Pekny den
Poprosil bych Taaakze, doslo k infikaci pc pres flashku. Projevuje se celkem nekompromisne: nejde regedit, taskmgr, primo nejdou spustit zadne aplikace typu RSIT, HJT, MWAV, dokonce ani cc cleaner a uz vubec ne combofix a to ani po prejmenovani. Ovsem vse lze je spustit primo po stazeni jeste v prohlizeci. Dal nejde nouzovy rezim. Po repairu se jednou do nouzoveho rezimu dostanu, ale pravdepodobne hned dojde k vseho prepsani a jsme tam kde jsme byli. Navic je v nouzovem rezimu nepristupny adresar uzivatele (pc ma jen jednoho uzivatele) a neni mozne rozpakovat zip soubor....ufff. Zakonceno hlaskou Spravce systemu zakazal spravce uloh, runtime error, floating point not loaded, system nemuze nalezt cestu c:/document a settings....a podobnym bullshitem. Prohlizel jsem si forum, opravil zobrazeni registru, zobrazeni taskmgr, provedl urcite vymazy podle logu, a v jednu chvili se zdalo ze bude vse uz v poradku, nicmene asi 10 minut po restartu, tedy ne hned se vse vratilo do puvodniho stavu...Tady je rsit log, a uz vidim ze je uplne jiny nez ten na ktery jsem koukal minule. Dekuju predem za jakoukoliv radu.
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Spravce\Dokumenty\Stažené soubory\RSIT(1).exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Program Files\trend micro\Spravce.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 4343 bytes
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Spravce\Data aplikací\Mozilla\Firefox\Profiles\0xuygufp.default
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.235 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon Easy-PhotoPrint EX
"Path"=C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files\real\realplayer\Netscape6\nppl3260.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732]
"Description"=RealJukebox Netscape Plugin
"Path"=c:\program files\real\realplayer\Netscape6\nprjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732]
"Description"=6.0.12.732
"Path"=c:\program files\real\realplayer\Netscape6\nprpjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@sun.com/npsopluginmi;version=1.0]
"Description"=
"Path"=C:\Program Files\OpenOffice.org 3\program
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt
C:\Program Files\Mozilla Firefox\plugins\
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Documents and Settings\Spravce\Data aplikací\Mozilla\Firefox\Profiles\0xuygufp.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-03-31 341600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08 202144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08 1619352]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2012-08-08 2508104]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2012-08-08 767312]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2012-08-08 421888]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-03-09 2847160]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-20 1379136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe:*:Enabled:ipsec"
"C:\Program Files\QuickTime\qttask.exe"="C:\Program Files\QuickTime\qttask.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\nwiz.exe"="C:\WINDOWS\system32\nwiz.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\netsh.exe"="C:\WINDOWS\system32\netsh.exe:*:Enabled:ipsec"
"C:\Train Simulator\train.exe"="C:\Train Simulator\train.exe:*:Enabled:ipsec"
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe:*:Enabled:ipsec"
"C:\Program Files\Google\Update\GoogleUpdate.exe"="C:\Program Files\Google\Update\GoogleUpdate.exe:*:Enabled:ipsec"
"C:\Program Files\DAEMON Tools Lite\DTLite.exe"="C:\Program Files\DAEMON Tools Lite\DTLite.exe:*:Enabled:ipsec"
"C:\Program Files\Canon\MyPrinter\BJMyPrt.exe"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe:*:Enabled:ipsec"
"C:\Program Files\procexp.exe"="C:\Program Files\procexp.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\taskmgr.exe"="C:\WINDOWS\system32\taskmgr.exe:*:Enabled:ipsec"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:ipsec"
"c:\Documents and Settings\Spravce\Dokumenty\Stažené soubory\ComboFix.exe"="c:\Documents and Settings\Spravce\Dokumenty\Stažené soubory\ComboFix.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\wscntfy.exe"="C:\WINDOWS\system32\wscntfy.exe:*:Enabled:ipsec"
"C:\Program Files\HijackThis\HijackThis.exe"="C:\Program Files\HijackThis\HijackThis.exe:*:Enabled:ipsec"
"C:\ComboFix\CF5221.3XE"="C:\ComboFix\CF5221.3XE:*:Enabled:ipsec"
"C:\Program Files\ComboFix.exe"="C:\Program Files\ComboFix.exe:*:Enabled:ipsec"
"C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE"="C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE:*:Enabled:ipsec"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\System32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"vidc.ffds"=C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
======List of files/folders created in the last 1 month======
2012-08-09 12:51:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-08-09 12:51:16 ----ASH---- C:\hiberfil.sys
2012-08-09 11:44:06 ----A---- C:\WINDOWS\ntbtlog.txt
2012-08-09 01:47:01 ----SHD---- C:\RECYCLER
2012-08-09 01:29:12 ----A---- C:\SAFEBOOT_REPAIR.TXT
2012-08-09 01:25:57 ----A---- C:\RSIT.exe
2012-08-09 01:23:17 ----D---- C:\Program Files\trend micro
2012-08-09 01:23:15 ----D---- C:\rsit
2012-08-09 01:21:17 ----RA---- C:\Program Files\iotitg.com.exe
2012-08-09 01:16:45 ----A---- C:\ComboFix.txt
2012-08-09 01:15:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-08-09 01:10:31 ----SD---- C:\WINDOWS\Tasks
2012-08-09 00:27:52 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2012-08-09 00:27:51 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2012-08-09 00:27:50 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2012-08-09 00:27:48 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2012-08-09 00:27:46 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2012-08-09 00:27:46 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2012-08-09 00:27:46 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2012-08-09 00:27:19 ----A---- C:\WINDOWS\system32\avastSS.scr
2012-08-09 00:27:19 ----A---- C:\WINDOWS\system32\aswBoot.exe
2012-08-08 21:48:01 ----A---- C:\Program Files\mwav.exe
2012-08-08 21:47:13 ----A---- C:\Program Files\kkkk.vbs
2012-08-08 20:13:15 ----D---- C:\Program Files\KZ
2012-08-08 17:20:58 ----A---- C:\WINDOWS\system32\msvcr80.dll
2012-08-08 17:20:56 ----A---- C:\WINDOWS\system32\msvcp80.dll
2012-08-08 17:20:54 ----A---- C:\WINDOWS\system32\msvcp90.dll
2012-08-08 17:20:53 ----A---- C:\WINDOWS\system32\msvcr90.dll
2012-08-08 17:20:42 ----A---- C:\WINDOWS\R.COM
2012-08-08 17:20:40 ----D---- C:\Program Files\Common Files\MicroWorld
2012-08-08 17:20:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2012-08-08 16:22:51 ----D---- C:\Program Files\UPM
2012-08-08 12:01:35 ----A---- C:\Program Files\SafeBootKeyRepair.exe
2012-08-07 14:01:45 ----D---- C:\ubuntu
2012-08-01 01:51:12 ----D---- C:\zzz
2012-08-01 01:48:51 ----D---- C:\Program Files\IsoBuster
2012-08-01 01:00:41 ----D---- C:\Program Files\HijackThis
2012-08-01 01:00:13 ----A---- C:\Boot.bak
2012-08-01 01:00:05 ----RASHD---- C:\cmdcons
2012-08-01 00:56:10 ----A---- C:\WINDOWS\zip.exe
2012-08-01 00:56:10 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-08-01 00:56:10 ----A---- C:\WINDOWS\SWSC.exe
2012-08-01 00:56:10 ----A---- C:\WINDOWS\SWREG.exe
2012-08-01 00:56:10 ----A---- C:\WINDOWS\sed.exe
2012-08-01 00:56:10 ----A---- C:\WINDOWS\PEV.exe
2012-08-01 00:56:10 ----A---- C:\WINDOWS\NIRCMD.exe
2012-08-01 00:56:10 ----A---- C:\WINDOWS\MBR.exe
2012-08-01 00:56:10 ----A---- C:\WINDOWS\grep.exe
2012-08-01 00:54:34 ----D---- C:\WINDOWS\ERDNT
2012-08-01 00:54:24 ----D---- C:\Qoobox
2012-07-29 13:10:53 ----D---- C:\zaloha_msts
2012-07-23 23:12:04 ----A---- C:\WINDOWS\d3dx.dat
2012-07-23 18:41:13 ----D---- C:\Documents and Settings\Spravce\Data aplikací\codeblocks
2012-07-23 18:40:04 ----D---- C:\Program Files\CodeBlocks
2012-07-11 12:32:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2691442$
2012-07-11 12:32:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2718523$
2012-07-11 12:31:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2655992$
2012-07-11 12:31:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2719985$
2012-07-11 12:24:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2698365$
======List of files/folders modified in the last 1 month======
2012-08-09 12:52:44 ----D---- C:\WINDOWS\SoftwareDistribution
2012-08-09 12:52:02 ----D---- C:\WINDOWS\Temp
2012-08-09 12:52:00 ----D---- C:\WINDOWS\system32\drivers
2012-08-09 12:51:45 ----D---- C:\WINDOWS
2012-08-09 11:48:27 ----D---- C:\WINDOWS\system32
2012-08-09 11:45:40 ----D---- C:\WINDOWS\system32\CatRoot2
2012-08-09 11:42:02 ----RD---- C:\Program Files
2012-08-09 01:36:28 ----A---- C:\WINDOWS\wincmd.ini
2012-08-09 01:10:33 ----A---- C:\WINDOWS\system.ini
2012-08-09 01:10:05 ----D---- C:\WINDOWS\system32\drivers\etc
2012-08-09 01:08:24 ----D---- C:\WINDOWS\system32\config
2012-08-09 01:01:48 ----D---- C:\WINDOWS\AppPatch
2012-08-09 01:01:42 ----D---- C:\Program Files\Common Files
2012-08-09 00:27:37 ----SHD---- C:\WINDOWS\Installer
2012-08-09 00:27:37 ----D---- C:\Config.Msi
2012-08-09 00:27:34 ----D---- C:\WINDOWS\WinSxS
2012-08-09 00:27:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2012-08-09 00:26:07 ----D---- C:\TEMP
2012-08-08 23:52:18 ----D---- C:\Program Files\CCleaner
2012-08-08 23:25:00 ----D---- C:\Program Files\Mozilla Firefox
2012-08-08 20:10:07 ----A---- C:\WINDOWS\win.ini
2012-08-08 19:15:21 ----SHD---- C:\System Volume Information
2012-08-08 19:15:21 ----D---- C:\WINDOWS\system32\Restore
2012-08-08 19:15:04 ----D---- C:\WINDOWS\Prefetch
2012-08-08 18:11:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-08-08 18:08:35 ----A---- C:\Program Files\Uninstall_CDS.exe
2012-08-08 18:04:51 ----A---- C:\Program Files\procexp.exe
2012-08-08 17:24:38 ----A---- C:\WINDOWS\system32\nwiz.exe
2012-08-08 15:42:38 ----D---- C:\Documents and Settings
2012-08-08 12:04:41 ----D---- C:\WINDOWS\repair
2012-08-07 14:08:53 ----RASH---- C:\boot.ini
2012-08-07 13:52:14 ----D---- C:\WINDOWS\system32\wbem
2012-08-07 13:52:13 ----D---- C:\WINDOWS\Registration
2012-08-07 13:27:38 ----D---- C:\WINDOWS\system32\NtmsData
2012-08-06 12:05:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
2012-08-03 01:52:03 ----D---- C:\Train Simulator
2012-08-01 01:48:29 ----D---- C:\Program Files\Internet Explorer
2012-07-29 13:29:32 ----D---- C:\WINDOWS\Minidump
2012-07-23 13:46:18 ----D---- C:\totalcmd
2012-07-11 12:57:53 ----D---- C:\WINDOWS\Debug
2012-07-11 12:32:30 ----HD---- C:\WINDOWS\inf
2012-07-11 12:32:05 ----HD---- C:\WINDOWS\$hf_mig$
2012-07-11 12:26:12 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-03-09 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-03-09 162640]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-03-09 46672]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2011-02-20 218688]
R1 P3;Ovladač procesoru Intel PentiumIII; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-14 46592]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-03-09 19024]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-03-09 100432]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R3 asc3360pr;asc3360pr; \??\C:\WINDOWS\system32\drivers\lsnplq.sys []
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-10-24 117760]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 LVHybrid;LVHybrid service; C:\WINDOWS\system32\DRIVERS\LVHybrid.sys [2005-10-21 660736]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-03-09 23376]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys [2001-10-24 907456]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2009-09-08 189832]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 391752]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 SimpTcp;Jednoduché služby TCP/IP; C:\WINDOWS\System32\tcpsvcs.exe [2001-10-25 19456]
R2 SNMP;SNMP; C:\WINDOWS\System32\snmp.exe [2008-04-14 32768]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 fsssvc;Služba Windows Live Zabezpečení rodiny; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2012-08-08 704864]
S3 idsvc;Služba Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LPDSVC;Tiskový server TCP/IP; C:\WINDOWS\System32\tcpsvcs.exe [2001-10-25 19456]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2012-08-08 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2012-08-08 271920]
S3 SNMPTRAP;Zachytávání pro službu SNMP; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2012-08-08 913920]
S4 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
infikace
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
truskawiec
- Návštěvník
- Příspěvky: 44
- Registrován: 09 srp 2012 10:51
Re: infikace
ok dekuju, jdu na to. Ten bordel je kvuli tomu ruznemu zkouseni jak ty utility spustit. Jinak combofix mi vzdy spolehlive problemy vyresil a nejen moje, nicmene ted nezabral, aspon zatim. Ozvu se.
-
truskawiec
- Návštěvník
- Příspěvky: 44
- Registrován: 09 srp 2012 10:51
Re: infikace
dekuju za vysvetleni, pochopeno, jen netusim, jak moc velka je provazanost combofixu s timto forem a kde zacina svevolnost pouziti combofixu, jinak sem si toho naprosto vedom. Rad se dozvim vice. Vse je reseno s ohledem na vas i muj cas, coz ne vsem vyhovuje ve stejne podobe, proto se tady casto neptam, zvlaste kdyz lide resi prakticky stejne problemy a pri trosce snahy se na ten i onen zpusob da prijit. Tento pripad je ovsem vyjimkou.
