trojské koně, ESET si neporadí

[vyosek]

Nechte znovu udelat sken aswMBR, pak by mela byt aktivni moznost FIX, zkuste ji - pokud nepujde nebo nebude aktivni, tak napiste a zkusime to jinak...

[honzapetr]

bohužel, možnost FIX nejde, pouze FIXMBR

[vyosek]

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

• Kliknete na volbu Change parametrs
• V okne Additional Option zakliknete vsechny moznosti
• Kliknete na OK
• Utilite prikazte, at skenuje - klik na Start Scan
• Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
• Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
• Pokud mate vsude Skip, kliknete na Continue
• Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

[honzapetr]

20:16:57.0140 2076 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:16:57.0593 2076 ============================================================
20:16:57.0593 2076 Current date / time: 2013/02/02 20:16:57.0593
20:16:57.0593 2076 SystemInfo:
20:16:57.0593 2076
20:16:57.0593 2076 OS Version: 5.1.2600 ServicePack: 2.0
20:16:57.0593 2076 Product type: Workstation
20:16:57.0593 2076 ComputerName: HONZA
20:16:57.0593 2076 UserName: Administrator
20:16:57.0593 2076 Windows directory: C:\WINDOWS
20:16:57.0593 2076 System windows directory: C:\WINDOWS
20:16:57.0593 2076 Processor architecture: Intel x86
20:16:57.0593 2076 Number of processors: 1
20:16:57.0593 2076 Page size: 0x1000
20:16:57.0593 2076 Boot type: Normal boot
20:16:57.0593 2076 ============================================================
20:16:59.0531 2076 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:16:59.0546 2076 ============================================================
20:16:59.0546 2076 \Device\Harddisk0\DR0:
20:16:59.0546 2076 MBR partitions:
20:16:59.0546 2076 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
20:16:59.0546 2076 ============================================================
20:16:59.0562 2076 C: <-> \Device\Harddisk0\DR0\Partition1
20:16:59.0640 2076 ============================================================
20:16:59.0640 2076 Initialize success
20:16:59.0640 2076 ============================================================
20:17:47.0453 1616 ============================================================
20:17:47.0453 1616 Scan started
20:17:47.0453 1616 Mode: Manual; SigCheck; TDLFS;
20:17:47.0453 1616 ============================================================
20:17:47.0796 1616 ================ Scan system memory ========================
20:17:47.0812 1616 System memory - ok
20:17:47.0812 1616 ================ Scan services =============================
20:17:47.0921 1616 3259 - ok
20:17:48.0046 1616 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
20:17:48.0281 1616 Aavmker4 - ok
20:17:48.0296 1616 Abiosdsk - ok
20:17:48.0328 1616 abp480n5 - ok
20:17:48.0375 1616 [ 2F0138E3EAFABE968A768E95B59BC9D7 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:17:48.0390 1616 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: 2F0138E3EAFABE968A768E95B59BC9D7, Fake md5: FA2FBCDA96D2385F773B059FE5A125A6
20:17:48.0390 1616 ACPI ( Virus.Win32.Rloader.a ) - infected
20:17:48.0390 1616 ACPI - detected Virus.Win32.Rloader.a (0)
20:17:48.0437 1616 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
20:17:50.0062 1616 ACPIEC - ok
20:17:50.0078 1616 adpu160m - ok
20:17:50.0125 1616 [ 1EE7B434BA961EF845DE136224C30FEC ] aec C:\WINDOWS\system32\drivers\aec.sys
20:17:50.0937 1616 aec - ok
20:17:50.0984 1616 [ 55E6E1C51B6D30E54335750955453702 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:17:51.0031 1616 AFD - ok
20:17:51.0062 1616 Aha154x - ok
20:17:51.0078 1616 aic78u2 - ok
20:17:51.0109 1616 aic78xx - ok
20:17:51.0296 1616 [ F3E15607BA53249C765E36388B332C2F ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
20:17:51.0593 1616 ALCXWDM ( UnsignedFile.Multi.Generic ) - warning
20:17:51.0593 1616 ALCXWDM - detected UnsignedFile.Multi.Generic (1)
20:17:51.0656 1616 [ 026DDAA7E6F8D49DF82C7A98BAE5D0D1 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:17:52.0000 1616 Alerter - ok
20:17:52.0031 1616 [ B3F690BF43F93A012A52F28F234FAA1B ] ALG C:\WINDOWS\System32\alg.exe
20:17:52.0218 1616 ALG - ok
20:17:52.0250 1616 AliIde - ok
20:17:52.0281 1616 [ 2CC3BF45AC3180FE29C199BD95F09601 ] AmdK7 C:\WINDOWS\system32\DRIVERS\amdk7.sys
20:17:52.0640 1616 AmdK7 - ok
20:17:52.0656 1616 amsint - ok
20:17:52.0718 1616 [ 421184F91EAE5C6E78E653C6B32AAE84 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
20:17:52.0906 1616 AppMgmt - ok
20:17:52.0921 1616 asc - ok
20:17:52.0953 1616 asc3350p - ok
20:17:52.0984 1616 asc3550 - ok
20:17:53.0015 1616 [ 05A56C3156E1B6CC7BBD8E1D54D491F2 ] ASNDIS5 C:\WINDOWS\system32\ASNDIS5.SYS
20:17:53.0031 1616 ASNDIS5 ( UnsignedFile.Multi.Generic ) - warning
20:17:53.0031 1616 ASNDIS5 - detected UnsignedFile.Multi.Generic (1)
20:17:53.0125 1616 [ D33C507942299753868204CC7642FA27 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:17:53.0156 1616 aspnet_state - ok
20:17:53.0187 1616 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
20:17:53.0203 1616 aswFsBlk - ok
20:17:53.0250 1616 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
20:17:53.0281 1616 aswMon2 - ok
20:17:53.0296 1616 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
20:17:53.0328 1616 AswRdr - ok
20:17:53.0375 1616 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
20:17:53.0453 1616 aswSnx - ok
20:17:53.0515 1616 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
20:17:53.0562 1616 aswSP - ok
20:17:53.0593 1616 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
20:17:53.0625 1616 aswTdi - ok
20:17:53.0656 1616 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:17:54.0000 1616 AsyncMac - ok
20:17:54.0031 1616 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:17:54.0390 1616 atapi - ok
20:17:54.0421 1616 Atdisk - ok
20:17:54.0468 1616 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:17:54.0812 1616 Atmarpc - ok
20:17:54.0843 1616 [ 40D78F514C8588EF12EC718D2AF0FC4E ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:17:55.0203 1616 AudioSrv - ok
20:17:55.0234 1616 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:17:55.0593 1616 audstub - ok
20:17:55.0703 1616 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:17:55.0734 1616 avast! Antivirus - ok
20:17:55.0765 1616 [ F50915EFCF5EFE30E32BC33952E92409 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
20:17:56.0156 1616 b57w2k - ok
20:17:56.0218 1616 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:17:56.0546 1616 Beep - ok
20:17:56.0625 1616 [ E774A26610EC92674273486612C11CFC ] BITS C:\WINDOWS\system32\qmgr.dll
20:17:57.0031 1616 BITS - ok
20:17:57.0062 1616 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:17:57.0125 1616 Bonjour Service - ok
20:17:57.0171 1616 [ E4E6A0922E3D983728C9AD4E8D466954 ] Bridge C:\WINDOWS\system32\DRIVERS\bridge.sys
20:17:57.0343 1616 Bridge - ok
20:17:57.0343 1616 [ E4E6A0922E3D983728C9AD4E8D466954 ] BridgeMP C:\WINDOWS\system32\DRIVERS\bridge.sys
20:17:57.0531 1616 BridgeMP - ok
20:17:57.0578 1616 [ F219E27E88107A50544153898DD8178E ] Browser C:\WINDOWS\System32\browser.dll
20:17:57.0921 1616 Browser - ok
20:17:57.0968 1616 [ 175418424B0973AE9004257EBC60431C ] Cardex C:\WINDOWS\system32\drivers\TBPANEL.SYS
20:17:57.0984 1616 Cardex ( UnsignedFile.Multi.Generic ) - warning
20:17:57.0984 1616 Cardex - detected UnsignedFile.Multi.Generic (1)
20:17:58.0015 1616 catchme - ok
20:17:58.0062 1616 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:17:58.0390 1616 cbidf2k - ok
20:17:58.0421 1616 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:17:58.0734 1616 CCDECODE - ok
20:17:58.0765 1616 cd20xrnt - ok
20:17:58.0812 1616 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:17:59.0187 1616 Cdaudio - ok
20:17:59.0218 1616 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:17:59.0562 1616 Cdfs - ok
20:17:59.0593 1616 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:17:59.0937 1616 Cdrom - ok
20:17:59.0968 1616 Changer - ok
20:18:00.0015 1616 [ 9E21229E04E1D301BB40222FE4641CB2 ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:18:00.0312 1616 CiSvc - ok
20:18:00.0359 1616 [ D3DC45553C8025338E08A60E95B1B91D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:18:00.0671 1616 ClipSrv - ok
20:18:00.0734 1616 [ 3C4D595E7F9B747325AEF28B4ADCAAE5 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:18:00.0796 1616 clr_optimization_v2.0.50727_32 - ok
20:18:00.0812 1616 CmdIde - ok
20:18:00.0828 1616 COMSysApp - ok
20:18:00.0890 1616 Cpqarray - ok
20:18:00.0921 1616 [ 70D2A1756F4B2067658A186C963FCABD ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:18:01.0250 1616 CryptSvc - ok
20:18:01.0296 1616 [ 798DDEC7FC30464F8CB6521122BEAD05 ] cwcspud C:\WINDOWS\system32\drivers\cwcspud.sys
20:18:01.0625 1616 cwcspud - ok
20:18:01.0656 1616 dac2w2k - ok
20:18:01.0687 1616 dac960nt - ok
20:18:01.0765 1616 [ DBDE980506B54AE928D151D12419B425 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:18:02.0796 1616 DcomLaunch - ok
20:18:02.0843 1616 [ 06A30F453CA4CB1431037E4813F697CB ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:18:03.0984 1616 Dhcp - ok
20:18:04.0015 1616 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:18:04.0343 1616 Disk - ok
20:18:04.0375 1616 dmadmin - ok
20:18:04.0437 1616 [ E1968EDEC81C430108FEB23AB07BDB14 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:18:04.0781 1616 dmboot - ok
20:18:04.0843 1616 [ 1B1520A82E396E46B9AE9FA6B03FF6C6 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:18:05.0140 1616 dmio - ok
20:18:05.0203 1616 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:18:05.0515 1616 dmload - ok
20:18:05.0562 1616 [ 7B3CA72885923EB947221F17F3E3AC59 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:18:05.0859 1616 dmserver - ok
20:18:05.0906 1616 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:18:06.0218 1616 DMusic - ok
20:18:06.0281 1616 [ 0EEF8922D46D4846B472B1F6FD0541BC ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:18:07.0390 1616 Dnscache - ok
20:18:07.0421 1616 dpti2o - ok
20:18:07.0468 1616 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:18:07.0812 1616 drmkaud - ok
20:18:07.0859 1616 [ 6E883BF518296A40959131C2304AF714 ] EL90XBC C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
20:18:08.0140 1616 EL90XBC - ok
20:18:08.0187 1616 [ D6F7428B201E33BC80066B47144CB568 ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:18:08.0515 1616 ERSvc - ok
20:18:08.0578 1616 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] Eventlog C:\WINDOWS\system32\services.exe
20:18:08.0890 1616 Eventlog - ok
20:18:08.0937 1616 [ 398314DF0B21338C4996B469101750D1 ] EventSystem C:\WINDOWS\System32\es.dll
20:18:09.0000 1616 EventSystem - ok
20:18:09.0046 1616 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:18:09.0328 1616 Fastfat - ok
