:35:30.0031 3340 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:35:30.0031 3340 TDTCP - ok
23:35:30.0062 3340 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:35:30.0109 3340 TermDD - ok
23:35:30.0171 3340 TermService (a75dd6fc3dbee4fff5ebc9f2c28bb66e) C:\WINDOWS\System32\termsrv.dll
23:35:30.0187 3340 TermService - ok
23:35:30.0234 3340 Themes (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
23:35:30.0234 3340 Themes - ok
23:35:30.0328 3340 TlntSvr (cd0cc7b167d78043a41c98d4921efb54) C:\WINDOWS\System32\tlntsvr.exe
23:35:30.0343 3340 TlntSvr - ok
23:35:30.0375 3340 TosIde - ok
23:35:30.0453 3340 TrkWks (38853304ccb938d30e0c4cde8d2c2a8a) C:\WINDOWS\system32\trkwks.dll
23:35:30.0453 3340 TrkWks - ok
23:35:30.0515 3340 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:35:30.0515 3340 Udfs - ok
23:35:30.0562 3340 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
23:35:30.0562 3340 UleadBurningHelper - ok
23:35:30.0609 3340 ultra - ok
23:35:30.0671 3340 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:35:30.0718 3340 Update - ok
23:35:30.0781 3340 upnphost (651bd90dcee5b7bdc74a2eb7c9266f9e) C:\WINDOWS\System32\upnphost.dll
23:35:30.0781 3340 upnphost - ok
23:35:30.0812 3340 UPS (20a0f6a11959e92908717d09e87d670d) C:\WINDOWS\System32\ups.exe
23:35:30.0812 3340 UPS - ok
23:35:30.0875 3340 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:35:30.0890 3340 usbccgp - ok
23:35:30.0937 3340 USBCCID (2825e0e294686a26506690059e1f437a) C:\WINDOWS\system32\DRIVERS\usbccid.sys
23:35:30.0968 3340 USBCCID - ok
23:35:31.0015 3340 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:35:31.0031 3340 usbehci - ok
23:35:31.0109 3340 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:35:31.0125 3340 usbhub - ok
23:35:31.0187 3340 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:35:31.0203 3340 usbohci - ok
23:35:31.0265 3340 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:35:31.0281 3340 usbprint - ok
23:35:31.0343 3340 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:35:31.0359 3340 usbscan - ok
23:35:31.0437 3340 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:35:31.0453 3340 USBSTOR - ok
23:35:31.0500 3340 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:35:31.0500 3340 VgaSave - ok
23:35:31.0531 3340 ViaIde - ok
23:35:31.0578 3340 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
23:35:31.0578 3340 VolSnap - ok
23:35:31.0640 3340 VSS (d6ba1a63d9e00933f1cd2a885573afb2) C:\WINDOWS\System32\vssvc.exe
23:35:31.0640 3340 VSS - ok
23:35:31.0687 3340 W32Time (fa4e1cdba256787f2149f4aad07bc91f) C:\WINDOWS\System32\w32time.dll
23:35:31.0703 3340 W32Time - ok
23:35:31.0750 3340 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:35:31.0765 3340 Wanarp - ok
23:35:31.0843 3340 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
23:35:31.0843 3340 Wdf01000 - ok
23:35:31.0875 3340 WDICA - ok
23:35:31.0921 3340 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:35:31.0937 3340 wdmaud - ok
23:35:32.0000 3340 WebClient (47ae51048a82dfa1cd6b51d369f7e169) C:\WINDOWS\System32\webclnt.dll
23:35:32.0000 3340 WebClient - ok
23:35:32.0062 3340 wfcxacap (0e507042ccefc40b8bb5dde75a7bd0c7) C:\WINDOWS\system32\DRIVERS\wfcxacap.sys
23:35:32.0062 3340 wfcxacap - ok
23:35:32.0109 3340 wfcxatun (b8acb6b48f928ff5e58b1a2dc3fa628c) C:\WINDOWS\system32\drivers\wfcxatun.sys
23:35:32.0125 3340 wfcxatun - ok
23:35:32.0156 3340 wfcxdtun (e32eeeac4ed0249474a2c9b71f1d5a73) C:\WINDOWS\system32\drivers\wfcxdtun.sys
23:35:32.0156 3340 wfcxdtun - ok
23:35:32.0203 3340 wfcxtcap (fc4f80b8c23dbf4d23a9a4ded38cf430) C:\WINDOWS\system32\drivers\wfcxtcap.sys
23:35:32.0203 3340 wfcxtcap - ok
23:35:32.0250 3340 WFCXVCAP (e9905845abc7b3521f642f9c8d08a03e) C:\WINDOWS\system32\drivers\wfcxvcap.sys
23:35:32.0265 3340 WFCXVCAP - ok
23:35:32.0296 3340 wfcxxbar (0aed0d6f83ade999fa6a8e485830e4c5) C:\WINDOWS\system32\drivers\wfcxxbar.sys
23:35:32.0312 3340 wfcxxbar - ok
23:35:32.0343 3340 WIBUKEY (afcea7939925378f867dde6af76f3924) C:\WINDOWS\system32\DRIVERS\WibuKey.sys
23:35:32.0375 3340 WIBUKEY - ok
23:35:32.0421 3340 winmgmt (e488332126e3b1182d2b8a0c35408ec6) C:\WINDOWS\system32\wbem\WMIsvc.dll
23:35:32.0421 3340 winmgmt - ok
23:35:32.0500 3340 WinRM (4d34cedd74bdbf2b6a935eae3bf80543) C:\WINDOWS\system32\WsmSvc.dll
23:35:32.0515 3340 WinRM - ok
23:35:32.0593 3340 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
23:35:32.0593 3340 WinUSB - ok
23:35:32.0640 3340 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
23:35:32.0640 3340 WmdmPmSN - ok
23:35:32.0718 3340 Wmi (0171cff34bba8c5977f18c48d8aef8c6) C:\WINDOWS\System32\advapi32.dll
23:35:32.0734 3340 Wmi - ok
23:35:32.0796 3340 WmiApSrv (23f6f03272f7e5679f1f050aed5acee6) C:\WINDOWS\System32\wbem\wmiapsrv.exe
23:35:32.0796 3340 WmiApSrv - ok
23:35:32.0906 3340 WMPNetworkSvc (3739866d20abd42f26a7b85f9e2560af) C:\Program Files\Windows Media Player\WMPNetwk.exe
23:35:32.0937 3340 WMPNetworkSvc - ok
23:35:33.0015 3340 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
23:35:33.0015 3340 WpdUsb - ok
23:35:33.0125 3340 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:35:33.0125 3340 WPFFontCache_v0400 - ok
23:35:33.0250 3340 wscsvc (4c86d5faf78194995af9cc1075f65dd3) C:\WINDOWS\system32\wscsvc.dll
23:35:33.0250 3340 wscsvc - ok
23:35:33.0281 3340 WSIMD (0091d78c5f8fde0cdf2b214823de6e48) C:\WINDOWS\system32\DRIVERS\wsimd.sys
23:35:33.0312 3340 WSIMD - ok
23:35:33.0359 3340 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:35:33.0375 3340 WSTCODEC - ok
23:35:33.0421 3340 wuauserv (c1364564800ee9784192145324a23308) C:\WINDOWS\system32\wuauserv.dll
23:35:33.0421 3340 wuauserv - ok
23:35:33.0468 3340 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:35:33.0468 3340 WudfPf - ok
23:35:33.0546 3340 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:35:33.0546 3340 WudfRd - ok
23:35:33.0593 3340 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
23:35:33.0593 3340 WudfSvc - ok
23:35:33.0656 3340 WZCSVC (a27d4ba7264c0bf52f32d10405bea1d4) C:\WINDOWS\System32\wzcsvc.dll
23:35:33.0671 3340 WZCSVC - ok
23:35:33.0765 3340 xmlprov (eaa4bb9edb3fb10cf8979fe65e63658f) C:\WINDOWS\System32\xmlprov.dll
23:35:33.0765 3340 xmlprov - ok
23:35:33.0796 3340 MBR (0x1B8) (faacde0542989a34aaea8650dd223935) \Device\Harddisk0\DR0
23:35:33.0812 3340 \Device\Harddisk0\DR0 - ok
23:35:33.0812 3340 MBR (0x1B8) (8548a4bd85bff9512789e36382a4c809) \Device\Harddisk1\DR1
23:35:33.0843 3340 \Device\Harddisk1\DR1 - ok
23:35:33.0843 3340 MBR (0x1B8) (faacde0542989a34aaea8650dd223935) \Device\Harddisk2\DR2
23:35:33.0875 3340 \Device\Harddisk2\DR2 - ok
23:35:33.0875 3340 MBR (0x1B8) (faacde0542989a34aaea8650dd223935) \Device\Harddisk3\DR3
23:35:34.0296 3340 \Device\Harddisk3\DR3 - ok
23:35:34.0296 3340 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk8\DR18
23:35:34.0296 3340 \Device\Harddisk8\DR18 - ok
23:35:34.0312 3340 Boot (0x1200) (33ed982f6ce5e41dc63b77efcc5b4bf9) \Device\Harddisk0\DR0\Partition0
23:35:34.0312 3340 \Device\Harddisk0\DR0\Partition0 - ok
23:35:34.0328 3340 Boot (0x1200) (7398844371f2804edac43da9e0d912b9) \Device\Harddisk2\DR2\Partition0
23:35:34.0343 3340 \Device\Harddisk2\DR2\Partition0 - ok
23:35:34.0343 3340 Boot (0x1200) (072255499779b0f88ca647eb00dcc86c) \Device\Harddisk3\DR3\Partition0
23:35:34.0343 3340 \Device\Harddisk3\DR3\Partition0 - ok
23:35:34.0343 3340 Boot (0x1200) (25d35ba80111458eb4bde85ef41a37bd) \Device\Harddisk8\DR18\Partition0
23:35:34.0343 3340 \Device\Harddisk8\DR18\Partition0 - ok
23:35:34.0343 3340 ============================================================
23:35:34.0343 3340 Scan finished
23:35:34.0343 3340 ============================================================
23:35:34.0359 3252 Detected object count: 1
23:35:34.0359 3252 Actual detected object count: 1
23:36:30.0968 3252 Dio06 ( LockedFile.Multi.Generic ) - skipped by user
23:36:30.0968 3252 Dio06 ( LockedFile.Multi.Generic ) - User select action: Skip
23:35:04.0203 1720 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
23:35:04.0359 1720 ============================================================
23:35:04.0359 1720 Current date / time: 2012/03/30 23:35:04.0359
23:35:04.0359 1720 SystemInfo:
23:35:04.0359 1720
23:35:04.0359 1720 OS Version: 5.1.2600 ServicePack: 3.0
23:35:04.0359 1720 Product type: Workstation
23:35:04.0359 1720 ComputerName: LOJZA
23:35:04.0359 1720 UserName: Jirka
23:35:04.0359 1720 Windows directory: C:\WINDOWS
23:35:04.0359 1720 System windows directory: C:\WINDOWS
23:35:04.0359 1720 Processor architecture: Intel x86
23:35:04.0359 1720 Number of processors: 2
23:35:04.0359 1720 Page size: 0x1000
23:35:04.0359 1720 Boot type: Normal boot
23:35:04.0359 1720 ============================================================
23:35:05.0546 1720 Drive \Device\Harddisk0\DR0 - Size: 0x132C570000 (76.69 Gb), SectorSize: 0x200, Cylinders: 0x271B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:35:08.0703 1720 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:35:08.0718 1720 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:35:08.0734 1720 Drive \Device\Harddisk3\DR3 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:35:08.0750 1720 Drive \Device\Harddisk8\DR18 - Size: 0x75E00000 (1.84 Gb), SectorSize: 0x200, Cylinders: 0xF0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:35:08.0750 1720 \Device\Harddisk0\DR0:
23:35:08.0750 1720 MBR used
23:35:08.0750 1720 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x995C65B
23:35:08.0750 1720 \Device\Harddisk1\DR1:
23:35:08.0750 1720 MBR used
23:35:08.0765 1720 \Device\Harddisk2\DR2:
23:35:08.0765 1720 MBR used
23:35:08.0765 1720 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
23:35:08.0765 1720 \Device\Harddisk3\DR3:
23:35:08.0781 1720 MBR used
23:35:08.0781 1720 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
23:35:08.0781 1720 \Device\Harddisk8\DR18:
23:35:08.0781 1720 MBR used
23:35:08.0781 1720 \Device\Harddisk8\DR18\Partition0: MBR, Type 0x6, StartLBA 0x87, BlocksNum 0x3AE039
23:35:08.0937 1720 Initialize success
23:35:08.0937 1720 ============================================================
23:35:11.0750 3340 ============================================================
23:35:11.0750 3340 Scan started
23:35:11.0750 3340 Mode: Manual;
23:35:11.0750 3340 ============================================================
23:35:12.0093 3340 602XML Updater (f11d68e40ed62fdb7c460c445f1ec4e5) C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
23:35:12.0093 3340 602XML Updater - ok
23:35:12.0140 3340 Abiosdsk - ok
23:35:12.0171 3340 abp480n5 - ok
23:35:12.0187 3340 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
23:35:12.0203 3340 ACDaemon - ok
23:35:12.0250 3340 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:35:12.0250 3340 ACPI - ok
23:35:12.0296 3340 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:35:12.0296 3340 ACPIEC - ok
23:35:12.0359 3340 ACS (5ac144f03b31afab6717ad3622d1680d) C:\WINDOWS\system32\acs.exe
23:35:12.0375 3340 ACS - ok
23:35:12.0484 3340 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:35:12.0484 3340 AdobeFlashPlayerUpdateSvc - ok
23:35:12.0500 3340 adpu160m - ok
23:35:12.0562 3340 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:35:12.0578 3340 aec - ok
23:35:12.0625 3340 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
23:35:12.0625 3340 AFD - ok
23:35:12.0671 3340 Aha154x - ok
23:35:12.0703 3340 aic78u2 - ok
23:35:12.0734 3340 aic78xx - ok
23:35:12.0765 3340 Alerter (e0a6fa244b8624d78fe5ff6f56a33bae) C:\WINDOWS\system32\alrsvc.dll
23:35:12.0765 3340 Alerter - ok
23:35:12.0796 3340 ALG (88842de939a827577bf24243699ac80a) C:\WINDOWS\System32\alg.exe
23:35:12.0812 3340 ALG - ok
23:35:12.0828 3340 AliIde - ok
23:35:12.0937 3340 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
23:35:13.0000 3340 Ambfilt - ok
23:35:13.0062 3340 AmdK8 (99bd5596b5d06c2ead3cecc6f11999f5) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
23:35:13.0078 3340 AmdK8 - ok
23:35:13.0093 3340 amsint - ok
23:35:13.0156 3340 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\WINDOWS\system32\Drivers\ssadadb.sys
23:35:13.0156 3340 androidusb - ok
23:35:13.0203 3340 AppMgmt (6b8e7a90e576d4fe308f97c69060a171) C:\WINDOWS\System32\appmgmts.dll
23:35:13.0203 3340 AppMgmt - ok
23:35:13.0312 3340 AR9271 (8e2257584b2c52d44b4cb1949947d885) C:\WINDOWS\system32\DRIVERS\athuw.sys
23:35:13.0375 3340 AR9271 - ok
23:35:13.0421 3340 asc - ok
23:35:13.0453 3340 asc3350p - ok
23:35:13.0484 3340 asc3550 - ok
23:35:13.0531 3340 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:35:13.0546 3340 aspnet_state - ok
23:35:13.0578 3340 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:35:13.0578 3340 AsyncMac - ok
23:35:13.0609 3340 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:35:13.0609 3340 atapi - ok
23:35:13.0656 3340 Atdisk - ok
23:35:13.0718 3340 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:35:13.0734 3340 Atmarpc - ok
23:35:13.0781 3340 AudioSrv (de31b88962a8645dba5a37b993e7b0f1) C:\WINDOWS\System32\audiosrv.dll
23:35:13.0781 3340 AudioSrv - ok
23:35:13.0828 3340 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:35:13.0843 3340 audstub - ok
23:35:13.0890 3340 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:35:13.0890 3340 Beep - ok
23:35:13.0984 3340 BITS (19395d092fd85ddc2d9c7729cf5a2ac8) C:\WINDOWS\system32\qmgr.dll
23:35:13.0984 3340 BITS - ok
23:35:14.0031 3340 Browser (249276d3ef1e74b992299cb96099e4d7) C:\WINDOWS\System32\browser.dll
23:35:14.0031 3340 Browser - ok
23:35:14.0078 3340 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
23:35:14.0093 3340 BthEnum - ok
23:35:14.0171 3340 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
23:35:14.0187 3340 BTHMODEM - ok
23:35:14.0234 3340 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
23:35:14.0250 3340 BthPan - ok
23:35:14.0296 3340 BTHPORT (f338662a6c1fc11dd9508f6dff2c06a2) C:\WINDOWS\system32\Drivers\BTHport.sys
23:35:14.0312 3340 BTHPORT - ok
23:35:14.0359 3340 BthServ (70ca4b3f634c9dca200832f8da76e009) C:\WINDOWS\System32\bthserv.dll
23:35:14.0359 3340 BthServ - ok
23:35:14.0406 3340 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
23:35:14.0421 3340 BTHUSB - ok
23:35:14.0484 3340 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:35:14.0484 3340 cbidf2k - ok