Cf: pokud je spusten ze slozky program files jako svchost .exe, je zhruba v polovine rozbalovani sestrelen
jediny zpusob jak ho spustit je primo ze slozky download.
Cf: pokud je spusten ze slozky program files jako svchost .exe, je zhruba v polovine rozbalovani sestrelen
jediny zpusob jak ho spustit je primo ze slozky download.
-
truskawiec
- Návštěvník
- Příspěvky: 44
- Registrován: 09 srp 2012 10:51
Re: infikace
log z cf, cd s otlpe pripraveno
ComboFix 12-08-08.03 - Spravce 09.08.2012 15:43:55.7.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.319.40 [GMT 2:00]
Spuštěný z: c:\documents and settings\Spravce\Dokumenty\Stažené soubory\ComboFix.exe
AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-09 do 2012-08-09 )))))))))))))))))))))))))))))))
.
.
2012-08-09 12:43 . 2012-08-09 12:44 4727758 ------r- c:\program files\ComboFix.exe
2012-08-09 10:54 . 2012-08-09 10:54 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-08-09 10:53 . 2012-06-02 13:18 214256 ----a-w- c:\windows\system32\muweb.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-08 16:08 . 2008-06-17 17:27 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2012-08-08 16:04 . 2012-05-30 23:09 4177272 ----a-w- c:\program files\procexp.exe
2012-08-08 15:27 . 2012-08-08 15:26 22 ----a-w- c:\windows\REGBK00.ZIP
2012-08-08 15:24 . 2006-10-22 10:22 1622016 ----a-w- c:\windows\system32\nwiz.exe
2012-06-13 13:55 . 2001-10-25 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:49 . 2008-05-20 18:52 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2001-10-25 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2001-10-25 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2007-07-30 17:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2007-07-30 17:18 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2008-05-20 18:04 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2008-05-20 18:04 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2008-05-20 18:04 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2008-05-20 18:04 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2008-05-19 22:01 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2007-07-30 17:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2007-07-30 17:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2007-07-30 17:18 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2001-10-25 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2008-05-20 18:04 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2008-05-19 22:01 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2008-05-26 18:23 17648 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2008-05-26 18:23 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-01 17:51 . 2012-06-01 17:51 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-01 17:51 . 2012-06-01 17:51 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-31 13:22 . 2001-10-25 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-05-30 23:19 . 2012-05-30 23:20 1058784 ----a-w- c:\program files\GPU-Z.0.6.2.exe
2012-05-16 15:09 . 2001-10-25 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:44 . 2001-10-25 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:44 . 2001-10-25 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-31 22:24 . 2012-06-21 12:30 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . EB52091981B2CF6BFE2F115117B22F48 . 225792 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[7] 2008-04-14 . FDEB1D02CAE38665CBF114F44E6B997E . 147968 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\regedit.exe
[7] 2008-04-14 . FDEB1D02CAE38665CBF114F44E6B997E . 147968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[7] 2004-08-17 . CB5A91928D94224E7E30EE277B45E8A3 . 147968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[7] 2010-02-23 . C8DDA4028065D5CE39CBE7A156B72AB9 . 634648 . . [7.00.6000.21228] . . c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\iexplore.exe
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\ERDNT\cache\iexplore.exe
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2008-04-22 . 197B7E4030CFBD8D2979D375E1787AA2 . 625664 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe
[7] 2008-04-22 . 232B22817B90AE0AFF2D189E3E3735AC . 625664 . . [7.00.6000.16674] . . c:\windows\ie8\iexplore.exe
[7] 2008-04-14 . 414AFE6E8CCDE984E16D5ED08624CEC6 . 93184 . . [6.00.2900.5512] . . c:\windows\ie7\iexplore.exe
[7] 2008-04-14 . 414AFE6E8CCDE984E16D5ED08624CEC6 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[7] 2008-02-29 . 2D0E5592AB5A46C27DAF7CCAFF4F5B59 . 625664 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\iexplore.exe
[7] 2008-02-29 . 2D0E5592AB5A46C27DAF7CCAFF4F5B59 . 625664 . . [7.00.6000.16640] . . c:\windows\SoftwareDistribution\Download\93b9ce85582d0997b0cc34d9342f4307\SP2GDR\iexplore.exe
[7] 2008-02-22 . 6E0888626E0CAC79F57149814E22DB4D . 625664 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe
[7] 2008-02-22 . 6E0888626E0CAC79F57149814E22DB4D . 625664 . . [7.00.6000.20772] . . c:\windows\SoftwareDistribution\Download\93b9ce85582d0997b0cc34d9342f4307\SP2QFE\iexplore.exe
[7] 2007-08-13 . DE49B348A18369B4626FBA1D49B07FB4 . 622080 . . [7.00.5730.13] . . c:\windows\ie7updates\KB947864-IE7\iexplore.exe
[7] 2004-08-17 . 63E527C26AC3059EAD766C6C11746D07 . 93184 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\iexplore.exe
.
[7] 2012-07-31 22:24 . 3F677172F23FC17283D9BCE4B42E3F65 . 913888 . . [14.0.1] . . c:\windows\ERDNT\cache\firefox.exe
.
((((((((((((((((((((((((((((( SnapShot@2012-07-31_23.26.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-09 13:15 . 2012-08-09 13:15 16384 c:\windows\Temp\Perflib_Perfdata_7e8.dat
- 2001-10-25 12:00 . 2012-07-31 22:58 73336 c:\windows\system32\perfc009.dat
+ 2001-10-25 12:00 . 2012-08-09 13:20 73336 c:\windows\system32\perfc009.dat
- 2001-10-25 12:00 . 2012-07-31 22:58 85192 c:\windows\system32\perfc005.dat
+ 2001-10-25 12:00 . 2012-08-09 13:20 85192 c:\windows\system32\perfc005.dat
+ 2012-08-08 22:27 . 2010-03-09 10:12 46672 c:\windows\system32\drivers\aswTdi.sys
+ 2012-08-08 22:27 . 2010-03-09 10:09 23376 c:\windows\system32\drivers\aswRdr.sys
+ 2012-08-08 22:27 . 2010-03-09 10:08 94800 c:\windows\system32\drivers\aswmon.sys
+ 2012-08-08 22:27 . 2010-03-09 10:08 19024 c:\windows\system32\drivers\aswFsBlk.sys
+ 2012-08-08 22:27 . 2010-03-09 10:08 28880 c:\windows\system32\drivers\aavmker4.sys
+ 2012-08-08 22:27 . 2010-03-09 10:24 38848 c:\windows\system32\avastSS.scr
+ 2001-10-25 12:00 . 2008-04-14 03:22 412672 c:\windows\system32\zipfldr.dll
+ 2012-04-05 21:13 . 2012-04-05 21:13 368712 c:\windows\system32\XPSViewer\XPSViewer.exe
+ 2001-10-25 12:00 . 2008-05-08 11:24 225280 c:\windows\system32\wscript.exe
+ 2007-08-13 16:45 . 2009-03-08 02:34 278016 c:\windows\system32\WinFXDocObj.exe
+ 2001-10-25 12:00 . 2008-04-14 03:22 215040 c:\windows\system32\taskmgr.exe
- 2001-10-25 12:00 . 2012-07-31 22:58 446130 c:\windows\system32\perfh009.dat
+ 2001-10-25 12:00 . 2012-08-09 13:20 446130 c:\windows\system32\perfh009.dat
+ 2001-10-25 12:00 . 2012-08-09 13:20 442910 c:\windows\system32\perfh005.dat
- 2001-10-25 12:00 . 2012-07-31 22:58 442910 c:\windows\system32\perfh005.dat
+ 2012-08-08 15:20 . 2012-08-08 15:20 655872 c:\windows\system32\msvcr90.dll
+ 2012-08-08 15:20 . 2012-08-08 15:20 632064 c:\windows\system32\msvcr80.dll
+ 2012-08-08 15:20 . 2012-08-08 15:20 572928 c:\windows\system32\msvcp90.dll
+ 2012-08-08 15:20 . 2012-08-08 15:20 554240 c:\windows\system32\msvcp80.dll
- 2012-06-01 17:51 . 2012-06-01 17:51 351904 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe
+ 2012-06-01 17:51 . 2012-08-08 19:07 351904 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe
+ 2012-08-08 22:27 . 2010-03-09 10:12 162640 c:\windows\system32\drivers\aswSP.sys
+ 2012-08-08 22:27 . 2010-03-09 10:08 100432 c:\windows\system32\drivers\aswmon2.sys
+ 2012-08-08 22:27 . 2010-03-09 10:24 153184 c:\windows\system32\aswBoot.exe
+ 2012-08-08 15:20 . 2008-04-14 03:22 147968 c:\windows\R.COM
+ 2012-08-07 11:44 . 2012-08-07 11:52 1286808 c:\windows\system32\Restore\rstrlog.dat
+ 2001-10-25 12:00 . 2008-04-14 03:22 1492992 c:\windows\system32\mmc.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1379136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2012-08-08 2508104]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2012-08-08 767312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2012-08-08 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-08-08 421888]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2847160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Canon\\SolutionMenu\\CNSLMAIN.exe"=
"c:\\Program Files\\QuickTime\\qttask.exe"=
"c:\\WINDOWS\\system32\\nwiz.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\Train Simulator\\train.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\DAEMON Tools Lite\\DTLite.exe"=
"c:\\Program Files\\Canon\\MyPrinter\\BJMyPrt.exe"=
"c:\\Program Files\\procexp.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Spravce\\Dokumenty\\Stažené soubory\\ComboFix.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\Program Files\\HijackThis\\HijackThis.exe"=
"c:\\Program Files\\ComboFix.exe"=
"c:\\Program Files\\Canon\\IJPLM\\IJPLMSVC.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9.8.2012 0:27 162640]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [20.2.2011 17:19 218688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.8.2012 0:27 19024]
R3 LVHybrid;LVHybrid service;c:\windows\system32\drivers\LVHybrid.sys [1.6.2008 20:04 660736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = about:blank
mSearch Bar = hxxp://www.google.com/ie
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Spravce\Data aplikací\Mozilla\Firefox\Profiles\0xuygufp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-09 15:57
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(5156)
c:\windows\system32\nview.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2012-08-09 16:01:06
ComboFix-quarantined-files.txt 2012-08-09 14:01
ComboFix2.txt 2012-08-08 23:16
ComboFix3.txt 2012-08-08 10:45
ComboFix4.txt 2012-08-07 15:42
ComboFix5.txt 2012-08-09 12:11
.
Před spuštěním: Volných bajtů: 59 693 236 224
Po spuštění: Volných bajtů: 59 785 138 176
.
- - End Of File - - 77422057E0D3C2757BB1B8247D2A5BDB
ComboFix 12-08-08.03 - Spravce 09.08.2012 15:43:55.7.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.319.40 [GMT 2:00]
Spuštěný z: c:\documents and settings\Spravce\Dokumenty\Stažené soubory\ComboFix.exe
AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-09 do 2012-08-09 )))))))))))))))))))))))))))))))
.
.
2012-08-09 12:43 . 2012-08-09 12:44 4727758 ------r- c:\program files\ComboFix.exe
2012-08-09 10:54 . 2012-08-09 10:54 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-08-09 10:53 . 2012-06-02 13:18 214256 ----a-w- c:\windows\system32\muweb.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-08 16:08 . 2008-06-17 17:27 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2012-08-08 16:04 . 2012-05-30 23:09 4177272 ----a-w- c:\program files\procexp.exe
2012-08-08 15:27 . 2012-08-08 15:26 22 ----a-w- c:\windows\REGBK00.ZIP
2012-08-08 15:24 . 2006-10-22 10:22 1622016 ----a-w- c:\windows\system32\nwiz.exe
2012-06-13 13:55 . 2001-10-25 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:49 . 2008-05-20 18:52 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2001-10-25 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2001-10-25 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2007-07-30 17:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2007-07-30 17:18 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2008-05-20 18:04 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2008-05-20 18:04 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2008-05-20 18:04 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2008-05-20 18:04 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2008-05-19 22:01 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2007-07-30 17:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2007-07-30 17:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2007-07-30 17:18 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2001-10-25 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2008-05-20 18:04 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2008-05-19 22:01 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2008-05-26 18:23 17648 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2008-05-26 18:23 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-01 17:51 . 2012-06-01 17:51 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-01 17:51 . 2012-06-01 17:51 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-31 13:22 . 2001-10-25 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-05-30 23:19 . 2012-05-30 23:20 1058784 ----a-w- c:\program files\GPU-Z.0.6.2.exe
2012-05-16 15:09 . 2001-10-25 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:44 . 2001-10-25 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:44 . 2001-10-25 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-31 22:24 . 2012-06-21 12:30 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . EB52091981B2CF6BFE2F115117B22F48 . 225792 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[7] 2008-04-14 . FDEB1D02CAE38665CBF114F44E6B997E . 147968 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\regedit.exe
[7] 2008-04-14 . FDEB1D02CAE38665CBF114F44E6B997E . 147968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[7] 2004-08-17 . CB5A91928D94224E7E30EE277B45E8A3 . 147968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[7] 2010-02-23 . C8DDA4028065D5CE39CBE7A156B72AB9 . 634648 . . [7.00.6000.21228] . . c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\iexplore.exe
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\ERDNT\cache\iexplore.exe
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2008-04-22 . 197B7E4030CFBD8D2979D375E1787AA2 . 625664 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe
[7] 2008-04-22 . 232B22817B90AE0AFF2D189E3E3735AC . 625664 . . [7.00.6000.16674] . . c:\windows\ie8\iexplore.exe
[7] 2008-04-14 . 414AFE6E8CCDE984E16D5ED08624CEC6 . 93184 . . [6.00.2900.5512] . . c:\windows\ie7\iexplore.exe
[7] 2008-04-14 . 414AFE6E8CCDE984E16D5ED08624CEC6 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[7] 2008-02-29 . 2D0E5592AB5A46C27DAF7CCAFF4F5B59 . 625664 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\iexplore.exe
[7] 2008-02-29 . 2D0E5592AB5A46C27DAF7CCAFF4F5B59 . 625664 . . [7.00.6000.16640] . . c:\windows\SoftwareDistribution\Download\93b9ce85582d0997b0cc34d9342f4307\SP2GDR\iexplore.exe
[7] 2008-02-22 . 6E0888626E0CAC79F57149814E22DB4D . 625664 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe
[7] 2008-02-22 . 6E0888626E0CAC79F57149814E22DB4D . 625664 . . [7.00.6000.20772] . . c:\windows\SoftwareDistribution\Download\93b9ce85582d0997b0cc34d9342f4307\SP2QFE\iexplore.exe
[7] 2007-08-13 . DE49B348A18369B4626FBA1D49B07FB4 . 622080 . . [7.00.5730.13] . . c:\windows\ie7updates\KB947864-IE7\iexplore.exe
[7] 2004-08-17 . 63E527C26AC3059EAD766C6C11746D07 . 93184 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\iexplore.exe
.