20:18:09.0390 1616 [ E26EDC7AFA8DA3C528055EABC82C8C79 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:18:10.0531 1616 FastUserSwitchingCompatibility - ok
20:18:10.0562 1616 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
20:18:10.0875 1616 Fdc - ok
20:18:10.0921 1616 [ 266DAB58619B17BDF37FABBD48D875CA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:18:11.0218 1616 Fips - ok
20:18:11.0250 1616 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:18:11.0515 1616 Flpydisk - ok
20:18:11.0562 1616 [ 3D234FB6D6EE875EB009864A299BEA29 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:18:12.0750 1616 FltMgr - ok
20:18:12.0781 1616 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:18:13.0093 1616 Fs_Rec - ok
20:18:13.0140 1616 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:18:13.0437 1616 Ftdisk - ok
20:18:13.0468 1616 [ 5F92FD09E5610A5995DA7D775EADCD12 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
20:18:13.0765 1616 gameenum - ok
20:18:13.0828 1616 [ E80B2BED33F7AA34382572B4859B40BF ] genmcmn C:\WINDOWS\system32\DRIVERS\gmfiltr.sys
20:18:13.0875 1616 genmcmn - ok
20:18:13.0906 1616 [ 2736C0431EBBA90B6300E86719868631 ] genmcmnUSB C:\WINDOWS\system32\DRIVERS\gflmouhid.sys
20:18:13.0937 1616 genmcmnUSB - ok
20:18:13.0984 1616 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:18:14.0265 1616 Gpc - ok
20:18:14.0343 1616 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:18:14.0375 1616 gupdate - ok
20:18:14.0390 1616 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:18:14.0421 1616 gupdatem - ok
20:18:14.0453 1616 [ 751C1D2CA2ABF4A9F5A6B8D7D45B907C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:18:14.0484 1616 gusvc - ok
20:18:14.0531 1616 [ 7929A161F9951D173CA9900FE7067391 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
20:18:14.0546 1616 hamachi - ok
20:18:14.0609 1616 [ F59152272782FED8A8197FA788287F68 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:18:14.0906 1616 helpsvc - ok
20:18:14.0953 1616 [ 923EE4EEF2582909A056904CA8026015 ] hidgame C:\WINDOWS\system32\DRIVERS\hidgame.sys
20:18:15.0234 1616 hidgame - ok
20:18:15.0281 1616 [ D2DCF769E5A70027058AD5BE1F9B55BF ] HidServ C:\WINDOWS\System32\hidserv.dll
20:18:15.0562 1616 HidServ - ok
20:18:15.0593 1616 [ 1DE6783B918F540149AA69943BDFEBA8 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:18:15.0875 1616 hidusb - ok
20:18:15.0890 1616 hpn - ok
20:18:15.0953 1616 [ CB77BB47E67E84DEB17BA29632501730 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:18:17.0187 1616 HTTP - ok
20:18:17.0218 1616 [ DA826826C5C9116F47E0CD0CA8CC7C11 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:18:17.0562 1616 HTTPFilter - ok
20:18:17.0578 1616 i2omgmt - ok
20:18:17.0609 1616 i2omp - ok
20:18:17.0640 1616 [ 0F42DE9909B5DBF2C48DD1A79D491AF5 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:18:17.0937 1616 i8042prt - ok
20:18:17.0984 1616 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:18:18.0015 1616 IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:18:18.0015 1616 IDriverT - detected UnsignedFile.Multi.Generic (1)
20:18:18.0046 1616 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:18:18.0328 1616 Imapi - ok
20:18:18.0359 1616 [ CF9D286B34CB4912F3B28B4972D5CB33 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:18:18.0687 1616 ImapiService - ok
20:18:18.0718 1616 ini910u - ok
20:18:18.0750 1616 IntelIde - ok
20:18:18.0812 1616 [ 10A3AC0F0DF720AD3C3FD13861D50EB9 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:18:19.0109 1616 intelppm - ok
20:18:19.0156 1616 [ 4448006B6BC60E6C027932CFC38D6855 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
20:18:19.0421 1616 ip6fw - ok
20:18:19.0453 1616 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:18:19.0734 1616 IpFilterDriver - ok
20:18:19.0796 1616 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:18:20.0062 1616 IpInIp - ok
20:18:20.0109 1616 [ E2168CBC7098FFE963C6F23F472A3593 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:18:21.0375 1616 IpNat - ok
20:18:21.0421 1616 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:18:21.0718 1616 IPSec - ok
20:18:21.0750 1616 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:18:21.0921 1616 IRENUM - ok
20:18:21.0968 1616 [ 1091528512E4DD7ED5FDDCC4DF1C53D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:18:22.0234 1616 isapnp - ok
20:18:22.0312 1616 [ 381B25DC8E958D905B33130D500BBF29 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
20:18:22.0359 1616 JavaQuickStarterService - ok
20:18:22.0390 1616 [ 6F877BF8DC01A550CD666F3BEDB2213C ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:18:22.0703 1616 Kbdclass - ok
20:18:22.0734 1616 [ 065B5A83AA78C0C7047BF22E0AB5C821 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:18:23.0015 1616 kbdhid - ok
20:18:23.0062 1616 [ BA5DEDA4D934E6288C2F66CAF58D2562 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:18:24.0312 1616 kmixer - ok
20:18:24.0359 1616 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:18:24.0640 1616 KSecDD - ok
20:18:24.0703 1616 [ 9757F6E16FD1EAB54D6EB9D5EB3CBCB5 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
20:18:25.0984 1616 lanmanserver - ok
20:18:26.0031 1616 [ 57F5534F07DF14C6A74EC6A40B6D04D5 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:18:27.0296 1616 lanmanworkstation - ok
20:18:27.0328 1616 lbrtfdc - ok
20:18:27.0390 1616 [ 36FC312051A6919E97C5CDCE6360DDB4 ] lgmcbus C:\WINDOWS\system32\DRIVERS\lgmcbus.sys
20:18:27.0437 1616 lgmcbus - ok
20:18:27.0500 1616 [ 793F99799F1D857537CF1810283A7DB9 ] lgmcmdfl C:\WINDOWS\system32\DRIVERS\lgmcmdfl.sys
20:18:27.0515 1616 lgmcmdfl - ok
20:18:27.0531 1616 [ D991DBEE3A13F670928B4A9C07E67503 ] lgmcmdm C:\WINDOWS\system32\DRIVERS\lgmcmdm.sys
20:18:27.0562 1616 lgmcmdm - ok
20:18:27.0609 1616 [ 56B4145AC731DFB3458DC0D872B89291 ] lgusbsmodem C:\WINDOWS\system32\DRIVERS\lgusbsmodem.sys
20:18:27.0656 1616 lgusbsmodem - ok
20:18:27.0718 1616 [ 9696786759C4B43FA5C894747E893EA2 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
20:18:27.0750 1616 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
20:18:27.0750 1616 LightScribeService - detected UnsignedFile.Multi.Generic (1)
20:18:27.0781 1616 [ F9EE6D2AAB0690B34AE35BA9921A1414 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:18:28.0062 1616 LmHosts - ok
20:18:28.0093 1616 Lqs57 - ok
20:18:28.0140 1616 [ 4F74184920B2D6E33024409B4C5C57C1 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
20:18:28.0203 1616 McciCMService ( UnsignedFile.Multi.Generic ) - warning
20:18:28.0203 1616 McciCMService - detected UnsignedFile.Multi.Generic (1)
20:18:28.0234 1616 [ 8B2FCBD881879B55BE40B41F12FFC431 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:18:28.0515 1616 Messenger - ok
20:18:28.0546 1616 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:18:28.0828 1616 mnmdd - ok
20:18:28.0859 1616 [ 7D137132D6A9B41EF800E59A771ED48C ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
20:18:29.0140 1616 mnmsrvc - ok
20:18:29.0187 1616 [ 60210DEB037846AFE521EBF349964F6B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:18:29.0453 1616 Modem - ok
20:18:29.0500 1616 [ B160EC94114715675509115986400FD9 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:18:29.0765 1616 Mouclass - ok
20:18:29.0796 1616 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:18:30.0062 1616 mouhid - ok
20:18:30.0109 1616 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:18:30.0375 1616 MountMgr - ok
20:18:30.0390 1616 mraid35x - ok
20:18:30.0437 1616 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
20:18:30.0453 1616 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
20:18:30.0453 1616 MREMP50 - detected UnsignedFile.Multi.Generic (1)
20:18:30.0484 1616 MREMP50a64 - ok
20:18:30.0500 1616 MREMPR5 - ok
20:18:30.0531 1616 MRENDIS5 - ok
20:18:30.0562 1616 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
20:18:30.0593 1616 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
20:18:30.0593 1616 MRESP50 - detected UnsignedFile.Multi.Generic (1)
20:18:30.0609 1616 MRESP50a64 - ok
20:18:30.0671 1616 [ 29414447EB5BDE2F8397DC965DBB3156 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:18:32.0015 1616 MRxDAV - ok
20:18:32.0093 1616 [ 6F2D483B97B395544E59749C47963C6A ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:18:32.0156 1616 MRxSmb - ok
20:18:32.0218 1616 [ 944A24032AED84C59455B981F6CA1C1A ] MSDTC C:\WINDOWS\System32\msdtc.exe
20:18:32.0484 1616 MSDTC - ok
20:18:32.0531 1616 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:18:32.0812 1616 Msfs - ok
20:18:32.0843 1616 MSIServer - ok
20:18:32.0875 1616 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:18:33.0140 1616 MSKSSRV - ok
20:18:33.0171 1616 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:18:33.0453 1616 MSPCLOCK - ok
20:18:33.0468 1616 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:18:33.0765 1616 MSPQM - ok
20:18:33.0812 1616 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:18:34.0078 1616 mssmbios - ok
20:18:34.0140 1616 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
20:18:34.0406 1616 MSTEE - ok
20:18:34.0437 1616 [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys
20:18:34.0718 1616 ms_mpu401 - ok
20:18:34.0750 1616 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:18:35.0015 1616 Mup - ok
20:18:35.0046 1616 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:18:35.0343 1616 NABTSFEC - ok
20:18:35.0375 1616 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:18:35.0671 1616 NDIS - ok
20:18:35.0703 1616 [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:18:35.0968 1616 NdisIP - ok
20:18:36.0015 1616 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:18:36.0312 1616 NdisTapi - ok
20:18:36.0343 1616 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:18:36.0625 1616 Ndisuio - ok
20:18:36.0671 1616 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:18:36.0953 1616 NdisWan - ok
20:18:36.0984 1616 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:18:37.0250 1616 NDProxy - ok
20:18:37.0296 1616 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:18:37.0593 1616 NetBIOS - ok
20:18:37.0656 1616 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:18:37.0953 1616 NetBT - ok
20:18:38.0000 1616 [ 818053225BF4AAC5F0F718001E492F70 ] NetDDE C:\WINDOWS\system32\netdde.exe
20:18:38.0281 1616 NetDDE - ok
20:18:38.0296 1616 [ 818053225BF4AAC5F0F718001E492F70 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:18:38.0578 1616 NetDDEdsdm - ok
20:18:38.0640 1616 [ 82A362FE1D4980B71B588D9C10748511 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:18:38.0906 1616 Netlogon - ok
20:18:38.0968 1616 [ 86AD5B0E02F2C968FBB096AB4C555C9C ] Netman C:\WINDOWS\System32\netman.dll
20:18:40.0296 1616 Netman - ok
