Zpomalené načítání v pc, mbam problem?

[MartinPonozka]

Ahoj, nedávno jsem na Facebooku klikl na odkaz (soubor player.exe, který se tvářil jako Flash Player), na kterým jsem byl označen. Byl to samozřejmě spam, který mi následně zablokoval učet na fb a nemohl jsem se přihlásit z žádného prohlížeče. Na tomto foru jsem našel článek s podobným problémem tady: http://forum.viry.cz/viewtopic.php?f=13&t=108201 . Po zkontrolování počítače programem MBAM a následně smazání asi 32 infikovaných položek se mi hodně zpomalilo načítání při startu windows. Například Chrome se mi spustí až po 10ti minutách. Pak už je to, zdá se, lepší, ale vše trvá neobvykle dlouho. RAM paměť je stále vytížená kolem 80%. Poté mi Avast našel Rootkit, ale nevím jestli patří k programu MBAM: http://imageshack.us/photo/my-images/713/pocitac1.jpg/ . Prosím poraďte co dělat a jaký log sem dát. Děkuji

[Rudy]

Zdravím!
Nejprve dejte log RSIT: http://forum.viry.cz/viewtopic.php?f=13&t=105895 . Dál uvidíme.

[MartinPonozka]

Logfile of random's system information tool 1.09 (written by random/random)
Run by Temik at 2013-04-14 14:45:17
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 75 GB (25%) free of 305 GB
Total RAM: 1022 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:47:06, on 14.4.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\IObit\Advanced SystemCare 6\Asc.exe
C:\Documents and Settings\Temik\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Temik.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ost&s={searchTerms}&f=4
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\ADVANC~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GEST] =
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: ws2help.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipameti kategorií soucástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

--
End of file - 10171 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\ASC6_AutoClean.job
C:\WINDOWS\tasks\ASC6_PerformanceMonitor.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Protected Search.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Temik\Data aplikací\Mozilla\Firefox\Profiles\l63blo3j.default

prefs.js - "browser.search.useDBForOrder" - false
prefs.js - "browser.startup.homepage" - "http://search.certified-toolbar.com?si= ... e&tid=2937"
prefs.js - "keyword.URL" - "http://search.certified-toolbar.com?si= ... bs=true&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=C:\Program Files\Alwil Software\Avast5\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.169 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon My Image Garden
"Path"=C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@IObit.com/np_Asc_Plugin]
"Description"=Advanced SystemCare Surfing Protection
"Path"=C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\np_Asc_plugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37]
"Description"=
"Path"=C:\WINDOWS\system32\npdeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/McAfeeMssPlugin]
"Description"=McAfee Mss Plugin
"Path"=C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\searchplugins\
fcmdSrchost.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
Web Search.xml
wikipedia-cz.xml

C:\Documents and Settings\Temik\Data aplikací\Mozilla\Firefox\Profiles\l63blo3j.default\extensions\
ascsurfingprotection@iobit.com

C:\Documents and Settings\Temik\Data aplikací\Mozilla\Firefox\Profiles\l63blo3j.default\searchplugins\
Web Search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll [2013-02-05 94112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 66280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2011-04-11 767280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2013-03-07 1224568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}]
Advanced SystemCare Browser Protection - C:\PROGRA~1\IObit\ADVANC~1\BROWER~1\ASCPLU~1.DLL [2013-01-15 656704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2013-03-07 1224568]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-02-13 16857600]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"GEST"== []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2011-01-07 111208]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2011-01-07 13880424]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-11-04 1753192]
"Nikon Transfer Monitor"=C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [2009-09-15 479232]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-05-04 161328]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2013-03-07 4767304]
"CanonQuickMenu"=C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [2012-04-03 1273448]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-10-11 59280]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2012-10-25 421888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-04 149040]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Advanced SystemCare 6"=C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe [2013-01-15 491840]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
WDDMStatus.lnk - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="ws2help.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\ICQ7.6\ICQ.exe"="C:\Program Files\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Land Of The Dead\System\LOTD.exe"="C:\Program Files\Land Of The Dead\System\LOTD.exe:*:Enabled:Land Of The Dead"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.6\ICQ.exe"="C:\Program Files\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6"
"[INSTALLDIR]CKOUT.exe"="[INSTALLDIR]CKOUT.exe:*:Enabled:CKOUT.exe (CadenceLicenseManager)"
"[INSTALLDIR]NEOLINLD.exe"="[INSTALLDIR]NEOLINLD.exe:*:Enabled:NEOLINLD.exe (CadenceLicenseManager)"
"[INSTALLDIR]alta.exe"="[INSTALLDIR]alta.exe:*:Enabled:alta.exe (CadenceLicenseManager)"
"[INSTALLDIR]ambitd.exe"="[INSTALLDIR]ambitd.exe:*:Enabled:ambitd.exe (CadenceLicenseManager)"
"[INSTALLDIR]axislmd.exe"="[INSTALLDIR]axislmd.exe:*:Enabled:axislmd.exe (CadenceLicenseManager)"
"[INSTALLDIR]cadmosd.exe"="[INSTALLDIR]cadmosd.exe:*:Enabled:cadmosd.exe (CadenceLicenseManager)"
"[INSTALLDIR]cdslmd.exe"="[INSTALLDIR]cdslmd.exe:*:Enabled:cdslmd.exe (CadenceLicenseManager)"
"[INSTALLDIR]dailmd.exe"="[INSTALLDIR]dailmd.exe:*:Enabled:dailmd.exe (CadenceLicenseManager)"
"[INSTALLDIR]dsmtlmd.exe"="[INSTALLDIR]dsmtlmd.exe:*:Enabled:dsmtlmd.exe (CadenceLicenseManager)"
"[INSTALLDIR]flexid\CDS_FLEXId_Dongle_Driver_Installer.exe"="[INSTALLDIR]flexid\CDS_FLEXId_Dongle_Driver_Installer.exe:*:Enabled:CDS_FLEXId_Dongle_Driver_Installer.exe (CadenceLicenseManager)"
"[INSTALLDIR]flexid\FLEXId_Dongle_Driver_Installer.exe"="[INSTALLDIR]flexid\FLEXId_Dongle_Driver_Installer.exe:*:Enabled:FLEXId_Dongle_Driver_Installer.exe (CadenceLicenseManager)"
"[INSTALLDIR]flexid\FLEXId_Dongle_Driver_Installer_64.exe"="[INSTALLDIR]flexid\FLEXId_Dongle_Driver_Installer_64.exe:*:Enabled:FLEXId_Dongle_Driver_Installer_64.exe (CadenceLicenseManager)"
"[INSTALLDIR]g2c_d.exe"="[INSTALLDIR]g2c_d.exe:*:Enabled:g2c_d.exe (CadenceLicenseManager)"
"[INSTALLDIR]hlds.exe"="[INSTALLDIR]hlds.exe:*:Enabled:hlds.exe (CadenceLicenseManager)"
"[INSTALLDIR]installs.exe"="[INSTALLDIR]installs.exe:*:Enabled:installs.exe (CadenceLicenseManager)"
"[INSTALLDIR]k2techld.exe"="[INSTALLDIR]k2techld.exe:*:Enabled:k2techld.exe (CadenceLicenseManager)"
"[INSTALLDIR]lmCheckExpiration.exe"="[INSTALLDIR]lmCheckExpiration.exe:*:Enabled:lmCheckExpiration.exe (CadenceLicenseManager)"
"[INSTALLDIR]lmgrd.exe"="[INSTALLDIR]lmgrd.exe:*:Enabled:lmgrd.exe (CadenceLicenseManager)"
"[INSTALLDIR]lmtools.exe"="[INSTALLDIR]lmtools.exe:*:Enabled:lmtools.exe (CadenceLicenseManager)"
"[INSTALLDIR]lmutil.exe"="[INSTALLDIR]lmutil.exe:*:Enabled:lmutil.exe (CadenceLicenseManager)"
"[INSTALLDIR]perf_test.exe"="[INSTALLDIR]perf_test.exe:*:Enabled:perf_test.exe (CadenceLicenseManager)"
"[INSTALLDIR]platod.exe"="[INSTALLDIR]platod.exe:*:Enabled:platod.exe (CadenceLicenseManager)"
"[INSTALLDIR]qtdaemon.exe"="[INSTALLDIR]qtdaemon.exe:*:Enabled:qtdaemon.exe (CadenceLicenseManager)"
"[INSTALLDIR]qtrekd.exe"="[INSTALLDIR]qtrekd.exe:*:Enabled:qtrekd.exe (CadenceLicenseManager)"
"[INSTALLDIR]simplexlmd.exe"="[INSTALLDIR]simplexlmd.exe:*:Enabled:simplexlmd.exe (CadenceLicenseManager)"
"[INSTALLDIR]spdaemon.exe"="[INSTALLDIR]spdaemon.exe:*:Enabled:spdaemon.exe (CadenceLicenseManager)"
"[INSTALLDIR]speedd.exe"="[INSTALLDIR]speedd.exe:*:Enabled:speedd.exe (CadenceLicenseManager)"
"[INSTALLDIR]verisityd.exe"="[INSTALLDIR]verisityd.exe:*:Enabled:verisityd.exe (CadenceLicenseManager)"
"[INSTALLDIR]verplex.exe"="[INSTALLDIR]verplex.exe:*:Enabled:verplex.exe (CadenceLicenseManager)"
"[INSTALLDIR]LicenseClientConfiguration.exe"="[INSTALLDIR]LicenseClientConfiguration.exe:*:Enabled:LicenseClientConfiguration.exe (CadenceLicenseManager)"
"[INSTALLDIR]LicenseServerConfiguration.exe"="[INSTALLDIR]LicenseServerConfiguration.exe:*:Enabled:LicenseServerConfiguration.exe (CadenceLicenseManager)"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FFDS"=ff_vfw.dll