23:35:14.0515 3340 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:35:14.0531 3340 CCDECODE - ok
23:35:14.0546 3340 cd20xrnt - ok
23:35:14.0593 3340 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:35:14.0593 3340 Cdaudio - ok
23:35:14.0640 3340 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:35:14.0640 3340 Cdfs - ok
23:35:14.0703 3340 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:35:14.0718 3340 Cdrom - ok
23:35:14.0734 3340 Changer - ok
23:35:14.0781 3340 cisvc (e390dc1d7c461d7d56ec53402f329928) C:\WINDOWS\System32\cisvc.exe
23:35:14.0781 3340 cisvc - ok
23:35:14.0828 3340 ClipSrv (064507a8dfa8c5c7e2ffddd3e6f424fa) C:\WINDOWS\system32\clipsrv.exe
23:35:14.0828 3340 ClipSrv - ok
23:35:14.0859 3340 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:35:14.0906 3340 clr_optimization_v2.0.50727_32 - ok
23:35:15.0015 3340 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:35:15.0015 3340 clr_optimization_v4.0.30319_32 - ok
23:35:15.0046 3340 CmdIde - ok
23:35:15.0062 3340 COMSysApp - ok
23:35:15.0093 3340 Cpqarray - ok
23:35:15.0140 3340 CryptSvc (f3ab0933cbd166d271992f411c27ccaf) C:\WINDOWS\System32\cryptsvc.dll
23:35:15.0140 3340 CryptSvc - ok
23:35:15.0171 3340 dac2w2k - ok
23:35:15.0187 3340 dac960nt - ok
23:35:15.0265 3340 DcomLaunch (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\system32\rpcss.dll
23:35:15.0265 3340 DcomLaunch - ok
23:35:15.0312 3340 Dhcp (8c9a53e285ac5e6704844d0459ec85be) C:\WINDOWS\System32\dhcpcsvc.dll
23:35:15.0312 3340 Dhcp - ok
23:35:15.0390 3340 Dio06 (7b8ef391d8bf6cecc8c8712cd03170ad) C:\WINDOWS\system32\Drivers\Dio06.sys
23:35:15.0390 3340 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\Dio06.sys. md5: 7b8ef391d8bf6cecc8c8712cd03170ad
23:35:15.0390 3340 Dio06 ( LockedFile.Multi.Generic ) - warning
23:35:15.0390 3340 Dio06 - detected LockedFile.Multi.Generic (1)
23:35:15.0437 3340 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:35:15.0437 3340 Disk - ok
23:35:15.0468 3340 dmadmin - ok
23:35:15.0515 3340 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
23:35:15.0562 3340 dmboot - ok
23:35:15.0609 3340 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
23:35:15.0609 3340 dmio - ok
23:35:15.0656 3340 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:35:15.0656 3340 dmload - ok
23:35:15.0703 3340 dmserver (2bfefe9e865655a76982f050450b9591) C:\WINDOWS\System32\dmserver.dll
23:35:15.0703 3340 dmserver - ok
23:35:15.0765 3340 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:35:15.0765 3340 DMusic - ok
23:35:15.0812 3340 Dnscache (dfaa406bf19f4ee806a6f8d4342137f7) C:\WINDOWS\System32\dnsrslvr.dll
23:35:15.0812 3340 Dnscache - ok
23:35:15.0859 3340 Dot3svc (4a3e2bd20157a0946751229e92eb8621) C:\WINDOWS\System32\dot3svc.dll
23:35:15.0875 3340 Dot3svc - ok
23:35:15.0906 3340 dpti2o - ok
23:35:15.0921 3340 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:35:15.0937 3340 drmkaud - ok
23:35:15.0984 3340 eamon (9309c5c9831203436e64cf2ae605c5d7) C:\WINDOWS\system32\DRIVERS\eamon.sys
23:35:15.0984 3340 eamon - ok
23:35:16.0015 3340 EapHost (0887d9c2be8d940778cad1e3b85f2a41) C:\WINDOWS\System32\eapsvc.dll
23:35:16.0015 3340 EapHost - ok
23:35:16.0078 3340 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
23:35:16.0093 3340 ehdrv - ok
23:35:16.0203 3340 ekrn (c7bb95cf9631aa401e4aded1648f6af7) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
23:35:16.0218 3340 ekrn - ok
23:35:16.0281 3340 epfwtdir (06c65ac0a703cf8eea4f284d901a1550) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
23:35:16.0312 3340 epfwtdir - ok
23:35:16.0359 3340 ERSvc (a2a4912798f2be706abadd3d30800d16) C:\WINDOWS\System32\ersvc.dll
23:35:16.0359 3340 ERSvc - ok
23:35:16.0406 3340 Eventlog (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
23:35:16.0406 3340 Eventlog - ok
23:35:16.0468 3340 EventSystem (a371f11ef07653591c8de26afb13ce7f) C:\WINDOWS\System32\es.dll
23:35:16.0468 3340 EventSystem - ok
23:35:16.0546 3340 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:35:16.0546 3340 Fastfat - ok
23:35:16.0593 3340 FastUserSwitchingCompatibility (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
23:35:16.0593 3340 FastUserSwitchingCompatibility - ok
23:35:16.0640 3340 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:35:16.0656 3340 Fdc - ok
23:35:16.0703 3340 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
23:35:16.0703 3340 Fips - ok
23:35:16.0765 3340 FirebirdGuardianDefaultInstance - ok
23:35:16.0765 3340 FirebirdServerDefaultInstance - ok
23:35:16.0796 3340 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:35:16.0812 3340 Flpydisk - ok
23:35:16.0875 3340 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
23:35:16.0875 3340 FltMgr - ok
23:35:16.0937 3340 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:35:16.0937 3340 FontCache3.0.0.0 - ok
23:35:16.0984 3340 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:35:16.0984 3340 Fs_Rec - ok
23:35:17.0015 3340 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:35:17.0015 3340 Ftdisk - ok
23:35:17.0062 3340 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:35:17.0078 3340 Gpc - ok
23:35:17.0187 3340 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
23:35:17.0203 3340 gupdate - ok
23:35:17.0203 3340 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
23:35:17.0203 3340 gupdatem - ok
23:35:17.0265 3340 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:35:17.0265 3340 gusvc - ok
23:35:17.0406 3340 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:35:17.0406 3340 HDAudBus - ok
23:35:17.0484 3340 helpsvc (fcfe31fb75f8a6295b6b0af87a626282) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:35:17.0484 3340 helpsvc - ok
23:35:17.0515 3340 HidServ (00e25ee90166b3e1be6e74aebf858306) C:\WINDOWS\System32\hidserv.dll
23:35:17.0515 3340 HidServ - ok
23:35:17.0578 3340 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:35:17.0593 3340 hidusb - ok
23:35:17.0640 3340 hkmsvc (7a6b320928f86bc851530d63c82965d9) C:\WINDOWS\System32\kmsvc.dll
23:35:17.0640 3340 hkmsvc - ok
23:35:17.0671 3340 hpn - ok
23:35:17.0703 3340 hpt3xx - ok
23:35:17.0750 3340 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:35:17.0765 3340 HTTP - ok
23:35:17.0796 3340 HTTPFilter (58fe2f2da3bc5573f4a35b3760d3125f) C:\WINDOWS\System32\w3ssl.dll
23:35:17.0796 3340 HTTPFilter - ok
23:35:17.0828 3340 i2omgmt - ok
23:35:17.0843 3340 i2omp - ok
23:35:17.0890 3340 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:35:17.0906 3340 i8042prt - ok
23:35:18.0000 3340 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:35:18.0031 3340 idsvc - ok
23:35:18.0109 3340 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:35:18.0125 3340 Imapi - ok
23:35:18.0187 3340 ImapiService (f7b93aafad33b2320954c17e26c8d361) C:\WINDOWS\System32\imapi.exe
23:35:18.0187 3340 ImapiService - ok
23:35:18.0218 3340 ini910u - ok
23:35:18.0484 3340 IntcAzAudAddService (09e73e7455e7eac14e25739b30e16b52) C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:35:18.0546 3340 IntcAzAudAddService - ok
23:35:18.0593 3340 IntelIde - ok
23:35:18.0656 3340 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
23:35:18.0687 3340 ip6fw - ok
23:35:18.0718 3340 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:35:18.0750 3340 IpFilterDriver - ok
23:35:18.0765 3340 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:35:18.0781 3340 IpInIp - ok
23:35:18.0828 3340 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:35:18.0843 3340 IpNat - ok
23:35:18.0906 3340 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:35:18.0921 3340 IPSec - ok
23:35:18.0953 3340 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:35:18.0968 3340 IRENUM - ok
23:35:19.0000 3340 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:35:19.0000 3340 isapnp - ok
23:35:19.0109 3340 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
23:35:19.0109 3340 JavaQuickStarterService - ok
23:35:19.0187 3340 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:35:19.0203 3340 Kbdclass - ok
23:35:19.0234 3340 kbdhid (86c8f23616c6c6e5b2776901c17b945b) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:35:19.0250 3340 kbdhid - ok
23:35:19.0312 3340 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:35:19.0312 3340 kmixer - ok
23:35:19.0359 3340 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:35:19.0359 3340 KSecDD - ok
23:35:19.0453 3340 lanmanserver (3428e8f86f8add36b42fb23542c7b3e4) C:\WINDOWS\System32\srvsvc.dll
23:35:19.0453 3340 lanmanserver - ok
23:35:19.0515 3340 lanmanworkstation (936c1d110232d23b621cb0196e4f80f0) C:\WINDOWS\System32\wkssvc.dll
23:35:19.0515 3340 lanmanworkstation - ok
23:35:19.0531 3340 lbrtfdc - ok
23:35:19.0578 3340 LmHosts (0ab159f536e3e8f7f07113702a07cca5) C:\WINDOWS\System32\lmhsvc.dll
23:35:19.0593 3340 LmHosts - ok
23:35:19.0640 3340 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
23:35:19.0656 3340 MDM - ok
23:35:19.0734 3340 Messenger (221cd1c815b8a6b79389c3f5d1018de8) C:\WINDOWS\System32\msgsvc.dll
23:35:19.0734 3340 Messenger - ok
23:35:19.0812 3340 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
23:35:19.0812 3340 Microsoft Office Groove Audit Service - ok
23:35:19.0875 3340 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:35:19.0875 3340 mnmdd - ok
23:35:19.0953 3340 mnmsrvc (9a57d046f88f4b69751b11fd40088a61) C:\WINDOWS\System32\mnmsrvc.exe
23:35:19.0953 3340 mnmsrvc - ok
23:35:19.0984 3340 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
23:35:19.0984 3340 Modem - ok
23:35:20.0078 3340 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
23:35:20.0125 3340 Monfilt - ok
23:35:20.0250 3340 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:35:20.0312 3340 Mouclass - ok
23:35:20.0359 3340 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:35:20.0375 3340 mouhid - ok
23:35:20.0437 3340 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:35:20.0437 3340 MountMgr - ok
23:35:20.0484 3340 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
23:35:20.0500 3340 MPE - ok
23:35:20.0531 3340 mraid35x - ok
23:35:20.0562 3340 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:35:20.0562 3340 MRxDAV - ok
23:35:20.0625 3340 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:35:20.0640 3340 MRxSmb - ok
23:35:20.0687 3340 MSDTC (6db4d1521caba9a5ffab54ade0ae867d) C:\WINDOWS\System32\msdtc.exe
23:35:20.0687 3340 MSDTC - ok
23:35:20.0750 3340 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:35:20.0750 3340 Msfs - ok
23:35:20.0765 3340 MSIServer - ok
23:35:20.0843 3340 MSI_MSIBIOS_010507 (3846c05a66a3f5cd1d33e1a323c1762c) C:\Program Files\MSI\Live Update 5\msibios32_100507.sys
23:35:20.0843 3340 MSI_MSIBIOS_010507 - ok
23:35:20.0875 3340 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:35:20.0890 3340 MSKSSRV - ok
23:35:20.0921 3340 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:35:20.0937 3340 MSPCLOCK - ok
23:35:20.0984 3340 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:35:21.0000 3340 MSPQM - ok
23:35:21.0046 3340 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:35:21.0046 3340 mssmbios - ok
23:35:21.0078 3340 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
23:35:21.0093 3340 MSTEE - ok
23:35:21.0156 3340 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:35:21.0156 3340 Mup - ok
23:35:21.0265 3340 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:35:21.0281 3340 NABTSFEC - ok
23:35:21.0359 3340 napagent (6ea362e9db03d44f6b996f4d8be237e9) C:\WINDOWS\System32\qagentrt.dll
23:35:21.0375 3340 napagent - ok
23:35:21.0421 3340 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:35:21.0421 3340 NDIS - ok
23:35:21.0500 3340 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:35:21.0500 3340 NdisIP - ok
23:35:21.0562 3340 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:35:21.0562 3340 NdisTapi - ok
23:35:21.0593 3340 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:35:21.0609 3340 Ndisuio - ok
23:35:21.0625 3340 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:35:21.0656 3340 NdisWan - ok
23:35:21.0703 3340 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:35:21.0703 3340 NDProxy - ok
23:35:21.0781 3340 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:35:21.0781 3340 NetBIOS - ok
23:35:21.0828 3340 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:35:21.0843 3340 NetBT - ok
23:35:21.0890 3340 NetDDE (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
23:35:21.0890 3340 NetDDE - ok
23:35:21.0906 3340 NetDDEdsdm (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
23:35:21.0906 3340 NetDDEdsdm - ok
23:35:21.0953 3340 Netlogon (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\System32\lsass.exe
23:35:21.0953 3340 Netlogon - ok
23:35:22.0015 3340 Netman (72e1e9e2977be08bdeedb6d8fd9d4d40) C:\WINDOWS\System32\netman.dll
23:35:22.0015 3340 Netman - ok
23:35:22.0062 3340 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:35:22.0062 3340 NetTcpPortSharing - ok
23:35:22.0125 3340 Nla (39ee7c3bfbc64ba87cc8cf67386e814c) C:\WINDOWS\System32\mswsock.dll
23:35:22.0125 3340 Nla - ok
23:35:22.0203 3340 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:35:22.0203 3340 Npfs - ok
23:35:22.0375 3340 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:35:22.0406 3340 Ntfs - ok
23:35:22.0484 3340 NTIOLib_1_0_4 (cd2166c9511d336a058cde91778aaa69) C:\Program Files\MSI\Live Update 5\NTIOLib.sys
23:35:22.0484 3340 NTIOLib_1_0_4 - ok
23:35:22.0578 3340 NtLmSsp (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\System32\lsass.exe
23:35:22.0578 3340 NtLmSsp - ok
23:35:22.0640 3340 NtmsSvc (023dd70573d644f3d9c8b1258a7bfd08) C:\WINDOWS\system32\ntmssvc.dll
23:35:22.0640 3340 NtmsSvc - ok
23:35:22.0687 3340 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:35:22.0687 3340 Null - ok
23:35:23.0109 3340 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:35:23.0546 3340 nv - ok
23:35:23.0625 3340 NVENETFD (45ba510db13a0496db1cd16826519e03) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
23:35:23.0640 3340 NVENETFD - ok
23:35:23.0671 3340 nvnetbus (57cbdb934fb1afb7e03b413d151a6152) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
23:35:23.0687 3340 nvnetbus - ok
23:35:23.0734 3340 nvsvc (a2322c6207ebb0761a6c8cc9003ebacf) C:\WINDOWS\system32\nvsvc32.exe
23:35:23.0734 3340 nvsvc - ok