20:18:40.0343 1616 [ A6E79B60AC73241E5721AB6A573D2B24 ] Nla C:\WINDOWS\System32\mswsock.dll
20:18:40.0500 1616 Nla - ok
20:18:40.0562 1616 [ 696B37EA78F9D9767A2F18BA0304A51A ] nmwcd C:\WINDOWS\system32\drivers\nmwcd.sys
20:18:40.0687 1616 nmwcd - ok
20:18:40.0718 1616 [ BBB6010FC01D9239D88FCDF133E03FF0 ] nmwcdc C:\WINDOWS\system32\drivers\nmwcdc.sys
20:18:40.0781 1616 nmwcdc - ok
20:18:40.0828 1616 [ 4C3726467D67483F054C88F058E9C153 ] nmwcdcj C:\WINDOWS\system32\drivers\nmwcdcj.sys
20:18:40.0906 1616 nmwcdcj - ok
20:18:40.0953 1616 [ 4C3726467D67483F054C88F058E9C153 ] nmwcdcm C:\WINDOWS\system32\drivers\nmwcdcm.sys
20:18:41.0000 1616 nmwcdcm - ok
20:18:41.0046 1616 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:18:41.0312 1616 Npfs - ok
20:18:41.0390 1616 [ 19A811EF5F1ED5C926A028CE107FF1AF ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:18:42.0703 1616 Ntfs - ok
20:18:42.0734 1616 [ 82A362FE1D4980B71B588D9C10748511 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
20:18:43.0015 1616 NtLmSsp - ok
20:18:43.0078 1616 [ D8D2B13BA93AE830B1A637DF571D1195 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:18:43.0390 1616 NtmsSvc - ok
20:18:43.0406 1616 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:18:43.0687 1616 Null - ok
20:18:44.0218 1616 [ 4B54DCD6ADEE535DF80F07C59DDD8F14 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:18:45.0656 1616 nv - ok
20:18:45.0703 1616 [ 0573C75A2895D973EA6EF2495620BA49 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
20:18:45.0765 1616 NVSvc - ok
20:18:45.0906 1616 [ 9C84945FEEE40EA42D3BCA5C22250D47 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
20:18:46.0109 1616 nvUpdatusService - ok
20:18:46.0140 1616 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:18:46.0421 1616 NwlnkFlt - ok
20:18:46.0453 1616 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:18:46.0734 1616 NwlnkFwd - ok
20:18:46.0781 1616 [ 79EA3FCDA7067977625B3363A2657C80 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
20:18:47.0062 1616 NwlnkIpx - ok
20:18:47.0093 1616 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
20:18:47.0375 1616 NwlnkNb - ok
20:18:47.0406 1616 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
20:18:47.0687 1616 NwlnkSpx - ok
20:18:47.0734 1616 [ 0951DB8E5823EA366B0E408D71E1BA2A ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:18:48.0031 1616 ohci1394 - ok
20:18:48.0078 1616 [ 76A18CAA2FEFB28A4CED38D76837E86E ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
20:18:48.0359 1616 Parport - ok
20:18:48.0390 1616 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:18:48.0671 1616 PartMgr - ok
20:18:48.0718 1616 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:18:48.0984 1616 ParVdm - ok
20:18:49.0031 1616 [ B7979F37BB7B9DF2230046134955E6E7 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:18:49.0312 1616 PCI - ok
20:18:49.0359 1616 PCIDump - ok
20:18:49.0390 1616 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:18:49.0656 1616 PCIIde - ok
20:18:49.0703 1616 [ 90505755634407D4EF4C6DEA60FC1DF9 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
20:18:49.0984 1616 Pcmcia - ok
20:18:50.0015 1616 PDCOMP - ok
20:18:50.0046 1616 PDFRAME - ok
20:18:50.0062 1616 PDRELI - ok
20:18:50.0109 1616 PDRFRAME - ok
20:18:50.0125 1616 perc2 - ok
20:18:50.0156 1616 perc2hib - ok
20:18:50.0234 1616 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] PlugPlay C:\WINDOWS\system32\services.exe
20:18:50.0531 1616 PlugPlay - ok
20:18:50.0562 1616 [ 2E3394C8EBF31A9B4F0A531EB5CC7BC7 ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys
20:18:50.0593 1616 Point32 - ok
20:18:50.0609 1616 [ 82A362FE1D4980B71B588D9C10748511 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:18:50.0906 1616 PolicyAgent - ok
20:18:50.0968 1616 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:18:51.0265 1616 PptpMiniport - ok
20:18:51.0281 1616 [ 82A362FE1D4980B71B588D9C10748511 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:18:51.0562 1616 ProtectedStorage - ok
20:18:51.0593 1616 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:18:51.0890 1616 PSched - ok
20:18:51.0921 1616 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
20:18:51.0953 1616 PSI_SVC_2 - ok
20:18:51.0984 1616 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:18:52.0265 1616 Ptilink - ok
20:18:52.0328 1616 [ 183EF96BCC2EC3D5294CB2C2C0ECBCD1 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:18:52.0343 1616 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
20:18:52.0343 1616 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
20:18:52.0359 1616 ql1080 - ok
20:18:52.0390 1616 Ql10wnt - ok
20:18:52.0406 1616 ql12160 - ok
20:18:52.0437 1616 ql1240 - ok
20:18:52.0468 1616 ql1280 - ok
20:18:52.0500 1616 Qtw60 - ok
20:18:52.0531 1616 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:18:52.0812 1616 RasAcd - ok
20:18:52.0859 1616 [ E68B6F9A726A444059705AB43B5656D1 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:18:53.0140 1616 RasAuto - ok
20:18:53.0171 1616 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:18:53.0453 1616 Rasl2tp - ok
20:18:53.0515 1616 [ 43A5C7969718EE00940A6D096960DBC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:18:54.0812 1616 RasMan - ok
20:18:54.0859 1616 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:18:55.0156 1616 RasPppoe - ok
20:18:55.0203 1616 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:18:55.0468 1616 Raspti - ok
20:18:55.0515 1616 [ 03B965B1CA47F6EF60EB5E51CB50E0AF ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:18:56.0875 1616 Rdbss - ok
20:18:56.0906 1616 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:18:57.0171 1616 RDPCDD - ok
20:18:57.0218 1616 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:18:57.0500 1616 rdpdr - ok
20:18:57.0562 1616 [ B54CD38A9EBFBF2B3561426E3FE26F62 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:18:58.0968 1616 RDPWD - ok
20:18:59.0000 1616 [ 125ACF258DA9633F748131A0E0185AF3 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:18:59.0328 1616 RDSessMgr - ok
20:18:59.0359 1616 [ ABA13D33E1F888C9A68599A48A8840D6 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:18:59.0656 1616 redbook - ok
20:18:59.0703 1616 [ EB5E1A601E5A1908A87E4D5A41803D98 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:18:59.0968 1616 RemoteAccess - ok
20:19:00.0015 1616 [ 5B21208FCF8970BB61FE98E19D828714 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
20:19:00.0296 1616 RemoteRegistry - ok
20:19:00.0343 1616 [ C8A3B668985D61249F2DC71716C58DE8 ] RpcLocator C:\WINDOWS\System32\locator.exe
20:19:00.0625 1616 RpcLocator - ok
20:19:00.0671 1616 [ DBDE980506B54AE928D151D12419B425 ] RpcSs C:\WINDOWS\System32\rpcss.dll
20:19:01.0859 1616 RpcSs - ok
20:19:01.0906 1616 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\System32\rsvp.exe
20:19:02.0171 1616 RSVP - ok
20:19:02.0218 1616 [ 6F6CE24F243458C92B54E0016AD46BD7 ] RT2500USB C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
20:19:02.0265 1616 RT2500USB - ok
20:19:02.0312 1616 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
20:19:02.0562 1616 rtl8139 - ok
20:19:02.0593 1616 [ 82A362FE1D4980B71B588D9C10748511 ] SamSs C:\WINDOWS\system32\lsass.exe
20:19:02.0890 1616 SamSs - ok
20:19:02.0921 1616 [ C177354E995CC1AA1F767BCD9980434A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:19:03.0218 1616 SCardSvr - ok
20:19:03.0296 1616 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:19:04.0640 1616 Secdrv - ok
20:19:04.0687 1616 [ C76CB8A133374FAC6805F83FF7B7DA03 ] seclogon C:\WINDOWS\System32\seclogon.dll
20:19:04.0968 1616 seclogon - ok
20:19:05.0000 1616 [ 220AD85BA9C5B3011296354011B901CC ] SENS C:\WINDOWS\system32\sens.dll
20:19:05.0296 1616 SENS - ok
20:19:05.0328 1616 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
20:19:05.0593 1616 serenum - ok
20:19:05.0625 1616 [ C1DDBC85251551A840212999DA3D95F3 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
20:19:05.0921 1616 Serial - ok
20:19:05.0968 1616 [ 78546CD2ECA6DD6BDCD4B13048621F88 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
20:19:06.0015 1616 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
20:19:06.0015 1616 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
20:19:06.0046 1616 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:19:06.0328 1616 Sfloppy - ok
20:19:06.0406 1616 [ 6A93501BCDEBF159109429B022C0FF83 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:19:06.0703 1616 SharedAccess - ok
20:19:06.0750 1616 [ E26EDC7AFA8DA3C528055EABC82C8C79 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:19:08.0046 1616 ShellHWDetection - ok
20:19:08.0062 1616 Simbad - ok
20:19:08.0109 1616 [ 61CA562DEF09A782D26B3E7EDEC5369A ] sisagp C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
20:19:08.0156 1616 sisagp - ok
20:19:08.0218 1616 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:19:08.0500 1616 SLIP - ok
20:19:08.0546 1616 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
20:19:08.0812 1616 SONYPVU1 - ok
20:19:08.0843 1616 Sparrow - ok
20:19:08.0890 1616 [ 0CE218578FFF5F4F7E4201539C45C78F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:19:10.0171 1616 splitter - ok
20:19:10.0234 1616 [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:19:11.0609 1616 Spooler - ok
20:19:11.0687 1616 [ 71E276F6D189413266EA22171806597B ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
20:19:11.0687 1616 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71E276F6D189413266EA22171806597B
20:19:11.0703 1616 sptd ( LockedFile.Multi.Generic ) - warning
20:19:11.0703 1616 sptd - detected LockedFile.Multi.Generic (1)
20:19:11.0750 1616 [ A74035EA526DB97D9D50D2143A55F5CF ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:19:11.0937 1616 sr - ok
20:19:11.0984 1616 [ 3CD57F31A64D32FDB28918B16D1E6AAC ] srservice C:\WINDOWS\system32\srsvc.dll
20:19:12.0203 1616 srservice - ok
20:19:12.0265 1616 [ 7A0111577D8046633D5162A3CE15E9E1 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:19:12.0328 1616 Srv - ok
20:19:12.0375 1616 [ 88C28F53F53438DAFCD95E99C837C61E ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:19:12.0562 1616 SSDPSRV - ok
20:19:12.0625 1616 [ B824215A934A24928CDDD1EF7E113035 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:19:14.0093 1616 stisvc - ok
20:19:14.0468 1616 [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:19:15.0015 1616 streamip - ok
20:19:15.0046 1616 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:19:15.0687 1616 swenum - ok
20:19:15.0718 1616 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:19:16.0046 1616 swmidi - ok
20:19:16.0062 1616 SwPrv - ok
20:19:16.0093 1616 symc810 - ok
20:19:16.0109 1616 symc8xx - ok
20:19:16.0140 1616 sym_hi - ok
20:19:16.0156 1616 sym_u3 - ok
20:19:16.0203 1616 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:19:16.0468 1616 sysaudio - ok