======File associations======

.scr - open -
.scr - install -
.scr - config -
.txt - open - notepad.exe %1

======List of files/folders created in the last 1 month======

2013-04-14 14:45:24 ----D---- C:\Program Files\trend micro
2013-04-11 18:35:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-04-10 18:29:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2808735$
2013-04-10 18:28:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2820917$
2013-04-10 18:18:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2813345$
2013-04-10 18:17:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2813170$
2013-04-08 01:10:34 ----D---- C:\Program Files\QuickTime
2013-04-08 01:10:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2013-04-08 00:55:59 ----D---- C:\Program Files\Common Files\Apple
2013-04-08 00:53:29 ----D---- C:\Program Files\Apple Software Update
2013-04-08 00:53:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple
2013-04-07 23:42:54 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-04-07 12:34:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2492386$
2013-04-07 12:23:47 ----D---- C:\WINDOWS\system32\WindowsPowerShell
2013-04-07 12:23:45 ----D---- C:\WINDOWS\system32\winrm
2013-04-07 12:23:45 ----D---- C:\WINDOWS\system32\GroupPolicy
2013-04-07 12:23:10 ----HDC---- C:\WINDOWS\$968930Uinstall_KB968930$
2013-04-07 12:23:06 ----D---- C:\WINDOWS\$NtUninstallKB968930$
2013-04-07 12:21:33 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$
2013-04-06 17:45:45 ----A---- C:\WINDOWS\system32\RegistryDefragBootTime.exe
2013-04-06 16:50:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\IObit
2013-04-06 16:50:30 ----D---- C:\Documents and Settings\Temik\Data aplikací\IObit
2013-04-06 16:49:37 ----D---- C:\Program Files\IObit
2013-04-03 23:59:48 ----D---- C:\Documents and Settings\Temik\Data aplikací\Malwarebytes
2013-04-03 23:59:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2013-04-03 23:59:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2013-04-03 23:59:23 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2013-04-03 23:07:16 ----A---- C:\WINDOWS\system32\FNTCACHE.DAT
2013-04-03 22:33:18 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2013-04-03 22:33:17 ----A---- C:\WINDOWS\system32\drivers\aswVmm.sys
2013-04-03 22:33:15 ----A---- C:\WINDOWS\system32\drivers\aswRvrt.sys
2013-04-03 22:33:13 ----A---- C:\WINDOWS\system32\drivers\aswMonFlt.sys
2013-04-03 22:15:42 ----D---- C:\rsit
2013-04-03 21:34:58 ----D---- C:\Program Files\CCleaner
2013-04-03 01:13:08 ----D---- C:\Program Files\Google
2013-03-29 15:44:03 ----A---- C:\WINDOWS\system32\drivers\dtsoftbus01.sys
2013-03-28 15:35:38 ----N---- C:\WINDOWS\system32\spmsg.dll
2013-03-25 18:56:33 ----D---- C:\Documents and Settings\Temik\Data aplikací\Sony Creative Software
2013-03-24 22:59:50 ----D---- C:\Documents and Settings\Temik\Data aplikací\Publish Providers
2013-03-24 22:45:50 ----D---- C:\Documents and Settings\Temik\Data aplikací\Sony
2013-03-24 22:41:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sony
2013-03-24 22:40:09 ----D---- C:\Program Files\Sony
2013-03-24 22:38:23 ----A---- C:\WINDOWS\system32\wmpns.dll
2013-03-24 22:37:34 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2013-03-24 22:35:27 ----D---- C:\WINDOWS\system32\drivers\UMDF
2013-03-24 22:35:06 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$

======List of files/folders modified in the last 1 month======

2013-04-14 14:45:24 ----RD---- C:\Program Files
2013-04-14 14:45:04 ----D---- C:\WINDOWS\Prefetch
2013-04-14 14:41:17 ----D---- C:\WINDOWS\Temp
2013-04-13 15:34:40 ----D---- C:\Program Files\The KMPlayer
2013-04-13 15:03:32 ----D---- C:\WINDOWS\system32\drivers
2013-04-13 14:54:08 ----D---- C:\Documents and Settings\Temik\Data aplikací\Skype
2013-04-11 18:37:07 ----D---- C:\WINDOWS
2013-04-11 18:35:21 ----D---- C:\WINDOWS\Debug
2013-04-10 22:22:00 ----D---- C:\WINDOWS\system32
2013-04-10 18:45:21 ----D---- C:\WINDOWS\system32\CatRoot2
2013-04-10 18:34:17 ----HD---- C:\WINDOWS\inf
2013-04-10 18:33:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-04-10 18:33:46 ----D---- C:\Program Files\Internet Explorer
2013-04-10 18:33:05 ----D---- C:\WINDOWS\ie8updates
2013-04-10 18:32:37 ----HD---- C:\WINDOWS\$hf_mig$
2013-04-10 18:32:33 ----SHD---- C:\WINDOWS\Installer
2013-04-10 18:32:32 ----SHD---- C:\Config.Msi
2013-04-10 18:32:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2013-04-10 18:21:44 ----A---- C:\WINDOWS\system32\MRT.exe
2013-04-09 17:14:11 ----D---- C:\Program Files\BitComet
2013-04-09 16:56:04 ----D---- C:\Downloads
2013-04-08 00:55:59 ----D---- C:\Program Files\Common Files
2013-04-08 00:40:26 ----SD---- C:\WINDOWS\Tasks
2013-04-07 23:35:26 ----A---- C:\WINDOWS\NeroDigital.ini
2013-04-07 20:58:00 ----D---- C:\WINDOWS\AppPatch
2013-04-07 12:47:17 ----D---- C:\WINDOWS\Microsoft.NET
2013-04-07 12:47:16 ----RSD---- C:\WINDOWS\assembly
2013-04-07 12:32:19 ----D---- C:\WINDOWS\security
2013-04-07 12:24:12 ----D---- C:\WINDOWS\system32\config
2013-04-07 12:24:08 ----D---- C:\WINDOWS\Help
2013-04-07 12:23:45 ----D---- C:\WINDOWS\system32\wbem
2013-04-07 11:35:48 ----D---- C:\Program Files\McAfee Security Scan
2013-04-07 11:34:38 ----RD---- C:\Program Files\Skype
2013-04-07 11:34:37 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2013-04-07 11:30:58 ----HD---- C:\Program Files\InstallShield Installation Information
2013-04-07 11:10:37 ----D---- C:\Program Files\Opera
2013-04-06 17:21:49 ----D---- C:\Games
2013-04-06 16:53:21 ----D---- C:\Documents and Settings\Temik\Data aplikací\Apple Computer
2013-04-05 19:37:30 ----D---- C:\WINDOWS\twain_32
2013-04-04 21:38:01 ----D---- C:\Program Files\Mozilla Firefox
2013-04-04 20:23:34 ----D---- C:\Program Files\Land Of The Dead
2013-04-03 23:08:05 ----D---- C:\WINDOWS\system32\LogFiles
2013-04-03 22:04:14 ----D---- C:\Documents and Settings\Temik\Data aplikací\DAEMON Tools Lite
2013-04-03 22:04:13 ----D---- C:\Documents and Settings\Temik\Data aplikací\Winamp
2013-04-03 22:04:13 ----D---- C:\Documents and Settings\Temik\Data aplikací\Media Player Classic
2013-04-03 22:03:05 ----D---- C:\WINDOWS\Logs
2013-04-03 22:03:04 ----D---- C:\WINDOWS\Minidump
2013-04-03 21:29:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-04-03 01:00:22 ----D---- C:\Documents and Settings\Temik\Data aplikací\Mozilla
2013-04-03 00:55:15 ----D---- C:\Documents and Settings\Temik\Data aplikací\Audacity
2013-03-29 15:44:03 ----D---- C:\Program Files\DAEMON Tools Lite
2013-03-28 15:47:21 ----D---- C:\WINDOWS\system32\CatRoot
2013-03-26 19:48:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
2013-03-25 21:47:24 ----D---- C:\Program Files\Common Files\Microsoft Shared
2013-03-25 15:53:06 ----D---- C:\Documents and Settings\Temik\Data aplikací\BitComet
2013-03-24 22:37:53 ----D---- C:\Program Files\Windows Media Player
2013-03-24 22:30:25 ----D---- C:\Documents and Settings\Temik\Data aplikací\REAPER