23:35:23.0906 3340 nvUpdatusService (844a25c9e3076edef2b12e0beded755d) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
23:35:23.0921 3340 nvUpdatusService - ok
23:35:24.0015 3340 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:35:24.0031 3340 NwlnkFlt - ok
23:35:24.0062 3340 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:35:24.0078 3340 NwlnkFwd - ok
23:35:24.0203 3340 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:35:24.0203 3340 odserv - ok
23:35:24.0281 3340 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:35:24.0281 3340 ose - ok
23:35:24.0515 3340 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:35:24.0531 3340 osppsvc - ok
23:35:24.0625 3340 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
23:35:24.0640 3340 Parport - ok
23:35:24.0703 3340 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:35:24.0703 3340 PartMgr - ok
23:35:24.0750 3340 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
23:35:24.0750 3340 ParVdm - ok
23:35:24.0781 3340 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
23:35:24.0781 3340 PCI - ok
23:35:24.0812 3340 PCIDump - ok
23:35:24.0843 3340 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:35:24.0843 3340 PCIIde - ok
23:35:24.0890 3340 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:35:24.0890 3340 Pcmcia - ok
23:35:24.0953 3340 PDCOMP - ok
23:35:24.0984 3340 PDFRAME - ok
23:35:25.0000 3340 PDRELI - ok
23:35:25.0031 3340 PDRFRAME - ok
23:35:25.0062 3340 perc2 - ok
23:35:25.0078 3340 perc2hib - ok
23:35:25.0125 3340 PlugPlay (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
23:35:25.0140 3340 PlugPlay - ok
23:35:25.0171 3340 PolicyAgent (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\System32\lsass.exe
23:35:25.0171 3340 PolicyAgent - ok
23:35:25.0218 3340 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:35:25.0234 3340 PptpMiniport - ok
23:35:25.0296 3340 Processor (7eb15dce4ec3a0220bd796a15c18186e) C:\WINDOWS\system32\DRIVERS\processr.sys
23:35:25.0312 3340 Processor - ok
23:35:25.0359 3340 ProtectedStorage (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
23:35:25.0359 3340 ProtectedStorage - ok
23:35:25.0390 3340 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:35:25.0421 3340 PSched - ok
23:35:25.0500 3340 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
23:35:25.0500 3340 PSI_SVC_2 - ok
23:35:25.0562 3340 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:35:25.0578 3340 Ptilink - ok
23:35:25.0625 3340 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:35:25.0625 3340 PxHelp20 - ok
23:35:25.0656 3340 ql1080 - ok
23:35:25.0671 3340 Ql10wnt - ok
23:35:25.0703 3340 ql12160 - ok
23:35:25.0734 3340 ql1240 - ok
23:35:25.0750 3340 ql1280 - ok
23:35:25.0781 3340 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:35:25.0796 3340 RasAcd - ok
23:35:25.0843 3340 RasAuto (2b5e44ea009f2f374b980e1e9a70635d) C:\WINDOWS\System32\rasauto.dll
23:35:25.0843 3340 RasAuto - ok
23:35:25.0921 3340 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:35:25.0937 3340 Rasl2tp - ok
23:35:26.0000 3340 RasMan (d57554c664b64604bd1ee13ea2c07e77) C:\WINDOWS\System32\rasmans.dll
23:35:26.0000 3340 RasMan - ok
23:35:26.0031 3340 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:35:26.0046 3340 RasPppoe - ok
23:35:26.0078 3340 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:35:26.0093 3340 Raspti - ok
23:35:26.0171 3340 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:35:26.0171 3340 Rdbss - ok
23:35:26.0250 3340 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:35:26.0265 3340 RDPCDD - ok
23:35:26.0343 3340 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:35:26.0375 3340 rdpdr - ok
23:35:26.0437 3340 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
23:35:26.0437 3340 RDPWD - ok
23:35:26.0484 3340 RDSessMgr (c0d9d9711cb74ee9bc66353d8cbdab0e) C:\WINDOWS\system32\sessmgr.exe
23:35:26.0484 3340 RDSessMgr - ok
23:35:26.0562 3340 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:35:26.0578 3340 redbook - ok
23:35:26.0609 3340 RemoteAccess (127c26b5371651043450e52542099aba) C:\WINDOWS\System32\mprdim.dll
23:35:26.0625 3340 RemoteAccess - ok
23:35:26.0656 3340 RemoteRegistry (8f31505484a190d5b22274708799f4ec) C:\WINDOWS\system32\regsvc.dll
23:35:26.0656 3340 RemoteRegistry - ok
23:35:26.0750 3340 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
23:35:26.0765 3340 RFCOMM - ok
23:35:26.0812 3340 RpcLocator (718b3bdc0bc3c2f7d065a53d26202af9) C:\WINDOWS\System32\locator.exe
23:35:26.0812 3340 RpcLocator - ok
23:35:26.0875 3340 RpcSs (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\system32\rpcss.dll
23:35:26.0890 3340 RpcSs - ok
23:35:26.0953 3340 RSVP (09ab2e71e58b078038e3bfdba7ffc984) C:\WINDOWS\System32\rsvp.exe
23:35:26.0953 3340 RSVP - ok
23:35:26.0984 3340 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
23:35:27.0000 3340 RTL8023xp - ok
23:35:27.0046 3340 SamSs (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
23:35:27.0046 3340 SamSs - ok
23:35:27.0093 3340 SCardSvr (410046e401eb11e1e6749e9deea41d4a) C:\WINDOWS\System32\SCardSvr.exe
23:35:27.0109 3340 SCardSvr - ok
23:35:27.0218 3340 Schedule (3ff232a7731621b8902d81d42418c93c) C:\WINDOWS\system32\schedsvc.dll
23:35:27.0218 3340 Schedule - ok
23:35:27.0343 3340 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:35:27.0359 3340 Secdrv - ok
23:35:27.0437 3340 seclogon (477e2c3cc5e4a0d635bcb0ea8dcac3c6) C:\WINDOWS\System32\seclogon.dll
23:35:27.0437 3340 seclogon - ok
23:35:27.0468 3340 SENS (a530b75c10c23c9ab28fdb6ce719e21f) C:\WINDOWS\system32\sens.dll
23:35:27.0484 3340 SENS - ok
23:35:27.0515 3340 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:35:27.0531 3340 serenum - ok
23:35:27.0578 3340 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
23:35:27.0609 3340 Serial - ok
23:35:27.0687 3340 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:35:27.0687 3340 Sfloppy - ok
23:35:27.0750 3340 SharedAccess (f58faca9621d2db01bd0927d9a0a208e) C:\WINDOWS\System32\ipnathlp.dll
23:35:27.0750 3340 SharedAccess - ok
23:35:27.0781 3340 ShellHWDetection (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
23:35:27.0781 3340 ShellHWDetection - ok
23:35:27.0812 3340 Simbad - ok
23:35:27.0875 3340 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
23:35:27.0875 3340 SkypeUpdate - ok
23:35:27.0937 3340 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:35:27.0953 3340 SLIP - ok
23:35:28.0015 3340 Sony Ericsson PCCompanion (1a623f2b69e1f182f995f963c55db935) C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
23:35:28.0015 3340 Sony Ericsson PCCompanion - ok
23:35:28.0046 3340 Sparrow - ok
23:35:28.0093 3340 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:35:28.0109 3340 splitter - ok
23:35:28.0187 3340 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
23:35:28.0187 3340 Spooler - ok
23:35:28.0265 3340 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
23:35:28.0265 3340 sr - ok
23:35:28.0343 3340 srservice (35b91147124f64ac8081a2edb9ea4dee) C:\WINDOWS\System32\srsvc.dll
23:35:28.0343 3340 srservice - ok
23:35:28.0406 3340 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:35:28.0421 3340 Srv - ok
23:35:28.0500 3340 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
23:35:28.0515 3340 ssadbus - ok
23:35:28.0546 3340 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
23:35:28.0562 3340 ssadmdfl - ok
23:35:28.0609 3340 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
23:35:28.0640 3340 ssadmdm - ok
23:35:28.0687 3340 ssadserd (1a5a397bc459f346ab56492b61ef79f6) C:\WINDOWS\system32\DRIVERS\ssadserd.sys
23:35:28.0703 3340 ssadserd - ok
23:35:28.0781 3340 sscdbus (069351a1d7d291013177a90ae6edccbc) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
23:35:28.0796 3340 sscdbus - ok
23:35:28.0843 3340 sscdmdfl (1c925be223a5c0f9f469252292a48df6) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
23:35:28.0859 3340 sscdmdfl - ok
23:35:28.0890 3340 sscdmdm (ae3e77ae0fbdb07eb1ac3fed74a0695e) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
23:35:28.0906 3340 sscdmdm - ok
23:35:28.0953 3340 SSDPSRV (becd5271dc4e3b7c3d035f790fcbc1e5) C:\WINDOWS\System32\ssdpsrv.dll
23:35:28.0953 3340 SSDPSRV - ok
23:35:29.0000 3340 SSPORT (ef3458337d7341a05169cefc73709264) C:\WINDOWS\system32\Drivers\SSPORT.sys
23:35:29.0000 3340 SSPORT - ok
23:35:29.0031 3340 stisvc (c1cdd9275f6a115bb0ae1d55d8d27ba6) C:\WINDOWS\system32\wiaservc.dll
23:35:29.0031 3340 stisvc - ok
23:35:29.0109 3340 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:35:29.0109 3340 streamip - ok
23:35:29.0171 3340 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:35:29.0203 3340 swenum - ok
23:35:29.0312 3340 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
23:35:29.0328 3340 SwitchBoard - ok
23:35:29.0484 3340 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:35:29.0546 3340 swmidi - ok
23:35:29.0578 3340 SwPrv - ok
23:35:29.0609 3340 symc810 - ok
23:35:29.0640 3340 symc8xx - ok
23:35:29.0656 3340 sym_hi - ok
23:35:29.0687 3340 sym_u3 - ok
23:35:29.0718 3340 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:35:29.0718 3340 sysaudio - ok
23:35:29.0765 3340 SysmonLog (ce06f01b88ace199a1bf460cac29c110) C:\WINDOWS\system32\smlogsvc.exe
23:35:29.0765 3340 SysmonLog - ok
23:35:29.0812 3340 TapiSrv (c2546cd7a398476f9df5614b2ae160e8) C:\WINDOWS\System32\tapisrv.dll
23:35:29.0812 3340 TapiSrv - ok
23:35:29.0875 3340 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:35:29.0890 3340 Tcpip - ok
23:35:30.0000 3340 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:35:30.0000 3340 TDPIPE - ok
23:35:30.0031 3340 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:35:30.0031 3340 TDTCP - ok
23:35:30.0062 3340 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:35:30.0109 3340 TermDD - ok
23:35:30.0171 3340 TermService (a75dd6fc3dbee4fff5ebc9f2c28bb66e) C:\WINDOWS\System32\termsrv.dll
23:35:30.0187 3340 TermService - ok
23:35:30.0234 3340 Themes (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
23:35:30.0234 3340 Themes - ok
23:35:30.0328 3340 TlntSvr (cd0cc7b167d78043a41c98d4921efb54) C:\WINDOWS\System32\tlntsvr.exe
23:35:30.0343 3340 TlntSvr - ok
23:35:30.0375 3340 TosIde - ok
23:35:30.0453 3340 TrkWks (38853304ccb938d30e0c4cde8d2c2a8a) C:\WINDOWS\system32\trkwks.dll
23:35:30.0453 3340 TrkWks - ok
23:35:30.0515 3340 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:35:30.0515 3340 Udfs - ok
23:35:30.0562 3340 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
23:35:30.0562 3340 UleadBurningHelper - ok
23:35:30.0609 3340 ultra - ok
23:35:30.0671 3340 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:35:30.0718 3340 Update - ok
23:35:30.0781 3340 upnphost (651bd90dcee5b7bdc74a2eb7c9266f9e) C:\WINDOWS\System32\upnphost.dll
23:35:30.0781 3340 upnphost - ok
23:35:30.0812 3340 UPS (20a0f6a11959e92908717d09e87d670d) C:\WINDOWS\System32\ups.exe
23:35:30.0812 3340 UPS - ok
23:35:30.0875 3340 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:35:30.0890 3340 usbccgp - ok
23:35:30.0937 3340 USBCCID (2825e0e294686a26506690059e1f437a) C:\WINDOWS\system32\DRIVERS\usbccid.sys
23:35:30.0968 3340 USBCCID - ok
23:35:31.0015 3340 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:35:31.0031 3340 usbehci - ok
23:35:31.0109 3340 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:35:31.0125 3340 usbhub - ok
23:35:31.0187 3340 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:35:31.0203 3340 usbohci - ok
23:35:31.0265 3340 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:35:31.0281 3340 usbprint - ok
23:35:31.0343 3340 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:35:31.0359 3340 usbscan - ok
23:35:31.0437 3340 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:35:31.0453 3340 USBSTOR - ok
23:35:31.0500 3340 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:35:31.0500 3340 VgaSave - ok
23:35:31.0531 3340 ViaIde - ok
23:35:31.0578 3340 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
23:35:31.0578 3340 VolSnap - ok
23:35:31.0640 3340 VSS (d6ba1a63d9e00933f1cd2a885573afb2) C:\WINDOWS\System32\vssvc.exe
23:35:31.0640 3340 VSS - ok
23:35:31.0687 3340 W32Time (fa4e1cdba256787f2149f4aad07bc91f) C:\WINDOWS\System32\w32time.dll
23:35:31.0703 3340 W32Time - ok
23:35:31.0750 3340 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:35:31.0765 3340 Wanarp - ok
23:35:31.0843 3340 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
23:35:31.0843 3340 Wdf01000 - ok
23:35:31.0875 3340 WDICA - ok
23:35:31.0921 3340 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:35:31.0937 3340 wdmaud - ok
23:35:32.0000 3340 WebClient (47ae51048a82dfa1cd6b51d369f7e169) C:\WINDOWS\System32\webclnt.dll
23:35:32.0000 3340 WebClient - ok
23:35:32.0062 3340 wfcxacap (0e507042ccefc40b8bb5dde75a7bd0c7) C:\WINDOWS\system32\DRIVERS\wfcxacap.sys
23:35:32.0062 3340 wfcxacap - ok
23:35:32.0109 3340 wfcxatun (b8acb6b48f928ff5e58b1a2dc3fa628c) C:\WINDOWS\system32\drivers\wfcxatun.sys
23:35:32.0125 3340 wfcxatun - ok
23:35:32.0156 3340 wfcxdtun (e32eeeac4ed0249474a2c9b71f1d5a73) C:\WINDOWS\system32\drivers\wfcxdtun.sys
23:35:32.0156 3340 wfcxdtun - ok
23:35:32.0203 3340 wfcxtcap (fc4f80b8c23dbf4d23a9a4ded38cf430) C:\WINDOWS\system32\drivers\wfcxtcap.sys
23:35:32.0203 3340 wfcxtcap - ok
23:35:32.0250 3340 WFCXVCAP (e9905845abc7b3521f642f9c8d08a03e) C:\WINDOWS\system32\drivers\wfcxvcap.sys
23:35:32.0265 3340 WFCXVCAP - ok
23:35:32.0296 3340 wfcxxbar (0aed0d6f83ade999fa6a8e485830e4c5) C:\WINDOWS\system32\drivers\wfcxxbar.sys
23:35:32.0312 3340 wfcxxbar - ok
23:35:32.0343 3340 WIBUKEY (afcea7939925378f867dde6af76f3924) C:\WINDOWS\system32\DRIVERS\WibuKey.sys
23:35:32.0375 3340 WIBUKEY - ok
23:35:32.0421 3340 winmgmt (e488332126e3b1182d2b8a0c35408ec6) C:\WINDOWS\system32\wbem\WMIsvc.dll
23:35:32.0421 3340 winmgmt - ok
23:35:32.0500 3340 WinRM (4d34cedd74bdbf2b6a935eae3bf80543) C:\WINDOWS\system32\WsmSvc.dll
23:35:32.0515 3340 WinRM - ok
23:35:32.0593 3340 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
23:35:32.0593 3340 WinUSB - ok
23:35:32.0640 3340 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
23:35:32.0640 3340 WmdmPmSN - ok
23:35:32.0718 3340 Wmi (0171cff34bba8c5977f18c48d8aef8c6) C:\WINDOWS\System32\advapi32.dll
23:35:32.0734 3340 Wmi - ok
23:35:32.0796 3340 WmiApSrv (23f6f03272f7e5679f1f050aed5acee6) C:\WINDOWS\System32\wbem\wmiapsrv.exe