20:19:16.0515 1616 [ D9C9ECFF4904E6151525C533AEEDF8F4 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:19:16.0812 1616 SysmonLog - ok
20:19:16.0859 1616 [ 250241D65CCF692AEACC318A266413C2 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:19:18.0203 1616 TapiSrv - ok
20:19:18.0234 1616 [ 175418424B0973AE9004257EBC60431C ] TBPanel C:\WINDOWS\system32\drivers\TBPanel.sys
20:19:18.0265 1616 TBPanel ( UnsignedFile.Multi.Generic ) - warning
20:19:18.0265 1616 TBPanel - detected UnsignedFile.Multi.Generic (1)
20:19:18.0312 1616 [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:19:18.0453 1616 Tcpip - ok
20:19:18.0484 1616 [ 00586ED87AB564B03870A2A3DCC84B55 ] Tcpip6 C:\WINDOWS\system32\DRIVERS\tcpip6.sys
20:19:18.0656 1616 Tcpip6 - ok
20:19:18.0687 1616 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:19:18.0968 1616 TDPIPE - ok
20:19:19.0093 1616 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:19:19.0375 1616 TDTCP - ok
20:19:19.0406 1616 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:19:19.0984 1616 TermDD - ok
20:19:20.0031 1616 [ 2F5919F2F6EE7A845893D9C3AA2BC56A ] TermService C:\WINDOWS\System32\termsrv.dll
20:19:20.0359 1616 TermService - ok
20:19:20.0375 1616 [ E26EDC7AFA8DA3C528055EABC82C8C79 ] Themes C:\WINDOWS\System32\shsvcs.dll
20:19:21.0546 1616 Themes - ok
20:19:21.0578 1616 [ 535C2FB97336BAFA509F4783DD1E5746 ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
20:19:21.0781 1616 TlntSvr - ok
20:19:21.0796 1616 TosIde - ok
20:19:21.0828 1616 [ 4DCE17221B1A87FB47E36842F3E38753 ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:19:22.0125 1616 TrkWks - ok
20:19:22.0171 1616 [ 87A0E9E18C10A9E454238E3330E2A26D ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys
20:19:22.0437 1616 tunmp - ok
20:19:22.0468 1616 [ E266683FC95ABDEC17CD378564E1B54B ] TVICHW32 C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
20:19:22.0484 1616 TVICHW32 ( UnsignedFile.Multi.Generic ) - warning
20:19:22.0484 1616 TVICHW32 - detected UnsignedFile.Multi.Generic (1)
20:19:22.0515 1616 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:19:22.0796 1616 Udfs - ok
20:19:22.0812 1616 ultra - ok
20:19:22.0859 1616 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:19:23.0140 1616 Update - ok
20:19:23.0203 1616 [ 0C0C2C77C6B52181369594F2AA36AF40 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:19:24.0578 1616 upnphost - ok
20:19:24.0609 1616 [ 6148A3BA4D9CC628357FC92014FEA30E ] UPS C:\WINDOWS\System32\ups.exe
20:19:24.0906 1616 UPS - ok
20:19:24.0937 1616 [ 5AADC9297C39AA249CD994ACDBA19034 ] usbbus C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
20:19:25.0000 1616 usbbus - ok
20:19:25.0031 1616 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:19:25.0312 1616 usbccgp - ok
20:19:25.0359 1616 [ 4650FFE04E5922399B0E932319E6B215 ] UsbDiag C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
20:19:25.0406 1616 UsbDiag - ok
20:19:25.0453 1616 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:19:25.0734 1616 usbehci - ok
20:19:25.0750 1616 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:19:26.0046 1616 usbhub - ok
20:19:26.0062 1616 [ 2666FE171E0C2E7085CCD5FE0BAC09E3 ] USBModem C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
20:19:26.0093 1616 USBModem - ok
20:19:26.0109 1616 [ BDFE799A8531BAD8A5A985821FE78760 ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:19:26.0390 1616 usbohci - ok
20:19:26.0437 1616 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:19:26.0718 1616 usbprint - ok
20:19:26.0750 1616 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:19:27.0015 1616 usbscan - ok
20:19:27.0046 1616 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:19:27.0312 1616 USBSTOR - ok
20:19:27.0343 1616 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:19:27.0625 1616 usbuhci - ok
20:19:27.0656 1616 [ 8968FF3973A883C49E8B564200F565B9 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
20:19:28.0078 1616 usbvideo - ok
20:19:28.0109 1616 [ D40A2F00DA5A23A254C7B9C1678043C1 ] UserAccess7 C:\WINDOWS\system32\UAService7.exe
20:19:28.0171 1616 UserAccess7 ( UnsignedFile.Multi.Generic ) - warning
20:19:28.0171 1616 UserAccess7 - detected UnsignedFile.Multi.Generic (1)
20:19:28.0234 1616 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:19:28.0562 1616 VgaSave - ok
20:19:28.0578 1616 ViaIde - ok
20:19:28.0625 1616 [ 0F0CFDB1EBFF88AB998003C65CD79B4B ] VMUVC C:\WINDOWS\system32\Drivers\VMUVC.sys
20:19:28.0703 1616 VMUVC - ok
20:19:28.0734 1616 [ CD8CCE067F7E9CBD762C00BDDDECAA34 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:19:29.0125 1616 VolSnap - ok
20:19:29.0171 1616 [ 043539881667BB37B07524032D6FFC3E ] VSS C:\WINDOWS\System32\vssvc.exe
20:19:29.0406 1616 VSS - ok
20:19:29.0468 1616 [ D3EE7CC6B0C29083A874DB9D890BCEB5 ] vvftUVC C:\WINDOWS\system32\drivers\vvftUVC.sys
20:19:29.0531 1616 vvftUVC - ok
20:19:29.0578 1616 [ 2CEEBB402187AE56B585701F3D191FB3 ] W32Time C:\WINDOWS\system32\w32time.dll
20:19:29.0890 1616 W32Time - ok
20:19:29.0937 1616 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:19:30.0203 1616 Wanarp - ok
20:19:30.0218 1616 WDICA - ok
20:19:30.0265 1616 [ EFD235CA22B57C81118C1AEB4798F1C1 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:19:31.0921 1616 wdmaud - ok
20:19:31.0968 1616 [ 4BD50644CF52F00091F894AB7541E538 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:19:33.0500 1616 WebClient - ok
20:19:33.0578 1616 [ E12084EA622BDF2262C637BEF15DD85C ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:19:33.0921 1616 winmgmt - ok
20:19:34.0000 1616 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
20:19:34.0078 1616 WmdmPmSN - ok
20:19:34.0156 1616 [ 0CDC4A0C6B820FAD99FB4CA74CD0C476 ] Wmi C:\WINDOWS\System32\advapi32.dll
20:19:34.0453 1616 Wmi - ok
20:19:34.0531 1616 [ BCD21B989F0FD4ACE78287FC01B4693D ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
20:19:34.0812 1616 WmiApSrv - ok
20:19:34.0906 1616 [ 3739866D20ABD42F26A7B85F9E2560AF ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
20:19:34.0984 1616 WMPNetworkSvc - ok
20:19:35.0046 1616 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:19:35.0078 1616 WpdUsb - ok
20:19:35.0125 1616 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:19:35.0390 1616 WS2IFSL - ok
20:19:35.0437 1616 [ 4ADED1ADEF25041D9827F9A79C0FDA13 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:19:35.0718 1616 wscsvc - ok
20:19:35.0765 1616 [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:19:36.0046 1616 WSTCODEC - ok
20:19:36.0078 1616 [ 21F5169CA14E0B25C757644456F637DF ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:19:36.0421 1616 wuauserv - ok
20:19:36.0468 1616 [ 729F76CD53AF1685CA4C4C058519C58C ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:19:36.0531 1616 WudfPf - ok
20:19:36.0562 1616 [ A2AAFCC8A204736296D937C7C545B53F ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:19:36.0593 1616 WudfRd - ok
20:19:36.0640 1616 [ DB5BF5AAB72B1B99B5331231D09EBB26 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
20:19:36.0687 1616 WudfSvc - ok
20:19:36.0750 1616 [ 325CEDEF696EF4B649DDCD3968D085C9 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:19:37.0062 1616 WZCSVC - ok
20:19:37.0109 1616 [ 9B835D4C64860B155A1701D5092EC9E4 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:19:37.0437 1616 xmlprov - ok
20:19:37.0546 1616 ================ Scan global ===============================
20:19:37.0578 1616 [ F642F3368D2839798DA79E7BA9218481 ] C:\WINDOWS\system32\basesrv.dll
20:19:37.0625 1616 [ 5869828D4A83BA8F9519630C40044C87 ] C:\WINDOWS\system32\winsrv.dll
20:19:37.0687 1616 [ 5869828D4A83BA8F9519630C40044C87 ] C:\WINDOWS\system32\winsrv.dll
20:19:37.0734 1616 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] C:\WINDOWS\system32\services.exe
20:19:37.0750 1616 [Global] - ok
20:19:37.0765 1616 ================ Scan MBR ==================================
20:19:37.0781 1616 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
20:19:37.0984 1616 \Device\Harddisk0\DR0 - ok
20:19:37.0984 1616 ================ Scan VBR ==================================
20:19:38.0000 1616 [ B59F731C818C6CD636A686C69FE57392 ] \Device\Harddisk0\DR0\Partition1
20:19:38.0000 1616 \Device\Harddisk0\DR0\Partition1 - ok
20:19:38.0000 1616 ============================================================
20:19:38.0000 1616 Scan finished
20:19:38.0000 1616 ============================================================
20:19:38.0171 2044 Detected object count: 15
20:19:38.0171 2044 Actual detected object count: 15
20:20:01.0500 2044 ACPI ( Virus.Win32.Rloader.a ) - skipped by user
20:20:01.0500 2044 ACPI ( Virus.Win32.Rloader.a ) - User select action: Skip
20:20:01.0500 2044 ALCXWDM ( UnsignedFile.Multi.Generic ) - skipped by user
20:20:01.0515 2044 ALCXWDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:20:01.0515 2044 ASNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
20:20:01.0515 2044 ASNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:20:01.0531 2044 Cardex ( UnsignedFile.Multi.Generic ) - skipped by user
20:20:01.0531 2044 Cardex ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:20:01.0546 2044 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:20:01.0546 2044 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:20:01.0562 2044 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
20:20:01.0562 2044 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:20:01.0562 2044 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
20:20:01.0578 2044 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:20:01.0593 2044 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
20:20:01.0593 2044 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:20:01.0593 2044 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
20:20:01.0593 2044 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:20:01.0609 2044 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
20:20:01.0609 2044 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:20:01.0625 2044 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
20:20:01.0625 2044 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:20:01.0625 2044 sptd ( LockedFile.Multi.Generic ) - skipped by user
20:20:01.0625 2044 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
20:20:01.0640 2044 TBPanel ( UnsignedFile.Multi.Generic ) - skipped by user
20:20:01.0640 2044 TBPanel ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:20:01.0656 2044 TVICHW32 ( UnsignedFile.Multi.Generic ) - skipped by user
20:20:01.0656 2044 TVICHW32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:20:01.0671 2044 UserAccess7 ( UnsignedFile.Multi.Generic ) - skipped by user
20:20:01.0671 2044 UserAccess7 ( UnsignedFile.Multi.Generic ) - User select action: Skip