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2013-03-07 49248]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2012-06-04 477240]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2013-03-07 49760]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2013-03-07 765736]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2013-03-07 368176]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2013-03-07 62376]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2013-03-29 242240]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2013-03-07 29816]
R2 aswMonFlt;aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-14 4676096]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-01-08 9888672]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 accvpeo0;accvpeo0; C:\WINDOWS\system32\drivers\accvpeo0.sys []
S3 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2013-03-07 164736]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 GGSAFERDriver;GGSAFER Driver; C:\WINDOWS\system32\drivers\GGSAFERDriver.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2011-05-01 25280]
S3 lac97inf;lac97inf; C:\WINDOWS\system32\drivers\lac97inf.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdvancedSystemCareService6;Advanced SystemCare Service 6; C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe [2013-01-15 465216]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2013-03-07 45248]
R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2012-03-28 140456]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-04-19 75304]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2011-01-07 156776]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2011-04-29 75136]
R2 WDDMService;WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-09-08 237056]
R2 WDFME;WD File Management Engine; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-09-08 1034752]
R2 WDSC;WD File Management Shadow Engine; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-09-08 484352]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-04 267824]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-03 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-01-08 161536]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-13 256904]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-03-02 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-03 116648]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Rudy]

1. Odinstalujte Advanced System Care. Tento čínský šmejd dokáža v rukou laika poškodit systém.
2. Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[MartinPonozka]

Prozatím děkuji za odpověď , Advanced SystemCare odinstalován a zde je log ComboFix:

ComboFix 13-04-14.01 - Temik 14.04.2013 22:58:03.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1252.1.1029.18.1022.462 [GMT 2:00]
Running from: c:\documents and settings\Temik\Dokumenty\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Thumbs.db
c:\windows\iun6002.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\SET278.tmp
c:\windows\system32\SET284.tmp
c:\windows\system32\ws2help.dll.myR.tmp
.
.
((((((((((((((((((((((((( Files Created from 2013-03-14 to 2013-04-14 )))))))))))))))))))))))))))))))
.
.
2013-04-14 12:45 . 2013-04-14 12:47 -------- d-----w- c:\program files\trend micro
2013-04-07 23:12 . 2013-04-07 23:12 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2013-04-07 23:12 . 2013-04-07 23:12 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2013-04-07 23:12 . 2013-04-07 23:12 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-04-07 23:12 . 2013-04-07 23:12 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-04-07 23:12 . 2013-04-07 23:12 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-04-07 23:12 . 2013-04-07 23:12 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-04-07 23:12 . 2013-04-07 23:12 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-04-07 23:10 . 2013-04-07 23:12 -------- d-----w- c:\program files\QuickTime
2013-04-07 23:10 . 2013-04-07 23:10 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Apple Computer
2013-04-07 22:55 . 2013-04-07 22:55 -------- d-----w- c:\program files\Common Files\Apple
2013-04-07 22:53 . 2013-04-07 22:53 -------- d-----w- c:\program files\Apple Software Update
2013-04-07 22:53 . 2013-04-07 22:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Apple
2013-04-07 21:42 . 2013-04-13 10:20 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-07 21:42 . 2013-04-13 10:20 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-07 10:40 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2013-04-07 10:23 . 2013-04-07 10:23 -------- d-----w- c:\windows\system32\winrm
2013-04-07 10:23 . 2013-04-07 10:23 -------- d-----w- c:\windows\system32\GroupPolicy
2013-04-07 10:23 . 2013-04-07 10:24 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2013-04-07 08:52 . 2013-04-07 08:52 -------- d-----w- c:\windows\system32\config\systemprofile\Data aplikací\IObit
2013-04-06 15:45 . 2012-10-12 17:09 22400 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2013-04-06 14:53 . 2013-04-06 14:53 -------- d-----w- c:\documents and settings\Temik\AppData
2013-04-06 14:50 . 2013-04-06 14:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\IObit
2013-04-06 14:50 . 2013-04-06 15:19 -------- d-----w- c:\documents and settings\Temik\Data aplikací\IObit
2013-04-03 21:59 . 2013-04-03 21:59 -------- d-----w- c:\documents and settings\Temik\Data aplikací\Malwarebytes
2013-04-03 21:59 . 2013-04-03 21:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-04-03 21:59 . 2013-04-11 19:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-03 21:59 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-03 20:33 . 2013-03-06 22:33 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-04-03 20:33 . 2013-03-06 22:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-04-03 20:33 . 2013-03-06 22:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-04-03 20:33 . 2013-03-06 22:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-04-03 20:15 . 2013-04-03 20:15 -------- d-----w- C:\rsit
2013-04-03 19:34 . 2013-04-03 19:35 -------- d-----w- c:\program files\CCleaner
2013-04-02 23:13 . 2013-04-02 23:13 -------- d-----w- c:\program files\Google
2013-03-29 13:44 . 2013-03-29 13:44 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-03-25 20:01 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-25 16:56 . 2013-03-25 16:56 -------- d-----w- c:\documents and settings\Temik\Data aplikací\Sony Creative Software
2013-03-24 20:59 . 2013-03-24 20:59 -------- d-----w- c:\documents and settings\Temik\Data aplikací\Publish Providers
2013-03-24 20:45 . 2013-03-24 20:59 -------- d-----w- c:\documents and settings\Temik\Data aplikací\Sony
2013-03-24 20:45 . 2013-03-24 20:45 -------- d-----w- c:\documents and settings\Temik\Local Settings\Data aplikací\Sony
2013-03-24 20:41 . 2013-03-24 20:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Sony
2013-03-24 20:40 . 2013-03-24 20:40 -------- d-----w- c:\program files\Sony
2013-03-24 20:38 . 2008-04-14 06:52 221184 ----a-w- c:\windows\system32\wmpns.dll
2013-03-24 20:35 . 2013-03-24 20:37 -------- d-----w- c:\windows\system32\drivers\UMDF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-08 08:36 . 2008-04-14 06:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 15:56 . 2008-04-14 08:06 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-07 15:56 . 2008-04-14 06:06 2151936 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-06 22:33 . 2012-12-16 20:37 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 22:33 . 2012-12-16 20:37 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-03-06 22:33 . 2012-12-16 20:37 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 22:33 . 2012-12-16 20:37 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 22:32 . 2012-12-16 20:37 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 22:32 . 2012-12-16 20:37 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-02 02:08 . 2008-04-14 06:52 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:08 . 2008-04-14 06:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-02 02:08 . 2008-04-14 06:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:57 . 2008-04-14 05:45 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2008-04-14 05:50 385024 ----a-w- c:\windows\system32\html.iec
2013-02-27 07:58 . 2011-03-30 20:19 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2008-04-13 22:26 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-01-26 03:55 . 2008-04-14 06:51 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-04-03 21:22 . 2013-04-03 21:22 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-06-12 . C71BB4782833750BF4C02AC30ED670B7 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 121968 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-04 149040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="=" [X]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-05-04 161328]
"CanonQuickMenu"="c:\program files\Canon\Quick Menu\CNQMMAIN.EXE" [2012-04-03 1273448]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\ws2help.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ7.6\\ICQ.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Land Of The Dead\\System\\LOTD.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19209:TCP"= 19209:TCP:BitComet 19209 TCP
"19209:UDP"= 19209:UDP:BitComet 19209 UDP
"8761:TCP"= 8761:TCP:BitComet 8761 TCP
"8761:UDP"= 8761:UDP:BitComet 8761 UDP
"11302:TCP"= 11302:TCP:BitComet 11302 TCP
"11302:UDP"= 11302:UDP:BitComet 11302 UDP
"14816:TCP"= 14816:TCP:BitComet 14816 TCP
"14816:UDP"= 14816:UDP:BitComet 14816 UDP
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [3.4.2013 22:33 49248]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3.4.2013 22:33 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [16.12.2012 22:37 368176]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [29.3.2013 15:44 242240]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.12.2012 22:37 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [3.4.2013 22:33 66336]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [8.9.2010 10:41 237056]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [8.9.2010 10:45 1034752]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [8.9.2010 10:44 484352]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3.4.2013 23:59 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [8.1.2013 13:55 161536]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [3.4.2013 22:33 164736]
S3 GGSAFERDriver;GGSAFER Driver; [x]
S3 lac97inf;lac97inf; [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3.4.2013 23:59 22856]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [5.2.2013 17:48 235216]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [30.3.2011 22:56 11520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 11:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-13 10:21 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-07 10:20]
.
2013-04-14 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2013-04-03 22:32]
.
2013-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-02 23:13]
.
2013-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-02 23:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
Trusted Zone: line6.net
TCP: DhcpNameServer = 93.99.51.70 192.168.0.1
FF - ProfilePath - c:\documents and settings\Temik\Data aplikací\Mozilla\Firefox\Profiles\l63blo3j.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2937
FF - prefs.js: keyword.URL - hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
FF - ExtSQL: 2013-04-03 22:33; wrc@avast.com; c:\program files\Alwil Software\Avast5\WebRep\FF
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: dom.disable_window_status_change - true
.
.
------- File Associations -------
.
.txt=MECEdit.Document
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-14 23:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2013-04-14 23:17:17
ComboFix-quarantined-files.txt 2013-04-14 21:17
.
Pre-Run: Volných bajtu: 78 311 931 904
Post-Run: Volných bajtu: 78 772 060 160
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 3E4D9DFF4554A0399A4CA46255B75F3A