[7] 2012-07-31 22:24 . 3F677172F23FC17283D9BCE4B42E3F65 . 913888 . . [14.0.1] . . c:\windows\ERDNT\cache\firefox.exe
.
((((((((((((((((((((((((((((( SnapShot@2012-07-31_23.26.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-09 13:15 . 2012-08-09 13:15 16384 c:\windows\Temp\Perflib_Perfdata_7e8.dat
- 2001-10-25 12:00 . 2012-07-31 22:58 73336 c:\windows\system32\perfc009.dat
+ 2001-10-25 12:00 . 2012-08-09 13:20 73336 c:\windows\system32\perfc009.dat
- 2001-10-25 12:00 . 2012-07-31 22:58 85192 c:\windows\system32\perfc005.dat
+ 2001-10-25 12:00 . 2012-08-09 13:20 85192 c:\windows\system32\perfc005.dat
+ 2012-08-08 22:27 . 2010-03-09 10:12 46672 c:\windows\system32\drivers\aswTdi.sys
+ 2012-08-08 22:27 . 2010-03-09 10:09 23376 c:\windows\system32\drivers\aswRdr.sys
+ 2012-08-08 22:27 . 2010-03-09 10:08 94800 c:\windows\system32\drivers\aswmon.sys
+ 2012-08-08 22:27 . 2010-03-09 10:08 19024 c:\windows\system32\drivers\aswFsBlk.sys
+ 2012-08-08 22:27 . 2010-03-09 10:08 28880 c:\windows\system32\drivers\aavmker4.sys
+ 2012-08-08 22:27 . 2010-03-09 10:24 38848 c:\windows\system32\avastSS.scr
+ 2001-10-25 12:00 . 2008-04-14 03:22 412672 c:\windows\system32\zipfldr.dll
+ 2012-04-05 21:13 . 2012-04-05 21:13 368712 c:\windows\system32\XPSViewer\XPSViewer.exe
+ 2001-10-25 12:00 . 2008-05-08 11:24 225280 c:\windows\system32\wscript.exe
+ 2007-08-13 16:45 . 2009-03-08 02:34 278016 c:\windows\system32\WinFXDocObj.exe
+ 2001-10-25 12:00 . 2008-04-14 03:22 215040 c:\windows\system32\taskmgr.exe
- 2001-10-25 12:00 . 2012-07-31 22:58 446130 c:\windows\system32\perfh009.dat
+ 2001-10-25 12:00 . 2012-08-09 13:20 446130 c:\windows\system32\perfh009.dat
+ 2001-10-25 12:00 . 2012-08-09 13:20 442910 c:\windows\system32\perfh005.dat
- 2001-10-25 12:00 . 2012-07-31 22:58 442910 c:\windows\system32\perfh005.dat
+ 2012-08-08 15:20 . 2012-08-08 15:20 655872 c:\windows\system32\msvcr90.dll
+ 2012-08-08 15:20 . 2012-08-08 15:20 632064 c:\windows\system32\msvcr80.dll
+ 2012-08-08 15:20 . 2012-08-08 15:20 572928 c:\windows\system32\msvcp90.dll
+ 2012-08-08 15:20 . 2012-08-08 15:20 554240 c:\windows\system32\msvcp80.dll
- 2012-06-01 17:51 . 2012-06-01 17:51 351904 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe
+ 2012-06-01 17:51 . 2012-08-08 19:07 351904 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe
+ 2012-08-08 22:27 . 2010-03-09 10:12 162640 c:\windows\system32\drivers\aswSP.sys
+ 2012-08-08 22:27 . 2010-03-09 10:08 100432 c:\windows\system32\drivers\aswmon2.sys
+ 2012-08-08 22:27 . 2010-03-09 10:24 153184 c:\windows\system32\aswBoot.exe
+ 2012-08-08 15:20 . 2008-04-14 03:22 147968 c:\windows\R.COM
+ 2012-08-07 11:44 . 2012-08-07 11:52 1286808 c:\windows\system32\Restore\rstrlog.dat
+ 2001-10-25 12:00 . 2008-04-14 03:22 1492992 c:\windows\system32\mmc.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1379136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2012-08-08 2508104]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2012-08-08 767312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2012-08-08 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-08-08 421888]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2847160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Canon\\SolutionMenu\\CNSLMAIN.exe"=
"c:\\Program Files\\QuickTime\\qttask.exe"=
"c:\\WINDOWS\\system32\\nwiz.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\Train Simulator\\train.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\DAEMON Tools Lite\\DTLite.exe"=
"c:\\Program Files\\Canon\\MyPrinter\\BJMyPrt.exe"=
"c:\\Program Files\\procexp.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Spravce\\Dokumenty\\Stažené soubory\\ComboFix.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\Program Files\\HijackThis\\HijackThis.exe"=
"c:\\Program Files\\ComboFix.exe"=
"c:\\Program Files\\Canon\\IJPLM\\IJPLMSVC.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9.8.2012 0:27 162640]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [20.2.2011 17:19 218688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.8.2012 0:27 19024]
R3 LVHybrid;LVHybrid service;c:\windows\system32\drivers\LVHybrid.sys [1.6.2008 20:04 660736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = about:blank
mSearch Bar = hxxp://www.google.com/ie
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Spravce\Data aplikací\Mozilla\Firefox\Profiles\0xuygufp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-09 15:57
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(5156)
c:\windows\system32\nview.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2012-08-09 16:01:06
ComboFix-quarantined-files.txt 2012-08-09 14:01
ComboFix2.txt 2012-08-08 23:16
ComboFix3.txt 2012-08-08 10:45
ComboFix4.txt 2012-08-07 15:42
ComboFix5.txt 2012-08-09 12:11
.
Před spuštěním: Volných bajtů: 59 693 236 224
Po spuštění: Volných bajtů: 59 785 138 176
.
- - End Of File - - 77422057E0D3C2757BB1B8247D2A5BDB
-
truskawiec
- Návštěvník
- Příspěvky: 44
- Registrován: 09 srp 2012 10:51
Re: infikace
prostredi OTLpe se bohuzel nedari zavest, pri bootovani z cd se nedeje vubec nic....cerno
-
truskawiec
- Návštěvník
- Příspěvky: 44
- Registrován: 09 srp 2012 10:51
Re: infikace
ano to jsem zkousel, na jinem pc je to v pohode. Vypaloval sem to teda jinak, v linuxu, protoze nemam po ruce pc s funkcni vypalovackou, nicmene jak rikam zkusil sem to na starem ntb s 256 ram a v pohode to nabehlo....
-
truskawiec
- Návštěvník
- Příspěvky: 44
- Registrován: 09 srp 2012 10:51
Re: infikace
dalsi vec - zkousim uploadnout ten archiv qoobox z nakazeneho stroje, a nepusti me k tomu, v momente vybrani souboru zatuhne prohlizec. Jinak vse pri starem. vse co neslo nejde dal vcetne nouzoveho rezimu, atd
-
truskawiec
- Návštěvník
- Příspěvky: 44
- Registrován: 09 srp 2012 10:51
Re: infikace
Ten nakazeny stroj to cd proste nebere. Zkousel sem jina bootovaci cd (win xp, ubuntu live) a ty to vzalo bez problemu. Tak neviem...
-
truskawiec
- Návštěvník
- Příspěvky: 44
- Registrován: 09 srp 2012 10:51
-
truskawiec
- Návštěvník
- Příspěvky: 44
- Registrován: 09 srp 2012 10:51
Re: infikace
posledni dobou byval celkem klid, koukam ze to obdobi skoncilo. Rano jdu na trhani zubu, potom se ozvu, jestli me to nezlomi...kazdopadne dekuju zatim za ochotu a preju pekny vecer
-
truskawiec
- Návštěvník
- Příspěvky: 44
- Registrován: 09 srp 2012 10:51
Re: infikace
zdravim sveho radce 
jsem po extrakci....tak dokud jsem pri vedomi a pokud budes mit chut, muzeme pokracovat.
ten orezany OTL se rovnez nenabootoval
jsem po extrakci....tak dokud jsem pri vedomi a pokud budes mit chut, muzeme pokracovat.ten orezany OTL se rovnez nenabootoval
Naposledy upravil(a) truskawiec dne 10 srp 2012 11:33, celkem upraveno 1 x.
-
truskawiec
- Návštěvník
- Příspěvky: 44
- Registrován: 09 srp 2012 10:51
Re: infikace
V prohlizeci na infikovane masine kasperskyho support nelze nalezt. Dokonce i kvuli odkazu ve foru se tvuj posledni prispevek nenacte a prohlizec se kousne. Nicmene stahnuto, proskenovano, log je zde
-
truskawiec
- Návštěvník
- Příspěvky: 44
- Registrován: 09 srp 2012 10:51
Re: infikace
13:01:00.0712 0440 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
13:01:01.0453 0440 ============================================================
13:01:01.0453 0440 Current date / time: 2012/08/10 13:01:01.0453
13:01:01.0453 0440 SystemInfo:
13:01:01.0473 0440
13:01:01.0473 0440 OS Version: 5.1.2600 ServicePack: 3.0
13:01:01.0473 0440 Product type: Workstation
13:01:01.0473 0440 ComputerName: DELL863
13:01:01.0473 0440 UserName: Spravce
13:01:01.0473 0440 Windows directory: C:\WINDOWS
13:01:01.0473 0440 System windows directory: C:\WINDOWS
13:01:01.0473 0440 Processor architecture: Intel x86
13:01:01.0473 0440 Number of processors: 1
13:01:01.0473 0440 Page size: 0x1000
13:01:01.0473 0440 Boot type: Normal boot
13:01:01.0473 0440 ============================================================
13:01:07.0511 0440 Drive \Device\Harddisk0\DR0 - Size: 0x262AE80000 (152.67 Gb), SectorSize: 0x200, Cylinders: 0x4DD9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:01:07.0552 0440 ============================================================
13:01:07.0552 0440 \Device\Harddisk0\DR0:
13:01:07.0552 0440 MBR partitions:
13:01:07.0552 0440 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFFAC05
13:01:07.0552 0440 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFFFAC44, BlocksNum 0x3159255
13:01:07.0552 0440 ============================================================
13:01:07.0662 0440 C: <-> \Device\Harddisk0\DR0\Partition0
13:01:08.0353 0440 D: <-> \Device\Harddisk0\DR0\Partition1
13:01:08.0493 0440 ============================================================
13:01:08.0503 0440 Initialize success
13:01:08.0503 0440 ============================================================
13:01:40.0479 3076 ============================================================
13:01:40.0479 3076 Scan started
13:01:40.0479 3076 Mode: Manual; SigCheck; TDLFS;
13:01:40.0479 3076 ============================================================
13:01:41.0040 3076 Aavmker4 (d5d75edd02157fcd3eb576d4681e8c3e) C:\WINDOWS\system32\drivers\Aavmker4.sys
13:01:41.0621 3076 Aavmker4 - ok
13:01:41.0651 3076 Abiosdsk - ok
13:01:41.0691 3076 abp480n5 - ok
13:01:41.0751 3076 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
13:01:43.0243 3076 ac97intc - ok
13:01:43.0403 3076 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:01:44.0064 3076 ACPI - ok
13:01:44.0164 3076 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:01:44.0695 3076 ACPIEC - ok
13:01:44.0715 3076 adpu160m - ok
13:01:44.0785 3076 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:01:45.0326 3076 aec - ok
13:01:45.0496 3076 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:01:45.0676 3076 AFD - ok
13:01:45.0777 3076 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
13:01:46.0267 3076 agp440 - ok
13:01:46.0297 3076 Aha154x - ok
13:01:46.0337 3076 aic78u2 - ok
13:01:46.0377 3076 aic78xx - ok
13:01:46.0498 3076 Alerter (e0a6fa244b8624d78fe5ff6f56a33bae) C:\WINDOWS\system32\alrsvc.dll
13:01:46.0888 3076 Alerter - ok
13:01:46.0938 3076 AliIde - ok
13:01:46.0978 3076 amsint - ok
13:01:47.0038 3076 asc - ok
13:01:47.0068 3076 asc3350p - ok
13:01:47.0098 3076 asc3360pr - ok
13:01:47.0138 3076 asc3550 - ok
13:01:47.0549 3076 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:01:47.0709 3076 aspnet_state - ok
13:01:47.0809 3076 aswFsBlk (fb6a381c32a87ee6588eed61d22dc03b) C:\WINDOWS\system32\drivers\aswFsBlk.sys
13:01:47.0839 3076 aswFsBlk - ok
13:01:47.0920 3076 aswMon2 (1a10cbecfdd0a597b27e2d0998d95cf9) C:\WINDOWS\system32\drivers\aswMon2.sys
13:01:47.0960 3076 aswMon2 - ok
13:01:48.0020 3076 aswRdr (7827f70b86b29fbf112cbce547205acc) C:\WINDOWS\system32\drivers\aswRdr.sys
13:01:48.0120 3076 aswRdr - ok
13:01:48.0250 3076 aswSP (39bf48164a958f4bf0c0ec6cdc447db5) C:\WINDOWS\system32\drivers\aswSP.sys
13:01:48.0290 3076 aswSP - ok
13:01:48.0340 3076 aswTdi (755e4afb683e3306886a0f4df02a1575) C:\WINDOWS\system32\drivers\aswTdi.sys
13:01:48.0370 3076 aswTdi - ok
13:01:48.0460 3076 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:01:48.0941 3076 AsyncMac - ok
13:01:49.0011 3076 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:01:49.0472 3076 atapi - ok
13:01:49.0522 3076 Atdisk - ok
13:01:49.0642 3076 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:01:50.0043 3076 Atmarpc - ok
13:01:50.0103 3076 AudioSrv (de31b88962a8645dba5a37b993e7b0f1) C:\WINDOWS\System32\audiosrv.dll
13:01:50.0583 3076 AudioSrv - ok
13:01:50.0674 3076 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:01:51.0114 3076 audstub - ok
13:01:51.0214 3076 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:01:51.0775 3076 Beep - ok
13:01:51.0855 3076 BITS (19395d092fd85ddc2d9c7729cf5a2ac8) C:\WINDOWS\system32\qmgr.dll
13:01:52.0326 3076 BITS - ok
13:01:52.0386 3076 Browser (249276d3ef1e74b992299cb96099e4d7) C:\WINDOWS\System32\browser.dll
13:01:52.0857 3076 Browser - ok
13:01:52.0927 3076 catchme - ok
13:01:52.0977 3076 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:01:53.0407 3076 cbidf2k - ok
13:01:53.0468 3076 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:01:53.0888 3076 CCDECODE - ok
13:01:53.0928 3076 cd20xrnt - ok