[vyosek]

Znovu TDSSKiller a u polozky ACPI ( Virus.Win32.Rloader.a ) nechte predvolenou moznost, bude zrejme vyzadan restart, udelejte, log pak sem

[honzapetr]

20:27:21.0500 0284 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:27:21.0796 0284 ============================================================
20:27:21.0796 0284 Current date / time: 2013/02/02 20:27:21.0796
20:27:21.0796 0284 SystemInfo:
20:27:21.0796 0284
20:27:21.0796 0284 OS Version: 5.1.2600 ServicePack: 2.0
20:27:21.0796 0284 Product type: Workstation
20:27:21.0796 0284 ComputerName: HONZA
20:27:21.0812 0284 UserName: Administrator
20:27:21.0812 0284 Windows directory: C:\WINDOWS
20:27:21.0812 0284 System windows directory: C:\WINDOWS
20:27:21.0812 0284 Processor architecture: Intel x86
20:27:21.0812 0284 Number of processors: 1
20:27:21.0812 0284 Page size: 0x1000
20:27:21.0812 0284 Boot type: Normal boot
20:27:21.0812 0284 ============================================================
20:27:23.0109 0284 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:27:23.0125 0284 ============================================================
20:27:23.0125 0284 \Device\Harddisk0\DR0:
20:27:23.0125 0284 MBR partitions:
20:27:23.0125 0284 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
20:27:23.0125 0284 ============================================================
20:27:23.0140 0284 C: <-> \Device\Harddisk0\DR0\Partition1
20:27:23.0140 0284 ============================================================
20:27:23.0140 0284 Initialize success
20:27:23.0140 0284 ============================================================
20:27:31.0296 3492 ============================================================
20:27:31.0296 3492 Scan started
20:27:31.0296 3492 Mode: Manual; SigCheck; TDLFS;
20:27:31.0296 3492 ============================================================
20:27:31.0640 3492 ================ Scan system memory ========================
20:27:31.0640 3492 System memory - ok
20:27:31.0656 3492 ================ Scan services =============================
20:27:31.0765 3492 3259 - ok
20:27:31.0890 3492 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
20:27:32.0093 3492 Aavmker4 - ok
20:27:32.0109 3492 Abiosdsk - ok
20:27:32.0140 3492 abp480n5 - ok
20:27:32.0187 3492 [ 2F0138E3EAFABE968A768E95B59BC9D7 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:27:32.0203 3492 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: 2F0138E3EAFABE968A768E95B59BC9D7, Fake md5: FA2FBCDA96D2385F773B059FE5A125A6
20:27:32.0203 3492 ACPI ( Virus.Win32.Rloader.a ) - infected
20:27:32.0203 3492 ACPI - detected Virus.Win32.Rloader.a (0)
20:27:32.0250 3492 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
20:27:32.0703 3492 ACPIEC - ok
20:27:32.0718 3492 adpu160m - ok
20:27:32.0781 3492 [ 1EE7B434BA961EF845DE136224C30FEC ] aec C:\WINDOWS\system32\drivers\aec.sys
20:27:33.0515 3492 aec - ok
20:27:33.0578 3492 [ 55E6E1C51B6D30E54335750955453702 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:27:33.0593 3492 AFD - ok
20:27:33.0625 3492 Aha154x - ok
20:27:33.0640 3492 aic78u2 - ok
20:27:33.0671 3492 aic78xx - ok
20:27:33.0859 3492 [ F3E15607BA53249C765E36388B332C2F ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
20:27:34.0140 3492 ALCXWDM ( UnsignedFile.Multi.Generic ) - warning
20:27:34.0140 3492 ALCXWDM - detected UnsignedFile.Multi.Generic (1)
20:27:34.0187 3492 [ 026DDAA7E6F8D49DF82C7A98BAE5D0D1 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:27:34.0500 3492 Alerter - ok
20:27:34.0531 3492 [ B3F690BF43F93A012A52F28F234FAA1B ] ALG C:\WINDOWS\System32\alg.exe
20:27:34.0718 3492 ALG - ok
20:27:34.0750 3492 AliIde - ok
20:27:34.0796 3492 [ 2CC3BF45AC3180FE29C199BD95F09601 ] AmdK7 C:\WINDOWS\system32\DRIVERS\amdk7.sys
20:27:35.0125 3492 AmdK7 - ok
20:27:35.0156 3492 amsint - ok
20:27:35.0203 3492 [ 421184F91EAE5C6E78E653C6B32AAE84 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
20:27:35.0421 3492 AppMgmt - ok
20:27:35.0437 3492 asc - ok
20:27:35.0453 3492 asc3350p - ok
20:27:35.0484 3492 asc3550 - ok
20:27:35.0531 3492 [ 05A56C3156E1B6CC7BBD8E1D54D491F2 ] ASNDIS5 C:\WINDOWS\system32\ASNDIS5.SYS
20:27:35.0546 3492 ASNDIS5 ( UnsignedFile.Multi.Generic ) - warning
20:27:35.0546 3492 ASNDIS5 - detected UnsignedFile.Multi.Generic (1)
20:27:35.0640 3492 [ D33C507942299753868204CC7642FA27 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:27:35.0656 3492 aspnet_state - ok
20:27:35.0687 3492 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
20:27:35.0703 3492 aswFsBlk - ok
20:27:35.0765 3492 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
20:27:35.0781 3492 aswMon2 - ok
20:27:35.0812 3492 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
20:27:35.0843 3492 AswRdr - ok
20:27:35.0906 3492 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
20:27:35.0953 3492 aswSnx - ok
20:27:36.0015 3492 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
20:27:36.0046 3492 aswSP - ok
20:27:36.0093 3492 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
20:27:36.0109 3492 aswTdi - ok
20:27:36.0156 3492 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:27:36.0484 3492 AsyncMac - ok
20:27:36.0515 3492 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:27:36.0859 3492 atapi - ok
20:27:36.0890 3492 Atdisk - ok
20:27:36.0937 3492 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:27:37.0296 3492 Atmarpc - ok
20:27:37.0328 3492 [ 40D78F514C8588EF12EC718D2AF0FC4E ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:27:37.0687 3492 AudioSrv - ok
20:27:37.0718 3492 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:27:38.0078 3492 audstub - ok
20:27:38.0171 3492 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:27:38.0187 3492 avast! Antivirus - ok
20:27:38.0234 3492 [ F50915EFCF5EFE30E32BC33952E92409 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
20:27:38.0609 3492 b57w2k - ok
20:27:38.0671 3492 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:27:39.0015 3492 Beep - ok
20:27:39.0078 3492 [ E774A26610EC92674273486612C11CFC ] BITS C:\WINDOWS\system32\qmgr.dll
20:27:39.0437 3492 BITS - ok
20:27:39.0468 3492 [ 3F56903E124E820AEECE6D471583C6C1 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:27:39.0500 3492 Bonjour Service - ok
20:27:39.0531 3492 [ E4E6A0922E3D983728C9AD4E8D466954 ] Bridge C:\WINDOWS\system32\DRIVERS\bridge.sys
20:27:39.0718 3492 Bridge - ok
20:27:39.0734 3492 [ E4E6A0922E3D983728C9AD4E8D466954 ] BridgeMP C:\WINDOWS\system32\DRIVERS\bridge.sys
20:27:39.0921 3492 BridgeMP - ok
20:27:39.0968 3492 [ F219E27E88107A50544153898DD8178E ] Browser C:\WINDOWS\System32\browser.dll
20:27:40.0312 3492 Browser - ok
20:27:40.0343 3492 [ 175418424B0973AE9004257EBC60431C ] Cardex C:\WINDOWS\system32\drivers\TBPANEL.SYS
20:27:40.0359 3492 Cardex ( UnsignedFile.Multi.Generic ) - warning
20:27:40.0359 3492 Cardex - detected UnsignedFile.Multi.Generic (1)
20:27:40.0390 3492 catchme - ok
20:27:40.0437 3492 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:27:40.0796 3492 cbidf2k - ok
20:27:40.0828 3492 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:27:41.0203 3492 CCDECODE - ok
20:27:41.0218 3492 cd20xrnt - ok
20:27:41.0250 3492 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:27:41.0593 3492 Cdaudio - ok
20:27:41.0625 3492 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:27:42.0015 3492 Cdfs - ok
20:27:42.0062 3492 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:27:42.0437 3492 Cdrom - ok
20:27:42.0453 3492 Changer - ok
20:27:42.0500 3492 [ 9E21229E04E1D301BB40222FE4641CB2 ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:27:42.0828 3492 CiSvc - ok
20:27:42.0875 3492 [ D3DC45553C8025338E08A60E95B1B91D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:27:43.0250 3492 ClipSrv - ok
20:27:43.0281 3492 [ 3C4D595E7F9B747325AEF28B4ADCAAE5 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:27:43.0296 3492 clr_optimization_v2.0.50727_32 - ok
20:27:43.0312 3492 CmdIde - ok
20:27:43.0343 3492 COMSysApp - ok
20:27:43.0390 3492 Cpqarray - ok
20:27:43.0421 3492 [ 70D2A1756F4B2067658A186C963FCABD ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:27:43.0781 3492 CryptSvc - ok
20:27:43.0828 3492 [ 798DDEC7FC30464F8CB6521122BEAD05 ] cwcspud C:\WINDOWS\system32\drivers\cwcspud.sys
20:27:44.0171 3492 cwcspud - ok
20:27:44.0203 3492 dac2w2k - ok
20:27:44.0234 3492 dac960nt - ok
20:27:44.0296 3492 [ DBDE980506B54AE928D151D12419B425 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:27:45.0343 3492 DcomLaunch - ok
20:27:45.0390 3492 [ 06A30F453CA4CB1431037E4813F697CB ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:27:46.0531 3492 Dhcp - ok
20:27:46.0546 3492 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:27:46.0906 3492 Disk - ok
20:27:46.0937 3492 dmadmin - ok
20:27:47.0000 3492 [ E1968EDEC81C430108FEB23AB07BDB14 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:27:47.0359 3492 dmboot - ok
20:27:47.0406 3492 [ 1B1520A82E396E46B9AE9FA6B03FF6C6 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:27:47.0734 3492 dmio - ok
20:27:47.0781 3492 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:27:48.0109 3492 dmload - ok
20:27:48.0171 3492 [ 7B3CA72885923EB947221F17F3E3AC59 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:27:48.0484 3492 dmserver - ok
20:27:48.0500 3492 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:27:48.0828 3492 DMusic - ok
20:27:48.0875 3492 [ 0EEF8922D46D4846B472B1F6FD0541BC ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:27:49.0937 3492 Dnscache - ok
20:27:49.0968 3492 dpti2o - ok
20:27:50.0015 3492 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:27:50.0375 3492 drmkaud - ok
20:27:50.0437 3492 [ 6E883BF518296A40959131C2304AF714 ] EL90XBC C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
20:27:50.0750 3492 EL90XBC - ok
20:27:50.0796 3492 [ D6F7428B201E33BC80066B47144CB568 ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:27:51.0140 3492 ERSvc - ok
20:27:51.0171 3492 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] Eventlog C:\WINDOWS\system32\services.exe
20:27:51.0531 3492 Eventlog - ok
20:27:51.0593 3492 [ 398314DF0B21338C4996B469101750D1 ] EventSystem C:\WINDOWS\System32\es.dll
20:27:51.0625 3492 EventSystem - ok
20:27:51.0671 3492 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:27:52.0000 3492 Fastfat - ok
20:27:52.0062 3492 [ E26EDC7AFA8DA3C528055EABC82C8C79 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:27:53.0093 3492 FastUserSwitchingCompatibility - ok
20:27:53.0125 3492 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
20:27:53.0468 3492 Fdc - ok
20:27:53.0515 3492 [ 266DAB58619B17BDF37FABBD48D875CA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:27:53.0812 3492 Fips - ok
20:27:53.0843 3492 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:27:54.0171 3492 Flpydisk - ok
20:27:54.0218 3492 [ 3D234FB6D6EE875EB009864A299BEA29 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:27:55.0250 3492 FltMgr - ok
20:27:55.0281 3492 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:27:55.0656 3492 Fs_Rec - ok
20:27:55.0703 3492 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:27:56.0031 3492 Ftdisk - ok
20:27:56.0062 3492 [ 5F92FD09E5610A5995DA7D775EADCD12 ] gameenum C:\WINDOWS\system32\DRIVERS\gameenum.sys
20:27:56.0390 3492 gameenum - ok
20:27:56.0421 3492 [ E80B2BED33F7AA34382572B4859B40BF ] genmcmn C:\WINDOWS\system32\DRIVERS\gmfiltr.sys
20:27:56.0453 3492 genmcmn - ok
20:27:56.0500 3492 [ 2736C0431EBBA90B6300E86719868631 ] genmcmnUSB C:\WINDOWS\system32\DRIVERS\gflmouhid.sys
20:27:56.0531 3492 genmcmnUSB - ok
20:27:56.0562 3492 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:27:56.0859 3492 Gpc - ok
20:27:56.0953 3492 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:27:56.0968 3492 gupdate - ok
20:27:56.0984 3492 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:27:57.0031 3492 gupdatem - ok
20:27:57.0062 3492 [ 751C1D2CA2ABF4A9F5A6B8D7D45B907C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:27:57.0078 3492 gusvc - ok
20:27:57.0125 3492 [ 7929A161F9951D173CA9900FE7067391 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
20:27:57.0140 3492 hamachi - ok
20:27:57.0187 3492 [ F59152272782FED8A8197FA788287F68 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:27:57.0515 3492 helpsvc - ok
20:27:57.0578 3492 [ 923EE4EEF2582909A056904CA8026015 ] hidgame C:\WINDOWS\system32\DRIVERS\hidgame.sys
20:27:57.0890 3492 hidgame - ok
20:27:57.0937 3492 [ D2DCF769E5A70027058AD5BE1F9B55BF ] HidServ C:\WINDOWS\System32\hidserv.dll
20:27:58.0234 3492 HidServ - ok
20:27:58.0281 3492 [ 1DE6783B918F540149AA69943BDFEBA8 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:27:58.0578 3492 hidusb - ok
20:27:58.0593 3492 hpn - ok
20:27:58.0656 3492 [ CB77BB47E67E84DEB17BA29632501730 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:27:59.0765 3492 HTTP - ok
20:27:59.0812 3492 [ DA826826C5C9116F47E0CD0CA8CC7C11 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:28:00.0140 3492 HTTPFilter - ok
20:28:00.0171 3492 i2omgmt - ok
20:28:00.0187 3492 i2omp - ok
20:28:00.0234 3492 [ 0F42DE9909B5DBF2C48DD1A79D491AF5 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:28:00.0562 3492 i8042prt - ok
20:28:00.0625 3492 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:28:00.0656 3492 IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:28:00.0656 3492 IDriverT - detected UnsignedFile.Multi.Generic (1)
20:28:00.0687 3492 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:28:00.0968 3492 Imapi - ok
20:28:01.0015 3492 [ CF9D286B34CB4912F3B28B4972D5CB33 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:28:01.0328 3492 ImapiService - ok
20:28:01.0359 3492 ini910u - ok
20:28:01.0406 3492 IntelIde - ok
20:28:01.0437 3492 [ 10A3AC0F0DF720AD3C3FD13861D50EB9 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:28:01.0750 3492 intelppm - ok
20:28:01.0781 3492 [ 4448006B6BC60E6C027932CFC38D6855 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
20:28:02.0078 3492 ip6fw - ok
20:28:02.0109 3492 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:28:02.0375 3492 IpFilterDriver - ok
20:28:02.0421 3492 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:28:02.0703 3492 IpInIp - ok
20:28:02.0765 3492 [ E2168CBC7098FFE963C6F23F472A3593 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:28:03.0984 3492 IpNat - ok