[Rudy]

Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19209:TCP"=-
"19209:UDP"=-
"8761:TCP"=-
"8761:UDP"=-
"11302:TCP"=-
"11302:UDP"=-
"14816:TCP"=-
"14816:UDP"=-

Driver::
lac97inf

Firefox::
FF - ProfilePath - c:\documents and settings\Temik\Data aplikací\Mozilla\Firefox\Profiles\l63blo3j.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.certified-toolbar.com?si= ... e&tid=2937
FF - prefs.js: keyword.URL - hxxp://search.certified-toolbar.com?si= ... bs=true&q=
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: dom.disable_window_status_change - true

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[MartinPonozka]

Tady nastává problém. ComboFix se spustil a při modrém okně počítač zamrznul, jen s oknem šlo hýbat. Počkal jsem hodinu a nic se nedělo, tak jsem pc restartoval.

[Rudy]

Zkuste CF spustit stejným skriptem, ale v nouzovém režimu.

[MartinPonozka]

V nouzové režimu to proběhlo, zde je log:

ComboFix 13-04-15.01 - Temik 15.04.2013 20:19:59.2.2 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1252.1.1029.18.1022.659 [GMT 2:00]
Running from: c:\documents and settings\Temik\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\Temik\Plocha\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msvcr71.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_LAC97INF
-------\Service_lac97inf
.
.
((((((((((((((((((((((((( Files Created from 2013-03-15 to 2013-04-15 )))))))))))))))))))))))))))))))
.
.
2013-04-14 12:45 . 2013-04-14 12:47 -------- d-----w- c:\program files\trend micro
2013-04-07 23:12 . 2013-04-07 23:12 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2013-04-07 23:12 . 2013-04-07 23:12 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2013-04-07 23:12 . 2013-04-07 23:12 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-04-07 23:12 . 2013-04-07 23:12 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-04-07 23:12 . 2013-04-07 23:12 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-04-07 23:12 . 2013-04-07 23:12 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-04-07 23:12 . 2013-04-07 23:12 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-04-07 23:10 . 2013-04-07 23:12 -------- d-----w- c:\program files\QuickTime
2013-04-07 23:10 . 2013-04-07 23:10 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Apple Computer
2013-04-07 22:55 . 2013-04-07 22:55 -------- d-----w- c:\program files\Common Files\Apple
2013-04-07 22:53 . 2013-04-07 22:53 -------- d-----w- c:\program files\Apple Software Update
2013-04-07 22:53 . 2013-04-07 22:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Apple
2013-04-07 21:42 . 2013-04-13 10:20 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-07 21:42 . 2013-04-13 10:20 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-07 10:40 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2013-04-07 10:23 . 2013-04-07 10:23 -------- d-----w- c:\windows\system32\winrm
2013-04-07 10:23 . 2013-04-07 10:23 -------- d-----w- c:\windows\system32\GroupPolicy
2013-04-07 10:23 . 2013-04-07 10:24 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2013-04-07 08:52 . 2013-04-07 08:52 -------- d-----w- c:\windows\system32\config\systemprofile\Data aplikací\IObit
2013-04-06 15:45 . 2012-10-12 17:09 22400 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2013-04-06 14:53 . 2013-04-06 14:53 -------- d-----w- c:\documents and settings\Temik\AppData
2013-04-06 14:50 . 2013-04-06 14:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\IObit
2013-04-06 14:50 . 2013-04-06 15:19 -------- d-----w- c:\documents and settings\Temik\Data aplikací\IObit
2013-04-03 21:59 . 2013-04-03 21:59 -------- d-----w- c:\documents and settings\Temik\Data aplikací\Malwarebytes
2013-04-03 21:59 . 2013-04-03 21:59 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-04-03 21:59 . 2013-04-11 19:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-03 21:59 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-03 20:33 . 2013-03-06 22:33 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-04-03 20:33 . 2013-03-06 22:33 164736 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-04-03 20:33 . 2013-03-06 22:33 49248 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-04-03 20:33 . 2013-03-06 22:33 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-04-03 20:15 . 2013-04-03 20:15 -------- d-----w- C:\rsit
2013-04-03 19:34 . 2013-04-03 19:35 -------- d-----w- c:\program files\CCleaner
2013-04-02 23:13 . 2013-04-02 23:13 -------- d-----w- c:\program files\Google
2013-03-29 13:44 . 2013-03-29 13:44 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-03-25 20:01 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-25 16:56 . 2013-03-25 16:56 -------- d-----w- c:\documents and settings\Temik\Data aplikací\Sony Creative Software
2013-03-24 20:59 . 2013-03-24 20:59 -------- d-----w- c:\documents and settings\Temik\Data aplikací\Publish Providers
2013-03-24 20:45 . 2013-03-24 20:59 -------- d-----w- c:\documents and settings\Temik\Data aplikací\Sony
2013-03-24 20:45 . 2013-03-24 20:45 -------- d-----w- c:\documents and settings\Temik\Local Settings\Data aplikací\Sony
2013-03-24 20:41 . 2013-03-24 20:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Sony
2013-03-24 20:40 . 2013-03-24 20:40 -------- d-----w- c:\program files\Sony
2013-03-24 20:38 . 2008-04-14 06:52 221184 ----a-w- c:\windows\system32\wmpns.dll
2013-03-24 20:35 . 2013-03-24 20:37 -------- d-----w- c:\windows\system32\drivers\UMDF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-08 08:36 . 2008-04-14 06:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 15:56 . 2008-04-14 08:06 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-07 15:56 . 2008-04-14 06:06 2151936 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-06 22:33 . 2012-12-16 20:37 368176 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 22:33 . 2012-12-16 20:37 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-03-06 22:33 . 2012-12-16 20:37 62376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 22:33 . 2012-12-16 20:37 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 22:32 . 2012-12-16 20:37 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 22:32 . 2012-12-16 20:37 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-02 02:08 . 2008-04-14 06:52 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:08 . 2008-04-14 06:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-02 02:08 . 2008-04-14 06:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:57 . 2008-04-14 05:45 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2008-04-14 05:50 385024 ----a-w- c:\windows\system32\html.iec
2013-02-27 07:58 . 2011-03-30 20:19 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2008-04-13 22:26 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-01-26 03:55 . 2008-04-14 06:51 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-04-03 21:22 . 2013-04-03 21:22 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-06-12 . C71BB4782833750BF4C02AC30ED670B7 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 121968 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-04 149040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="=" [X]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-05-04 161328]
"CanonQuickMenu"="c:\program files\Canon\Quick Menu\CNQMMAIN.EXE" [2012-04-03 1273448]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\ws2help.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ7.6\\ICQ.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Land Of The Dead\\System\\LOTD.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [3.4.2013 22:33 49248]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3.4.2013 22:33 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [16.12.2012 22:37 368176]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [29.3.2013 15:44 242240]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.12.2012 22:37 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [3.4.2013 22:33 66336]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3.4.2013 23:59 701512]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [8.9.2010 10:41 237056]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [8.9.2010 10:45 1034752]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [8.9.2010 10:44 484352]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3.4.2013 23:59 22856]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [8.1.2013 13:55 161536]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [3.4.2013 22:33 164736]
S3 GGSAFERDriver;GGSAFER Driver; [x]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [5.2.2013 17:48 235216]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [30.3.2011 22:56 11520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 11:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-13 10:21 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-07 10:20]
.
2013-04-15 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2013-04-03 22:32]
.
2013-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-02 23:13]
.
2013-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-02 23:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
Trusted Zone: line6.net
TCP: DhcpNameServer = 93.99.51.70 192.168.0.1
FF - ProfilePath - c:\documents and settings\Temik\Data aplikací\Mozilla\Firefox\Profiles\l63blo3j.default\
FF - ExtSQL: 2013-04-03 22:33; wrc@avast.com; c:\program files\Alwil Software\Avast5\WebRep\FF
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-15 20:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2776)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2013-04-15 20:45:33 - machine was rebooted
ComboFix-quarantined-files.txt 2013-04-15 18:45
ComboFix2.txt 2013-04-14 21:17
.
Pre-Run: Volných bajtu: 78 345 891 840
Post-Run: Volných bajtu: 78 211 194 880
.
- - End Of File - - 9305170A0EA0D821593BBD7FF757884F