23:35:32.0796 3340 WmiApSrv - ok
23:35:32.0906 3340 WMPNetworkSvc (3739866d20abd42f26a7b85f9e2560af) C:\Program Files\Windows Media Player\WMPNetwk.exe
23:35:32.0937 3340 WMPNetworkSvc - ok
23:35:33.0015 3340 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
23:35:33.0015 3340 WpdUsb - ok
23:35:33.0125 3340 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:35:33.0125 3340 WPFFontCache_v0400 - ok
23:35:33.0250 3340 wscsvc (4c86d5faf78194995af9cc1075f65dd3) C:\WINDOWS\system32\wscsvc.dll
23:35:33.0250 3340 wscsvc - ok
23:35:33.0281 3340 WSIMD (0091d78c5f8fde0cdf2b214823de6e48) C:\WINDOWS\system32\DRIVERS\wsimd.sys
23:35:33.0312 3340 WSIMD - ok
23:35:33.0359 3340 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:35:33.0375 3340 WSTCODEC - ok
23:35:33.0421 3340 wuauserv (c1364564800ee9784192145324a23308) C:\WINDOWS\system32\wuauserv.dll
23:35:33.0421 3340 wuauserv - ok
23:35:33.0468 3340 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:35:33.0468 3340 WudfPf - ok
23:35:33.0546 3340 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:35:33.0546 3340 WudfRd - ok
23:35:33.0593 3340 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
23:35:33.0593 3340 WudfSvc - ok
23:35:33.0656 3340 WZCSVC (a27d4ba7264c0bf52f32d10405bea1d4) C:\WINDOWS\System32\wzcsvc.dll
23:35:33.0671 3340 WZCSVC - ok
23:35:33.0765 3340 xmlprov (eaa4bb9edb3fb10cf8979fe65e63658f) C:\WINDOWS\System32\xmlprov.dll
23:35:33.0765 3340 xmlprov - ok
23:35:33.0796 3340 MBR (0x1B8) (faacde0542989a34aaea8650dd223935) \Device\Harddisk0\DR0
23:35:33.0812 3340 \Device\Harddisk0\DR0 - ok
23:35:33.0812 3340 MBR (0x1B8) (8548a4bd85bff9512789e36382a4c809) \Device\Harddisk1\DR1
23:35:33.0843 3340 \Device\Harddisk1\DR1 - ok
23:35:33.0843 3340 MBR (0x1B8) (faacde0542989a34aaea8650dd223935) \Device\Harddisk2\DR2
23:35:33.0875 3340 \Device\Harddisk2\DR2 - ok
23:35:33.0875 3340 MBR (0x1B8) (faacde0542989a34aaea8650dd223935) \Device\Harddisk3\DR3
23:35:34.0296 3340 \Device\Harddisk3\DR3 - ok
23:35:34.0296 3340 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk8\DR18
23:35:34.0296 3340 \Device\Harddisk8\DR18 - ok
23:35:34.0312 3340 Boot (0x1200) (33ed982f6ce5e41dc63b77efcc5b4bf9) \Device\Harddisk0\DR0\Partition0
23:35:34.0312 3340 \Device\Harddisk0\DR0\Partition0 - ok
23:35:34.0328 3340 Boot (0x1200) (7398844371f2804edac43da9e0d912b9) \Device\Harddisk2\DR2\Partition0
23:35:34.0343 3340 \Device\Harddisk2\DR2\Partition0 - ok
23:35:34.0343 3340 Boot (0x1200) (072255499779b0f88ca647eb00dcc86c) \Device\Harddisk3\DR3\Partition0
23:35:34.0343 3340 \Device\Harddisk3\DR3\Partition0 - ok
23:35:34.0343 3340 Boot (0x1200) (25d35ba80111458eb4bde85ef41a37bd) \Device\Harddisk8\DR18\Partition0
23:35:34.0343 3340 \Device\Harddisk8\DR18\Partition0 - ok
23:35:34.0343 3340 ============================================================
23:35:34.0343 3340 Scan finished
23:35:34.0343 3340 ============================================================
23:35:34.0359 3252 Detected object count: 1
23:35:34.0359 3252 Actual detected object count: 1
23:36:30.0968 3252 Dio06 ( LockedFile.Multi.Generic ) - skipped by user
23:36:30.0968 3252 Dio06 ( LockedFile.Multi.Generic ) - User select action: Skip
Re: Kontrola logu, prosím, Wigon v operační paměti
A současné logy z OTL
- Přílohy
-
- OTL.zip
- (136.02 KiB) Staženo 39 x
Re: Kontrola logu, prosím, Wigon v operační paměti
MBrscan log
Kód: Vybrat vše
MBRScan v1.1.1
OS : Windows XP Home Service Pack 3 (32 bit)
PROCESSOR : x86 Family 15 Model 107 Stepping 2, AuthenticAMD
BOOT : Normal Boot
DATE : 2012/04/01 (ISO 8601) at 17:45:11
________________________________________________________________________________
DISK : Device\Harddisk0\DR0 __Hitachi HDS721680PLAT80 (P21OA60A)
BUS_TYPE : (0x03) P-ATA
USE_PIO : YES
MAX_TRANSFER : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________
DISK : Device\Harddisk1\DR1 __WDC WD1600AAJS-00B4A0 (01.03A01)
BUS_TYPE : (0x03) P-ATA
USE_PIO : YES
MAX_TRANSFER : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________
DISK : Device\Harddisk2\DR2 __SAMSUNG HD502IJ (1AA01113)
BUS_TYPE : (0x03) P-ATA
USE_PIO : YES
MAX_TRANSFER : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________
DISK : Device\Harddisk3\DR3 __WDC WD10EURS-630AB1 (80.00A80)
BUS_TYPE : (0x03) P-ATA
USE_PIO : YES
MAX_TRANSFER : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________
Device\Harddisk0\DR0 76.69 Go [Fixed] ==> Unknown MBR Code
MBR_MD5 : 49259D4C22D8B96AC6D2CBFE2C7514E4
MBR_SHA1 : AF8D988CB7E9A031E1E0DAC1E64477B454A7D38F
Device\Harddisk0\Partition1 76.68 Go 0x07 NTFS / HPFS __ BOOTABLE __
________________________________________________________________________________
Device\Harddisk1\DR1 149.1 Go [Fixed] ==> Unknown MBR Code
MBR_MD5 : 8A5526CF08F2AFE0D278894AE7FB61DC
MBR_SHA1 : 761DFE3BB7E860842AD5B6E92C836A2227D8CA50
Device\Harddisk1\Partition1 12.01 Go 0x83 Linux __ BOOTABLE __
Device\Harddisk1\Partition2 3.90 Go 0x82 Linux Swap
Device\Harddisk1\Partition3 133.1 Go 0x83 Linux
________________________________________________________________________________
Device\Harddisk2\DR2 465.8 Go [Fixed] ==> Unknown MBR Code
MBR_MD5 : 31CDBA1BE7D6ED3060429238429C6600
MBR_SHA1 : 2729669FF11BFA91CD78C6EABC2B85C3D1BA1FA9
Device\Harddisk2\Partition1 465.8 Go 0x07 NTFS / HPFS __ BOOTABLE __
________________________________________________________________________________
Device\Harddisk3\DR3 931.5 Go [Fixed] ==> Unknown MBR Code
MBR_MD5 : 1338ACD076F956EAAD19B1DB333052BB
MBR_SHA1 : 70812F52C4348184C995CB93A986CEE73D407FF6
Device\Harddisk3\Partition1 931.5 Go 0x07 NTFS / HPFS __ BOOTABLE __
________________________________________________________________________________
############################### Additional scan ################################
SystemStartOptions : FASTDETECT NOEXECUTE=OPTIN USEPMTIMER
________________________________________________________________________________
_______MBR \Device\Harddisk0\DR0
0x00000000 EB 48 90 00 00 00 47 52 55 42 50 1F FC BE 1B 7C ëH....GRUBP.ü3.|
0x00000010 BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04 ?..PW1a.ó¤Ë13.±.
0x00000020 38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5 8n.|.u..A.âôÍ..o
0x00000030 83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 03 02 .A.It.8,tö.µ.´..
0x00000040 80 00 00 20 01 00 00 00 00 02 FA 90 90 F6 C2 80 ... ......ú..öÂ.
0x00000050 75 02 B2 80 EA 59 7C 00 00 31 C0 8E D8 8E D0 BC u.2.eY|..1A.O.?1
0x00000060 00 20 FB A0 40 7C 3C FF 74 02 88 C2 52 BE 7F 7D . u.@|<.t..ÂR3.}
0x00000070 E8 34 01 F6 C2 80 74 54 B4 41 BB AA 55 CD 13 5A e4.öÂ.tT´A»aUÍ.Z
0x00000080 52 72 49 81 FB 55 AA 75 43 A0 41 7C 84 C0 75 05 RrI.uUauC.A|.Au.
0x00000090 83 E1 01 74 37 66 8B 4C 10 BE 05 7C C6 44 FF 01 .á.t7f.L.3.|AD..
0x000000A0 66 8B 1E 44 7C C7 04 10 00 C7 44 02 01 00 66 89 f..D|Ç...ÇD...f.
0x000000B0 5C 08 C7 44 06 00 70 66 31 C0 89 44 04 66 89 44 \.ÇD..pf1A.D.f.D
0x000000C0 0C B4 42 CD 13 72 05 BB 00 70 EB 7D B4 08 CD 13 .´BÍ.r.».pë}´.Í.
0x000000D0 73 0A F6 C2 80 0F 84 EA 00 E9 8D 00 BE 05 7C C6 s.öÂ...e.é..3.|A
0x000000E0 44 FF 00 66 31 C0 88 F0 40 66 89 44 04 31 D2 88 D..f1A.?@f.D.1O.
0x000000F0 CA C1 E2 02 88 E8 88 F4 40 89 44 08 31 C0 88 D0 EÁâ..e.ô@.D.1A.?
0x00000100 C0 E8 02 66 89 04 66 A1 44 7C 66 31 D2 66 F7 34 Ae.f..f!D|f1Of÷4
0x00000110 88 54 0A 66 31 D2 66 F7 74 04 88 54 0B 89 44 0C .T.f1Of÷t..T..D.
0x00000120 3B 44 08 7D 3C 8A 54 0D C0 E2 06 8A 4C 0A FE C1 ;D.}<.T.Aâ..L.?Á
0x00000130 08 D1 8A 6C 0C 5A 8A 74 0B BB 00 70 8E C3 31 DB .N.l.Z.t.».p.A1U
0x00000140 B8 01 02 CD 13 72 2A 8C C3 8E 06 48 7C 60 1E B9 ¸..Í.r*.A..H|`.1
0x00000150 00 01 8E DB 31 F6 31 FF FC F3 A5 1F 61 FF 26 42 ...U1ö1.üóY.a.&B
0x00000160 7C BE 85 7D E8 40 00 EB 0E BE 8A 7D E8 38 00 EB |3.}e@.ë.3.}e8.ë
0x00000170 06 BE 94 7D E8 30 00 BE 99 7D E8 2A 00 EB FE 47 .3.}e0.3.}e*.ë?G
0x00000180 52 55 42 20 00 47 65 6F 6D 00 48 61 72 64 20 44 RUB .Geom.Hard D
0x00000190 69 73 6B 00 52 65 61 64 00 20 45 72 72 6F 72 00 isk.Read. Error.
0x000001A0 BB 01 00 B4 0E CD 10 AC 3C 00 75 F4 C3 00 00 00 »..´.Í.¬<.uôA...
0x000001B0 00 00 00 00 00 00 00 00 16 D4 16 D4 00 00 80 01 .........Ô.Ô....
0x000001C0 01 00 07 FE FF FF 3F 00 00 00 5B C6 95 09 00 00 ...?..?...[A....
0x000001D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Ua
__________________________16_BIT_ASM_CODE
0x0000 eb 48 JMP 0x4a
0x0002 90 NOP
0x0003 0000 ADD [BX+SI], AL
0x0005 0047 52 ADD [BX+0x52], AL
0x0008 55 PUSH BP
0x0009 42 INC DX
0x000A 50 PUSH AX
0x000B 1f POP DS
0x000C fc CLD
0x000D be 1b7c MOV SI, 0x7c1b
0x0010 bf 1b06 MOV DI, 0x61b
0x0013 50 PUSH AX
0x0014 57 PUSH DI
0x0015 b9 e501 MOV CX, 0x1e5
0x0018 f3 a4 REP MOVSB
0x001A cb RETF
0x001B bd be07 MOV BP, 0x7be
0x001E b1 04 MOV CL, 0x4
0x0020 386e 00 CMP [BP+0x0], CH
0x0023 7c 09 JL 0x2e
0x0025 75 13 JNZ 0x3a
0x0027 83c5 10 ADD BP, 0x10
0x002A e2 f4 LOOP 0x20
0x002C cd 18 INT 0x18
0x002E 8bf5 MOV SI, BP
0x0030 83c6 10 ADD SI, 0x10
0x0033 49 DEC CX
0x0034 74 19 JZ 0x4f
0x0036 382c CMP [SI], CH
0x0038 74 f6 JZ 0x30
0x003A a0 b507 MOV AL, [0x7b5]
0x003D b4 03 MOV AH, 0x3
0x003F 0280 0000 ADD AL, [BX+SI+0x0]
0x0043 2001 AND [BX+DI], AL
0x0045 0000 ADD [BX+SI], AL
0x0047 0000 ADD [BX+SI], AL
0x0049 02fa ADD BH, DL
0x004B 90 NOP
0x004C 90 NOP
0x004D f6c2 80 TEST DL, 0x80
0x0050 75 02 JNZ 0x54
0x0052 b2 80 MOV DL, 0x80
0x0054 ea 597c 0000 JMP FAR 0x0:0x7c59
0x0059 31c0 XOR AX, AX
0x005B 8ed8 MOV DS, AX
0x005D 8ed0 MOV SS, AX
0x005F bc 0020 MOV SP, 0x2000
0x0062 fb STI
0x0063 a0 407c MOV AL, [0x7c40]
0x0066 3c ff CMP AL, 0xff
0x0068 74 02 JZ 0x6c
0x006A 88c2 MOV DL, AL
0x006C 52 PUSH DX
0x006D be 7f7d MOV SI, 0x7d7f
0x0070 e8 3401 CALL 0x1a7
0x0073 f6c2 80 TEST DL, 0x80
0x0076 74 54 JZ 0xcc
0x0078 b4 41 MOV AH, 0x41
0x007A bb aa55 MOV BX, 0x55aa
0x007D cd 13 INT 0x13
0x007F 5a POP DX
0x0080 52 PUSH DX
0x0081 72 49 JB 0xcc
0x0083 81fb 55aa CMP BX, 0xaa55
0x0087 75 43 JNZ 0xcc
0x0089 a0 417c MOV AL, [0x7c41]
0x008C 84c0 TEST AL, AL
0x008E 75 05 JNZ 0x95
0x0090 83e1 01 AND CX, 0x1
0x0093 74 37 JZ 0xcc
0x0095 66 8b4c 10 MOV ECX, [SI+0x10]
0x0099 be 057c MOV SI, 0x7c05
0x009C c644 ff 01 MOV BYTE [SI-0x1], 0x1
0x00A0 66 8b1e 447c MOV EBX, [0x7c44]
0x00A5 c704 1000 MOV WORD [SI], 0x10
0x00A9 c744 02 0100 MOV WORD [SI+0x2], 0x1
0x00AE 66 895c 08 MOV [SI+0x8], EBX
0x00B2 c744 06 0070 MOV WORD [SI+0x6], 0x7000
0x00B7 66 31c0 XOR EAX, EAX
0x00BA 8944 04 MOV [SI+0x4], AX
0x00BD 66 8944 0c MOV [SI+0xc], EAX
0x00C1 b4 42 MOV AH, 0x42
0x00C3 cd 13 INT 0x13
0x00C5 72 05 JB 0xcc
0x00C7 bb 0070 MOV BX, 0x7000
0x00CA eb 7d JMP 0x149
0x00CC b4 08 MOV AH, 0x8
0x00CE cd 13 INT 0x13
0x00D0 73 0a JAE 0xdc
0x00D2 f6c2 80 TEST DL, 0x80
0x00D5 0f84 ea00 JZ 0x1c3
0x00D9 e9 8d00 JMP 0x169
0x00DC be 057c MOV SI, 0x7c05
0x00DF c644 ff 00 MOV BYTE [SI-0x1], 0x0
0x00E3 66 31c0 XOR EAX, EAX
0x00E6 88f0 MOV AL, DH
0x00E8 40 INC AX
0x00E9 66 8944 04 MOV [SI+0x4], EAX
0x00ED 31d2 XOR DX, DX
0x00EF 88ca MOV DL, CL
0x00F1 c1e2 02 SHL DX, 0x2
0x00F4 88e8 MOV AL, CH
0x00F6 88f4 MOV AH, DH
0x00F8 40 INC AX
0x00F9 8944 08 MOV [SI+0x8], AX
0x00FC 31c0 XOR AX, AX
0x00FE 88d0 MOV AL, DL
0x0100 c0e8 02 SHR AL, 0x2
0x0103 66 8904 MOV [SI], EAX
0x0106 66 a1 447c MOV EAX, [0x7c44]
0x010A 66 31d2 XOR EDX, EDX
0x010D 66 f734 DIV DWORD [SI]
0x0110 8854 0a MOV [SI+0xa], DL
0x0113 66 31d2 XOR EDX, EDX
0x0116 66 f774 04 DIV DWORD [SI+0x4]
0x011A 8854 0b MOV [SI+0xb], DL
0x011D 8944 0c MOV [SI+0xc], AX
0x0120 3b44 08 CMP AX, [SI+0x8]
0x0123 7d 3c JGE 0x161
0x0125 8a54 0d MOV DL, [SI+0xd]
0x0128 c0e2 06 SHL DL, 0x6
0x012B 8a4c 0a MOV CL, [SI+0xa]
0x012E fec1 INC CL
0x0130 08d1 OR CL, DL
0x0132 8a6c 0c MOV CH, [SI+0xc]
0x0135 5a POP DX
0x0136 8a74 0b MOV DH, [SI+0xb]
0x0139 bb 0070 MOV BX, 0x7000
0x013C 8ec3 MOV ES, BX
0x013E 31db XOR BX, BX
0x0140 b8 0102 MOV AX, 0x201
0x0143 cd 13 INT 0x13
0x0145 72 2a JB 0x171
0x0147 8cc3 MOV BX, ES
0x0149 8e06 487c MOV ES, [0x7c48]
0x014D 60 PUSHA
0x014E 1e PUSH DS
0x014F b9 0001 MOV CX, 0x100
0x0152 8edb MOV DS, BX
0x0154 31f6 XOR SI, SI
0x0156 31ff XOR DI, DI
0x0158 fc CLD
0x0159 f3 a5 REP MOVSW
0x015B 1f POP DS
0x015C 61 POPA
0x015D ff26 427c JMP [0x7c42]
0x0161 be 857d MOV SI, 0x7d85
0x0164 e8 4000 CALL 0x1a7
0x0167 eb 0e JMP 0x177
0x0169 be 8a7d MOV SI, 0x7d8a
0x016C e8 3800 CALL 0x1a7
0x016F eb 06 JMP 0x177
0x0171 be 947d MOV SI, 0x7d94
0x0174 e8 3000 CALL 0x1a7
0x0177 be 997d MOV SI, 0x7d99
0x017A e8 2a00 CALL 0x1a7
0x017D eb fe JMP 0x17d
0x017F 47 INC DI
0x0180 52 PUSH DX
0x0181 55 PUSH BP
0x0182 42 INC DX
0x0183 2000 AND [BX+SI], AL
0x0185 47 INC DI
0x0186 65 6f OUTS DX, WORD GS:[SI]
0x0188 6d INSW
0x0189 0048 61 ADD [BX+SI+0x61], CL
0x018C 72 64 JB 0x1f2
0x018E 2044 69 AND [SI+0x69], AL
0x0191 73 6b JAE 0x1fe
0x0193 0052 65 ADD [BP+SI+0x65], DL
0x0196 61 POPA
0x0197 64 0020 ADD FS:[BX+SI], AH
0x019A 45 INC BP
0x019B 72 72 JB 0x20f
0x019D 6f OUTSW
0x019E 72 00 JB 0x1a0
0x01A0 bb 0100 MOV BX, 0x1
0x01A3 b4 0e MOV AH, 0xe
0x01A5 cd 10 INT 0x10
0x01A7 ac LODSB
0x01A8 3c 00 CMP AL, 0x0
0x01AA 75 f4 JNZ 0x1a0
0x01AC c3 RET
0x01AD 0000 ADD [BX+SI], AL
0x01AF 0000 ADD [BX+SI], AL
0x01B1 0000 ADD [BX+SI], AL
0x01B3 0000 ADD [BX+SI], AL
0x01B5 0000 ADD [BX+SI], AL
0x01B7 0016 d416 ADD [0x16d4], DL
0x01BB d4 00 AAM 0x0
0x01BD 0080 0101 ADD [BX+SI+0x101], AL
0x01C1 0007 ADD [BX], AL
0x01C3 fe DB 0xfe
0x01C4 ff DB 0xff
0x01C5 ff DB 0xff
0x01C6 3f AAS
0x01C7 0000 ADD [BX+SI], AL
0x01C9 005b c6 ADD [BP+DI-0x3a], BL
0x01CC 95 XCHG BP, AX
0x01CD 0900 OR [BX+SI], AX
0x01CF 0000 ADD [BX+SI], AL
0x01D1 0000 ADD [BX+SI], AL
0x01D3 0000 ADD [BX+SI], AL
0x01D5 0000 ADD [BX+SI], AL
0x01D7 0000 ADD [BX+SI], AL
0x01D9 0000 ADD [BX+SI], AL
0x01DB 0000 ADD [BX+SI], AL
0x01DD 0000 ADD [BX+SI], AL
0x01DF 0000 ADD [BX+SI], AL
0x01E1 0000 ADD [BX+SI], AL
0x01E3 0000 ADD [BX+SI], AL
0x01E5 0000 ADD [BX+SI], AL
0x01E7 0000 ADD [BX+SI], AL
0x01E9 0000 ADD [BX+SI], AL
0x01EB 0000 ADD [BX+SI], AL
0x01ED 0000 ADD [BX+SI], AL
0x01EF 0000 ADD [BX+SI], AL
0x01F1 0000 ADD [BX+SI], AL
0x01F3 0000 ADD [BX+SI], AL
0x01F5 0000 ADD [BX+SI], AL
0x01F7 0000 ADD [BX+SI], AL
0x01F9 0000 ADD [BX+SI], AL
0x01FB 0000 ADD [BX+SI], AL
0x01FD 0055 aa ADD [DI-0x56], DL
_______MBR \Device\Harddisk1\DR1
0x00000000 EB 48 90 00 00 00 47 52 55 42 50 1F FC BE 1B 7C ëH....GRUBP.ü3.|
0x00000010 BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04 ?..PW1a.ó¤Ë13.±.