13:01:53.0978 3076 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:01:54.0419 3076 Cdaudio - ok
13:01:54.0479 3076 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:01:54.0900 3076 Cdfs - ok
13:01:54.0950 3076 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:01:55.0370 3076 Cdrom - ok
13:01:55.0410 3076 Changer - ok
13:01:55.0480 3076 cisvc (e390dc1d7c461d7d56ec53402f329928) C:\WINDOWS\system32\cisvc.exe
13:01:55.0841 3076 cisvc - ok
13:01:55.0881 3076 ClipSrv (064507a8dfa8c5c7e2ffddd3e6f424fa) C:\WINDOWS\system32\clipsrv.exe
13:01:56.0312 3076 ClipSrv - ok
13:01:56.0382 3076 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:01:56.0492 3076 clr_optimization_v2.0.50727_32 - ok
13:01:56.0512 3076 CmdIde - ok
13:01:56.0552 3076 COMSysApp - ok
13:01:56.0622 3076 Cpqarray - ok
13:01:56.0672 3076 CryptSvc (f3ab0933cbd166d271992f411c27ccaf) C:\WINDOWS\System32\cryptsvc.dll
13:01:57.0173 3076 CryptSvc - ok
13:01:57.0203 3076 dac2w2k - ok
13:01:57.0233 3076 dac960nt - ok
13:01:57.0323 3076 DcomLaunch (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\system32\rpcss.dll
13:01:57.0553 3076 DcomLaunch - ok
13:01:57.0814 3076 Dhcp (8c9a53e285ac5e6704844d0459ec85be) C:\WINDOWS\System32\dhcpcsvc.dll
13:01:58.0365 3076 Dhcp - ok
13:01:58.0405 3076 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:01:58.0996 3076 Disk - ok
13:01:59.0016 3076 dmadmin - ok
13:01:59.0186 3076 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
13:01:59.0676 3076 dmboot - ok
13:01:59.0807 3076 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
13:02:00.0307 3076 dmio - ok
13:02:00.0398 3076 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:02:00.0858 3076 dmload - ok
13:02:00.0968 3076 dmserver (2bfefe9e865655a76982f050450b9591) C:\WINDOWS\System32\dmserver.dll
13:02:01.0439 3076 dmserver - ok
13:02:01.0509 3076 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:02:02.0170 3076 DMusic - ok
13:02:02.0220 3076 Dnscache (dfaa406bf19f4ee806a6f8d4342137f7) C:\WINDOWS\System32\dnsrslvr.dll
13:02:02.0390 3076 Dnscache - ok
13:02:02.0471 3076 Dot3svc (4a3e2bd20157a0946751229e92eb8621) C:\WINDOWS\System32\dot3svc.dll
13:02:02.0921 3076 Dot3svc - ok
13:02:02.0961 3076 dpti2o - ok
13:02:03.0011 3076 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:02:03.0422 3076 drmkaud - ok
13:02:03.0522 3076 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
13:02:03.0642 3076 dtsoftbus01 - ok
13:02:03.0852 3076 E100B (866b8ee30e4504c11ae0d29ed6f8824b) C:\WINDOWS\system32\DRIVERS\e100b325.sys
13:02:04.0463 3076 E100B - ok
13:02:04.0614 3076 EapHost (0887d9c2be8d940778cad1e3b85f2a41) C:\WINDOWS\System32\eapsvc.dll
13:02:05.0014 3076 EapHost - ok
13:02:05.0074 3076 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
13:02:05.0615 3076 EL90XBC - ok
13:02:05.0785 3076 ERSvc (a2a4912798f2be706abadd3d30800d16) C:\WINDOWS\System32\ersvc.dll
13:02:06.0336 3076 ERSvc - ok
13:02:06.0476 3076 Eventlog (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
13:02:06.0566 3076 Eventlog - ok
13:02:06.0717 3076 EventSystem (a371f11ef07653591c8de26afb13ce7f) C:\WINDOWS\System32\es.dll
13:02:06.0987 3076 EventSystem - ok
13:02:07.0167 3076 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:02:07.0668 3076 Fastfat - ok
13:02:08.0018 3076 FastUserSwitchingCompatibility (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
13:02:08.0289 3076 FastUserSwitchingCompatibility - ok
13:02:08.0359 3076 Fax (2cd14c70d1d81af054aa5ed8024dcae6) C:\WINDOWS\system32\fxssvc.exe
13:02:08.0860 3076 Fax - ok
13:02:08.0910 3076 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:02:09.0340 3076 Fdc - ok
13:02:09.0380 3076 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
13:02:09.0841 3076 Fips - ok
13:02:09.0891 3076 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:02:10.0382 3076 Flpydisk - ok
13:02:10.0472 3076 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:02:10.0893 3076 FltMgr - ok
13:02:11.0013 3076 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:02:11.0083 3076 FontCache3.0.0.0 - ok
13:02:11.0153 3076 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
13:02:11.0193 3076 fssfltr - ok
13:02:11.0463 3076 fsssvc (7ab1d5916ccfb5bbcc3189a363eaf856) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
13:02:11.0664 3076 fsssvc ( UnsignedFile.Multi.Generic ) - warning
13:02:11.0664 3076 fsssvc - detected UnsignedFile.Multi.Generic (1)
13:02:11.0724 3076 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:02:12.0174 3076 Fs_Rec - ok
13:02:12.0265 3076 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:02:12.0775 3076 Ftdisk - ok
13:02:12.0845 3076 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
13:02:12.0916 3076 GEARAspiWDM - ok
13:02:12.0976 3076 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:02:13.0356 3076 Gpc - ok
13:02:13.0496 3076 HCF_MSFT (9513de607cd2c6d7fbeca2e6e0ae5dc0) C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys
13:02:14.0117 3076 HCF_MSFT - ok
13:02:14.0197 3076 helpsvc (fcfe31fb75f8a6295b6b0af87a626282) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:02:14.0588 3076 helpsvc - ok
13:02:14.0628 3076 HidServ - ok
13:02:14.0778 3076 hkmsvc (7a6b320928f86bc851530d63c82965d9) C:\WINDOWS\System32\kmsvc.dll
13:02:15.0179 3076 hkmsvc - ok
13:02:15.0219 3076 hpn - ok
13:02:15.0259 3076 hpt3xx - ok
13:02:15.0329 3076 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:02:15.0469 3076 HPZid412 - ok
13:02:15.0509 3076 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:02:15.0609 3076 HPZipr12 - ok
13:02:15.0680 3076 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:02:15.0770 3076 HPZius12 - ok
13:02:15.0860 3076 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:02:16.0981 3076 HTTP - ok
13:02:17.0041 3076 HTTPFilter (58fe2f2da3bc5573f4a35b3760d3125f) C:\WINDOWS\System32\w3ssl.dll
13:02:17.0442 3076 HTTPFilter - ok
13:02:17.0462 3076 i2omgmt - ok
13:02:17.0502 3076 i2omp - ok
13:02:17.0542 3076 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:02:17.0943 3076 i8042prt - ok
13:02:18.0313 3076 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:02:18.0484 3076 idsvc - ok
13:02:18.0604 3076 IJPLMSVC (44c7f6489d7944f74398fa89ab2f8262) C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
13:02:18.0704 3076 IJPLMSVC ( UnsignedFile.Multi.Generic ) - warning
13:02:18.0704 3076 IJPLMSVC - detected UnsignedFile.Multi.Generic (1)
13:02:18.0774 3076 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:02:19.0154 3076 Imapi - ok
13:02:19.0215 3076 ImapiService (f7b93aafad33b2320954c17e26c8d361) C:\WINDOWS\system32\imapi.exe
13:02:19.0625 3076 ImapiService - ok
13:02:19.0665 3076 ini910u - ok
13:02:19.0725 3076 IntelIde (57d928e548b38502abba7a77a6eb7312) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:02:20.0106 3076 IntelIde - ok
13:02:20.0176 3076 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:02:20.0546 3076 ip6fw - ok
13:02:20.0607 3076 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:02:21.0077 3076 IpFilterDriver - ok
13:02:21.0157 3076 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:02:21.0538 3076 IpInIp - ok
13:02:21.0598 3076 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:02:21.0989 3076 IpNat - ok
13:02:22.0039 3076 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:02:22.0469 3076 IPSec - ok
13:02:22.0519 3076 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:02:22.0890 3076 IRENUM - ok
13:02:22.0930 3076 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:02:23.0320 3076 isapnp - ok
13:02:23.0371 3076 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:02:23.0761 3076 Kbdclass - ok
13:02:23.0831 3076 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:02:24.0232 3076 kmixer - ok
13:02:24.0292 3076 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:02:24.0482 3076 KSecDD - ok
13:02:24.0592 3076 lanmanserver (3428e8f86f8add36b42fb23542c7b3e4) C:\WINDOWS\System32\srvsvc.dll
13:02:24.0672 3076 lanmanserver - ok
13:02:24.0733 3076 lanmanworkstation (936c1d110232d23b621cb0196e4f80f0) C:\WINDOWS\System32\wkssvc.dll
13:02:24.0833 3076 lanmanworkstation - ok
13:02:24.0863 3076 lbrtfdc - ok
13:02:24.0963 3076 LmHosts (0ab159f536e3e8f7f07113702a07cca5) C:\WINDOWS\System32\lmhsvc.dll
13:02:25.0363 3076 LmHosts - ok
13:02:25.0413 3076 LPDSVC (0befa983f8b9511eadd6960dd13e9fbf) C:\WINDOWS\System32\tcpsvcs.exe
13:02:25.0874 3076 LPDSVC - ok
13:02:25.0994 3076 LVHybrid (21e5fe0a3254664abbc051bfabe25871) C:\WINDOWS\system32\DRIVERS\LVHybrid.sys
13:02:26.0195 3076 LVHybrid - ok
13:02:26.0335 3076 MDM (926a14e36837dcf7b09b09ba0ba1fc84) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
13:02:26.0425 3076 MDM ( UnsignedFile.Multi.Generic ) - warning
13:02:26.0425 3076 MDM - detected UnsignedFile.Multi.Generic (1)
13:02:26.0495 3076 Messenger (221cd1c815b8a6b79389c3f5d1018de8) C:\WINDOWS\System32\msgsvc.dll
13:02:26.0916 3076 Messenger - ok
13:02:26.0986 3076 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:02:27.0466 3076 mnmdd - ok
13:02:27.0527 3076 mnmsrvc (9a57d046f88f4b69751b11fd40088a61) C:\WINDOWS\System32\mnmsrvc.exe
13:02:27.0897 3076 mnmsrvc - ok
13:02:27.0947 3076 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
13:02:28.0338 3076 Modem - ok
13:02:28.0378 3076 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:02:28.0748 3076 Mouclass - ok
13:02:28.0788 3076 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:02:29.0219 3076 MountMgr - ok
13:02:29.0299 3076 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
13:02:29.0660 3076 MPE - ok
13:02:29.0690 3076 mraid35x - ok
13:02:29.0760 3076 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:02:30.0130 3076 MRxDAV - ok
13:02:30.0220 3076 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:02:30.0381 3076 MRxSmb - ok
13:02:30.0431 3076 MSDTC (6db4d1521caba9a5ffab54ade0ae867d) C:\WINDOWS\System32\msdtc.exe
13:02:30.0811 3076 MSDTC - ok
13:02:30.0891 3076 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:02:31.0272 3076 Msfs - ok
13:02:31.0312 3076 MSIServer - ok
13:02:31.0392 3076 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:02:31.0753 3076 MSKSSRV - ok
13:02:31.0783 3076 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:02:32.0163 3076 MSPCLOCK - ok
13:02:32.0203 3076 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:02:32.0584 3076 MSPQM - ok
13:02:32.0624 3076 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:02:33.0014 3076 mssmbios - ok
13:02:33.0075 3076 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
13:02:33.0425 3076 MSTEE - ok
13:02:33.0475 3076 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:02:33.0605 3076 Mup - ok
13:02:33.0655 3076 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:02:34.0036 3076 NABTSFEC - ok
13:02:34.0146 3076 napagent (6ea362e9db03d44f6b996f4d8be237e9) C:\WINDOWS\System32\qagentrt.dll
13:02:34.0607 3076 napagent - ok
13:02:34.0797 3076 NBService (57fbf806d0552941952aacf85f65e1f9) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
13:02:34.0947 3076 NBService ( UnsignedFile.Multi.Generic ) - warning
13:02:34.0947 3076 NBService - detected UnsignedFile.Multi.Generic (1)
13:02:35.0017 3076 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:02:35.0448 3076 NDIS - ok
13:02:35.0518 3076 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:02:35.0889 3076 NdisIP - ok
13:02:35.0919 3076 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:02:35.0999 3076 NdisTapi - ok
13:02:36.0059 3076 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:02:36.0489 3076 Ndisuio - ok
13:02:36.0580 3076 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:02:36.0980 3076 NdisWan - ok
13:02:37.0040 3076 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:02:37.0110 3076 NDProxy - ok
13:02:37.0200 3076 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\WINDOWS\system32\HPZinw12.dll
13:02:37.0371 3076 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:02:37.0371 3076 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:02:37.0421 3076 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:02:37.0821 3076 NetBIOS - ok
13:02:37.0871 3076 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:02:38.0282 3076 NetBT - ok
13:02:38.0352 3076 NetDDE (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
13:02:38.0763 3076 NetDDE - ok
13:02:38.0803 3076 NetDDEdsdm (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