20:28:04.0031 3492 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:28:04.0328 3492 IPSec - ok
20:28:04.0343 3492 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:28:04.0531 3492 IRENUM - ok
20:28:04.0562 3492 [ 1091528512E4DD7ED5FDDCC4DF1C53D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:28:04.0890 3492 isapnp - ok
20:28:04.0968 3492 [ 381B25DC8E958D905B33130D500BBF29 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
20:28:04.0984 3492 JavaQuickStarterService - ok
20:28:05.0031 3492 [ 6F877BF8DC01A550CD666F3BEDB2213C ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:28:05.0312 3492 Kbdclass - ok
20:28:05.0343 3492 [ 065B5A83AA78C0C7047BF22E0AB5C821 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:28:05.0656 3492 kbdhid - ok
20:28:05.0703 3492 [ BA5DEDA4D934E6288C2F66CAF58D2562 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:28:07.0000 3492 kmixer - ok
20:28:07.0046 3492 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:28:07.0343 3492 KSecDD - ok
20:28:07.0390 3492 [ 9757F6E16FD1EAB54D6EB9D5EB3CBCB5 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
20:28:08.0703 3492 lanmanserver - ok
20:28:08.0734 3492 [ 57F5534F07DF14C6A74EC6A40B6D04D5 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:28:10.0140 3492 lanmanworkstation - ok
20:28:10.0156 3492 lbrtfdc - ok
20:28:10.0218 3492 [ 36FC312051A6919E97C5CDCE6360DDB4 ] lgmcbus C:\WINDOWS\system32\DRIVERS\lgmcbus.sys
20:28:10.0250 3492 lgmcbus - ok
20:28:10.0281 3492 [ 793F99799F1D857537CF1810283A7DB9 ] lgmcmdfl C:\WINDOWS\system32\DRIVERS\lgmcmdfl.sys
20:28:10.0296 3492 lgmcmdfl - ok
20:28:10.0343 3492 [ D991DBEE3A13F670928B4A9C07E67503 ] lgmcmdm C:\WINDOWS\system32\DRIVERS\lgmcmdm.sys
20:28:10.0375 3492 lgmcmdm - ok
20:28:10.0421 3492 [ 56B4145AC731DFB3458DC0D872B89291 ] lgusbsmodem C:\WINDOWS\system32\DRIVERS\lgusbsmodem.sys
20:28:10.0468 3492 lgusbsmodem - ok
20:28:10.0515 3492 [ 9696786759C4B43FA5C894747E893EA2 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
20:28:10.0546 3492 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
20:28:10.0546 3492 LightScribeService - detected UnsignedFile.Multi.Generic (1)
20:28:10.0578 3492 [ F9EE6D2AAB0690B34AE35BA9921A1414 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:28:10.0859 3492 LmHosts - ok
20:28:10.0890 3492 Lqs57 - ok
20:28:10.0937 3492 [ 4F74184920B2D6E33024409B4C5C57C1 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
20:28:10.0968 3492 McciCMService ( UnsignedFile.Multi.Generic ) - warning
20:28:10.0968 3492 McciCMService - detected UnsignedFile.Multi.Generic (1)
20:28:11.0000 3492 [ 8B2FCBD881879B55BE40B41F12FFC431 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:28:11.0312 3492 Messenger - ok
20:28:11.0359 3492 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:28:11.0625 3492 mnmdd - ok
20:28:11.0687 3492 [ 7D137132D6A9B41EF800E59A771ED48C ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
20:28:11.0968 3492 mnmsrvc - ok
20:28:12.0000 3492 [ 60210DEB037846AFE521EBF349964F6B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:28:12.0312 3492 Modem - ok
20:28:12.0343 3492 [ B160EC94114715675509115986400FD9 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:28:12.0609 3492 Mouclass - ok
20:28:12.0640 3492 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:28:12.0906 3492 mouhid - ok
20:28:12.0937 3492 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:28:13.0234 3492 MountMgr - ok
20:28:13.0250 3492 mraid35x - ok
20:28:13.0296 3492 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
20:28:13.0312 3492 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
20:28:13.0312 3492 MREMP50 - detected UnsignedFile.Multi.Generic (1)
20:28:13.0328 3492 MREMP50a64 - ok
20:28:13.0359 3492 MREMPR5 - ok
20:28:13.0375 3492 MRENDIS5 - ok
20:28:13.0406 3492 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
20:28:13.0421 3492 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
20:28:13.0421 3492 MRESP50 - detected UnsignedFile.Multi.Generic (1)
20:28:13.0453 3492 MRESP50a64 - ok
20:28:13.0515 3492 [ 29414447EB5BDE2F8397DC965DBB3156 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:28:14.0781 3492 MRxDAV - ok
20:28:14.0859 3492 [ 6F2D483B97B395544E59749C47963C6A ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:28:14.0906 3492 MRxSmb - ok
20:28:14.0968 3492 [ 944A24032AED84C59455B981F6CA1C1A ] MSDTC C:\WINDOWS\System32\msdtc.exe
20:28:15.0250 3492 MSDTC - ok
20:28:15.0281 3492 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:28:15.0562 3492 Msfs - ok
20:28:15.0578 3492 MSIServer - ok
20:28:15.0609 3492 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:28:15.0906 3492 MSKSSRV - ok
20:28:15.0937 3492 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:28:16.0203 3492 MSPCLOCK - ok
20:28:16.0234 3492 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:28:16.0531 3492 MSPQM - ok
20:28:16.0578 3492 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:28:16.0859 3492 mssmbios - ok
20:28:16.0906 3492 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
20:28:17.0171 3492 MSTEE - ok
20:28:17.0203 3492 [ CA3E22598F411199ADC2DFEE76CD0AE0 ] ms_mpu401 C:\WINDOWS\system32\drivers\msmpu401.sys
20:28:17.0546 3492 ms_mpu401 - ok
20:28:17.0578 3492 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:28:17.0843 3492 Mup - ok
20:28:17.0890 3492 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:28:18.0171 3492 NABTSFEC - ok
20:28:18.0203 3492 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:28:18.0515 3492 NDIS - ok
20:28:18.0546 3492 [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:28:18.0828 3492 NdisIP - ok
20:28:18.0875 3492 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:28:19.0156 3492 NdisTapi - ok
20:28:19.0187 3492 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:28:19.0453 3492 Ndisuio - ok
20:28:19.0500 3492 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:28:19.0781 3492 NdisWan - ok
20:28:19.0796 3492 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:28:20.0078 3492 NDProxy - ok
20:28:20.0109 3492 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:28:20.0390 3492 NetBIOS - ok
20:28:20.0437 3492 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:28:20.0718 3492 NetBT - ok
20:28:20.0781 3492 [ 818053225BF4AAC5F0F718001E492F70 ] NetDDE C:\WINDOWS\system32\netdde.exe
20:28:21.0062 3492 NetDDE - ok
20:28:21.0078 3492 [ 818053225BF4AAC5F0F718001E492F70 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:28:21.0359 3492 NetDDEdsdm - ok
20:28:21.0390 3492 [ 82A362FE1D4980B71B588D9C10748511 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:28:21.0671 3492 Netlogon - ok
20:28:21.0734 3492 [ 86AD5B0E02F2C968FBB096AB4C555C9C ] Netman C:\WINDOWS\System32\netman.dll
20:28:22.0984 3492 Netman - ok
20:28:23.0031 3492 [ A6E79B60AC73241E5721AB6A573D2B24 ] Nla C:\WINDOWS\System32\mswsock.dll
20:28:23.0171 3492 Nla - ok
20:28:23.0234 3492 [ 696B37EA78F9D9767A2F18BA0304A51A ] nmwcd C:\WINDOWS\system32\drivers\nmwcd.sys
20:28:23.0328 3492 nmwcd - ok
20:28:23.0359 3492 [ BBB6010FC01D9239D88FCDF133E03FF0 ] nmwcdc C:\WINDOWS\system32\drivers\nmwcdc.sys
20:28:23.0421 3492 nmwcdc - ok
20:28:23.0453 3492 [ 4C3726467D67483F054C88F058E9C153 ] nmwcdcj C:\WINDOWS\system32\drivers\nmwcdcj.sys
20:28:23.0515 3492 nmwcdcj - ok
20:28:23.0531 3492 [ 4C3726467D67483F054C88F058E9C153 ] nmwcdcm C:\WINDOWS\system32\drivers\nmwcdcm.sys
20:28:23.0609 3492 nmwcdcm - ok
20:28:23.0640 3492 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:28:23.0906 3492 Npfs - ok
20:28:23.0968 3492 [ 19A811EF5F1ED5C926A028CE107FF1AF ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:28:25.0203 3492 Ntfs - ok
20:28:25.0234 3492 [ 82A362FE1D4980B71B588D9C10748511 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
20:28:25.0500 3492 NtLmSsp - ok
20:28:25.0578 3492 [ D8D2B13BA93AE830B1A637DF571D1195 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:28:25.0859 3492 NtmsSvc - ok
20:28:25.0906 3492 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:28:26.0187 3492 Null - ok
20:28:26.0718 3492 [ 4B54DCD6ADEE535DF80F07C59DDD8F14 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:28:27.0375 3492 nv - ok
20:28:27.0453 3492 [ 0573C75A2895D973EA6EF2495620BA49 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
20:28:27.0484 3492 NVSvc - ok
20:28:27.0640 3492 [ 9C84945FEEE40EA42D3BCA5C22250D47 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
20:28:27.0781 3492 nvUpdatusService - ok
20:28:27.0828 3492 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:28:28.0109 3492 NwlnkFlt - ok
20:28:28.0125 3492 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:28:28.0421 3492 NwlnkFwd - ok
20:28:28.0468 3492 [ 79EA3FCDA7067977625B3363A2657C80 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
20:28:28.0750 3492 NwlnkIpx - ok
20:28:28.0781 3492 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
20:28:29.0046 3492 NwlnkNb - ok
20:28:29.0078 3492 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
20:28:29.0359 3492 NwlnkSpx - ok
20:28:29.0406 3492 [ 0951DB8E5823EA366B0E408D71E1BA2A ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:28:29.0671 3492 ohci1394 - ok
20:28:29.0718 3492 [ 76A18CAA2FEFB28A4CED38D76837E86E ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
20:28:30.0000 3492 Parport - ok
20:28:30.0046 3492 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:28:30.0312 3492 PartMgr - ok
20:28:30.0375 3492 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:28:30.0640 3492 ParVdm - ok
20:28:30.0671 3492 [ B7979F37BB7B9DF2230046134955E6E7 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:28:30.0953 3492 PCI - ok
20:28:30.0968 3492 PCIDump - ok
20:28:31.0015 3492 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:28:31.0296 3492 PCIIde - ok
20:28:31.0328 3492 [ 90505755634407D4EF4C6DEA60FC1DF9 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
20:28:31.0625 3492 Pcmcia - ok
20:28:31.0656 3492 PDCOMP - ok
20:28:31.0671 3492 PDFRAME - ok
20:28:31.0703 3492 PDRELI - ok
20:28:31.0734 3492 PDRFRAME - ok
20:28:31.0765 3492 perc2 - ok
20:28:31.0796 3492 perc2hib - ok
20:28:31.0890 3492 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] PlugPlay C:\WINDOWS\system32\services.exe
20:28:32.0171 3492 PlugPlay - ok
20:28:32.0203 3492 [ 2E3394C8EBF31A9B4F0A531EB5CC7BC7 ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys
20:28:32.0218 3492 Point32 - ok
20:28:32.0250 3492 [ 82A362FE1D4980B71B588D9C10748511 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:28:32.0531 3492 PolicyAgent - ok
20:28:32.0562 3492 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:28:32.0843 3492 PptpMiniport - ok
20:28:32.0859 3492 [ 82A362FE1D4980B71B588D9C10748511 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:28:33.0156 3492 ProtectedStorage - ok
20:28:33.0187 3492 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:28:33.0468 3492 PSched - ok
20:28:33.0515 3492 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
20:28:33.0531 3492 PSI_SVC_2 - ok
20:28:33.0562 3492 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:28:33.0828 3492 Ptilink - ok
20:28:33.0875 3492 [ 183EF96BCC2EC3D5294CB2C2C0ECBCD1 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:28:33.0906 3492 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
20:28:33.0906 3492 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
20:28:33.0937 3492 ql1080 - ok
20:28:33.0968 3492 Ql10wnt - ok
20:28:33.0984 3492 ql12160 - ok
20:28:34.0015 3492 ql1240 - ok
20:28:34.0031 3492 ql1280 - ok
20:28:34.0062 3492 Qtw60 - ok
20:28:34.0093 3492 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:28:34.0359 3492 RasAcd - ok
20:28:34.0390 3492 [ E68B6F9A726A444059705AB43B5656D1 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:28:34.0671 3492 RasAuto - ok
20:28:34.0718 3492 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:28:35.0000 3492 Rasl2tp - ok
20:28:35.0046 3492 [ 43A5C7969718EE00940A6D096960DBC8 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:28:36.0281 3492 RasMan - ok
20:28:36.0312 3492 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:28:36.0593 3492 RasPppoe - ok
20:28:36.0625 3492 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:28:36.0875 3492 Raspti - ok
20:28:36.0937 3492 [ 03B965B1CA47F6EF60EB5E51CB50E0AF ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:28:38.0343 3492 Rdbss - ok
20:28:38.0359 3492 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:28:38.0656 3492 RDPCDD - ok
20:28:38.0718 3492 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:28:39.0000 3492 rdpdr - ok
20:28:39.0046 3492 [ B54CD38A9EBFBF2B3561426E3FE26F62 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:28:40.0375 3492 RDPWD - ok
20:28:40.0406 3492 [ 125ACF258DA9633F748131A0E0185AF3 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:28:40.0703 3492 RDSessMgr - ok
20:28:40.0734 3492 [ ABA13D33E1F888C9A68599A48A8840D6 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:28:41.0031 3492 redbook - ok
20:28:41.0078 3492 [ EB5E1A601E5A1908A87E4D5A41803D98 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:28:41.0343 3492 RemoteAccess - ok
20:28:41.0406 3492 [ 5B21208FCF8970BB61FE98E19D828714 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
20:28:41.0703 3492 RemoteRegistry - ok
20:28:41.0750 3492 [ C8A3B668985D61249F2DC71716C58DE8 ] RpcLocator C:\WINDOWS\System32\locator.exe
20:28:42.0046 3492 RpcLocator - ok
20:28:42.0109 3492 [ DBDE980506B54AE928D151D12419B425 ] RpcSs C:\WINDOWS\System32\rpcss.dll
20:28:43.0281 3492 RpcSs - ok
20:28:43.0328 3492 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\System32\rsvp.exe
20:28:43.0609 3492 RSVP - ok
20:28:43.0640 3492 [ 6F6CE24F243458C92B54E0016AD46BD7 ] RT2500USB C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
20:28:43.0687 3492 RT2500USB - ok
20:28:43.0734 3492 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
20:28:43.0984 3492 rtl8139 - ok
20:28:44.0015 3492 [ 82A362FE1D4980B71B588D9C10748511 ] SamSs C:\WINDOWS\system32\lsass.exe
20:28:44.0281 3492 SamSs - ok
20:28:44.0312 3492 [ C177354E995CC1AA1F767BCD9980434A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:28:44.0609 3492 SCardSvr - ok
20:28:44.0671 3492 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:28:45.0937 3492 Secdrv - ok