0x00000020 38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5 8n.|.u..A.âôÍ..o
0x00000030 83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 03 02 .A.It.8,tö.µ.´..
0x00000040 FF 00 00 20 01 00 00 00 00 02 FA 90 90 F6 C2 80 ... ......ú..öÂ.
0x00000050 75 02 B2 80 EA 59 7C 00 00 31 C0 8E D8 8E D0 BC u.2.eY|..1A.O.?1
0x00000060 00 20 FB A0 40 7C 3C FF 74 02 88 C2 52 BE 7F 7D . u.@|<.t..ÂR3.}
0x00000070 E8 34 01 F6 C2 80 74 54 B4 41 BB AA 55 CD 13 5A e4.öÂ.tT´A»aUÍ.Z
0x00000080 52 72 49 81 FB 55 AA 75 43 A0 41 7C 84 C0 75 05 RrI.uUauC.A|.Au.
0x00000090 83 E1 01 74 37 66 8B 4C 10 BE 05 7C C6 44 FF 01 .á.t7f.L.3.|AD..
0x000000A0 66 8B 1E 44 7C C7 04 10 00 C7 44 02 01 00 66 89 f..D|Ç...ÇD...f.
0x000000B0 5C 08 C7 44 06 00 70 66 31 C0 89 44 04 66 89 44 \.ÇD..pf1A.D.f.D
0x000000C0 0C B4 42 CD 13 72 05 BB 00 70 EB 7D B4 08 CD 13 .´BÍ.r.».pë}´.Í.
0x000000D0 73 0A F6 C2 80 0F 84 EA 00 E9 8D 00 BE 05 7C C6 s.öÂ...e.é..3.|A
0x000000E0 44 FF 00 66 31 C0 88 F0 40 66 89 44 04 31 D2 88 D..f1A.?@f.D.1O.
0x000000F0 CA C1 E2 02 88 E8 88 F4 40 89 44 08 31 C0 88 D0 EÁâ..e.ô@.D.1A.?
0x00000100 C0 E8 02 66 89 04 66 A1 44 7C 66 31 D2 66 F7 34 Ae.f..f!D|f1Of÷4
0x00000110 88 54 0A 66 31 D2 66 F7 74 04 88 54 0B 89 44 0C .T.f1Of÷t..T..D.
0x00000120 3B 44 08 7D 3C 8A 54 0D C0 E2 06 8A 4C 0A FE C1 ;D.}<.T.Aâ..L.?Á
0x00000130 08 D1 8A 6C 0C 5A 8A 74 0B BB 00 70 8E C3 31 DB .N.l.Z.t.».p.A1U
0x00000140 B8 01 02 CD 13 72 2A 8C C3 8E 06 48 7C 60 1E B9 ¸..Í.r*.A..H|`.1
0x00000150 00 01 8E DB 31 F6 31 FF FC F3 A5 1F 61 FF 26 42 ...U1ö1.üóY.a.&B
0x00000160 7C BE 85 7D E8 40 00 EB 0E BE 8A 7D E8 38 00 EB |3.}e@.ë.3.}e8.ë
0x00000170 06 BE 94 7D E8 30 00 BE 99 7D E8 2A 00 EB FE 47 .3.}e0.3.}e*.ë?G
0x00000180 52 55 42 20 00 47 65 6F 6D 00 48 61 72 64 20 44 RUB .Geom.Hard D
0x00000190 69 73 6B 00 52 65 61 64 00 20 45 72 72 6F 72 00 isk.Read. Error.
0x000001A0 BB 01 00 B4 0E CD 10 AC 3C 00 75 F4 C3 00 00 00 »..´.Í.¬<.uôA...
0x000001B0 00 00 00 00 00 00 00 00 13 ED 48 EB 00 00 80 01 .........íHë....
0x000001C0 01 00 83 FE FF FF 3F 00 00 00 E1 5D 80 01 00 FE ...?..?...á]...?
0x000001D0 FF FF 05 FE FF FF 20 5E 80 01 A1 2C 21 11 00 00 ...?.. ^..!,!...
0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Ua
__________________________16_BIT_ASM_CODE
0x0000 eb 48 JMP 0x4a
0x0002 90 NOP
0x0003 0000 ADD [BX+SI], AL
0x0005 0047 52 ADD [BX+0x52], AL
0x0008 55 PUSH BP
0x0009 42 INC DX
0x000A 50 PUSH AX
0x000B 1f POP DS
0x000C fc CLD
0x000D be 1b7c MOV SI, 0x7c1b
0x0010 bf 1b06 MOV DI, 0x61b
0x0013 50 PUSH AX
0x0014 57 PUSH DI
0x0015 b9 e501 MOV CX, 0x1e5
0x0018 f3 a4 REP MOVSB
0x001A cb RETF
0x001B bd be07 MOV BP, 0x7be
0x001E b1 04 MOV CL, 0x4
0x0020 386e 00 CMP [BP+0x0], CH
0x0023 7c 09 JL 0x2e
0x0025 75 13 JNZ 0x3a
0x0027 83c5 10 ADD BP, 0x10
0x002A e2 f4 LOOP 0x20
0x002C cd 18 INT 0x18
0x002E 8bf5 MOV SI, BP
0x0030 83c6 10 ADD SI, 0x10
0x0033 49 DEC CX
0x0034 74 19 JZ 0x4f
0x0036 382c CMP [SI], CH
0x0038 74 f6 JZ 0x30
0x003A a0 b507 MOV AL, [0x7b5]
0x003D b4 03 MOV AH, 0x3
0x003F 02ff ADD BH, BH
0x0041 0000 ADD [BX+SI], AL
0x0043 2001 AND [BX+DI], AL
0x0045 0000 ADD [BX+SI], AL
0x0047 0000 ADD [BX+SI], AL
0x0049 02fa ADD BH, DL
0x004B 90 NOP
0x004C 90 NOP
0x004D f6c2 80 TEST DL, 0x80
0x0050 75 02 JNZ 0x54
0x0052 b2 80 MOV DL, 0x80
0x0054 ea 597c 0000 JMP FAR 0x0:0x7c59
0x0059 31c0 XOR AX, AX
0x005B 8ed8 MOV DS, AX
0x005D 8ed0 MOV SS, AX
0x005F bc 0020 MOV SP, 0x2000
0x0062 fb STI
0x0063 a0 407c MOV AL, [0x7c40]
0x0066 3c ff CMP AL, 0xff
0x0068 74 02 JZ 0x6c
0x006A 88c2 MOV DL, AL
0x006C 52 PUSH DX
0x006D be 7f7d MOV SI, 0x7d7f
0x0070 e8 3401 CALL 0x1a7
0x0073 f6c2 80 TEST DL, 0x80
0x0076 74 54 JZ 0xcc
0x0078 b4 41 MOV AH, 0x41
0x007A bb aa55 MOV BX, 0x55aa
0x007D cd 13 INT 0x13
0x007F 5a POP DX
0x0080 52 PUSH DX
0x0081 72 49 JB 0xcc
0x0083 81fb 55aa CMP BX, 0xaa55
0x0087 75 43 JNZ 0xcc
0x0089 a0 417c MOV AL, [0x7c41]
0x008C 84c0 TEST AL, AL
0x008E 75 05 JNZ 0x95
0x0090 83e1 01 AND CX, 0x1
0x0093 74 37 JZ 0xcc
0x0095 66 8b4c 10 MOV ECX, [SI+0x10]
0x0099 be 057c MOV SI, 0x7c05
0x009C c644 ff 01 MOV BYTE [SI-0x1], 0x1
0x00A0 66 8b1e 447c MOV EBX, [0x7c44]
0x00A5 c704 1000 MOV WORD [SI], 0x10
0x00A9 c744 02 0100 MOV WORD [SI+0x2], 0x1
0x00AE 66 895c 08 MOV [SI+0x8], EBX
0x00B2 c744 06 0070 MOV WORD [SI+0x6], 0x7000
0x00B7 66 31c0 XOR EAX, EAX
0x00BA 8944 04 MOV [SI+0x4], AX
0x00BD 66 8944 0c MOV [SI+0xc], EAX
0x00C1 b4 42 MOV AH, 0x42
0x00C3 cd 13 INT 0x13
0x00C5 72 05 JB 0xcc
0x00C7 bb 0070 MOV BX, 0x7000
0x00CA eb 7d JMP 0x149
0x00CC b4 08 MOV AH, 0x8
0x00CE cd 13 INT 0x13
0x00D0 73 0a JAE 0xdc
0x00D2 f6c2 80 TEST DL, 0x80
0x00D5 0f84 ea00 JZ 0x1c3
0x00D9 e9 8d00 JMP 0x169
0x00DC be 057c MOV SI, 0x7c05
0x00DF c644 ff 00 MOV BYTE [SI-0x1], 0x0
0x00E3 66 31c0 XOR EAX, EAX
0x00E6 88f0 MOV AL, DH
0x00E8 40 INC AX
0x00E9 66 8944 04 MOV [SI+0x4], EAX
0x00ED 31d2 XOR DX, DX
0x00EF 88ca MOV DL, CL
0x00F1 c1e2 02 SHL DX, 0x2
0x00F4 88e8 MOV AL, CH
0x00F6 88f4 MOV AH, DH
0x00F8 40 INC AX
0x00F9 8944 08 MOV [SI+0x8], AX
0x00FC 31c0 XOR AX, AX
0x00FE 88d0 MOV AL, DL
0x0100 c0e8 02 SHR AL, 0x2
0x0103 66 8904 MOV [SI], EAX
0x0106 66 a1 447c MOV EAX, [0x7c44]
0x010A 66 31d2 XOR EDX, EDX
0x010D 66 f734 DIV DWORD [SI]
0x0110 8854 0a MOV [SI+0xa], DL
0x0113 66 31d2 XOR EDX, EDX
0x0116 66 f774 04 DIV DWORD [SI+0x4]
0x011A 8854 0b MOV [SI+0xb], DL
0x011D 8944 0c MOV [SI+0xc], AX
0x0120 3b44 08 CMP AX, [SI+0x8]
0x0123 7d 3c JGE 0x161
0x0125 8a54 0d MOV DL, [SI+0xd]
0x0128 c0e2 06 SHL DL, 0x6
0x012B 8a4c 0a MOV CL, [SI+0xa]
0x012E fec1 INC CL
0x0130 08d1 OR CL, DL
0x0132 8a6c 0c MOV CH, [SI+0xc]
0x0135 5a POP DX
0x0136 8a74 0b MOV DH, [SI+0xb]
0x0139 bb 0070 MOV BX, 0x7000
0x013C 8ec3 MOV ES, BX
0x013E 31db XOR BX, BX
0x0140 b8 0102 MOV AX, 0x201
0x0143 cd 13 INT 0x13
0x0145 72 2a JB 0x171
0x0147 8cc3 MOV BX, ES
0x0149 8e06 487c MOV ES, [0x7c48]
0x014D 60 PUSHA
0x014E 1e PUSH DS
0x014F b9 0001 MOV CX, 0x100
0x0152 8edb MOV DS, BX
0x0154 31f6 XOR SI, SI
0x0156 31ff XOR DI, DI
0x0158 fc CLD
0x0159 f3 a5 REP MOVSW
0x015B 1f POP DS
0x015C 61 POPA
0x015D ff26 427c JMP [0x7c42]
0x0161 be 857d MOV SI, 0x7d85
0x0164 e8 4000 CALL 0x1a7
0x0167 eb 0e JMP 0x177
0x0169 be 8a7d MOV SI, 0x7d8a
0x016C e8 3800 CALL 0x1a7
0x016F eb 06 JMP 0x177
0x0171 be 947d MOV SI, 0x7d94
0x0174 e8 3000 CALL 0x1a7
0x0177 be 997d MOV SI, 0x7d99
0x017A e8 2a00 CALL 0x1a7
0x017D eb fe JMP 0x17d
0x017F 47 INC DI
0x0180 52 PUSH DX
0x0181 55 PUSH BP
0x0182 42 INC DX
0x0183 2000 AND [BX+SI], AL
0x0185 47 INC DI
0x0186 65 6f OUTS DX, WORD GS:[SI]
0x0188 6d INSW
0x0189 0048 61 ADD [BX+SI+0x61], CL
0x018C 72 64 JB 0x1f2
0x018E 2044 69 AND [SI+0x69], AL
0x0191 73 6b JAE 0x1fe
0x0193 0052 65 ADD [BP+SI+0x65], DL
0x0196 61 POPA
0x0197 64 0020 ADD FS:[BX+SI], AH
0x019A 45 INC BP
0x019B 72 72 JB 0x20f
0x019D 6f OUTSW
0x019E 72 00 JB 0x1a0
0x01A0 bb 0100 MOV BX, 0x1
0x01A3 b4 0e MOV AH, 0xe
0x01A5 cd 10 INT 0x10
0x01A7 ac LODSB
0x01A8 3c 00 CMP AL, 0x0
0x01AA 75 f4 JNZ 0x1a0
0x01AC c3 RET
0x01AD 0000 ADD [BX+SI], AL
0x01AF 0000 ADD [BX+SI], AL
0x01B1 0000 ADD [BX+SI], AL
0x01B3 0000 ADD [BX+SI], AL
0x01B5 0000 ADD [BX+SI], AL
0x01B7 0013 ADD [BP+DI], DL
0x01B9 ed IN AX, DX
0x01BA 48 DEC AX
0x01BB eb 00 JMP 0x1bd
0x01BD 0080 0101 ADD [BX+SI+0x101], AL
0x01C1 0083 feff ADD [BP+DI-0x2], AL
0x01C5 ff DB 0xff
0x01C6 3f AAS
0x01C7 0000 ADD [BX+SI], AL
0x01C9 00e1 ADD CL, AH
0x01CB 5d POP BP
0x01CC 8001 00 ADD BYTE [BX+DI], 0x0
0x01CF fe DB 0xfe
0x01D0 ff DB 0xff
0x01D1 ff05 INC WORD [DI]
0x01D3 fe DB 0xfe
0x01D4 ff DB 0xff
0x01D5 ff20 JMP [BX+SI]
0x01D7 5e POP SI
0x01D8 8001 a1 ADD BYTE [BX+DI], 0xa1
0x01DB 2c 21 SUB AL, 0x21
0x01DD 1100 ADC [BX+SI], AX
0x01DF 0000 ADD [BX+SI], AL
0x01E1 0000 ADD [BX+SI], AL
0x01E3 0000 ADD [BX+SI], AL
0x01E5 0000 ADD [BX+SI], AL
0x01E7 0000 ADD [BX+SI], AL
0x01E9 0000 ADD [BX+SI], AL
0x01EB 0000 ADD [BX+SI], AL
0x01ED 0000 ADD [BX+SI], AL
0x01EF 0000 ADD [BX+SI], AL
0x01F1 0000 ADD [BX+SI], AL
0x01F3 0000 ADD [BX+SI], AL
0x01F5 0000 ADD [BX+SI], AL
0x01F7 0000 ADD [BX+SI], AL
0x01F9 0000 ADD [BX+SI], AL
0x01FB 0000 ADD [BX+SI], AL
0x01FD 0055 aa ADD [DI-0x56], DL
_______MBR \Device\Harddisk2\DR2
0x00000000 EB 48 90 00 00 00 47 52 55 42 50 1F FC BE 1B 7C ëH....GRUBP.ü3.|
0x00000010 BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04 ?..PW1a.ó¤Ë13.±.