13:02:39.0153 3076 NetDDEdsdm - ok
13:02:39.0223 3076 Netlogon (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
13:02:39.0604 3076 Netlogon - ok
13:02:39.0654 3076 Netman (72e1e9e2977be08bdeedb6d8fd9d4d40) C:\WINDOWS\System32\netman.dll
13:02:40.0025 3076 Netman - ok
13:02:40.0155 3076 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:02:40.0285 3076 NetTcpPortSharing - ok
13:02:40.0385 3076 Nla (39ee7c3bfbc64ba87cc8cf67386e814c) C:\WINDOWS\System32\mswsock.dll
13:02:40.0485 3076 Nla - ok
13:02:40.0615 3076 NMIndexingService (8ea8761de68a9465ebec889f26d3c426) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
13:02:40.0756 3076 NMIndexingService ( UnsignedFile.Multi.Generic ) - warning
13:02:40.0756 3076 NMIndexingService - detected UnsignedFile.Multi.Generic (1)
13:02:40.0826 3076 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:02:41.0226 3076 Npfs - ok
13:02:41.0306 3076 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:02:41.0747 3076 Ntfs - ok
13:02:41.0817 3076 NtLmSsp (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\System32\lsass.exe
13:02:42.0178 3076 NtLmSsp - ok
13:02:42.0288 3076 NtmsSvc (023dd70573d644f3d9c8b1258a7bfd08) C:\WINDOWS\system32\ntmssvc.dll
13:02:42.0728 3076 NtmsSvc - ok
13:02:42.0778 3076 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:02:43.0229 3076 Null - ok
13:02:43.0670 3076 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:02:44.0201 3076 nv - ok
13:02:44.0421 3076 NVSvc (0febe37db6650faa5965c00545009d1d) C:\WINDOWS\system32\nvsvc32.exe
13:02:44.0511 3076 NVSvc - ok
13:02:44.0591 3076 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:02:45.0072 3076 NwlnkFlt - ok
13:02:45.0112 3076 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:02:45.0593 3076 NwlnkFwd - ok
13:02:45.0633 3076 P3 (3fc38e7fbe91db40c34731195f4116c2) C:\WINDOWS\system32\DRIVERS\p3.sys
13:02:46.0013 3076 P3 - ok
13:02:46.0083 3076 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
13:02:46.0464 3076 Parport - ok
13:02:46.0524 3076 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:02:46.0934 3076 PartMgr - ok
13:02:46.0995 3076 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
13:02:47.0415 3076 ParVdm - ok
13:02:47.0475 3076 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
13:02:47.0876 3076 PCI - ok
13:02:47.0916 3076 PCIDump - ok
13:02:47.0966 3076 PCIIde - ok
13:02:48.0036 3076 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:02:48.0417 3076 Pcmcia - ok
13:02:48.0457 3076 PDCOMP - ok
13:02:48.0497 3076 PDFRAME - ok
13:02:48.0547 3076 PDRELI - ok
13:02:48.0587 3076 PDRFRAME - ok
13:02:48.0617 3076 perc2 - ok
13:02:48.0657 3076 perc2hib - ok
13:02:48.0777 3076 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
13:02:48.0827 3076 pfc ( UnsignedFile.Multi.Generic ) - warning
13:02:48.0827 3076 pfc - detected UnsignedFile.Multi.Generic (1)
13:02:48.0897 3076 PlugPlay (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
13:02:48.0987 3076 PlugPlay - ok
13:02:49.0037 3076 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\WINDOWS\system32\HPZipm12.dll
13:02:49.0047 3076 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:02:49.0047 3076 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:02:49.0118 3076 PolicyAgent (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
13:02:49.0448 3076 PolicyAgent - ok
13:02:49.0488 3076 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:02:49.0889 3076 PptpMiniport - ok
13:02:49.0929 3076 ProtectedStorage (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
13:02:50.0259 3076 ProtectedStorage - ok
13:02:50.0299 3076 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:02:50.0680 3076 PSched - ok
13:02:50.0730 3076 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:02:51.0211 3076 Ptilink - ok
13:02:51.0241 3076 ql1080 - ok
13:02:51.0271 3076 Ql10wnt - ok
13:02:51.0301 3076 ql12160 - ok
13:02:51.0341 3076 ql1240 - ok
13:02:51.0371 3076 ql1280 - ok
13:02:51.0411 3076 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:02:51.0962 3076 RasAcd - ok
13:02:52.0042 3076 RasAuto (2b5e44ea009f2f374b980e1e9a70635d) C:\WINDOWS\System32\rasauto.dll
13:02:52.0382 3076 RasAuto - ok
13:02:52.0452 3076 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:02:52.0803 3076 Rasl2tp - ok
13:02:52.0863 3076 RasMan (d57554c664b64604bd1ee13ea2c07e77) C:\WINDOWS\System32\rasmans.dll
13:02:53.0264 3076 RasMan - ok
13:02:53.0284 3076 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:02:53.0644 3076 RasPppoe - ok
13:02:53.0674 3076 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:02:54.0155 3076 Raspti - ok
13:02:54.0235 3076 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:02:54.0595 3076 Rdbss - ok
13:02:54.0636 3076 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:02:55.0156 3076 RDPCDD - ok
13:02:55.0256 3076 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
13:02:55.0367 3076 RDPWD - ok
13:02:55.0427 3076 RDSessMgr (c0d9d9711cb74ee9bc66353d8cbdab0e) C:\WINDOWS\system32\sessmgr.exe
13:02:55.0827 3076 RDSessMgr - ok
13:02:55.0897 3076 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:02:56.0308 3076 redbook - ok
13:02:56.0368 3076 RemoteAccess (127c26b5371651043450e52542099aba) C:\WINDOWS\System32\mprdim.dll
13:02:56.0749 3076 RemoteAccess - ok
13:02:56.0799 3076 RpcLocator (718b3bdc0bc3c2f7d065a53d26202af9) C:\WINDOWS\System32\locator.exe
13:02:57.0189 3076 RpcLocator - ok
13:02:57.0289 3076 RpcSs (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\System32\rpcss.dll
13:02:57.0359 3076 RpcSs - ok
13:02:57.0420 3076 RSVP (09ab2e71e58b078038e3bfdba7ffc984) C:\WINDOWS\System32\rsvp.exe
13:02:57.0950 3076 RSVP - ok
13:02:58.0000 3076 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
13:02:58.0311 3076 rtl8139 - ok
13:02:58.0351 3076 SamSs (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
13:02:58.0681 3076 SamSs - ok
13:02:58.0731 3076 SCardSvr (410046e401eb11e1e6749e9deea41d4a) C:\WINDOWS\System32\SCardSvr.exe
13:02:59.0102 3076 SCardSvr - ok
13:02:59.0172 3076 Schedule (3ff232a7731621b8902d81d42418c93c) C:\WINDOWS\system32\schedsvc.dll
13:02:59.0573 3076 Schedule - ok
13:02:59.0653 3076 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:03:00.0013 3076 Secdrv - ok
13:03:00.0063 3076 seclogon (477e2c3cc5e4a0d635bcb0ea8dcac3c6) C:\WINDOWS\System32\seclogon.dll
13:03:00.0454 3076 seclogon - ok
13:03:00.0494 3076 SENS (a530b75c10c23c9ab28fdb6ce719e21f) C:\WINDOWS\system32\sens.dll
13:03:00.0885 3076 SENS - ok
13:03:00.0945 3076 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:03:01.0285 3076 serenum - ok
13:03:01.0325 3076 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
13:03:01.0696 3076 Serial - ok
13:03:01.0776 3076 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:03:02.0136 3076 Sfloppy - ok
13:03:02.0216 3076 SharedAccess (f58faca9621d2db01bd0927d9a0a208e) C:\WINDOWS\System32\ipnathlp.dll
13:03:02.0777 3076 SharedAccess - ok
13:03:02.0847 3076 ShellHWDetection (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
13:03:02.0927 3076 ShellHWDetection - ok
13:03:02.0978 3076 Simbad - ok
13:03:03.0028 3076 SimpTcp (0befa983f8b9511eadd6960dd13e9fbf) C:\WINDOWS\System32\tcpsvcs.exe
13:03:03.0508 3076 SimpTcp - ok
13:03:03.0588 3076 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:03:03.0959 3076 SLIP - ok
13:03:04.0009 3076 SNMP (442d891cf7cb138f185fb2a1161c8af9) C:\WINDOWS\System32\snmp.exe
13:03:04.0420 3076 SNMP - ok
13:03:04.0480 3076 SNMPTRAP (4296e52a9d3ca6dcd1cf57e8bca45ab7) C:\WINDOWS\System32\snmptrap.exe
13:03:04.0890 3076 SNMPTRAP - ok
13:03:04.0930 3076 Sparrow - ok
13:03:04.0990 3076 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:03:05.0361 3076 splitter - ok
13:03:05.0391 3076 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
13:03:05.0481 3076 Spooler - ok
13:03:05.0541 3076 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
13:03:05.0892 3076 sr - ok
13:03:05.0952 3076 srservice (35b91147124f64ac8081a2edb9ea4dee) C:\WINDOWS\system32\srsvc.dll
13:03:06.0322 3076 srservice - ok
13:03:06.0422 3076 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:03:06.0563 3076 Srv - ok
13:03:06.0633 3076 SSDPSRV (becd5271dc4e3b7c3d035f790fcbc1e5) C:\WINDOWS\System32\ssdpsrv.dll
13:03:06.0993 3076 SSDPSRV - ok
13:03:07.0093 3076 stisvc (c1cdd9275f6a115bb0ae1d55d8d27ba6) C:\WINDOWS\system32\wiaservc.dll
13:03:07.0524 3076 stisvc - ok
13:03:07.0564 3076 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:03:07.0945 3076 streamip - ok
13:03:08.0005 3076 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:03:08.0335 3076 swenum - ok
13:03:08.0385 3076 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:03:08.0736 3076 swmidi - ok
13:03:08.0766 3076 SwPrv - ok
13:03:08.0816 3076 symc810 - ok
13:03:08.0886 3076 symc8xx - ok
13:03:08.0936 3076 sym_hi - ok
13:03:08.0976 3076 sym_u3 - ok
13:03:09.0046 3076 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:03:09.0477 3076 sysaudio - ok
13:03:09.0527 3076 SysmonLog (ce06f01b88ace199a1bf460cac29c110) C:\WINDOWS\system32\smlogsvc.exe
13:03:09.0928 3076 SysmonLog - ok
13:03:09.0998 3076 TapiSrv (c2546cd7a398476f9df5614b2ae160e8) C:\WINDOWS\System32\tapisrv.dll
13:03:10.0398 3076 TapiSrv - ok
13:03:10.0498 3076 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:03:10.0629 3076 Tcpip - ok
13:03:10.0689 3076 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:03:11.0049 3076 TDPIPE - ok
13:03:11.0099 3076 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:03:11.0440 3076 TDTCP - ok
13:03:11.0480 3076 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:03:11.0840 3076 TermDD - ok
13:03:11.0910 3076 TermService (a75dd6fc3dbee4fff5ebc9f2c28bb66e) C:\WINDOWS\System32\termsrv.dll
13:03:12.0321 3076 TermService - ok
13:03:12.0401 3076 Themes (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
13:03:12.0471 3076 Themes - ok
13:03:12.0521 3076 TosIde - ok
13:03:12.0601 3076 TrkWks (38853304ccb938d30e0c4cde8d2c2a8a) C:\WINDOWS\system32\trkwks.dll
13:03:13.0042 3076 TrkWks - ok
13:03:13.0132 3076 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:03:13.0493 3076 Udfs - ok
13:03:13.0513 3076 ultra - ok
13:03:13.0593 3076 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:03:13.0993 3076 Update - ok
13:03:14.0043 3076 upnphost (651bd90dcee5b7bdc74a2eb7c9266f9e) C:\WINDOWS\System32\upnphost.dll
13:03:14.0434 3076 upnphost - ok
13:03:14.0494 3076 UPS (20a0f6a11959e92908717d09e87d670d) C:\WINDOWS\System32\ups.exe
13:03:14.0875 3076 UPS - ok
13:03:14.0945 3076 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:03:15.0325 3076 usbccgp - ok
13:03:15.0385 3076 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:03:15.0716 3076 usbhub - ok
13:03:15.0786 3076 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:03:16.0136 3076 usbprint - ok
13:03:16.0207 3076 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:03:16.0617 3076 usbscan - ok
13:03:16.0657 3076 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:03:17.0028 3076 USBSTOR - ok
13:03:17.0088 3076 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:03:17.0488 3076 usbuhci - ok
13:03:17.0518 3076 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:03:17.0939 3076 VgaSave - ok
13:03:17.0969 3076 ViaIde - ok
13:03:18.0039 3076 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
13:03:18.0410 3076 VolSnap - ok
13:03:18.0490 3076 VSS (d6ba1a63d9e00933f1cd2a885573afb2) C:\WINDOWS\System32\vssvc.exe
13:03:18.0860 3076 VSS - ok
13:03:18.0910 3076 W32Time (fa4e1cdba256787f2149f4aad07bc91f) C:\WINDOWS\system32\w32time.dll
13:03:19.0301 3076 W32Time - ok
13:03:19.0361 3076 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:03:19.0732 3076 Wanarp - ok
13:03:19.0762 3076 WDICA - ok
13:03:19.0822 3076 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:03:20.0182 3076 wdmaud - ok
13:03:20.0242 3076 WebClient (47ae51048a82dfa1cd6b51d369f7e169) C:\WINDOWS\System32\webclnt.dll
13:03:20.0683 3076 WebClient - ok
13:03:20.0913 3076 winmgmt (e488332126e3b1182d2b8a0c35408ec6) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:03:21.0294 3076 winmgmt - ok
13:03:21.0394 3076 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
13:03:21.0454 3076 WmdmPmSN - ok
13:03:21.0534 3076 WmiApSrv (23f6f03272f7e5679f1f050aed5acee6) C:\WINDOWS\System32\wbem\wmiapsrv.exe