[Rudy]

Log je již OK. Nastala nějaká změna?

[MartinPonozka]

Zatím nastala změna jen v tom, že se při startu Windows nespustí Avast, při ručním spuštění však jede. Načítání je stále pomalé. Je možné, že nějaký virus poškodil systém nebo že byly odstraněny soubory důležité ke správnému běhu systému? Děkuji za odpověď

[Rudy]

Zkuste ještě spustit toto:

Stáhněte Malwarebytes Anti-Rootkit http://www.malwarebytes.org/products/mbar/

Uložte nejlépe na Plochu a rozbalte
Spusťte kliknutím na mbar
Nyní postupně klikněte na Next a Update
Po dokončení update (aktualizace) databáze klikněte opět na Next
Nechte zaškrtnute všechny tři možnosti a kliněte na Scan čímž spustíte prohledavani PC
Po dokončeni skenu (cca 5 minutek) zkontrolujte, zda-li je u všech nalezů (samozrejme pokud budou) zatržítko
Tež zkontrolujte, jestli je zatržitko u Create Restore point
Nyní klikněte na CleanUp čímž nalezenou infekci odstraníme
PC bude restartován
Složka mbar by měla obsahovat log (a zřejmě se i sám otevře) mbar-log-rok-měsíc-den (hodina-minuta-sekunda).txt, ten mi sem dejte.

[MartinPonozka]

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.04.15.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Temik :: ZHOVA-95FA447B2 [administrator]

15.4.2013 23:12:54
mbar-log-2013-04-15 (23-12-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 26246
Time elapsed: 40 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[Rudy]

Ještě poprosím o tento sken: http://support.kaspersky.com/downloads/ ... killer.zip . Soubor rozbalte a spusťte. Nechte pracovat a po skončení akce sem dejte log.

[MartinPonozka]