0x00000020 38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5 8n.|.u..A.âôÍ..o
0x00000030 83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 03 02 .A.It.8,tö.µ.´..
0x00000040 80 00 00 20 01 00 00 00 00 02 FA 90 90 F6 C2 80 ... ......ú..öÂ.
0x00000050 75 02 B2 80 EA 59 7C 00 00 31 C0 8E D8 8E D0 BC u.2.eY|..1A.O.?1
0x00000060 00 20 FB A0 40 7C 3C FF 74 02 88 C2 52 BE 7F 7D . u.@|<.t..ÂR3.}
0x00000070 E8 34 01 F6 C2 80 74 54 B4 41 BB AA 55 CD 13 5A e4.öÂ.tT´A»aUÍ.Z
0x00000080 52 72 49 81 FB 55 AA 75 43 A0 41 7C 84 C0 75 05 RrI.uUauC.A|.Au.
0x00000090 83 E1 01 74 37 66 8B 4C 10 BE 05 7C C6 44 FF 01 .á.t7f.L.3.|AD..
0x000000A0 66 8B 1E 44 7C C7 04 10 00 C7 44 02 01 00 66 89 f..D|Ç...ÇD...f.
0x000000B0 5C 08 C7 44 06 00 70 66 31 C0 89 44 04 66 89 44 \.ÇD..pf1A.D.f.D
0x000000C0 0C B4 42 CD 13 72 05 BB 00 70 EB 7D B4 08 CD 13 .´BÍ.r.».pë}´.Í.
0x000000D0 73 0A F6 C2 80 0F 84 EA 00 E9 8D 00 BE 05 7C C6 s.öÂ...e.é..3.|A
0x000000E0 44 FF 00 66 31 C0 88 F0 40 66 89 44 04 31 D2 88 D..f1A.?@f.D.1O.
0x000000F0 CA C1 E2 02 88 E8 88 F4 40 89 44 08 31 C0 88 D0 EÁâ..e.ô@.D.1A.?
0x00000100 C0 E8 02 66 89 04 66 A1 44 7C 66 31 D2 66 F7 34 Ae.f..f!D|f1Of÷4
0x00000110 88 54 0A 66 31 D2 66 F7 74 04 88 54 0B 89 44 0C .T.f1Of÷t..T..D.
0x00000120 3B 44 08 7D 3C 8A 54 0D C0 E2 06 8A 4C 0A FE C1 ;D.}<.T.Aâ..L.?Á
0x00000130 08 D1 8A 6C 0C 5A 8A 74 0B BB 00 70 8E C3 31 DB .N.l.Z.t.».p.A1U
0x00000140 B8 01 02 CD 13 72 2A 8C C3 8E 06 48 7C 60 1E B9 ¸..Í.r*.A..H|`.1
0x00000150 00 01 8E DB 31 F6 31 FF FC F3 A5 1F 61 FF 26 42 ...U1ö1.üóY.a.&B
0x00000160 7C BE 85 7D E8 40 00 EB 0E BE 8A 7D E8 38 00 EB |3.}e@.ë.3.}e8.ë
0x00000170 06 BE 94 7D E8 30 00 BE 99 7D E8 2A 00 EB FE 47 .3.}e0.3.}e*.ë?G
0x00000180 52 55 42 20 00 47 65 6F 6D 00 48 61 72 64 20 44 RUB .Geom.Hard D
0x00000190 69 73 6B 00 52 65 61 64 00 20 45 72 72 6F 72 00 isk.Read. Error.
0x000001A0 BB 01 00 B4 0E CD 10 AC 3C 00 75 F4 C3 00 00 00 »..´.Í.¬<.uôA...
0x000001B0 00 00 00 00 00 00 00 00 28 55 63 AA 00 00 80 01 ........(Uca....
0x000001C0 01 00 07 FE FF FF 3F 00 00 00 02 4C 38 3A 00 00 ...?..?....L8:..
0x000001D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Ua
__________________________16_BIT_ASM_CODE
0x0000 eb 48 JMP 0x4a
0x0002 90 NOP
0x0003 0000 ADD [BX+SI], AL
0x0005 0047 52 ADD [BX+0x52], AL
0x0008 55 PUSH BP
0x0009 42 INC DX
0x000A 50 PUSH AX
0x000B 1f POP DS
0x000C fc CLD
0x000D be 1b7c MOV SI, 0x7c1b
0x0010 bf 1b06 MOV DI, 0x61b
0x0013 50 PUSH AX
0x0014 57 PUSH DI
0x0015 b9 e501 MOV CX, 0x1e5
0x0018 f3 a4 REP MOVSB
0x001A cb RETF
0x001B bd be07 MOV BP, 0x7be
0x001E b1 04 MOV CL, 0x4
0x0020 386e 00 CMP [BP+0x0], CH
0x0023 7c 09 JL 0x2e
0x0025 75 13 JNZ 0x3a
0x0027 83c5 10 ADD BP, 0x10
0x002A e2 f4 LOOP 0x20
0x002C cd 18 INT 0x18
0x002E 8bf5 MOV SI, BP
0x0030 83c6 10 ADD SI, 0x10
0x0033 49 DEC CX
0x0034 74 19 JZ 0x4f
0x0036 382c CMP [SI], CH
0x0038 74 f6 JZ 0x30
0x003A a0 b507 MOV AL, [0x7b5]
0x003D b4 03 MOV AH, 0x3
0x003F 0280 0000 ADD AL, [BX+SI+0x0]
0x0043 2001 AND [BX+DI], AL
0x0045 0000 ADD [BX+SI], AL
0x0047 0000 ADD [BX+SI], AL
0x0049 02fa ADD BH, DL
0x004B 90 NOP
0x004C 90 NOP
0x004D f6c2 80 TEST DL, 0x80
0x0050 75 02 JNZ 0x54
0x0052 b2 80 MOV DL, 0x80
0x0054 ea 597c 0000 JMP FAR 0x0:0x7c59
0x0059 31c0 XOR AX, AX
0x005B 8ed8 MOV DS, AX
0x005D 8ed0 MOV SS, AX
0x005F bc 0020 MOV SP, 0x2000
0x0062 fb STI
0x0063 a0 407c MOV AL, [0x7c40]
0x0066 3c ff CMP AL, 0xff
0x0068 74 02 JZ 0x6c
0x006A 88c2 MOV DL, AL
0x006C 52 PUSH DX
0x006D be 7f7d MOV SI, 0x7d7f
0x0070 e8 3401 CALL 0x1a7
0x0073 f6c2 80 TEST DL, 0x80
0x0076 74 54 JZ 0xcc
0x0078 b4 41 MOV AH, 0x41
0x007A bb aa55 MOV BX, 0x55aa
0x007D cd 13 INT 0x13
0x007F 5a POP DX
0x0080 52 PUSH DX
0x0081 72 49 JB 0xcc
0x0083 81fb 55aa CMP BX, 0xaa55
0x0087 75 43 JNZ 0xcc
0x0089 a0 417c MOV AL, [0x7c41]
0x008C 84c0 TEST AL, AL
0x008E 75 05 JNZ 0x95
0x0090 83e1 01 AND CX, 0x1
0x0093 74 37 JZ 0xcc
0x0095 66 8b4c 10 MOV ECX, [SI+0x10]
0x0099 be 057c MOV SI, 0x7c05
0x009C c644 ff 01 MOV BYTE [SI-0x1], 0x1
0x00A0 66 8b1e 447c MOV EBX, [0x7c44]
0x00A5 c704 1000 MOV WORD [SI], 0x10
0x00A9 c744 02 0100 MOV WORD [SI+0x2], 0x1
0x00AE 66 895c 08 MOV [SI+0x8], EBX
0x00B2 c744 06 0070 MOV WORD [SI+0x6], 0x7000
0x00B7 66 31c0 XOR EAX, EAX
0x00BA 8944 04 MOV [SI+0x4], AX
0x00BD 66 8944 0c MOV [SI+0xc], EAX
0x00C1 b4 42 MOV AH, 0x42
0x00C3 cd 13 INT 0x13
0x00C5 72 05 JB 0xcc
0x00C7 bb 0070 MOV BX, 0x7000
0x00CA eb 7d JMP 0x149
0x00CC b4 08 MOV AH, 0x8
0x00CE cd 13 INT 0x13
0x00D0 73 0a JAE 0xdc
0x00D2 f6c2 80 TEST DL, 0x80
0x00D5 0f84 ea00 JZ 0x1c3
0x00D9 e9 8d00 JMP 0x169
0x00DC be 057c MOV SI, 0x7c05
0x00DF c644 ff 00 MOV BYTE [SI-0x1], 0x0
0x00E3 66 31c0 XOR EAX, EAX
0x00E6 88f0 MOV AL, DH
0x00E8 40 INC AX
0x00E9 66 8944 04 MOV [SI+0x4], EAX
0x00ED 31d2 XOR DX, DX
0x00EF 88ca MOV DL, CL
0x00F1 c1e2 02 SHL DX, 0x2
0x00F4 88e8 MOV AL, CH
0x00F6 88f4 MOV AH, DH
0x00F8 40 INC AX
0x00F9 8944 08 MOV [SI+0x8], AX
0x00FC 31c0 XOR AX, AX
0x00FE 88d0 MOV AL, DL
0x0100 c0e8 02 SHR AL, 0x2
0x0103 66 8904 MOV [SI], EAX
0x0106 66 a1 447c MOV EAX, [0x7c44]
0x010A 66 31d2 XOR EDX, EDX
0x010D 66 f734 DIV DWORD [SI]
0x0110 8854 0a MOV [SI+0xa], DL
0x0113 66 31d2 XOR EDX, EDX
0x0116 66 f774 04 DIV DWORD [SI+0x4]
0x011A 8854 0b MOV [SI+0xb], DL
0x011D 8944 0c MOV [SI+0xc], AX
0x0120 3b44 08 CMP AX, [SI+0x8]
0x0123 7d 3c JGE 0x161
0x0125 8a54 0d MOV DL, [SI+0xd]
0x0128 c0e2 06 SHL DL, 0x6
0x012B 8a4c 0a MOV CL, [SI+0xa]
0x012E fec1 INC CL
0x0130 08d1 OR CL, DL
0x0132 8a6c 0c MOV CH, [SI+0xc]
0x0135 5a POP DX
0x0136 8a74 0b MOV DH, [SI+0xb]
0x0139 bb 0070 MOV BX, 0x7000
0x013C 8ec3 MOV ES, BX
0x013E 31db XOR BX, BX
0x0140 b8 0102 MOV AX, 0x201
0x0143 cd 13 INT 0x13
0x0145 72 2a JB 0x171
0x0147 8cc3 MOV BX, ES
0x0149 8e06 487c MOV ES, [0x7c48]
0x014D 60 PUSHA
0x014E 1e PUSH DS
0x014F b9 0001 MOV CX, 0x100
0x0152 8edb MOV DS, BX
0x0154 31f6 XOR SI, SI
0x0156 31ff XOR DI, DI
0x0158 fc CLD
0x0159 f3 a5 REP MOVSW
0x015B 1f POP DS
0x015C 61 POPA
0x015D ff26 427c JMP [0x7c42]
0x0161 be 857d MOV SI, 0x7d85
0x0164 e8 4000 CALL 0x1a7
0x0167 eb 0e JMP 0x177
0x0169 be 8a7d MOV SI, 0x7d8a
0x016C e8 3800 CALL 0x1a7
0x016F eb 06 JMP 0x177
0x0171 be 947d MOV SI, 0x7d94
0x0174 e8 3000 CALL 0x1a7
0x0177 be 997d MOV SI, 0x7d99
0x017A e8 2a00 CALL 0x1a7
0x017D eb fe JMP 0x17d
0x017F 47 INC DI
0x0180 52 PUSH DX
0x0181 55 PUSH BP
0x0182 42 INC DX
0x0183 2000 AND [BX+SI], AL
0x0185 47 INC DI
0x0186 65 6f OUTS DX, WORD GS:[SI]
0x0188 6d INSW
0x0189 0048 61 ADD [BX+SI+0x61], CL
0x018C 72 64 JB 0x1f2
0x018E 2044 69 AND [SI+0x69], AL
0x0191 73 6b JAE 0x1fe
0x0193 0052 65 ADD [BP+SI+0x65], DL
0x0196 61 POPA
0x0197 64 0020 ADD FS:[BX+SI], AH
0x019A 45 INC BP
0x019B 72 72 JB 0x20f
0x019D 6f OUTSW
0x019E 72 00 JB 0x1a0
0x01A0 bb 0100 MOV BX, 0x1
0x01A3 b4 0e MOV AH, 0xe
0x01A5 cd 10 INT 0x10
0x01A7 ac LODSB
0x01A8 3c 00 CMP AL, 0x0
0x01AA 75 f4 JNZ 0x1a0
0x01AC c3 RET
0x01AD 0000 ADD [BX+SI], AL
0x01AF 0000 ADD [BX+SI], AL
0x01B1 0000 ADD [BX+SI], AL
0x01B3 0000 ADD [BX+SI], AL
0x01B5 0000 ADD [BX+SI], AL
0x01B7 0028 ADD [BX+SI], CH
0x01B9 55 PUSH BP
0x01BA 63aa 0000 ARPL [BP+SI+0x0], BP
0x01BE 8001 01 ADD BYTE [BX+DI], 0x1
0x01C1 0007 ADD [BX], AL
0x01C3 fe DB 0xfe
0x01C4 ff DB 0xff
0x01C5 ff DB 0xff
0x01C6 3f AAS
0x01C7 0000 ADD [BX+SI], AL
0x01C9 0002 ADD [BP+SI], AL
0x01CB 4c DEC SP
0x01CC 383a CMP [BP+SI], BH
0x01CE 0000 ADD [BX+SI], AL
0x01D0 0000 ADD [BX+SI], AL
0x01D2 0000 ADD [BX+SI], AL
0x01D4 0000 ADD [BX+SI], AL
0x01D6 0000 ADD [BX+SI], AL
0x01D8 0000 ADD [BX+SI], AL
0x01DA 0000 ADD [BX+SI], AL
0x01DC 0000 ADD [BX+SI], AL
0x01DE 0000 ADD [BX+SI], AL
0x01E0 0000 ADD [BX+SI], AL
0x01E2 0000 ADD [BX+SI], AL
0x01E4 0000 ADD [BX+SI], AL
0x01E6 0000 ADD [BX+SI], AL
0x01E8 0000 ADD [BX+SI], AL
0x01EA 0000 ADD [BX+SI], AL
0x01EC 0000 ADD [BX+SI], AL
0x01EE 0000 ADD [BX+SI], AL
0x01F0 0000 ADD [BX+SI], AL
0x01F2 0000 ADD [BX+SI], AL
0x01F4 0000 ADD [BX+SI], AL
0x01F6 0000 ADD [BX+SI], AL
0x01F8 0000 ADD [BX+SI], AL
0x01FA 0000 ADD [BX+SI], AL
0x01FC 0000 ADD [BX+SI], AL
0x01FE 55 PUSH BP
0x01FF aa STOSB
_______MBR \Device\Harddisk3\DR3
0x00000000 EB 48 90 00 00 00 47 52 55 42 50 1F FC BE 1B 7C ëH....GRUBP.ü3.|
0x00000010 BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04 ?..PW1a.ó¤Ë13.±.