20:28:45.0968 3492 [ C76CB8A133374FAC6805F83FF7B7DA03 ] seclogon C:\WINDOWS\System32\seclogon.dll
20:28:46.0250 3492 seclogon - ok
20:28:46.0296 3492 [ 220AD85BA9C5B3011296354011B901CC ] SENS C:\WINDOWS\system32\sens.dll
20:28:46.0578 3492 SENS - ok
20:28:46.0609 3492 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
20:28:46.0875 3492 serenum - ok
20:28:46.0906 3492 [ C1DDBC85251551A840212999DA3D95F3 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
20:28:47.0187 3492 Serial - ok
20:28:47.0250 3492 [ 78546CD2ECA6DD6BDCD4B13048621F88 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
20:28:47.0281 3492 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
20:28:47.0281 3492 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
20:28:47.0312 3492 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:28:47.0593 3492 Sfloppy - ok
20:28:47.0656 3492 [ 6A93501BCDEBF159109429B022C0FF83 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:28:47.0953 3492 SharedAccess - ok
20:28:48.0000 3492 [ E26EDC7AFA8DA3C528055EABC82C8C79 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:28:49.0265 3492 ShellHWDetection - ok
20:28:49.0281 3492 Simbad - ok
20:28:49.0328 3492 [ 61CA562DEF09A782D26B3E7EDEC5369A ] sisagp C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
20:28:49.0375 3492 sisagp - ok
20:28:49.0406 3492 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:28:49.0687 3492 SLIP - ok
20:28:49.0718 3492 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
20:28:50.0000 3492 SONYPVU1 - ok
20:28:50.0015 3492 Sparrow - ok
20:28:50.0046 3492 [ 0CE218578FFF5F4F7E4201539C45C78F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:28:51.0218 3492 splitter - ok
20:28:51.0281 3492 [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:28:52.0578 3492 Spooler - ok
20:28:52.0640 3492 [ 71E276F6D189413266EA22171806597B ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
20:28:52.0656 3492 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71E276F6D189413266EA22171806597B
20:28:52.0656 3492 sptd ( LockedFile.Multi.Generic ) - warning
20:28:52.0656 3492 sptd - detected LockedFile.Multi.Generic (1)
20:28:52.0703 3492 [ A74035EA526DB97D9D50D2143A55F5CF ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:28:52.0906 3492 sr - ok
20:28:52.0953 3492 [ 3CD57F31A64D32FDB28918B16D1E6AAC ] srservice C:\WINDOWS\system32\srsvc.dll
20:28:53.0140 3492 srservice - ok
20:28:53.0203 3492 [ 7A0111577D8046633D5162A3CE15E9E1 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:28:53.0250 3492 Srv - ok
20:28:53.0281 3492 [ 88C28F53F53438DAFCD95E99C837C61E ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:28:53.0484 3492 SSDPSRV - ok
20:28:53.0546 3492 [ B824215A934A24928CDDD1EF7E113035 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:28:54.0796 3492 stisvc - ok
20:28:54.0843 3492 [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:28:55.0109 3492 streamip - ok
20:28:55.0140 3492 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:28:55.0421 3492 swenum - ok
20:28:55.0437 3492 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:28:55.0718 3492 swmidi - ok
20:28:55.0750 3492 SwPrv - ok
20:28:55.0781 3492 symc810 - ok
20:28:55.0812 3492 symc8xx - ok
20:28:55.0843 3492 sym_hi - ok
20:28:55.0875 3492 sym_u3 - ok
20:28:55.0906 3492 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:28:56.0187 3492 sysaudio - ok
20:28:56.0234 3492 [ D9C9ECFF4904E6151525C533AEEDF8F4 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:28:56.0515 3492 SysmonLog - ok
20:28:56.0578 3492 [ 250241D65CCF692AEACC318A266413C2 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:28:57.0921 3492 TapiSrv - ok
20:28:57.0953 3492 [ 175418424B0973AE9004257EBC60431C ] TBPanel C:\WINDOWS\system32\drivers\TBPanel.sys
20:28:57.0968 3492 TBPanel ( UnsignedFile.Multi.Generic ) - warning
20:28:57.0968 3492 TBPanel - detected UnsignedFile.Multi.Generic (1)
20:28:58.0031 3492 [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:28:58.0171 3492 Tcpip - ok
20:28:58.0218 3492 [ 00586ED87AB564B03870A2A3DCC84B55 ] Tcpip6 C:\WINDOWS\system32\DRIVERS\tcpip6.sys
20:28:58.0359 3492 Tcpip6 - ok
20:28:58.0406 3492 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:28:58.0687 3492 TDPIPE - ok
20:28:58.0703 3492 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:28:59.0000 3492 TDTCP - ok
20:28:59.0031 3492 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:28:59.0296 3492 TermDD - ok
20:28:59.0343 3492 [ 2F5919F2F6EE7A845893D9C3AA2BC56A ] TermService C:\WINDOWS\System32\termsrv.dll
20:28:59.0656 3492 TermService - ok
20:28:59.0703 3492 [ E26EDC7AFA8DA3C528055EABC82C8C79 ] Themes C:\WINDOWS\System32\shsvcs.dll
20:29:01.0046 3492 Themes - ok
20:29:01.0093 3492 [ 535C2FB97336BAFA509F4783DD1E5746 ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
20:29:01.0296 3492 TlntSvr - ok
20:29:01.0328 3492 TosIde - ok
20:29:01.0375 3492 [ 4DCE17221B1A87FB47E36842F3E38753 ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:29:01.0671 3492 TrkWks - ok
20:29:01.0734 3492 [ 87A0E9E18C10A9E454238E3330E2A26D ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys
20:29:01.0984 3492 tunmp - ok
20:29:02.0031 3492 [ E266683FC95ABDEC17CD378564E1B54B ] TVICHW32 C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
20:29:02.0046 3492 TVICHW32 ( UnsignedFile.Multi.Generic ) - warning
20:29:02.0046 3492 TVICHW32 - detected UnsignedFile.Multi.Generic (1)
20:29:02.0078 3492 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:29:02.0390 3492 Udfs - ok
20:29:02.0406 3492 ultra - ok
20:29:02.0453 3492 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:29:02.0734 3492 Update - ok
20:29:02.0796 3492 [ 0C0C2C77C6B52181369594F2AA36AF40 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:29:04.0250 3492 upnphost - ok
20:29:04.0281 3492 [ 6148A3BA4D9CC628357FC92014FEA30E ] UPS C:\WINDOWS\System32\ups.exe
20:29:04.0578 3492 UPS - ok
20:29:04.0640 3492 [ 5AADC9297C39AA249CD994ACDBA19034 ] usbbus C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
20:29:04.0671 3492 usbbus - ok
20:29:04.0718 3492 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:29:04.0984 3492 usbccgp - ok
20:29:05.0031 3492 [ 4650FFE04E5922399B0E932319E6B215 ] UsbDiag C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
20:29:05.0062 3492 UsbDiag - ok
20:29:05.0109 3492 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:29:05.0406 3492 usbehci - ok
20:29:05.0437 3492 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:29:05.0718 3492 usbhub - ok
20:29:05.0750 3492 [ 2666FE171E0C2E7085CCD5FE0BAC09E3 ] USBModem C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
20:29:05.0781 3492 USBModem - ok
20:29:05.0812 3492 [ BDFE799A8531BAD8A5A985821FE78760 ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:29:06.0093 3492 usbohci - ok
20:29:06.0140 3492 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:29:06.0437 3492 usbprint - ok
20:29:06.0468 3492 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:29:06.0734 3492 usbscan - ok
20:29:06.0781 3492 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:29:07.0046 3492 USBSTOR - ok
20:29:07.0078 3492 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:29:07.0343 3492 usbuhci - ok
20:29:07.0359 3492 [ 8968FF3973A883C49E8B564200F565B9 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
20:29:07.0671 3492 usbvideo - ok
20:29:07.0718 3492 [ D40A2F00DA5A23A254C7B9C1678043C1 ] UserAccess7 C:\WINDOWS\system32\UAService7.exe
20:29:07.0750 3492 UserAccess7 ( UnsignedFile.Multi.Generic ) - warning
20:29:07.0750 3492 UserAccess7 - detected UnsignedFile.Multi.Generic (1)
20:29:07.0796 3492 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:29:08.0062 3492 VgaSave - ok
20:29:08.0078 3492 ViaIde - ok
20:29:08.0140 3492 [ 0F0CFDB1EBFF88AB998003C65CD79B4B ] VMUVC C:\WINDOWS\system32\Drivers\VMUVC.sys
20:29:08.0187 3492 VMUVC - ok
20:29:08.0234 3492 [ CD8CCE067F7E9CBD762C00BDDDECAA34 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:29:08.0546 3492 VolSnap - ok
20:29:08.0593 3492 [ 043539881667BB37B07524032D6FFC3E ] VSS C:\WINDOWS\System32\vssvc.exe
20:29:08.0796 3492 VSS - ok
20:29:08.0843 3492 [ D3EE7CC6B0C29083A874DB9D890BCEB5 ] vvftUVC C:\WINDOWS\system32\drivers\vvftUVC.sys
20:29:08.0890 3492 vvftUVC - ok
20:29:08.0953 3492 [ 2CEEBB402187AE56B585701F3D191FB3 ] W32Time C:\WINDOWS\system32\w32time.dll
20:29:09.0250 3492 W32Time - ok
20:29:09.0296 3492 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:29:09.0593 3492 Wanarp - ok
20:29:09.0625 3492 WDICA - ok
20:29:09.0671 3492 [ EFD235CA22B57C81118C1AEB4798F1C1 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:29:11.0000 3492 wdmaud - ok
20:29:11.0062 3492 [ 4BD50644CF52F00091F894AB7541E538 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:29:12.0468 3492 WebClient - ok
20:29:12.0546 3492 [ E12084EA622BDF2262C637BEF15DD85C ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:29:12.0843 3492 winmgmt - ok
20:29:12.0921 3492 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
20:29:12.0968 3492 WmdmPmSN - ok
20:29:13.0031 3492 [ 0CDC4A0C6B820FAD99FB4CA74CD0C476 ] Wmi C:\WINDOWS\System32\advapi32.dll
20:29:13.0328 3492 Wmi - ok
20:29:13.0390 3492 [ BCD21B989F0FD4ACE78287FC01B4693D ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
20:29:13.0656 3492 WmiApSrv - ok
20:29:13.0750 3492 [ 3739866D20ABD42F26A7B85F9E2560AF ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
20:29:13.0812 3492 WMPNetworkSvc - ok
20:29:13.0875 3492 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:29:13.0921 3492 WpdUsb - ok
20:29:13.0984 3492 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:29:14.0265 3492 WS2IFSL - ok
20:29:14.0296 3492 [ 4ADED1ADEF25041D9827F9A79C0FDA13 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:29:14.0578 3492 wscsvc - ok
20:29:14.0609 3492 [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:29:14.0890 3492 WSTCODEC - ok
20:29:14.0906 3492 [ 21F5169CA14E0B25C757644456F637DF ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:29:15.0187 3492 wuauserv - ok
20:29:15.0250 3492 [ 729F76CD53AF1685CA4C4C058519C58C ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:29:15.0296 3492 WudfPf - ok
20:29:15.0328 3492 [ A2AAFCC8A204736296D937C7C545B53F ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:29:15.0359 3492 WudfRd - ok
20:29:15.0390 3492 [ DB5BF5AAB72B1B99B5331231D09EBB26 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
20:29:15.0421 3492 WudfSvc - ok
20:29:15.0500 3492 [ 325CEDEF696EF4B649DDCD3968D085C9 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:29:15.0812 3492 WZCSVC - ok
20:29:15.0843 3492 [ 9B835D4C64860B155A1701D5092EC9E4 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:29:16.0140 3492 xmlprov - ok
20:29:16.0234 3492 ================ Scan global ===============================
20:29:16.0281 3492 [ F642F3368D2839798DA79E7BA9218481 ] C:\WINDOWS\system32\basesrv.dll
20:29:16.0328 3492 [ 5869828D4A83BA8F9519630C40044C87 ] C:\WINDOWS\system32\winsrv.dll
20:29:16.0375 3492 [ 5869828D4A83BA8F9519630C40044C87 ] C:\WINDOWS\system32\winsrv.dll
20:29:16.0437 3492 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] C:\WINDOWS\system32\services.exe
20:29:16.0453 3492 [Global] - ok
20:29:16.0453 3492 ================ Scan MBR ==================================
20:29:16.0484 3492 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
20:29:16.0671 3492 \Device\Harddisk0\DR0 - ok
20:29:16.0671 3492 ================ Scan VBR ==================================
20:29:16.0687 3492 [ B59F731C818C6CD636A686C69FE57392 ] \Device\Harddisk0\DR0\Partition1
20:29:16.0687 3492 \Device\Harddisk0\DR0\Partition1 - ok
20:29:16.0703 3492 ============================================================
20:29:16.0703 3492 Scan finished
20:29:16.0703 3492 ============================================================
20:29:16.0843 0368 Detected object count: 15
20:29:16.0843 0368 Actual detected object count: 15
20:29:26.0843 0368 C:\WINDOWS\system32\DRIVERS\ACPI.sys - copied to quarantine
20:29:37.0359 0368 Backup copy found, using it..
20:29:37.0390 0368 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
20:29:37.0390 0368 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
20:29:37.0390 0368 ALCXWDM ( UnsignedFile.Multi.Generic ) - skipped by user
20:29:37.0390 0368 ALCXWDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:29:37.0406 0368 ASNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
20:29:37.0406 0368 ASNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:29:37.0421 0368 Cardex ( UnsignedFile.Multi.Generic ) - skipped by user
20:29:37.0421 0368 Cardex ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:29:37.0437 0368 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:29:37.0437 0368 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:29:37.0437 0368 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
20:29:37.0437 0368 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:29:37.0453 0368 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
20:29:37.0453 0368 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:29:37.0468 0368 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
20:29:37.0468 0368 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:29:37.0468 0368 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
20:29:37.0468 0368 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:29:37.0484 0368 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
20:29:37.0484 0368 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:29:37.0500 0368 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
20:29:37.0500 0368 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:29:37.0500 0368 sptd ( LockedFile.Multi.Generic ) - skipped by user
20:29:37.0500 0368 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
20:29:37.0515 0368 TBPanel ( UnsignedFile.Multi.Generic ) - skipped by user
20:29:37.0515 0368 TBPanel ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:29:37.0531 0368 TVICHW32 ( UnsignedFile.Multi.Generic ) - skipped by user
20:29:37.0531 0368 TVICHW32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:29:37.0546 0368 UserAccess7 ( UnsignedFile.Multi.Generic ) - skipped by user
20:29:37.0546 0368 UserAccess7 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:29:51.0359 0748 Deinitialize success