20:13:43.0625 3164 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:13:43.0937 3164 ============================================================
20:13:43.0937 3164 Current date / time: 2013/04/16 20:13:43.0937
20:13:43.0937 3164 SystemInfo:
20:13:43.0937 3164
20:13:43.0937 3164 OS Version: 5.1.2600 ServicePack: 3.0
20:13:43.0937 3164 Product type: Workstation
20:13:43.0937 3164 ComputerName: ZHOVA-95FA447B2
20:13:43.0937 3164 UserName: Temik
20:13:43.0937 3164 Windows directory: C:\WINDOWS
20:13:43.0937 3164 System windows directory: C:\WINDOWS
20:13:43.0937 3164 Processor architecture: Intel x86
20:13:43.0937 3164 Number of processors: 2
20:13:43.0937 3164 Page size: 0x1000
20:13:43.0937 3164 Boot type: Normal boot
20:13:43.0937 3164 ============================================================
20:13:45.0734 3164 Drive \Device\Harddisk0\DR0 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:13:45.0734 3164 ============================================================
20:13:45.0734 3164 \Device\Harddisk0\DR0:
20:13:45.0734 3164 MBR partitions:
20:13:45.0734 3164 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
20:13:45.0734 3164 ============================================================
20:13:45.0796 3164 C: <-> \Device\Harddisk0\DR0\Partition1
20:13:45.0796 3164 ============================================================
20:13:45.0796 3164 Initialize success
20:13:45.0796 3164 ============================================================
20:13:47.0562 1664 ============================================================
20:13:47.0562 1664 Scan started
20:13:47.0562 1664 Mode: Manual;
20:13:47.0562 1664 ============================================================
20:13:48.0984 1664 ================ Scan system memory ========================
20:13:48.0984 1664 System memory - ok
20:13:48.0984 1664 ================ Scan services =============================
20:13:49.0515 1664 Abiosdsk - ok
20:13:49.0515 1664 abp480n5 - ok
20:13:49.0625 1664 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:13:49.0625 1664 ACPI - ok
20:13:49.0671 1664 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
20:13:49.0671 1664 ACPIEC - ok
20:13:49.0953 1664 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:13:49.0953 1664 AdobeFlashPlayerUpdateSvc - ok
20:13:49.0953 1664 adpu160m - ok
20:13:50.0062 1664 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:13:50.0062 1664 aec - ok
20:13:50.0156 1664 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:13:50.0156 1664 AFD - ok
20:13:50.0156 1664 Aha154x - ok
20:13:50.0171 1664 aic78u2 - ok
20:13:50.0171 1664 aic78xx - ok
20:13:50.0203 1664 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:13:50.0218 1664 Alerter - ok
20:13:50.0250 1664 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
20:13:50.0250 1664 ALG - ok
20:13:50.0265 1664 AliIde - ok
20:13:50.0265 1664 amsint - ok
20:13:50.0343 1664 [ 6B8E7A90E576D4FE308F97C69060A171 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
20:13:50.0343 1664 AppMgmt - ok
20:13:50.0343 1664 asc - ok
20:13:50.0343 1664 asc3350p - ok
20:13:50.0359 1664 asc3550 - ok
20:13:50.0453 1664 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:13:50.0453 1664 aspnet_state - ok
20:13:50.0500 1664 [ CCDA8D84FD02AEC52E62F296433AE9DC ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
20:13:50.0500 1664 aswFsBlk - ok
20:13:50.0578 1664 [ A6E20E62871A28A0F1C05B1681848FA7 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
20:13:50.0578 1664 aswMonFlt - ok
20:13:50.0656 1664 [ C1A411B7CCD604554D96EFDAC2F83617 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
20:13:50.0656 1664 aswRdr - ok
20:13:50.0718 1664 [ 657A61979F40D67CA29716149766FFA7 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
20:13:50.0718 1664 aswRvrt - ok
20:13:51.0125 1664 [ 0E604867FC28F00D91CB0B00D2EC830D ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
20:13:51.0140 1664 aswSnx - ok
20:13:51.0250 1664 [ 6FC4AA106AA505394C908D37CCCB9148 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
20:13:51.0250 1664 aswSP - ok
20:13:51.0296 1664 [ 33E21FFB063CA6C7E00D568467DC72E4 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
20:13:51.0296 1664 aswTdi - ok
20:13:51.0359 1664 [ EDB0C9BA44B748E420CCA989FD8B826E ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
20:13:51.0375 1664 aswVmm - ok
20:13:51.0390 1664 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:13:51.0390 1664 AsyncMac - ok
20:13:51.0468 1664 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:13:51.0468 1664 atapi - ok
20:13:51.0468 1664 Atdisk - ok
20:13:51.0515 1664 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:13:51.0515 1664 Atmarpc - ok
20:13:51.0562 1664 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:13:51.0562 1664 AudioSrv - ok
20:13:51.0625 1664 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:13:51.0625 1664 audstub - ok
20:13:51.0734 1664 [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
20:13:51.0734 1664 avast! Antivirus - ok
20:13:51.0812 1664 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:13:51.0812 1664 Beep - ok
20:13:52.0125 1664 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\WINDOWS\system32\qmgr.dll
20:13:52.0140 1664 BITS - ok
20:13:52.0187 1664 [ 89E739BBA5F636297EA5B5F811189E06 ] Browser C:\WINDOWS\System32\browser.dll
20:13:52.0187 1664 Browser - ok
20:13:52.0187 1664 catchme - ok
20:13:52.0218 1664 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:13:52.0218 1664 cbidf2k - ok
20:13:52.0218 1664 cd20xrnt - ok
20:13:52.0250 1664 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:13:52.0265 1664 Cdaudio - ok
20:13:52.0328 1664 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:13:52.0343 1664 Cdfs - ok
20:13:52.0359 1664 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:13:52.0375 1664 Cdrom - ok
20:13:52.0375 1664 Changer - ok
20:13:52.0406 1664 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:13:52.0406 1664 CiSvc - ok
20:13:52.0437 1664 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:13:52.0437 1664 ClipSrv - ok
20:13:52.0484 1664 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:13:52.0484 1664 clr_optimization_v2.0.50727_32 - ok
20:13:52.0593 1664 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:13:52.0593 1664 clr_optimization_v4.0.30319_32 - ok
20:13:52.0593 1664 CmdIde - ok
20:13:52.0593 1664 COMSysApp - ok
20:13:52.0609 1664 Cpqarray - ok
20:13:52.0625 1664 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:13:52.0640 1664 CryptSvc - ok
20:13:52.0640 1664 dac2w2k - ok
20:13:52.0640 1664 dac960nt - ok
20:13:52.0812 1664 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:13:52.0843 1664 DcomLaunch - ok
20:13:52.0968 1664 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:13:52.0968 1664 Dhcp - ok
20:13:52.0984 1664 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:13:53.0000 1664 Disk - ok
20:13:53.0000 1664 dmadmin - ok
20:13:53.0281 1664 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:13:53.0296 1664 dmboot - ok
20:13:53.0343 1664 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:13:53.0343 1664 dmio - ok
20:13:53.0359 1664 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:13:53.0359 1664 dmload - ok
20:13:53.0421 1664 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:13:53.0421 1664 dmserver - ok
20:13:53.0484 1664 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:13:53.0484 1664 DMusic - ok
20:13:53.0531 1664 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:13:53.0546 1664 Dnscache - ok
20:13:53.0609 1664 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:13:53.0609 1664 Dot3svc - ok
20:13:53.0609 1664 dpti2o - ok
20:13:53.0640 1664 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:13:53.0640 1664 drmkaud - ok
20:13:53.0765 1664 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
20:13:53.0765 1664 dtsoftbus01 - ok
20:13:53.0812 1664 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:13:53.0828 1664 EapHost - ok
20:13:53.0953 1664 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:13:53.0953 1664 ERSvc - ok
20:13:54.0015 1664 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\WINDOWS\system32\services.exe
20:13:54.0031 1664 Eventlog - ok
20:13:54.0125 1664 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\system32\es.dll
20:13:54.0125 1664 EventSystem - ok
20:13:54.0187 1664 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:13:54.0187 1664 Fastfat - ok
20:13:54.0265 1664 [ EE9A2B9EA968A792A053C9D1A86BF870 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:13:54.0281 1664 FastUserSwitchingCompatibility - ok
20:13:54.0296 1664 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
20:13:54.0296 1664 Fdc - ok
20:13:54.0312 1664 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:13:54.0312 1664 Fips - ok
20:13:54.0671 1664 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:13:54.0671 1664 FLEXnet Licensing Service - ok
20:13:54.0734 1664 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:13:54.0734 1664 Flpydisk - ok
20:13:54.0937 1664 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:13:54.0937 1664 FltMgr - ok
20:13:55.0078 1664 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:13:55.0078 1664 FontCache3.0.0.0 - ok
20:13:55.0093 1664 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:13:55.0093 1664 Fs_Rec - ok
20:13:55.0156 1664 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:13:55.0156 1664 Ftdisk - ok
20:13:55.0203 1664 [ 5C230948DD6652228F88CA7AE6CB276C ] gdrv C:\WINDOWS\gdrv.sys
20:13:55.0203 1664 gdrv - ok
20:13:55.0218 1664 GGSAFERDriver - ok
20:13:55.0265 1664 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:13:55.0265 1664 Gpc - ok
20:13:55.0406 1664 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:13:55.0406 1664 gupdate - ok
20:13:55.0515 1664 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:13:55.0515 1664 gupdatem - ok
20:13:55.0562 1664 [ 7929A161F9951D173CA9900FE7067391 ] hamachi C:\WINDOWS\system32\DRIVERS\hamachi.sys
20:13:55.0562 1664 hamachi - ok
20:13:55.0656 1664 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:13:55.0656 1664 HDAudBus - ok
20:13:55.0796 1664 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:13:55.0796 1664 helpsvc - ok
20:13:55.0796 1664 HidServ - ok
20:13:55.0953 1664 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:13:55.0953 1664 hidusb - ok