0x00000020 38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5 8n.|.u..A.âôÍ..o
0x00000030 83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 03 02 .A.It.8,tö.µ.´..
0x00000040 80 00 00 20 01 00 00 00 00 02 FA 90 90 F6 C2 80 ... ......ú..öÂ.
0x00000050 75 02 B2 80 EA 59 7C 00 00 31 C0 8E D8 8E D0 BC u.2.eY|..1A.O.?1
0x00000060 00 20 FB A0 40 7C 3C FF 74 02 88 C2 52 BE 7F 7D . u.@|<.t..ÂR3.}
0x00000070 E8 34 01 F6 C2 80 74 54 B4 41 BB AA 55 CD 13 5A e4.öÂ.tT´A»aUÍ.Z
0x00000080 52 72 49 81 FB 55 AA 75 43 A0 41 7C 84 C0 75 05 RrI.uUauC.A|.Au.
0x00000090 83 E1 01 74 37 66 8B 4C 10 BE 05 7C C6 44 FF 01 .á.t7f.L.3.|AD..
0x000000A0 66 8B 1E 44 7C C7 04 10 00 C7 44 02 01 00 66 89 f..D|Ç...ÇD...f.
0x000000B0 5C 08 C7 44 06 00 70 66 31 C0 89 44 04 66 89 44 \.ÇD..pf1A.D.f.D
0x000000C0 0C B4 42 CD 13 72 05 BB 00 70 EB 7D B4 08 CD 13 .´BÍ.r.».pë}´.Í.
0x000000D0 73 0A F6 C2 80 0F 84 EA 00 E9 8D 00 BE 05 7C C6 s.öÂ...e.é..3.|A
0x000000E0 44 FF 00 66 31 C0 88 F0 40 66 89 44 04 31 D2 88 D..f1A.?@f.D.1O.
0x000000F0 CA C1 E2 02 88 E8 88 F4 40 89 44 08 31 C0 88 D0 EÁâ..e.ô@.D.1A.?
0x00000100 C0 E8 02 66 89 04 66 A1 44 7C 66 31 D2 66 F7 34 Ae.f..f!D|f1Of÷4
0x00000110 88 54 0A 66 31 D2 66 F7 74 04 88 54 0B 89 44 0C .T.f1Of÷t..T..D.
0x00000120 3B 44 08 7D 3C 8A 54 0D C0 E2 06 8A 4C 0A FE C1 ;D.}<.T.Aâ..L.?Á
0x00000130 08 D1 8A 6C 0C 5A 8A 74 0B BB 00 70 8E C3 31 DB .N.l.Z.t.».p.A1U
0x00000140 B8 01 02 CD 13 72 2A 8C C3 8E 06 48 7C 60 1E B9 ¸..Í.r*.A..H|`.1
0x00000150 00 01 8E DB 31 F6 31 FF FC F3 A5 1F 61 FF 26 42 ...U1ö1.üóY.a.&B
0x00000160 7C BE 85 7D E8 40 00 EB 0E BE 8A 7D E8 38 00 EB |3.}e@.ë.3.}e8.ë
0x00000170 06 BE 94 7D E8 30 00 BE 99 7D E8 2A 00 EB FE 47 .3.}e0.3.}e*.ë?G
0x00000180 52 55 42 20 00 47 65 6F 6D 00 48 61 72 64 20 44 RUB .Geom.Hard D
0x00000190 69 73 6B 00 52 65 61 64 00 20 45 72 72 6F 72 00 isk.Read. Error.
0x000001A0 BB 01 00 B4 0E CD 10 AC 3C 00 75 F4 C3 00 00 00 »..´.Í.¬<.uôA...
0x000001B0 00 00 00 00 00 00 00 00 22 44 E7 04 00 00 80 01 ........"Dç.....
0x000001C0 01 00 07 FE FF FF 3F 00 00 00 82 59 70 74 00 00 ...?..?....Ypt..
0x000001D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Ua
__________________________16_BIT_ASM_CODE
0x0000 eb 48 JMP 0x4a
0x0002 90 NOP
0x0003 0000 ADD [BX+SI], AL
0x0005 0047 52 ADD [BX+0x52], AL
0x0008 55 PUSH BP
0x0009 42 INC DX
0x000A 50 PUSH AX
0x000B 1f POP DS
0x000C fc CLD
0x000D be 1b7c MOV SI, 0x7c1b
0x0010 bf 1b06 MOV DI, 0x61b
0x0013 50 PUSH AX
0x0014 57 PUSH DI
0x0015 b9 e501 MOV CX, 0x1e5
0x0018 f3 a4 REP MOVSB
0x001A cb RETF
0x001B bd be07 MOV BP, 0x7be
0x001E b1 04 MOV CL, 0x4
0x0020 386e 00 CMP [BP+0x0], CH
0x0023 7c 09 JL 0x2e
0x0025 75 13 JNZ 0x3a
0x0027 83c5 10 ADD BP, 0x10
0x002A e2 f4 LOOP 0x20
0x002C cd 18 INT 0x18
0x002E 8bf5 MOV SI, BP
0x0030 83c6 10 ADD SI, 0x10
0x0033 49 DEC CX
0x0034 74 19 JZ 0x4f
0x0036 382c CMP [SI], CH
0x0038 74 f6 JZ 0x30
0x003A a0 b507 MOV AL, [0x7b5]
0x003D b4 03 MOV AH, 0x3
0x003F 0280 0000 ADD AL, [BX+SI+0x0]
0x0043 2001 AND [BX+DI], AL
0x0045 0000 ADD [BX+SI], AL
0x0047 0000 ADD [BX+SI], AL
0x0049 02fa ADD BH, DL
0x004B 90 NOP
0x004C 90 NOP
0x004D f6c2 80 TEST DL, 0x80
0x0050 75 02 JNZ 0x54
0x0052 b2 80 MOV DL, 0x80
0x0054 ea 597c 0000 JMP FAR 0x0:0x7c59
0x0059 31c0 XOR AX, AX
0x005B 8ed8 MOV DS, AX
0x005D 8ed0 MOV SS, AX
0x005F bc 0020 MOV SP, 0x2000
0x0062 fb STI
0x0063 a0 407c MOV AL, [0x7c40]
0x0066 3c ff CMP AL, 0xff
0x0068 74 02 JZ 0x6c
0x006A 88c2 MOV DL, AL
0x006C 52 PUSH DX
0x006D be 7f7d MOV SI, 0x7d7f
0x0070 e8 3401 CALL 0x1a7
0x0073 f6c2 80 TEST DL, 0x80
0x0076 74 54 JZ 0xcc
0x0078 b4 41 MOV AH, 0x41
0x007A bb aa55 MOV BX, 0x55aa
0x007D cd 13 INT 0x13
0x007F 5a POP DX
0x0080 52 PUSH DX
0x0081 72 49 JB 0xcc
0x0083 81fb 55aa CMP BX, 0xaa55
0x0087 75 43 JNZ 0xcc
0x0089 a0 417c MOV AL, [0x7c41]
0x008C 84c0 TEST AL, AL
0x008E 75 05 JNZ 0x95
0x0090 83e1 01 AND CX, 0x1
0x0093 74 37 JZ 0xcc
0x0095 66 8b4c 10 MOV ECX, [SI+0x10]
0x0099 be 057c MOV SI, 0x7c05
0x009C c644 ff 01 MOV BYTE [SI-0x1], 0x1
0x00A0 66 8b1e 447c MOV EBX, [0x7c44]
0x00A5 c704 1000 MOV WORD [SI], 0x10
0x00A9 c744 02 0100 MOV WORD [SI+0x2], 0x1
0x00AE 66 895c 08 MOV [SI+0x8], EBX
0x00B2 c744 06 0070 MOV WORD [SI+0x6], 0x7000
0x00B7 66 31c0 XOR EAX, EAX
0x00BA 8944 04 MOV [SI+0x4], AX
0x00BD 66 8944 0c MOV [SI+0xc], EAX
0x00C1 b4 42 MOV AH, 0x42
0x00C3 cd 13 INT 0x13
0x00C5 72 05 JB 0xcc
0x00C7 bb 0070 MOV BX, 0x7000
0x00CA eb 7d JMP 0x149
0x00CC b4 08 MOV AH, 0x8
0x00CE cd 13 INT 0x13
0x00D0 73 0a JAE 0xdc
0x00D2 f6c2 80 TEST DL, 0x80
0x00D5 0f84 ea00 JZ 0x1c3
0x00D9 e9 8d00 JMP 0x169
0x00DC be 057c MOV SI, 0x7c05
0x00DF c644 ff 00 MOV BYTE [SI-0x1], 0x0
0x00E3 66 31c0 XOR EAX, EAX
0x00E6 88f0 MOV AL, DH
0x00E8 40 INC AX
0x00E9 66 8944 04 MOV [SI+0x4], EAX
0x00ED 31d2 XOR DX, DX
0x00EF 88ca MOV DL, CL
0x00F1 c1e2 02 SHL DX, 0x2
0x00F4 88e8 MOV AL, CH
0x00F6 88f4 MOV AH, DH
0x00F8 40 INC AX
0x00F9 8944 08 MOV [SI+0x8], AX
0x00FC 31c0 XOR AX, AX
0x00FE 88d0 MOV AL, DL
0x0100 c0e8 02 SHR AL, 0x2
0x0103 66 8904 MOV [SI], EAX
0x0106 66 a1 447c MOV EAX, [0x7c44]
0x010A 66 31d2 XOR EDX, EDX
0x010D 66 f734 DIV DWORD [SI]
0x0110 8854 0a MOV [SI+0xa], DL
0x0113 66 31d2 XOR EDX, EDX
0x0116 66 f774 04 DIV DWORD [SI+0x4]
0x011A 8854 0b MOV [SI+0xb], DL
0x011D 8944 0c MOV [SI+0xc], AX
0x0120 3b44 08 CMP AX, [SI+0x8]
0x0123 7d 3c JGE 0x161
0x0125 8a54 0d MOV DL, [SI+0xd]
0x0128 c0e2 06 SHL DL, 0x6
0x012B 8a4c 0a MOV CL, [SI+0xa]
0x012E fec1 INC CL
0x0130 08d1 OR CL, DL
0x0132 8a6c 0c MOV CH, [SI+0xc]
0x0135 5a POP DX
0x0136 8a74 0b MOV DH, [SI+0xb]
0x0139 bb 0070 MOV BX, 0x7000
0x013C 8ec3 MOV ES, BX
0x013E 31db XOR BX, BX
0x0140 b8 0102 MOV AX, 0x201
0x0143 cd 13 INT 0x13
0x0145 72 2a JB 0x171
0x0147 8cc3 MOV BX, ES
0x0149 8e06 487c MOV ES, [0x7c48]
0x014D 60 PUSHA
0x014E 1e PUSH DS
0x014F b9 0001 MOV CX, 0x100
0x0152 8edb MOV DS, BX
0x0154 31f6 XOR SI, SI
0x0156 31ff XOR DI, DI
0x0158 fc CLD
0x0159 f3 a5 REP MOVSW
0x015B 1f POP DS
0x015C 61 POPA
0x015D ff26 427c JMP [0x7c42]
0x0161 be 857d MOV SI, 0x7d85
0x0164 e8 4000 CALL 0x1a7
0x0167 eb 0e JMP 0x177
0x0169 be 8a7d MOV SI, 0x7d8a
0x016C e8 3800 CALL 0x1a7
0x016F eb 06 JMP 0x177
0x0171 be 947d MOV SI, 0x7d94
0x0174 e8 3000 CALL 0x1a7
0x0177 be 997d MOV SI, 0x7d99
0x017A e8 2a00 CALL 0x1a7
0x017D eb fe JMP 0x17d
0x017F 47 INC DI
0x0180 52 PUSH DX
0x0181 55 PUSH BP
0x0182 42 INC DX
0x0183 2000 AND [BX+SI], AL
0x0185 47 INC DI
0x0186 65 6f OUTS DX, WORD GS:[SI]
0x0188 6d INSW
0x0189 0048 61 ADD [BX+SI+0x61], CL
0x018C 72 64 JB 0x1f2
0x018E 2044 69 AND [SI+0x69], AL
0x0191 73 6b JAE 0x1fe
0x0193 0052 65 ADD [BP+SI+0x65], DL
0x0196 61 POPA
0x0197 64 0020 ADD FS:[BX+SI], AH
0x019A 45 INC BP
0x019B 72 72 JB 0x20f
0x019D 6f OUTSW
0x019E 72 00 JB 0x1a0
0x01A0 bb 0100 MOV BX, 0x1
0x01A3 b4 0e MOV AH, 0xe
0x01A5 cd 10 INT 0x10
0x01A7 ac LODSB
0x01A8 3c 00 CMP AL, 0x0
0x01AA 75 f4 JNZ 0x1a0
0x01AC c3 RET
0x01AD 0000 ADD [BX+SI], AL
0x01AF 0000 ADD [BX+SI], AL
0x01B1 0000 ADD [BX+SI], AL
0x01B3 0000 ADD [BX+SI], AL
0x01B5 0000 ADD [BX+SI], AL
0x01B7 0022 ADD [BP+SI], AH
0x01B9 44 INC SP
0x01BA e7 04 OUT 0x4, AX
0x01BC 0000 ADD [BX+SI], AL
0x01BE 8001 01 ADD BYTE [BX+DI], 0x1
0x01C1 0007 ADD [BX], AL
0x01C3 fe DB 0xfe
0x01C4 ff DB 0xff
0x01C5 ff DB 0xff
0x01C6 3f AAS
0x01C7 0000 ADD [BX+SI], AL
0x01C9 0082 5970 ADD [BP+SI+0x7059], AL
0x01CD 74 00 JZ 0x1cf
0x01CF 0000 ADD [BX+SI], AL
0x01D1 0000 ADD [BX+SI], AL
0x01D3 0000 ADD [BX+SI], AL
0x01D5 0000 ADD [BX+SI], AL
0x01D7 0000 ADD [BX+SI], AL
0x01D9 0000 ADD [BX+SI], AL
0x01DB 0000 ADD [BX+SI], AL
0x01DD 0000 ADD [BX+SI], AL
0x01DF 0000 ADD [BX+SI], AL
0x01E1 0000 ADD [BX+SI], AL
0x01E3 0000 ADD [BX+SI], AL
0x01E5 0000 ADD [BX+SI], AL
0x01E7 0000 ADD [BX+SI], AL
0x01E9 0000 ADD [BX+SI], AL
0x01EB 0000 ADD [BX+SI], AL
0x01ED 0000 ADD [BX+SI], AL
0x01EF 0000 ADD [BX+SI], AL
0x01F1 0000 ADD [BX+SI], AL
0x01F3 0000 ADD [BX+SI], AL
0x01F5 0000 ADD [BX+SI], AL
0x01F7 0000 ADD [BX+SI], AL
0x01F9 0000 ADD [BX+SI], AL
0x01FB 0000 ADD [BX+SI], AL
0x01FD 0055 aa ADD [DI-0x56], DL
Re: Kontrola logu, prosím, Wigon v operační paměti
Takže tu je log z Combofixu
ComboFix 12-04-01.01 - Jirka 01.04.2012 20:06:57.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2539 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jirka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jirka\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Vytvořen nový Bod Obnovení
.
ADS - TEMP: deleted 118 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DIO06
-------\Service_Dio06
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-01 do 2012-04-01 )))))))))))))))))))))))))))))))
.
.