13:03:21.0955 3076 WmiApSrv - ok
13:03:22.0165 3076 WMPNetworkSvc (71b5c3a7e50a9e300dd7fc91dd5f56ad) C:\Program Files\Windows Media Player\WMPNetwk.exe
13:03:22.0305 3076 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - warning
13:03:22.0305 3076 WMPNetworkSvc - detected UnsignedFile.Multi.Generic (1)
13:03:22.0335 3076 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:03:22.0826 3076 WS2IFSL - ok
13:03:22.0906 3076 wscsvc (4c86d5faf78194995af9cc1075f65dd3) C:\WINDOWS\system32\wscsvc.dll
13:03:23.0327 3076 wscsvc - ok
13:03:23.0367 3076 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:03:23.0707 3076 WSTCODEC - ok
13:03:23.0757 3076 wuauserv (c1364564800ee9784192145324a23308) C:\WINDOWS\system32\wuauserv.dll
13:03:24.0128 3076 wuauserv - ok
13:03:24.0318 3076 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:03:24.0398 3076 WudfPf - ok
13:03:24.0448 3076 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:03:24.0508 3076 WudfRd - ok
13:03:24.0569 3076 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
13:03:24.0649 3076 WudfSvc - ok
13:03:24.0739 3076 WZCSVC (a27d4ba7264c0bf52f32d10405bea1d4) C:\WINDOWS\System32\wzcsvc.dll
13:03:25.0169 3076 WZCSVC - ok
13:03:25.0310 3076 xmlprov (eaa4bb9edb3fb10cf8979fe65e63658f) C:\WINDOWS\System32\xmlprov.dll
13:03:25.0740 3076 xmlprov - ok
13:03:25.0860 3076 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
13:03:27.0022 3076 \Device\Harddisk0\DR0 - ok
13:03:27.0052 3076 Boot (0x1200) (5e14fd3e7e9c1fcb95d403e5ffe3ad30) \Device\Harddisk0\DR0\Partition0
13:03:27.0052 3076 \Device\Harddisk0\DR0\Partition0 - ok
13:03:27.0102 3076 Boot (0x1200) (3827f83324eee1e1ab7de700263cdf96) \Device\Harddisk0\DR0\Partition1
13:03:27.0112 3076 \Device\Harddisk0\DR0\Partition1 - ok
13:03:27.0122 3076 ============================================================
13:03:27.0122 3076 Scan finished
13:03:27.0122 3076 ============================================================
13:03:27.0282 3068 Detected object count: 9
13:03:27.0282 3068 Actual detected object count: 9
13:03:47.0992 3068 fsssvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:03:47.0992 3068 fsssvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:03:47.0992 3068 IJPLMSVC ( UnsignedFile.Multi.Generic ) - skipped by user
13:03:47.0992 3068 IJPLMSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:03:48.0002 3068 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
13:03:48.0002 3068 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:03:48.0012 3068 NBService ( UnsignedFile.Multi.Generic ) - skipped by user
13:03:48.0012 3068 NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:03:48.0012 3068 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:03:48.0012 3068 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:03:48.0032 3068 NMIndexingService ( UnsignedFile.Multi.Generic ) - skipped by user
13:03:48.0032 3068 NMIndexingService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:03:48.0042 3068 pfc ( UnsignedFile.Multi.Generic ) - skipped by user
13:03:48.0042 3068 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:03:48.0052 3068 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:03:48.0052 3068 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:03:48.0062 3068 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:03:48.0062 3068 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:01:01.0453 0440 ============================================================
13:01:01.0453 0440 Current date / time: 2012/08/10 13:01:01.0453
13:01:01.0453 0440 SystemInfo:
13:01:01.0473 0440
13:01:01.0473 0440 OS Version: 5.1.2600 ServicePack: 3.0
13:01:01.0473 0440 Product type: Workstation
13:01:01.0473 0440 ComputerName: DELL863
13:01:01.0473 0440 UserName: Spravce
13:01:01.0473 0440 Windows directory: C:\WINDOWS
13:01:01.0473 0440 System windows directory: C:\WINDOWS
13:01:01.0473 0440 Processor architecture: Intel x86
13:01:01.0473 0440 Number of processors: 1
13:01:01.0473 0440 Page size: 0x1000
13:01:01.0473 0440 Boot type: Normal boot
13:01:01.0473 0440 ============================================================
13:01:07.0511 0440 Drive \Device\Harddisk0\DR0 - Size: 0x262AE80000 (152.67 Gb), SectorSize: 0x200, Cylinders: 0x4DD9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:01:07.0552 0440 ============================================================
13:01:07.0552 0440 \Device\Harddisk0\DR0:
13:01:07.0552 0440 MBR partitions:
13:01:07.0552 0440 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFFAC05
13:01:07.0552 0440 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFFFAC44, BlocksNum 0x3159255
13:01:07.0552 0440 ============================================================
13:01:07.0662 0440 C: <-> \Device\Harddisk0\DR0\Partition0
13:01:08.0353 0440 D: <-> \Device\Harddisk0\DR0\Partition1
13:01:08.0493 0440 ============================================================
13:01:08.0503 0440 Initialize success
13:01:08.0503 0440 ============================================================
13:01:40.0479 3076 ============================================================
13:01:40.0479 3076 Scan started
13:01:40.0479 3076 Mode: Manual; SigCheck; TDLFS;
13:01:40.0479 3076 ============================================================
13:01:41.0040 3076 Aavmker4 (d5d75edd02157fcd3eb576d4681e8c3e) C:\WINDOWS\system32\drivers\Aavmker4.sys
13:01:41.0621 3076 Aavmker4 - ok
13:01:41.0651 3076 Abiosdsk - ok
13:01:41.0691 3076 abp480n5 - ok
13:01:41.0751 3076 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
13:01:43.0243 3076 ac97intc - ok
13:01:43.0403 3076 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:01:44.0064 3076 ACPI - ok
13:01:44.0164 3076 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:01:44.0695 3076 ACPIEC - ok
13:01:44.0715 3076 adpu160m - ok
13:01:44.0785 3076 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:01:45.0326 3076 aec - ok
13:01:45.0496 3076 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:01:45.0676 3076 AFD - ok
13:01:45.0777 3076 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
13:01:46.0267 3076 agp440 - ok
13:01:46.0297 3076 Aha154x - ok
13:01:46.0337 3076 aic78u2 - ok
13:01:46.0377 3076 aic78xx - ok
13:01:46.0498 3076 Alerter (e0a6fa244b8624d78fe5ff6f56a33bae) C:\WINDOWS\system32\alrsvc.dll
13:01:46.0888 3076 Alerter - ok
13:01:46.0938 3076 AliIde - ok
13:01:46.0978 3076 amsint - ok
13:01:47.0038 3076 asc - ok
13:01:47.0068 3076 asc3350p - ok
13:01:47.0098 3076 asc3360pr - ok
13:01:47.0138 3076 asc3550 - ok
13:01:47.0549 3076 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:01:47.0709 3076 aspnet_state - ok
13:01:47.0809 3076 aswFsBlk (fb6a381c32a87ee6588eed61d22dc03b) C:\WINDOWS\system32\drivers\aswFsBlk.sys
13:01:47.0839 3076 aswFsBlk - ok
13:01:47.0920 3076 aswMon2 (1a10cbecfdd0a597b27e2d0998d95cf9) C:\WINDOWS\system32\drivers\aswMon2.sys
13:01:47.0960 3076 aswMon2 - ok
13:01:48.0020 3076 aswRdr (7827f70b86b29fbf112cbce547205acc) C:\WINDOWS\system32\drivers\aswRdr.sys
13:01:48.0120 3076 aswRdr - ok
13:01:48.0250 3076 aswSP (39bf48164a958f4bf0c0ec6cdc447db5) C:\WINDOWS\system32\drivers\aswSP.sys
13:01:48.0290 3076 aswSP - ok
13:01:48.0340 3076 aswTdi (755e4afb683e3306886a0f4df02a1575) C:\WINDOWS\system32\drivers\aswTdi.sys
13:01:48.0370 3076 aswTdi - ok
13:01:48.0460 3076 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:01:48.0941 3076 AsyncMac - ok
13:01:49.0011 3076 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:01:49.0472 3076 atapi - ok
13:01:49.0522 3076 Atdisk - ok
13:01:49.0642 3076 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:01:50.0043 3076 Atmarpc - ok
13:01:50.0103 3076 AudioSrv (de31b88962a8645dba5a37b993e7b0f1) C:\WINDOWS\System32\audiosrv.dll
13:01:50.0583 3076 AudioSrv - ok
13:01:50.0674 3076 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:01:51.0114 3076 audstub - ok
13:01:51.0214 3076 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:01:51.0775 3076 Beep - ok
13:01:51.0855 3076 BITS (19395d092fd85ddc2d9c7729cf5a2ac8) C:\WINDOWS\system32\qmgr.dll
13:01:52.0326 3076 BITS - ok
13:01:52.0386 3076 Browser (249276d3ef1e74b992299cb96099e4d7) C:\WINDOWS\System32\browser.dll
13:01:52.0857 3076 Browser - ok
13:01:52.0927 3076 catchme - ok
13:01:52.0977 3076 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:01:53.0407 3076 cbidf2k - ok
13:01:53.0468 3076 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:01:53.0888 3076 CCDECODE - ok
13:01:53.0928 3076 cd20xrnt - ok
13:01:53.0978 3076 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:01:54.0419 3076 Cdaudio - ok
13:01:54.0479 3076 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:01:54.0900 3076 Cdfs - ok
13:01:54.0950 3076 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:01:55.0370 3076 Cdrom - ok
13:01:55.0410 3076 Changer - ok
13:01:55.0480 3076 cisvc (e390dc1d7c461d7d56ec53402f329928) C:\WINDOWS\system32\cisvc.exe
13:01:55.0841 3076 cisvc - ok
13:01:55.0881 3076 ClipSrv (064507a8dfa8c5c7e2ffddd3e6f424fa) C:\WINDOWS\system32\clipsrv.exe
13:01:56.0312 3076 ClipSrv - ok
13:01:56.0382 3076 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:01:56.0492 3076 clr_optimization_v2.0.50727_32 - ok
13:01:56.0512 3076 CmdIde - ok
13:01:56.0552 3076 COMSysApp - ok
13:01:56.0622 3076 Cpqarray - ok
13:01:56.0672 3076 CryptSvc (f3ab0933cbd166d271992f411c27ccaf) C:\WINDOWS\System32\cryptsvc.dll
13:01:57.0173 3076 CryptSvc - ok
13:01:57.0203 3076 dac2w2k - ok
13:01:57.0233 3076 dac960nt - ok
13:01:57.0323 3076 DcomLaunch (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\system32\rpcss.dll
13:01:57.0553 3076 DcomLaunch - ok
13:01:57.0814 3076 Dhcp (8c9a53e285ac5e6704844d0459ec85be) C:\WINDOWS\System32\dhcpcsvc.dll
13:01:58.0365 3076 Dhcp - ok
13:01:58.0405 3076 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:01:58.0996 3076 Disk - ok
13:01:59.0016 3076 dmadmin - ok
13:01:59.0186 3076 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
13:01:59.0676 3076 dmboot - ok
13:01:59.0807 3076 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
13:02:00.0307 3076 dmio - ok
13:02:00.0398 3076 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:02:00.0858 3076 dmload - ok
13:02:00.0968 3076 dmserver (2bfefe9e865655a76982f050450b9591) C:\WINDOWS\System32\dmserver.dll
13:02:01.0439 3076 dmserver - ok
13:02:01.0509 3076 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:02:02.0170 3076 DMusic - ok
13:02:02.0220 3076 Dnscache (dfaa406bf19f4ee806a6f8d4342137f7) C:\WINDOWS\System32\dnsrslvr.dll
13:02:02.0390 3076 Dnscache - ok
13:02:02.0471 3076 Dot3svc (4a3e2bd20157a0946751229e92eb8621) C:\WINDOWS\System32\dot3svc.dll
13:02:02.0921 3076 Dot3svc - ok
13:02:02.0961 3076 dpti2o - ok
13:02:03.0011 3076 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:02:03.0422 3076 drmkaud - ok
13:02:03.0522 3076 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
13:02:03.0642 3076 dtsoftbus01 - ok
13:02:03.0852 3076 E100B (866b8ee30e4504c11ae0d29ed6f8824b) C:\WINDOWS\system32\DRIVERS\e100b325.sys
13:02:04.0463 3076 E100B - ok
13:02:04.0614 3076 EapHost (0887d9c2be8d940778cad1e3b85f2a41) C:\WINDOWS\System32\eapsvc.dll
13:02:05.0014 3076 EapHost - ok
13:02:05.0074 3076 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
13:02:05.0615 3076 EL90XBC - ok
13:02:05.0785 3076 ERSvc (a2a4912798f2be706abadd3d30800d16) C:\WINDOWS\System32\ersvc.dll
13:02:06.0336 3076 ERSvc - ok
13:02:06.0476 3076 Eventlog (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
13:02:06.0566 3076 Eventlog - ok
13:02:06.0717 3076 EventSystem (a371f11ef07653591c8de26afb13ce7f) C:\WINDOWS\System32\es.dll
13:02:06.0987 3076 EventSystem - ok
13:02:07.0167 3076 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:02:07.0668 3076 Fastfat - ok
13:02:08.0018 3076 FastUserSwitchingCompatibility (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
13:02:08.0289 3076 FastUserSwitchingCompatibility - ok
13:02:08.0359 3076 Fax (2cd14c70d1d81af054aa5ed8024dcae6) C:\WINDOWS\system32\fxssvc.exe
13:02:08.0860 3076 Fax - ok
13:02:08.0910 3076 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:02:09.0340 3076 Fdc - ok
13:02:09.0380 3076 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
13:02:09.0841 3076 Fips - ok
13:02:09.0891 3076 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:02:10.0382 3076 Flpydisk - ok