20:13:56.0015 1664 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:13:56.0015 1664 hkmsvc - ok
20:13:56.0015 1664 hpn - ok
20:13:56.0171 1664 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:13:56.0171 1664 HTTP - ok
20:13:56.0218 1664 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:13:56.0234 1664 HTTPFilter - ok
20:13:56.0234 1664 i2omgmt - ok
20:13:56.0234 1664 i2omp - ok
20:13:56.0250 1664 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:13:56.0250 1664 i8042prt - ok
20:13:56.0359 1664 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:13:56.0359 1664 IDriverT - ok
20:13:56.0656 1664 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:13:56.0656 1664 idsvc - ok
20:13:56.0859 1664 [ EDCCC8C13B1EB882F77BA0ABB84566E7 ] IJPLMSVC C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
20:13:56.0859 1664 IJPLMSVC - ok
20:13:56.0968 1664 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:13:56.0968 1664 Imapi - ok
20:13:57.0046 1664 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:13:57.0046 1664 ImapiService - ok
20:13:57.0046 1664 ini910u - ok
20:13:58.0453 1664 [ 08BAF30F6DE95814F58AF9CE7BBC5614 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:13:58.0484 1664 IntcAzAudAddService - ok
20:13:58.0484 1664 IntelIde - ok
20:13:58.0531 1664 [ 27B290D632AF2CF3CF40BFDDB7370985 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:13:58.0531 1664 intelppm - ok
20:13:58.0578 1664 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:13:58.0578 1664 Ip6Fw - ok
20:13:58.0625 1664 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:13:58.0625 1664 IpFilterDriver - ok
20:13:58.0640 1664 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:13:58.0640 1664 IpInIp - ok
20:13:58.0687 1664 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:13:58.0687 1664 IpNat - ok
20:13:58.0734 1664 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:13:58.0734 1664 IPSec - ok
20:13:58.0781 1664 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:13:58.0781 1664 IRENUM - ok
20:13:58.0828 1664 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:13:58.0828 1664 isapnp - ok
20:13:58.0984 1664 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:13:58.0984 1664 Kbdclass - ok
20:13:59.0046 1664 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:13:59.0062 1664 kmixer - ok
20:13:59.0109 1664 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:13:59.0109 1664 KSecDD - ok
20:13:59.0187 1664 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
20:13:59.0203 1664 LanmanServer - ok
20:13:59.0296 1664 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:13:59.0296 1664 lanmanworkstation - ok
20:13:59.0312 1664 lbrtfdc - ok
20:13:59.0453 1664 [ 31D8B705DCD5F2366186E731F87C7A71 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
20:13:59.0453 1664 LightScribeService - ok
20:13:59.0500 1664 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:13:59.0515 1664 LmHosts - ok
20:13:59.0609 1664 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
20:13:59.0625 1664 McComponentHostService - ok
20:13:59.0656 1664 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:13:59.0656 1664 Messenger - ok
20:13:59.0750 1664 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
20:13:59.0750 1664 Microsoft Office Groove Audit Service - ok
20:13:59.0781 1664 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:13:59.0781 1664 mnmdd - ok
20:13:59.0984 1664 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
20:13:59.0984 1664 mnmsrvc - ok
20:14:00.0031 1664 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:14:00.0046 1664 Modem - ok
20:14:00.0078 1664 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:14:00.0078 1664 Mouclass - ok
20:14:00.0093 1664 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:14:00.0093 1664 mouhid - ok
20:14:00.0125 1664 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:14:00.0125 1664 MountMgr - ok
20:14:00.0218 1664 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:14:00.0218 1664 MozillaMaintenance - ok
20:14:00.0218 1664 mraid35x - ok
20:14:00.0296 1664 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:14:00.0296 1664 MRxDAV - ok
20:14:00.0453 1664 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:14:00.0468 1664 MRxSmb - ok
20:14:00.0484 1664 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
20:14:00.0500 1664 MSDTC - ok
20:14:00.0546 1664 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:14:00.0546 1664 Msfs - ok
20:14:00.0562 1664 MSIServer - ok
20:14:00.0625 1664 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:14:00.0625 1664 MSKSSRV - ok
20:14:00.0687 1664 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:14:00.0687 1664 mssmbios - ok
20:14:00.0734 1664 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:14:00.0734 1664 Mup - ok
20:14:00.0953 1664 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
20:14:00.0968 1664 napagent - ok
20:14:01.0015 1664 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:14:01.0015 1664 NDIS - ok
20:14:01.0078 1664 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:14:01.0078 1664 NdisTapi - ok
20:14:01.0093 1664 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:14:01.0093 1664 Ndisuio - ok
20:14:01.0125 1664 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:14:01.0125 1664 NdisWan - ok
20:14:01.0171 1664 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:14:01.0171 1664 NDProxy - ok
20:14:01.0187 1664 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:14:01.0203 1664 NetBIOS - ok
20:14:01.0281 1664 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:14:01.0281 1664 NetBT - ok
20:14:01.0359 1664 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
20:14:01.0359 1664 NetDDE - ok
20:14:01.0406 1664 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:14:01.0406 1664 NetDDEdsdm - ok
20:14:01.0468 1664 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
20:14:01.0468 1664 Netlogon - ok
20:14:01.0562 1664 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
20:14:01.0578 1664 Netman - ok
20:14:01.0671 1664 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:14:01.0671 1664 NetTcpPortSharing - ok
20:14:01.0781 1664 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\WINDOWS\System32\mswsock.dll
20:14:01.0796 1664 Nla - ok
20:14:01.0953 1664 [ DBB5F7B1A4F109CD7A1ABD3AC7A10D39 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
20:14:01.0953 1664 NMIndexingService - ok
20:14:01.0984 1664 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:14:01.0984 1664 Npfs - ok
20:14:02.0156 1664 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:14:02.0156 1664 Ntfs - ok
20:14:02.0171 1664 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
20:14:02.0171 1664 NtLmSsp - ok
20:14:02.0312 1664 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:14:02.0328 1664 NtmsSvc - ok
20:14:02.0375 1664 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:14:02.0375 1664 Null - ok
20:14:06.0218 1664 [ 18C9B152DA7BEA76B2F9E4B6412E0AAF ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:14:06.0281 1664 nv - ok
20:14:06.0359 1664 [ A8C1E6FF53FB0628A302843EA5FA5AB6 ] nvsvc C:\WINDOWS\system32\nvsvc32.exe
20:14:06.0375 1664 nvsvc - ok
20:14:06.0421 1664 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:14:06.0421 1664 NwlnkFlt - ok
20:14:06.0437 1664 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:14:06.0437 1664 NwlnkFwd - ok
20:14:06.0828 1664 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:14:06.0828 1664 odserv - ok
20:14:06.0921 1664 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:14:06.0921 1664 ose - ok
20:14:06.0968 1664 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
20:14:06.0984 1664 Parport - ok
20:14:07.0015 1664 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:14:07.0015 1664 PartMgr - ok
20:14:07.0031 1664 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:14:07.0031 1664 ParVdm - ok
20:14:07.0078 1664 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
20:14:07.0078 1664 pccsmcfd - ok
20:14:07.0125 1664 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:14:07.0125 1664 PCI - ok
20:14:07.0125 1664 PCIDump - ok
20:14:07.0140 1664 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:14:07.0140 1664 PCIIde - ok
20:14:07.0171 1664 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
20:14:07.0171 1664 Pcmcia - ok
20:14:07.0187 1664 PDCOMP - ok
20:14:07.0187 1664 PDFRAME - ok
20:14:07.0187 1664 PDRELI - ok
20:14:07.0187 1664 PDRFRAME - ok
20:14:07.0203 1664 perc2 - ok
20:14:07.0203 1664 perc2hib - ok
20:14:07.0265 1664 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\WINDOWS\system32\services.exe
20:14:07.0281 1664 PlugPlay - ok
20:14:07.0359 1664 [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
20:14:07.0359 1664 PnkBstrA - ok
20:14:07.0375 1664 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:14:07.0375 1664 PolicyAgent - ok
20:14:07.0453 1664 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:14:07.0453 1664 PptpMiniport - ok
20:14:07.0468 1664 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:14:07.0468 1664 ProtectedStorage - ok
20:14:07.0500 1664 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:14:07.0500 1664 PSched - ok
20:14:07.0500 1664 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:14:07.0500 1664 Ptilink - ok
20:14:07.0515 1664 ql1080 - ok
20:14:07.0515 1664 Ql10wnt - ok
20:14:07.0515 1664 ql12160 - ok
20:14:07.0515 1664 ql1240 - ok
20:14:07.0531 1664 ql1280 - ok
20:14:07.0562 1664 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:14:07.0562 1664 RasAcd - ok
20:14:07.0609 1664 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:14:07.0625 1664 RasAuto - ok
20:14:07.0640 1664 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:14:07.0640 1664 Rasl2tp - ok
20:14:07.0718 1664 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:14:07.0718 1664 RasMan - ok
20:14:07.0734 1664 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:14:07.0734 1664 RasPppoe - ok
20:14:07.0750 1664 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:14:07.0750 1664 Raspti - ok
20:14:07.0812 1664 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:14:07.0828 1664 Rdbss - ok
20:14:07.0828 1664 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:14:07.0828 1664 RDPCDD - ok
20:14:07.0890 1664 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:14:07.0890 1664 rdpdr - ok