2012-03-31 15:40 . 2012-03-31 15:40 -------- d-----w- c:\documents and settings\Koalka\Data aplikací\OpenOffice.org
2012-03-30 17:06 . 2012-03-30 17:06 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-28 11:21 . 2012-03-28 11:21 -------- d-----w- c:\program files\ESET
2012-03-28 11:21 . 2012-03-28 11:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2012-03-26 14:16 . 2012-03-26 14:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Protexis
2012-03-26 14:16 . 2012-03-26 14:16 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\Corel
2012-03-26 14:06 . 2012-03-26 14:06 348256 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\1033\ResourceCache.dll
2012-03-26 14:05 . 2012-03-26 14:05 348256 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VSTAHost\CorelDRAW\9.0\1033\ResourceCache.dll
2012-03-26 14:04 . 2012-03-28 19:12 416 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2012-03-26 14:03 . 2012-03-26 14:03 -------- d-----w- c:\program files\Microsoft SDKs
2012-03-26 14:03 . 2012-03-26 14:03 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-03-26 14:02 . 2012-03-26 14:02 -------- d-----w- c:\program files\gs
2012-03-26 14:02 . 2012-03-26 14:02 -------- d-----w- c:\program files\Common Files\Corel
2012-03-26 14:01 . 2012-03-26 14:01 -------- d-----w- c:\program files\Common Files\Protexis
2012-03-26 14:01 . 2012-03-26 14:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Corel
2012-03-26 13:57 . 2012-03-26 13:57 -------- d-----w- c:\program files\Corel
2012-03-26 09:58 . 2012-03-26 09:58 -------- d-----w- c:\program files\Common Files\Skype
2012-03-20 23:20 . 2010-07-09 22:38 61440 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-20 23:20 . 2010-07-09 22:38 13549568 ----a-w- c:\windows\system32\nvoglnt.dll
2012-03-20 23:20 . 2010-07-09 22:38 4595712 ----a-w- c:\windows\system32\nvcuda.dll
2012-03-20 23:20 . 2010-07-09 22:38 2914408 ----a-w- c:\windows\system32\nvcuvid.dll
2012-03-20 23:20 . 2010-07-09 22:38 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-03-20 23:20 . 2010-07-09 22:38 236136 ----a-w- c:\windows\system32\nvcodins.dll
2012-03-20 23:20 . 2010-07-09 22:38 236136 ----a-w- c:\windows\system32\nvcod.dll
2012-03-20 23:20 . 2010-07-09 22:38 2195030 ----a-w- c:\windows\system32\nvdata.bin
2012-03-20 23:20 . 2010-07-09 22:38 1388544 ----a-w- c:\windows\system32\nvapi.dll
2012-03-20 23:20 . 2010-07-09 22:38 10260480 ----a-w- c:\windows\system32\nvcompiler.dll
2012-03-20 23:20 . 2012-03-20 23:20 -------- d-----w- C:\NVIDIA
2012-03-19 22:20 . 2012-03-19 22:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NVIDIA
2012-03-19 22:20 . 2012-03-19 22:20 -------- d-----w- c:\documents and settings\UpdatusUser
2012-03-19 21:09 . 2012-03-19 21:09 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\DDMSettings
2012-03-18 19:37 . 2012-03-18 19:37 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 19:37 . 2012-03-18 19:37 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-13 22:47 . 2012-03-20 23:24 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-03-13 22:47 . 2012-03-20 23:24 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-03-13 22:47 . 2012-03-20 23:24 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-03-13 20:14 . 2012-03-19 22:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NVIDIA Corporation
2012-03-13 20:11 . 2012-02-29 23:58 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-03-13 20:11 . 2012-02-29 23:58 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-03-12 08:44 . 2012-03-12 08:44 -------- d-----w- c:\program files\GeoGet
2012-03-12 08:37 . 2012-03-28 17:34 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\GeoGet
2012-03-10 20:52 . 1996-09-30 17:46 24576 ------w- c:\windows\UniFISH.exe
2012-03-08 16:23 . 2012-03-08 16:23 -------- d-----w- c:\documents and settings\Koalka\Local Settings\Data aplikací\Microsoft Help
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-30 17:06 . 2011-10-03 14:59 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-25 09:53 . 2012-02-25 09:53 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-02-15 22:02 . 2012-02-15 22:02 409600 ----a-r- c:\documents and settings\Jirka\Data aplikací\Microsoft\Installer\{24BA79B5-53F9-475C-9D49-EC4BDE8B09CF}\NewShortcut3_6D20AC6FF7844F04BE4C6D94A1805157.exe
2012-02-15 22:02 . 2012-02-15 22:02 409600 ----a-r- c:\documents and settings\Jirka\Data aplikací\Microsoft\Installer\{24BA79B5-53F9-475C-9D49-EC4BDE8B09CF}\NewShortcut2_6D20AC6FF7844F04BE4C6D94A1805157.exe
2012-02-15 22:02 . 2012-02-15 22:02 409600 ----a-r- c:\documents and settings\Jirka\Data aplikací\Microsoft\Installer\{24BA79B5-53F9-475C-9D49-EC4BDE8B09CF}\ARPPRODUCTICON.exe
2012-02-03 09:57 . 2001-10-25 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:07 . 2012-02-18 18:09 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2011-10-03 06:37 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2012-03-18 19:37 . 2011-10-03 07:35 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2011-08-17 20064872]
"TWCU"="c:\program files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe" [2010-05-21 561263]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Koalka\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\Nika\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\Jirka\Nabídka Start\Programy\Po spuštění\
MailWasherPro.lnk - c:\program files\FireTrust\MailWasher Pro\MailWasher.exe [2012-2-13 18097128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Graphisoft\\ArchiCAD 11\\ArchiCAD.exe"=
"e:\\NIKA dokumenty\\Unreal Tournament 2004\\System\\UT2004.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"e:\\WOW\\World of Warcraft\\WoW-3.2.0-enGB-downloader.exe"=
"e:\\WOW\\World of Warcraft\\Launcher.exe"=
"e:\\WOW\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Common Files\\soft602\\langserv.exe"=
"c:\\Program Files\\Common Files\\Common Desktop Agent\\CDASrv.exe"=
"c:\\Program Files\\Samsung\\Easy Printer Manager\\IDS.Application.exe"=
"c:\\Program Files\\Samsung\\Easy Printer Manager\\OrderSupplies.exe"=
"c:\\Program Files\\Samsung\\Easy Printer Manager\\IDSAlert.exe"=
"c:\\Program Files\\Samsung\\Easy Printer Manager\\CDAS2PC\\CDAS2PC.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 9:20 103112]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\drivers\wfcxacap.sys [1.5.2011 23:36 9856]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [10.10.2011 14:55 85344]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [22.9.2011 12:03 974944]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\bin\fbguard.exe -s --> c:\program files\Firebird\bin\fbguard.exe -s [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [20.3.2012 0:20 2348352]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [23.12.2010 8:06 5120]
R2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys [1.5.2011 23:36 31744]
R2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [1.5.2011 23:36 167040]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [16.12.2011 22:38 1714176]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\bin\fbserver.exe -s --> c:\program files\Firebird\bin\fbserver.exe -s [?]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys [1.5.2011 23:36 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [1.5.2011 23:36 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys [1.5.2011 23:36 10496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23.1.2012 23:53 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 8:50 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30.3.2012 19:06 253600]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3.10.2011 17:24 1691480]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [14.12.2011 22:50 30312]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [23.1.2012 23:53 136176]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files\MSI\Live Update 5\msibios32_100507.sys [3.10.2011 18:18 25912]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\MSI\Live Update 5\NTIOLib.sys [3.10.2011 18:18 7680]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 22:37 4640000]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [4.10.2011 21:14 155344]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [14.12.2011 22:50 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [14.12.2011 22:50 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [14.12.2011 22:50 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [14.12.2011 22:50 114280]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [25.10.2001 14:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 17:06]
.
2012-01-21 c:\windows\Tasks\AdobeAAMUpdater-1.0-LOJZA-Nika.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-09-16 13:04]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-23 21:53]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-23 21:53]
.
.
------- Doplňkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\dn1qh2zu.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-01 20:15
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1840)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\acs.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Firebird\bin\fbguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Firebird\bin\fbserver.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Celkový čas: 2012-04-01 20:20:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-01 18:20
.
Před spuštěním: Volných bajtů: 45 907 935 232
Po spuštění: Volných bajtů: 45 732 364 288
.
- - End Of File - - 5AEF5CA3357C77D389BE36DA10C6D1A8
ComboFix 12-04-01.01 - Jirka 01.04.2012 20:06:57.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2539 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jirka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Jirka\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Vytvořen nový Bod Obnovení
.
ADS - TEMP: deleted 118 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DIO06
-------\Service_Dio06
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-01 do 2012-04-01 )))))))))))))))))))))))))))))))
.
.
2012-03-31 15:40 . 2012-03-31 15:40 -------- d-----w- c:\documents and settings\Koalka\Data aplikací\OpenOffice.org
2012-03-30 17:06 . 2012-03-30 17:06 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-28 11:21 . 2012-03-28 11:21 -------- d-----w- c:\program files\ESET
2012-03-28 11:21 . 2012-03-28 11:21 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
2012-03-26 14:16 . 2012-03-26 14:16 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Protexis
2012-03-26 14:16 . 2012-03-26 14:16 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\Corel
2012-03-26 14:06 . 2012-03-26 14:06 348256 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\1033\ResourceCache.dll
2012-03-26 14:05 . 2012-03-26 14:05 348256 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\VSTAHost\CorelDRAW\9.0\1033\ResourceCache.dll
2012-03-26 14:04 . 2012-03-28 19:12 416 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2012-03-26 14:03 . 2012-03-26 14:03 -------- d-----w- c:\program files\Microsoft SDKs
2012-03-26 14:03 . 2012-03-26 14:03 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-03-26 14:02 . 2012-03-26 14:02 -------- d-----w- c:\program files\gs
2012-03-26 14:02 . 2012-03-26 14:02 -------- d-----w- c:\program files\Common Files\Corel
2012-03-26 14:01 . 2012-03-26 14:01 -------- d-----w- c:\program files\Common Files\Protexis
2012-03-26 14:01 . 2012-03-26 14:01 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Corel
2012-03-26 13:57 . 2012-03-26 13:57 -------- d-----w- c:\program files\Corel
2012-03-26 09:58 . 2012-03-26 09:58 -------- d-----w- c:\program files\Common Files\Skype
2012-03-20 23:20 . 2010-07-09 22:38 61440 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-20 23:20 . 2010-07-09 22:38 13549568 ----a-w- c:\windows\system32\nvoglnt.dll
2012-03-20 23:20 . 2010-07-09 22:38 4595712 ----a-w- c:\windows\system32\nvcuda.dll
2012-03-20 23:20 . 2010-07-09 22:38 2914408 ----a-w- c:\windows\system32\nvcuvid.dll
2012-03-20 23:20 . 2010-07-09 22:38 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-03-20 23:20 . 2010-07-09 22:38 236136 ----a-w- c:\windows\system32\nvcodins.dll
2012-03-20 23:20 . 2010-07-09 22:38 236136 ----a-w- c:\windows\system32\nvcod.dll
2012-03-20 23:20 . 2010-07-09 22:38 2195030 ----a-w- c:\windows\system32\nvdata.bin
2012-03-20 23:20 . 2010-07-09 22:38 1388544 ----a-w- c:\windows\system32\nvapi.dll
2012-03-20 23:20 . 2010-07-09 22:38 10260480 ----a-w- c:\windows\system32\nvcompiler.dll
2012-03-20 23:20 . 2012-03-20 23:20 -------- d-----w- C:\NVIDIA
2012-03-19 22:20 . 2012-03-19 22:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NVIDIA
2012-03-19 22:20 . 2012-03-19 22:20 -------- d-----w- c:\documents and settings\UpdatusUser
2012-03-19 21:09 . 2012-03-19 21:09 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\DDMSettings
2012-03-18 19:37 . 2012-03-18 19:37 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 19:37 . 2012-03-18 19:37 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-13 22:47 . 2012-03-20 23:24 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-03-13 22:47 . 2012-03-20 23:24 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-03-13 22:47 . 2012-03-20 23:24 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-03-13 20:14 . 2012-03-19 22:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\NVIDIA Corporation
2012-03-13 20:11 . 2012-02-29 23:58 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-03-13 20:11 . 2012-02-29 23:58 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-03-12 08:44 . 2012-03-12 08:44 -------- d-----w- c:\program files\GeoGet
2012-03-12 08:37 . 2012-03-28 17:34 -------- d-----w- c:\documents and settings\Jirka\Data aplikací\GeoGet
2012-03-10 20:52 . 1996-09-30 17:46 24576 ------w- c:\windows\UniFISH.exe
2012-03-08 16:23 . 2012-03-08 16:23 -------- d-----w- c:\documents and settings\Koalka\Local Settings\Data aplikací\Microsoft Help
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-30 17:06 . 2011-10-03 14:59 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-25 09:53 . 2012-02-25 09:53 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-02-15 22:02 . 2012-02-15 22:02 409600 ----a-r- c:\documents and settings\Jirka\Data aplikací\Microsoft\Installer\{24BA79B5-53F9-475C-9D49-EC4BDE8B09CF}\NewShortcut3_6D20AC6FF7844F04BE4C6D94A1805157.exe
2012-02-15 22:02 . 2012-02-15 22:02 409600 ----a-r- c:\documents and settings\Jirka\Data aplikací\Microsoft\Installer\{24BA79B5-53F9-475C-9D49-EC4BDE8B09CF}\NewShortcut2_6D20AC6FF7844F04BE4C6D94A1805157.exe
2012-02-15 22:02 . 2012-02-15 22:02 409600 ----a-r- c:\documents and settings\Jirka\Data aplikací\Microsoft\Installer\{24BA79B5-53F9-475C-9D49-EC4BDE8B09CF}\ARPPRODUCTICON.exe
2012-02-03 09:57 . 2001-10-25 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:07 . 2012-02-18 18:09 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2011-10-03 06:37 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2012-03-18 19:37 . 2011-10-03 07:35 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2011-08-17 20064872]
"TWCU"="c:\program files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe" [2010-05-21 561263]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Koalka\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\Nika\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\Jirka\Nabídka Start\Programy\Po spuštění\
MailWasherPro.lnk - c:\program files\FireTrust\MailWasher Pro\MailWasher.exe [2012-2-13 18097128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Graphisoft\\ArchiCAD 11\\ArchiCAD.exe"=
"e:\\NIKA dokumenty\\Unreal Tournament 2004\\System\\UT2004.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"e:\\WOW\\World of Warcraft\\WoW-3.2.0-enGB-downloader.exe"=
"e:\\WOW\\World of Warcraft\\Launcher.exe"=
"e:\\WOW\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Common Files\\soft602\\langserv.exe"=
"c:\\Program Files\\Common Files\\Common Desktop Agent\\CDASrv.exe"=
"c:\\Program Files\\Samsung\\Easy Printer Manager\\IDS.Application.exe"=
"c:\\Program Files\\Samsung\\Easy Printer Manager\\OrderSupplies.exe"=
"c:\\Program Files\\Samsung\\Easy Printer Manager\\IDSAlert.exe"=
"c:\\Program Files\\Samsung\\Easy Printer Manager\\CDAS2PC\\CDAS2PC.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [4.8.2011 9:20 103112]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\drivers\wfcxacap.sys [1.5.2011 23:36 9856]
R2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [10.10.2011 14:55 85344]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [22.9.2011 12:03 974944]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\bin\fbguard.exe -s --> c:\program files\Firebird\bin\fbguard.exe -s [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [20.3.2012 0:20 2348352]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.sys [23.12.2010 8:06 5120]
R2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys [1.5.2011 23:36 31744]
R2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [1.5.2011 23:36 167040]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [16.12.2011 22:38 1714176]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\bin\fbserver.exe -s --> c:\program files\Firebird\bin\fbserver.exe -s [?]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys [1.5.2011 23:36 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [1.5.2011 23:36 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys [1.5.2011 23:36 10496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 13:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23.1.2012 23:53 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 8:50 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30.3.2012 19:06 253600]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3.10.2011 17:24 1691480]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [14.12.2011 22:50 30312]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [23.1.2012 23:53 136176]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files\MSI\Live Update 5\msibios32_100507.sys [3.10.2011 18:18 25912]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\MSI\Live Update 5\NTIOLib.sys [3.10.2011 18:18 7680]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9.1.2010 22:37 4640000]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [4.10.2011 21:14 155344]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [14.12.2011 22:50 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [14.12.2011 22:50 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [14.12.2011 22:50 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [14.12.2011 22:50 114280]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [25.10.2001 14:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 13:16 753504]
S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Obsah adresáře 'Naplánované úlohy'
.
2012-04-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 17:06]
.
2012-01-21 c:\windows\Tasks\AdobeAAMUpdater-1.0-LOJZA-Nika.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-09-16 13:04]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-23 21:53]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-23 21:53]
.
.
------- Doplňkový sken -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\dn1qh2zu.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-01 20:15
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(1840)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\acs.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Firebird\bin\fbguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Firebird\bin\fbserver.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Celkový čas: 2012-04-01 20:20:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-01 18:20
.
Před spuštěním: Volných bajtů: 45 907 935 232
Po spuštění: Volných bajtů: 45 732 364 288
.
- - End Of File - - 5AEF5CA3357C77D389BE36DA10C6D1A8
Re: Kontrola logu, prosím, Wigon v operační paměti
Zatím ne, díky, sqělá práce!
Re: Kontrola logu, prosím, Wigon v operační paměti
Určitě vše pošlu během půl hodiny.
Re: Kontrola logu, prosím, Wigon v operační paměti
S linoxovým bootmanagerem po nainstalování poslední verze mandrivy 2011 64bit mám trochu problém, nechce mi spustit linux 
. Ale je pravdou, že v poslední době nemám moc času se tomu více věnovat. Ještě jednou díky.
. Ale je pravdou, že v poslední době nemám moc času se tomu více věnovat. Ještě jednou díky.
Přispějete na provoz fóra?