13:02:10.0472 3076 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:02:10.0893 3076 FltMgr - ok
13:02:11.0013 3076 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:02:11.0083 3076 FontCache3.0.0.0 - ok
13:02:11.0153 3076 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
13:02:11.0193 3076 fssfltr - ok
13:02:11.0463 3076 fsssvc (7ab1d5916ccfb5bbcc3189a363eaf856) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
13:02:11.0664 3076 fsssvc ( UnsignedFile.Multi.Generic ) - warning
13:02:11.0664 3076 fsssvc - detected UnsignedFile.Multi.Generic (1)
13:02:11.0724 3076 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:02:12.0174 3076 Fs_Rec - ok
13:02:12.0265 3076 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:02:12.0775 3076 Ftdisk - ok
13:02:12.0845 3076 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
13:02:12.0916 3076 GEARAspiWDM - ok
13:02:12.0976 3076 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:02:13.0356 3076 Gpc - ok
13:02:13.0496 3076 HCF_MSFT (9513de607cd2c6d7fbeca2e6e0ae5dc0) C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys
13:02:14.0117 3076 HCF_MSFT - ok
13:02:14.0197 3076 helpsvc (fcfe31fb75f8a6295b6b0af87a626282) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:02:14.0588 3076 helpsvc - ok
13:02:14.0628 3076 HidServ - ok
13:02:14.0778 3076 hkmsvc (7a6b320928f86bc851530d63c82965d9) C:\WINDOWS\System32\kmsvc.dll
13:02:15.0179 3076 hkmsvc - ok
13:02:15.0219 3076 hpn - ok
13:02:15.0259 3076 hpt3xx - ok
13:02:15.0329 3076 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:02:15.0469 3076 HPZid412 - ok
13:02:15.0509 3076 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:02:15.0609 3076 HPZipr12 - ok
13:02:15.0680 3076 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:02:15.0770 3076 HPZius12 - ok
13:02:15.0860 3076 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:02:16.0981 3076 HTTP - ok
13:02:17.0041 3076 HTTPFilter (58fe2f2da3bc5573f4a35b3760d3125f) C:\WINDOWS\System32\w3ssl.dll
13:02:17.0442 3076 HTTPFilter - ok
13:02:17.0462 3076 i2omgmt - ok
13:02:17.0502 3076 i2omp - ok
13:02:17.0542 3076 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:02:17.0943 3076 i8042prt - ok
13:02:18.0313 3076 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:02:18.0484 3076 idsvc - ok
13:02:18.0604 3076 IJPLMSVC (44c7f6489d7944f74398fa89ab2f8262) C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
13:02:18.0704 3076 IJPLMSVC ( UnsignedFile.Multi.Generic ) - warning
13:02:18.0704 3076 IJPLMSVC - detected UnsignedFile.Multi.Generic (1)
13:02:18.0774 3076 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:02:19.0154 3076 Imapi - ok
13:02:19.0215 3076 ImapiService (f7b93aafad33b2320954c17e26c8d361) C:\WINDOWS\system32\imapi.exe
13:02:19.0625 3076 ImapiService - ok
13:02:19.0665 3076 ini910u - ok
13:02:19.0725 3076 IntelIde (57d928e548b38502abba7a77a6eb7312) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:02:20.0106 3076 IntelIde - ok
13:02:20.0176 3076 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:02:20.0546 3076 ip6fw - ok
13:02:20.0607 3076 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:02:21.0077 3076 IpFilterDriver - ok
13:02:21.0157 3076 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:02:21.0538 3076 IpInIp - ok
13:02:21.0598 3076 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:02:21.0989 3076 IpNat - ok
13:02:22.0039 3076 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:02:22.0469 3076 IPSec - ok
13:02:22.0519 3076 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:02:22.0890 3076 IRENUM - ok
13:02:22.0930 3076 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:02:23.0320 3076 isapnp - ok
13:02:23.0371 3076 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:02:23.0761 3076 Kbdclass - ok
13:02:23.0831 3076 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:02:24.0232 3076 kmixer - ok
13:02:24.0292 3076 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:02:24.0482 3076 KSecDD - ok
13:02:24.0592 3076 lanmanserver (3428e8f86f8add36b42fb23542c7b3e4) C:\WINDOWS\System32\srvsvc.dll
13:02:24.0672 3076 lanmanserver - ok
13:02:24.0733 3076 lanmanworkstation (936c1d110232d23b621cb0196e4f80f0) C:\WINDOWS\System32\wkssvc.dll
13:02:24.0833 3076 lanmanworkstation - ok
13:02:24.0863 3076 lbrtfdc - ok
13:02:24.0963 3076 LmHosts (0ab159f536e3e8f7f07113702a07cca5) C:\WINDOWS\System32\lmhsvc.dll
13:02:25.0363 3076 LmHosts - ok
13:02:25.0413 3076 LPDSVC (0befa983f8b9511eadd6960dd13e9fbf) C:\WINDOWS\System32\tcpsvcs.exe
13:02:25.0874 3076 LPDSVC - ok
13:02:25.0994 3076 LVHybrid (21e5fe0a3254664abbc051bfabe25871) C:\WINDOWS\system32\DRIVERS\LVHybrid.sys
13:02:26.0195 3076 LVHybrid - ok
13:02:26.0335 3076 MDM (926a14e36837dcf7b09b09ba0ba1fc84) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
13:02:26.0425 3076 MDM ( UnsignedFile.Multi.Generic ) - warning
13:02:26.0425 3076 MDM - detected UnsignedFile.Multi.Generic (1)
13:02:26.0495 3076 Messenger (221cd1c815b8a6b79389c3f5d1018de8) C:\WINDOWS\System32\msgsvc.dll
13:02:26.0916 3076 Messenger - ok
13:02:26.0986 3076 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:02:27.0466 3076 mnmdd - ok
13:02:27.0527 3076 mnmsrvc (9a57d046f88f4b69751b11fd40088a61) C:\WINDOWS\System32\mnmsrvc.exe
13:02:27.0897 3076 mnmsrvc - ok
13:02:27.0947 3076 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
13:02:28.0338 3076 Modem - ok
13:02:28.0378 3076 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:02:28.0748 3076 Mouclass - ok
13:02:28.0788 3076 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:02:29.0219 3076 MountMgr - ok
13:02:29.0299 3076 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
13:02:29.0660 3076 MPE - ok
13:02:29.0690 3076 mraid35x - ok
13:02:29.0760 3076 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:02:30.0130 3076 MRxDAV - ok
13:02:30.0220 3076 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:02:30.0381 3076 MRxSmb - ok
13:02:30.0431 3076 MSDTC (6db4d1521caba9a5ffab54ade0ae867d) C:\WINDOWS\System32\msdtc.exe
13:02:30.0811 3076 MSDTC - ok
13:02:30.0891 3076 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:02:31.0272 3076 Msfs - ok
13:02:31.0312 3076 MSIServer - ok
13:02:31.0392 3076 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:02:31.0753 3076 MSKSSRV - ok
13:02:31.0783 3076 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:02:32.0163 3076 MSPCLOCK - ok
13:02:32.0203 3076 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:02:32.0584 3076 MSPQM - ok
13:02:32.0624 3076 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:02:33.0014 3076 mssmbios - ok
13:02:33.0075 3076 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
13:02:33.0425 3076 MSTEE - ok
13:02:33.0475 3076 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:02:33.0605 3076 Mup - ok
13:02:33.0655 3076 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:02:34.0036 3076 NABTSFEC - ok
13:02:34.0146 3076 napagent (6ea362e9db03d44f6b996f4d8be237e9) C:\WINDOWS\System32\qagentrt.dll
13:02:34.0607 3076 napagent - ok
13:02:34.0797 3076 NBService (57fbf806d0552941952aacf85f65e1f9) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
13:02:34.0947 3076 NBService ( UnsignedFile.Multi.Generic ) - warning
13:02:34.0947 3076 NBService - detected UnsignedFile.Multi.Generic (1)
13:02:35.0017 3076 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:02:35.0448 3076 NDIS - ok
13:02:35.0518 3076 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:02:35.0889 3076 NdisIP - ok
13:02:35.0919 3076 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:02:35.0999 3076 NdisTapi - ok
13:02:36.0059 3076 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:02:36.0489 3076 Ndisuio - ok
13:02:36.0580 3076 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:02:36.0980 3076 NdisWan - ok
13:02:37.0040 3076 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:02:37.0110 3076 NDProxy - ok
13:02:37.0200 3076 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\WINDOWS\system32\HPZinw12.dll
13:02:37.0371 3076 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:02:37.0371 3076 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:02:37.0421 3076 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:02:37.0821 3076 NetBIOS - ok
13:02:37.0871 3076 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:02:38.0282 3076 NetBT - ok
13:02:38.0352 3076 NetDDE (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
13:02:38.0763 3076 NetDDE - ok
13:02:38.0803 3076 NetDDEdsdm (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
13:02:39.0153 3076 NetDDEdsdm - ok
13:02:39.0223 3076 Netlogon (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
13:02:39.0604 3076 Netlogon - ok
13:02:39.0654 3076 Netman (72e1e9e2977be08bdeedb6d8fd9d4d40) C:\WINDOWS\System32\netman.dll
13:02:40.0025 3076 Netman - ok
13:02:40.0155 3076 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:02:40.0285 3076 NetTcpPortSharing - ok
13:02:40.0385 3076 Nla (39ee7c3bfbc64ba87cc8cf67386e814c) C:\WINDOWS\System32\mswsock.dll
13:02:40.0485 3076 Nla - ok
13:02:40.0615 3076 NMIndexingService (8ea8761de68a9465ebec889f26d3c426) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
13:02:40.0756 3076 NMIndexingService ( UnsignedFile.Multi.Generic ) - warning
13:02:40.0756 3076 NMIndexingService - detected UnsignedFile.Multi.Generic (1)
13:02:40.0826 3076 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:02:41.0226 3076 Npfs - ok
13:02:41.0306 3076 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:02:41.0747 3076 Ntfs - ok
13:02:41.0817 3076 NtLmSsp (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\System32\lsass.exe
13:02:42.0178 3076 NtLmSsp - ok
13:02:42.0288 3076 NtmsSvc (023dd70573d644f3d9c8b1258a7bfd08) C:\WINDOWS\system32\ntmssvc.dll
13:02:42.0728 3076 NtmsSvc - ok
13:02:42.0778 3076 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:02:43.0229 3076 Null - ok
13:02:43.0670 3076 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:02:44.0201 3076 nv - ok
13:02:44.0421 3076 NVSvc (0febe37db6650faa5965c00545009d1d) C:\WINDOWS\system32\nvsvc32.exe
13:02:44.0511 3076 NVSvc - ok
13:02:44.0591 3076 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:02:45.0072 3076 NwlnkFlt - ok
13:02:45.0112 3076 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:02:45.0593 3076 NwlnkFwd - ok
13:02:45.0633 3076 P3 (3fc38e7fbe91db40c34731195f4116c2) C:\WINDOWS\system32\DRIVERS\p3.sys
13:02:46.0013 3076 P3 - ok
13:02:46.0083 3076 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
13:02:46.0464 3076 Parport - ok
13:02:46.0524 3076 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:02:46.0934 3076 PartMgr - ok
13:02:46.0995 3076 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
13:02:47.0415 3076 ParVdm - ok
13:02:47.0475 3076 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
13:02:47.0876 3076 PCI - ok
13:02:47.0916 3076 PCIDump - ok
13:02:47.0966 3076 PCIIde - ok
13:02:48.0036 3076 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:02:48.0417 3076 Pcmcia - ok
13:02:48.0457 3076 PDCOMP - ok
13:02:48.0497 3076 PDFRAME - ok
13:02:48.0547 3076 PDRELI - ok
13:02:48.0587 3076 PDRFRAME - ok
13:02:48.0617 3076 perc2 - ok
13:02:48.0657 3076 perc2hib - ok
13:02:48.0777 3076 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
13:02:48.0827 3076 pfc ( UnsignedFile.Multi.Generic ) - warning
13:02:48.0827 3076 pfc - detected UnsignedFile.Multi.Generic (1)
13:02:48.0897 3076 PlugPlay (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
13:02:48.0987 3076 PlugPlay - ok
13:02:49.0037 3076 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\WINDOWS\system32\HPZipm12.dll
13:02:49.0047 3076 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:02:49.0047 3076 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:02:49.0118 3076 PolicyAgent (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
13:02:49.0448 3076 PolicyAgent - ok
13:02:49.0488 3076 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:02:49.0889 3076 PptpMiniport - ok
13:02:49.0929 3076 ProtectedStorage (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
13:02:50.0259 3076 ProtectedStorage - ok
13:02:50.0299 3076 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:02:50.0680 3076 PSched - ok
13:02:50.0730 3076 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:02:51.0211 3076 Ptilink - ok