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Collect::
  c:\documents and settings\Administrator\Data aplikací\winsvcns.sys
  
  Rootkit::
  c:\documents and settings\Administrator\Data aplikací\winsvcns.sys
  
  Registry::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "SunJavaUpdateSched"=-
  "Adobe Reader Speed Launcher"=-
  "Adobe ARM"=-
  
  File::
  c:\windows\Tasks\AppleSoftwareUpdate.job
  c:\windows\Tasks\avast! Emergency Update.job
  c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd97e145ff482a.job
  c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
  c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
  
  DDS::
  uDefault_Search_URL = hxxp://search13.net/
  mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
  uSearchAssistant = hxxp://search13.net/
  uCustomizeSearch = hxxp://search13.net/
  uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
  
  Firefox::
  FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
  FF - Ext: Stylish Profile: {6236BA26-C117-4007-928C-DE0716C7FA80} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}
  
  RegLock::
  [HKEY_USERS\S-1-5-21-2052111302-484061587-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
  
  RegNull::
  [HKEY_USERS\S-1-5-21-2052111302-484061587-725345543-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
  [HKEY_LOCAL_MACHINE\software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[honzapetr]

ComboFix 13-02-02.05 - Administrator 02.02.2013 20:54:37.8.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1279.829 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\Tasks\AppleSoftwareUpdate.job"
"c:\windows\Tasks\avast! Emergency Update.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd97e145ff482a.job"
"c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job"
"c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job"
.
file zipped: c:\documents and settings\Administrator\Data aplikací\winsvcns.sys
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-01-02 do 2013-02-02 )))))))))))))))))))))))))))))))
.
.
2013-02-02 19:29 . 2013-02-02 19:29 -------- d-----w- C:\TDSSKiller_Quarantine
2013-02-02 17:39 . 2013-02-02 17:39 -------- d-----w- c:\documents and settings\Administrator\Data aplikací\Malwarebytes
2013-02-02 17:39 . 2013-02-02 17:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-02-02 11:34 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-02-02 11:34 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-02-02 11:34 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-02-02 11:34 . 2012-10-30 22:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-02-02 11:34 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-02-02 11:34 . 2012-10-30 22:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2013-02-02 11:34 . 2012-10-30 22:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2013-02-02 11:34 . 2012-10-30 22:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2013-02-02 11:33 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2013-02-02 11:33 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2013-02-02 11:32 . 2013-02-02 11:32 -------- d-----w- c:\program files\AVAST Software
2013-02-02 11:32 . 2013-02-02 11:32 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2013-02-01 14:35 . 2013-02-02 14:00 -------- d-----w- C:\rsit
2013-01-26 17:02 . 2013-01-26 17:02 50704 ----a-w- c:\windows\system32\drivers\npf.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-02 19:31 . 2002-09-20 15:12 188288 ----a-w- c:\windows\system32\drivers\acpi.sys
2004-10-01 13:00 . 2007-04-05 19:54 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KGShareApp"="c:\program files\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-02-03 394752]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-17 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]
"MagicKey"="c:\progra~1\MEDIAK~1\MagicKey.exe" [2007-01-09 167936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"mouseElf"="c:\progra~1\GENIUS~1\mouseElf.exe" [2004-02-24 188416]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2008-08-29 143360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-10-08 203072]
"KodakShareButtonApp"="c:\program files\Kodak\KODAK Share Button App\Listener.exe" [2012-02-03 108032]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-05 1505144]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 1468256]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Administrator\\Plocha\\Mirka\\Hry\\bulanci.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9404:TCP"= 9404:TCP:@xpsp2res.dll,-22008
"5353:UDP"= 5353:UDP:Bonjour Port 5353
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.7.2008 16:31 717296]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2.2.2013 12:34 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2.2.2013 12:34 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.2.2013 12:34 21256]
S2 3259;3259;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\3259.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\3259.sys [?]
S3 genmcmnUSB;Genius USB Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [18.2.2008 20:04 6834]
S3 lgmcbus;LGE Mobile driver (WDM);c:\windows\system32\drivers\lgmcbus.sys [17.11.2009 19:28 83584]
S3 lgmcmdfl;LGE Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmcmdfl.sys [17.11.2009 19:28 14976]
S3 lgmcmdm;LGE Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmcmdm.sys [17.11.2009 19:28 110464]
S3 lgusbsmodem;LGE Mobile USB Modem;c:\windows\system32\drivers\lgusbsmodem.sys [24.12.2007 21:02 23680]
S3 TVICHW32;TVICHW32;c:\windows\system32\drivers\TVICHW32.SYS [8.4.2007 12:32 23600]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [9.1.2011 18:43 252416]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [9.1.2011 18:43 398720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-02 10:58 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2010-02-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2013-02-02 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-02-02 22:50]
.
2012-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd97e145ff482a.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-09 20:53]
.
2012-12-24 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-11-05 20:35]
.
2012-12-24 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2009-11-05 20:45]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.Google.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
Trusted Zone: com.tw\www.msi
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 10.0.0.138
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\m4pd7gr7.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Stylish Profile: {6236BA26-C117-4007-928C-DE0716C7FA80} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}
FF - Ext: Express Tab: {6236BA26-C117-4007-928C-DE0716C7FA82} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA82}
FF - Ext: Usage Stat: {6236BA26-C117-4007-928C-DE0716C7FA96} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
FF - Ext: FBFan: {6236BA26-C117-4007-928C-DE0716C7FA99} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
FF - Ext: U Flv: {7645f4b1-1f19-13dd-2d6b-0200600c2a56} - %profile%\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
FF - Ext: {7645f4b1-1f19-13dd-2d6b-0200600c2a56}: {7645f4b1-1f19-13dd-2d6b-0200600c2a56} - %profile%\extensions\{7645f4b1-1f19-13dd-2d6b-0200600c2a56}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: Seznam lištička: {ea614400-e918-4741-9a97-7a972ff7c30b} - %profile%\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF - Ext: KFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a16}: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: VFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a17} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a17}: {8675f4b3-2f19-11ed-2d6b-0800600c0a17} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
FF - Ext: VFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a18} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a18}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a18}: {8675f4b3-2f19-11ed-2d6b-0800600c0a18} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a18}
FF - Ext: Feedback module: {8675f4b3-2f19-11ed-2d6b-0800600c0a19} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a19}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a19}: {8675f4b3-2f19-11ed-2d6b-0800600c0a19} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a19}
FF - Ext: VFT Flv: {8675f4b3-2f19-11ed-2d6b-1823600c0a19} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-1823600c0a19}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-05265960.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-02 21:08
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2676)
c:\program files\Common Files\Motive\McciContextHook_6-1-0_DSR.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2013-02-02 21:11:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-02-02 20:11
ComboFix2.txt 2013-02-02 15:36
.
Před spuštěním: Volných bajtů: 154 790 834 176
Po spuštění: Volných bajtů: 154 789 273 600
.
- - End Of File - - FEDD9840678C54912EAF5E9C816ED815

[vyosek]

Fajn, jak se chova PC

[honzapetr]

Zatím všechno v pořádku a vzhledem k tomu jaký je tohle pc dědeček, tak se i dost zrychlil Takže myslíte, že už je čisto? V tom případě máte mé nehynoucí díky! a určitě Vaše stránky podpořím alespoň nějakou smskou. Mějte se pěkně a přeju fajn zbytek večera. Kbyby něco, ozvu se, ale u rodičů budu zase až další víkend.... Ještě jdenou děkuji!

[vyosek]

Tak jeste uklidime

Odinstalujte Combofix

• Prejmenujte ComboFix na Uninstall
• Spustte jej
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri
  
  stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Za podporu fora jmenem celeho tymu dekuji

A pokud nejsou problemy ci dotazy, je to z me strany vse

[honzapetr]

uklizeno, sms poslána díky a na schledanou...
Jan Petr

[vyosek]

Nemate zac, rad jsem pomohl Zase nekdy

A na zaklade Pravidla o zamykani temat