20:14:07.0984 1664 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:14:07.0984 1664 RDPWD - ok
20:14:08.0046 1664 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:14:08.0062 1664 RDSessMgr - ok
20:14:08.0125 1664 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:14:08.0125 1664 redbook - ok
20:14:08.0203 1664 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:14:08.0218 1664 RemoteAccess - ok
20:14:08.0281 1664 [ 8F31505484A190D5B22274708799F4EC ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
20:14:08.0281 1664 RemoteRegistry - ok
20:14:08.0328 1664 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\system32\locator.exe
20:14:08.0343 1664 RpcLocator - ok
20:14:08.0468 1664 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\WINDOWS\System32\rpcss.dll
20:14:08.0484 1664 RpcSs - ok
20:14:08.0562 1664 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
20:14:08.0578 1664 RSVP - ok
20:14:08.0671 1664 [ 89619EF503F949FAE09252A8B883EE11 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
20:14:08.0671 1664 RTLE8023xp - ok
20:14:08.0718 1664 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
20:14:08.0734 1664 SamSs - ok
20:14:08.0796 1664 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:14:08.0796 1664 SCardSvr - ok
20:14:08.0890 1664 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:14:08.0906 1664 Schedule - ok
20:14:08.0937 1664 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:14:08.0937 1664 Secdrv - ok
20:14:08.0984 1664 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
20:14:08.0984 1664 seclogon - ok
20:14:09.0015 1664 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
20:14:09.0031 1664 SENS - ok
20:14:09.0046 1664 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
20:14:09.0046 1664 serenum - ok
20:14:09.0062 1664 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
20:14:09.0062 1664 Serial - ok
20:14:09.0093 1664 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:14:09.0093 1664 Sfloppy - ok
20:14:09.0187 1664 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:14:09.0203 1664 SharedAccess - ok
20:14:09.0234 1664 [ EE9A2B9EA968A792A053C9D1A86BF870 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:14:09.0250 1664 ShellHWDetection - ok
20:14:09.0250 1664 Simbad - ok
20:14:09.0375 1664 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
20:14:09.0375 1664 SkypeUpdate - ok
20:14:09.0390 1664 Sparrow - ok
20:14:09.0453 1664 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:14:09.0453 1664 splitter - ok
20:14:09.0562 1664 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:14:09.0562 1664 Spooler - ok
20:14:09.0765 1664 [ 0022CFFF1A41E5CE3A764050A7DDF22A ] sptd C:\WINDOWS\System32\Drivers\sptd.sys
20:14:09.0781 1664 sptd - ok
20:14:09.0812 1664 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:14:09.0812 1664 sr - ok
20:14:09.0875 1664 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
20:14:09.0890 1664 srservice - ok
20:14:10.0015 1664 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:14:10.0015 1664 Srv - ok
20:14:10.0062 1664 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:14:10.0078 1664 SSDPSRV - ok
20:14:10.0171 1664 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:14:10.0187 1664 stisvc - ok
20:14:10.0203 1664 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:14:10.0203 1664 swenum - ok
20:14:10.0234 1664 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:14:10.0234 1664 swmidi - ok
20:14:10.0250 1664 SwPrv - ok
20:14:10.0250 1664 symc810 - ok
20:14:10.0250 1664 symc8xx - ok
20:14:10.0250 1664 sym_hi - ok
20:14:10.0250 1664 sym_u3 - ok
20:14:10.0343 1664 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:14:10.0343 1664 sysaudio - ok
20:14:10.0390 1664 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:14:10.0390 1664 SysmonLog - ok
20:14:10.0515 1664 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:14:10.0531 1664 TapiSrv - ok
20:14:10.0671 1664 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:14:10.0687 1664 Tcpip - ok
20:14:10.0718 1664 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:14:10.0718 1664 TDPIPE - ok
20:14:10.0734 1664 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:14:10.0734 1664 TDTCP - ok
20:14:10.0781 1664 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:14:10.0781 1664 TermDD - ok
20:14:10.0875 1664 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\WINDOWS\System32\termsrv.dll
20:14:10.0890 1664 TermService - ok
20:14:10.0937 1664 [ EE9A2B9EA968A792A053C9D1A86BF870 ] Themes C:\WINDOWS\System32\shsvcs.dll
20:14:10.0937 1664 Themes - ok
20:14:10.0984 1664 [ CD0CC7B167D78043A41C98D4921EFB54 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
20:14:11.0000 1664 TlntSvr - ok
20:14:11.0000 1664 TosIde - ok
20:14:11.0046 1664 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:14:11.0062 1664 TrkWks - ok
20:14:11.0093 1664 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:14:11.0109 1664 Udfs - ok
20:14:11.0109 1664 ultra - ok
20:14:11.0218 1664 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:14:11.0218 1664 Update - ok
20:14:11.0296 1664 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
20:14:11.0312 1664 upnphost - ok
20:14:11.0312 1664 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
20:14:11.0328 1664 UPS - ok
20:14:11.0359 1664 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:14:11.0359 1664 usbccgp - ok
20:14:11.0406 1664 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:14:11.0406 1664 usbehci - ok
20:14:11.0484 1664 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:14:11.0484 1664 usbhub - ok
20:14:11.0531 1664 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:14:11.0531 1664 usbprint - ok
20:14:11.0562 1664 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:14:11.0562 1664 usbscan - ok
20:14:11.0625 1664 [ 1C888B000C2F9492F4B15B5B6B84873E ] usbser C:\WINDOWS\system32\drivers\usbser.sys
20:14:11.0625 1664 usbser - ok
20:14:11.0671 1664 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:14:11.0671 1664 USBSTOR - ok
20:14:11.0718 1664 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:14:11.0718 1664 usbuhci - ok
20:14:11.0718 1664 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:14:11.0734 1664 VgaSave - ok
20:14:11.0734 1664 ViaIde - ok
20:14:11.0750 1664 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:14:11.0765 1664 VolSnap - ok
20:14:11.0859 1664 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
20:14:11.0875 1664 VSS - ok
20:14:11.0953 1664 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\system32\w32time.dll
20:14:11.0968 1664 W32Time - ok
20:14:11.0984 1664 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:14:11.0984 1664 Wanarp - ok
20:14:12.0031 1664 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
20:14:12.0031 1664 WDC_SAM - ok
20:14:12.0140 1664 [ DBBAB783009FBDF69B222641BB7831AE ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
20:14:12.0140 1664 WDDMService - ok
20:14:12.0328 1664 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
20:14:12.0328 1664 Wdf01000 - ok
20:14:12.0640 1664 [ A787A567B3470C91C487ECE90CF7509C ] WDFME C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
20:14:12.0656 1664 WDFME - ok
20:14:12.0656 1664 WDICA - ok
20:14:12.0734 1664 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:14:12.0734 1664 wdmaud - ok
20:14:12.0890 1664 [ B30940E39D5B3218958DBD2EA3D13BCB ] WDSC C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
20:14:12.0890 1664 WDSC - ok
20:14:12.0937 1664 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:14:12.0937 1664 WebClient - ok
20:14:13.0093 1664 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:14:13.0093 1664 winmgmt - ok
20:14:13.0437 1664 [ 4D34CEDD74BDBF2B6A935EAE3BF80543 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
20:14:13.0453 1664 WinRM - ok
20:14:13.0515 1664 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
20:14:13.0515 1664 WmdmPmSN - ok
20:14:13.0734 1664 [ 0171CFF34BBA8C5977F18C48D8AEF8C6 ] Wmi C:\WINDOWS\System32\advapi32.dll
20:14:13.0750 1664 Wmi - ok
20:14:13.0843 1664 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:14:13.0843 1664 WmiApSrv - ok
20:14:14.0281 1664 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:14:14.0281 1664 WPFFontCache_v0400 - ok
20:14:14.0328 1664 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:14:14.0328 1664 WS2IFSL - ok
20:14:14.0375 1664 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:14:14.0375 1664 wscsvc - ok
20:14:14.0406 1664 [ C1364564800EE9784192145324A23308 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:14:14.0406 1664 wuauserv - ok
20:14:14.0453 1664 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:14:14.0453 1664 WudfPf - ok
20:14:14.0500 1664 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:14:14.0500 1664 WudfRd - ok
20:14:14.0531 1664 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
20:14:14.0546 1664 WudfSvc - ok
20:14:14.0703 1664 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:14:14.0718 1664 WZCSVC - ok
20:14:14.0781 1664 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:14:14.0796 1664 xmlprov - ok
20:14:14.0796 1664 ================ Scan global ===============================
20:14:14.0843 1664 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
20:14:14.0968 1664 [ 4C0AA4ABC4E21672B55D8A700AF2B2A6 ] C:\WINDOWS\system32\winsrv.dll
20:14:15.0078 1664 [ 4C0AA4ABC4E21672B55D8A700AF2B2A6 ] C:\WINDOWS\system32\winsrv.dll
20:14:15.0125 1664 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\WINDOWS\system32\services.exe
20:14:15.0125 1664 [Global] - ok
20:14:15.0125 1664 ================ Scan MBR ==================================
20:14:15.0171 1664 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
20:14:15.0531 1664 \Device\Harddisk0\DR0 - ok
20:14:15.0531 1664 ================ Scan VBR ==================================
20:14:15.0531 1664 [ 9FCB09C342469A17649F19079D5FC0DD ] \Device\Harddisk0\DR0\Partition1
20:14:15.0531 1664 \Device\Harddisk0\DR0\Partition1 - ok
20:14:15.0531 1664 ============================================================
20:14:15.0531 1664 Scan finished
20:14:15.0531 1664 ============================================================
20:14:15.0546 1892 Detected object count: 0
20:14:15.0546 1892 Actual detected object count: 0