13:02:51.0241 3076 ql1080 - ok
13:02:51.0271 3076 Ql10wnt - ok
13:02:51.0301 3076 ql12160 - ok
13:02:51.0341 3076 ql1240 - ok
13:02:51.0371 3076 ql1280 - ok
13:02:51.0411 3076 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:02:51.0962 3076 RasAcd - ok
13:02:52.0042 3076 RasAuto (2b5e44ea009f2f374b980e1e9a70635d) C:\WINDOWS\System32\rasauto.dll
13:02:52.0382 3076 RasAuto - ok
13:02:52.0452 3076 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:02:52.0803 3076 Rasl2tp - ok
13:02:52.0863 3076 RasMan (d57554c664b64604bd1ee13ea2c07e77) C:\WINDOWS\System32\rasmans.dll
13:02:53.0264 3076 RasMan - ok
13:02:53.0284 3076 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:02:53.0644 3076 RasPppoe - ok
13:02:53.0674 3076 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:02:54.0155 3076 Raspti - ok
13:02:54.0235 3076 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:02:54.0595 3076 Rdbss - ok
13:02:54.0636 3076 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:02:55.0156 3076 RDPCDD - ok
13:02:55.0256 3076 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
13:02:55.0367 3076 RDPWD - ok
13:02:55.0427 3076 RDSessMgr (c0d9d9711cb74ee9bc66353d8cbdab0e) C:\WINDOWS\system32\sessmgr.exe
13:02:55.0827 3076 RDSessMgr - ok
13:02:55.0897 3076 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:02:56.0308 3076 redbook - ok
13:02:56.0368 3076 RemoteAccess (127c26b5371651043450e52542099aba) C:\WINDOWS\System32\mprdim.dll
13:02:56.0749 3076 RemoteAccess - ok
13:02:56.0799 3076 RpcLocator (718b3bdc0bc3c2f7d065a53d26202af9) C:\WINDOWS\System32\locator.exe
13:02:57.0189 3076 RpcLocator - ok
13:02:57.0289 3076 RpcSs (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\System32\rpcss.dll
13:02:57.0359 3076 RpcSs - ok
13:02:57.0420 3076 RSVP (09ab2e71e58b078038e3bfdba7ffc984) C:\WINDOWS\System32\rsvp.exe
13:02:57.0950 3076 RSVP - ok
13:02:58.0000 3076 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
13:02:58.0311 3076 rtl8139 - ok
13:02:58.0351 3076 SamSs (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
13:02:58.0681 3076 SamSs - ok
13:02:58.0731 3076 SCardSvr (410046e401eb11e1e6749e9deea41d4a) C:\WINDOWS\System32\SCardSvr.exe
13:02:59.0102 3076 SCardSvr - ok
13:02:59.0172 3076 Schedule (3ff232a7731621b8902d81d42418c93c) C:\WINDOWS\system32\schedsvc.dll
13:02:59.0573 3076 Schedule - ok
13:02:59.0653 3076 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:03:00.0013 3076 Secdrv - ok
13:03:00.0063 3076 seclogon (477e2c3cc5e4a0d635bcb0ea8dcac3c6) C:\WINDOWS\System32\seclogon.dll
13:03:00.0454 3076 seclogon - ok
13:03:00.0494 3076 SENS (a530b75c10c23c9ab28fdb6ce719e21f) C:\WINDOWS\system32\sens.dll
13:03:00.0885 3076 SENS - ok
13:03:00.0945 3076 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:03:01.0285 3076 serenum - ok
13:03:01.0325 3076 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
13:03:01.0696 3076 Serial - ok
13:03:01.0776 3076 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:03:02.0136 3076 Sfloppy - ok
13:03:02.0216 3076 SharedAccess (f58faca9621d2db01bd0927d9a0a208e) C:\WINDOWS\System32\ipnathlp.dll
13:03:02.0777 3076 SharedAccess - ok
13:03:02.0847 3076 ShellHWDetection (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
13:03:02.0927 3076 ShellHWDetection - ok
13:03:02.0978 3076 Simbad - ok
13:03:03.0028 3076 SimpTcp (0befa983f8b9511eadd6960dd13e9fbf) C:\WINDOWS\System32\tcpsvcs.exe
13:03:03.0508 3076 SimpTcp - ok
13:03:03.0588 3076 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:03:03.0959 3076 SLIP - ok
13:03:04.0009 3076 SNMP (442d891cf7cb138f185fb2a1161c8af9) C:\WINDOWS\System32\snmp.exe
13:03:04.0420 3076 SNMP - ok
13:03:04.0480 3076 SNMPTRAP (4296e52a9d3ca6dcd1cf57e8bca45ab7) C:\WINDOWS\System32\snmptrap.exe
13:03:04.0890 3076 SNMPTRAP - ok
13:03:04.0930 3076 Sparrow - ok
13:03:04.0990 3076 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:03:05.0361 3076 splitter - ok
13:03:05.0391 3076 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
13:03:05.0481 3076 Spooler - ok
13:03:05.0541 3076 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
13:03:05.0892 3076 sr - ok
13:03:05.0952 3076 srservice (35b91147124f64ac8081a2edb9ea4dee) C:\WINDOWS\system32\srsvc.dll
13:03:06.0322 3076 srservice - ok
13:03:06.0422 3076 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:03:06.0563 3076 Srv - ok
13:03:06.0633 3076 SSDPSRV (becd5271dc4e3b7c3d035f790fcbc1e5) C:\WINDOWS\System32\ssdpsrv.dll
13:03:06.0993 3076 SSDPSRV - ok
13:03:07.0093 3076 stisvc (c1cdd9275f6a115bb0ae1d55d8d27ba6) C:\WINDOWS\system32\wiaservc.dll
13:03:07.0524 3076 stisvc - ok
13:03:07.0564 3076 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:03:07.0945 3076 streamip - ok
13:03:08.0005 3076 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:03:08.0335 3076 swenum - ok
13:03:08.0385 3076 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:03:08.0736 3076 swmidi - ok
13:03:08.0766 3076 SwPrv - ok
13:03:08.0816 3076 symc810 - ok
13:03:08.0886 3076 symc8xx - ok
13:03:08.0936 3076 sym_hi - ok
13:03:08.0976 3076 sym_u3 - ok
13:03:09.0046 3076 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:03:09.0477 3076 sysaudio - ok
13:03:09.0527 3076 SysmonLog (ce06f01b88ace199a1bf460cac29c110) C:\WINDOWS\system32\smlogsvc.exe
13:03:09.0928 3076 SysmonLog - ok
13:03:09.0998 3076 TapiSrv (c2546cd7a398476f9df5614b2ae160e8) C:\WINDOWS\System32\tapisrv.dll
13:03:10.0398 3076 TapiSrv - ok
13:03:10.0498 3076 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:03:10.0629 3076 Tcpip - ok
13:03:10.0689 3076 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:03:11.0049 3076 TDPIPE - ok
13:03:11.0099 3076 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:03:11.0440 3076 TDTCP - ok
13:03:11.0480 3076 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:03:11.0840 3076 TermDD - ok
13:03:11.0910 3076 TermService (a75dd6fc3dbee4fff5ebc9f2c28bb66e) C:\WINDOWS\System32\termsrv.dll
13:03:12.0321 3076 TermService - ok
13:03:12.0401 3076 Themes (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
13:03:12.0471 3076 Themes - ok
13:03:12.0521 3076 TosIde - ok
13:03:12.0601 3076 TrkWks (38853304ccb938d30e0c4cde8d2c2a8a) C:\WINDOWS\system32\trkwks.dll
13:03:13.0042 3076 TrkWks - ok
13:03:13.0132 3076 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:03:13.0493 3076 Udfs - ok
13:03:13.0513 3076 ultra - ok
13:03:13.0593 3076 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:03:13.0993 3076 Update - ok
13:03:14.0043 3076 upnphost (651bd90dcee5b7bdc74a2eb7c9266f9e) C:\WINDOWS\System32\upnphost.dll
13:03:14.0434 3076 upnphost - ok
13:03:14.0494 3076 UPS (20a0f6a11959e92908717d09e87d670d) C:\WINDOWS\System32\ups.exe
13:03:14.0875 3076 UPS - ok
13:03:14.0945 3076 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:03:15.0325 3076 usbccgp - ok
13:03:15.0385 3076 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:03:15.0716 3076 usbhub - ok
13:03:15.0786 3076 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:03:16.0136 3076 usbprint - ok
13:03:16.0207 3076 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:03:16.0617 3076 usbscan - ok
13:03:16.0657 3076 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:03:17.0028 3076 USBSTOR - ok
13:03:17.0088 3076 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:03:17.0488 3076 usbuhci - ok
13:03:17.0518 3076 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:03:17.0939 3076 VgaSave - ok
13:03:17.0969 3076 ViaIde - ok
13:03:18.0039 3076 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
13:03:18.0410 3076 VolSnap - ok
13:03:18.0490 3076 VSS (d6ba1a63d9e00933f1cd2a885573afb2) C:\WINDOWS\System32\vssvc.exe
13:03:18.0860 3076 VSS - ok
13:03:18.0910 3076 W32Time (fa4e1cdba256787f2149f4aad07bc91f) C:\WINDOWS\system32\w32time.dll
13:03:19.0301 3076 W32Time - ok
13:03:19.0361 3076 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:03:19.0732 3076 Wanarp - ok
13:03:19.0762 3076 WDICA - ok
13:03:19.0822 3076 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:03:20.0182 3076 wdmaud - ok
13:03:20.0242 3076 WebClient (47ae51048a82dfa1cd6b51d369f7e169) C:\WINDOWS\System32\webclnt.dll
13:03:20.0683 3076 WebClient - ok
13:03:20.0913 3076 winmgmt (e488332126e3b1182d2b8a0c35408ec6) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:03:21.0294 3076 winmgmt - ok
13:03:21.0394 3076 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
13:03:21.0454 3076 WmdmPmSN - ok
13:03:21.0534 3076 WmiApSrv (23f6f03272f7e5679f1f050aed5acee6) C:\WINDOWS\System32\wbem\wmiapsrv.exe
13:03:21.0955 3076 WmiApSrv - ok
13:03:22.0165 3076 WMPNetworkSvc (71b5c3a7e50a9e300dd7fc91dd5f56ad) C:\Program Files\Windows Media Player\WMPNetwk.exe
13:03:22.0305 3076 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - warning
13:03:22.0305 3076 WMPNetworkSvc - detected UnsignedFile.Multi.Generic (1)
13:03:22.0335 3076 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:03:22.0826 3076 WS2IFSL - ok
13:03:22.0906 3076 wscsvc (4c86d5faf78194995af9cc1075f65dd3) C:\WINDOWS\system32\wscsvc.dll
13:03:23.0327 3076 wscsvc - ok
13:03:23.0367 3076 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:03:23.0707 3076 WSTCODEC - ok
13:03:23.0757 3076 wuauserv (c1364564800ee9784192145324a23308) C:\WINDOWS\system32\wuauserv.dll
13:03:24.0128 3076 wuauserv - ok
13:03:24.0318 3076 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:03:24.0398 3076 WudfPf - ok
13:03:24.0448 3076 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:03:24.0508 3076 WudfRd - ok
13:03:24.0569 3076 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
13:03:24.0649 3076 WudfSvc - ok
13:03:24.0739 3076 WZCSVC (a27d4ba7264c0bf52f32d10405bea1d4) C:\WINDOWS\System32\wzcsvc.dll
13:03:25.0169 3076 WZCSVC - ok
13:03:25.0310 3076 xmlprov (eaa4bb9edb3fb10cf8979fe65e63658f) C:\WINDOWS\System32\xmlprov.dll
13:03:25.0740 3076 xmlprov - ok
13:03:25.0860 3076 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
13:03:27.0022 3076 \Device\Harddisk0\DR0 - ok
13:03:27.0052 3076 Boot (0x1200) (5e14fd3e7e9c1fcb95d403e5ffe3ad30) \Device\Harddisk0\DR0\Partition0
13:03:27.0052 3076 \Device\Harddisk0\DR0\Partition0 - ok
13:03:27.0102 3076 Boot (0x1200) (3827f83324eee1e1ab7de700263cdf96) \Device\Harddisk0\DR0\Partition1
13:03:27.0112 3076 \Device\Harddisk0\DR0\Partition1 - ok
13:03:27.0122 3076 ============================================================
13:03:27.0122 3076 Scan finished
13:03:27.0122 3076 ============================================================
13:03:27.0282 3068 Detected object count: 9
13:03:27.0282 3068 Actual detected object count: 9
13:03:47.0992 3068 fsssvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:03:47.0992 3068 fsssvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:03:47.0992 3068 IJPLMSVC ( UnsignedFile.Multi.Generic ) - skipped by user
13:03:47.0992 3068 IJPLMSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:03:48.0002 3068 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
13:03:48.0002 3068 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:03:48.0012 3068 NBService ( UnsignedFile.Multi.Generic ) - skipped by user
13:03:48.0012 3068 NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:03:48.0012 3068 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:03:48.0012 3068 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:03:48.0032 3068 NMIndexingService ( UnsignedFile.Multi.Generic ) - skipped by user
13:03:48.0032 3068 NMIndexingService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:03:48.0042 3068 pfc ( UnsignedFile.Multi.Generic ) - skipped by user
13:03:48.0042 3068 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:03:48.0052 3068 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:03:48.0052 3068 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:03:48.0062 3068 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:03:48.0062 3068 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
-
truskawiec
- Návštěvník
- Příspěvky: 44
- Registrován: 09 srp 2012 10:51
Re: infikace
a ten powertool nejde ani rozbalit, pri pokusu nasledoval vytuh....
-
truskawiec
- Návštěvník
- Příspěvky: 44
- Registrován: 09 srp 2012 10:51
Re: infikace
avira nacist jde ale udajne ma nedostatek pameti a jak tam scanuje vdf tak se to vzdy na 13% zhrouti. Kaspersky ovsem nabehl, ale zatim s tim nedelam nic
Přispějete na provoz fóra?