kontrola logu

[Márty84]

Zkuste MBAR pouzit v nouzovem rezimu. Kdyz to nepujde ani tam, zkuste ten TDSSKiller. Zero Access je poradny previt.

[RH46]

Provedena kontrola přes TDSSKiller - zde je log
(ještě dotaz - stažené programy mám zase vymazat?)

21:14:11.0890 2352 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:14:15.0765 2352 ============================================================
21:14:15.0765 2352 Current date / time: 2013/11/10 21:14:15.0765
21:14:15.0765 2352 SystemInfo:
21:14:15.0765 2352
21:14:15.0765 2352 OS Version: 5.1.2600 ServicePack: 3.0
21:14:15.0765 2352 Product type: Workstation
21:14:15.0765 2352 ComputerName: RH-9B6AEB81C62A
21:14:15.0765 2352 UserName: RH
21:14:15.0765 2352 Windows directory: C:\WINDOWS
21:14:15.0765 2352 System windows directory: C:\WINDOWS
21:14:15.0765 2352 Processor architecture: Intel x86
21:14:15.0765 2352 Number of processors: 1
21:14:15.0765 2352 Page size: 0x1000
21:14:15.0765 2352 Boot type: Normal boot
21:14:15.0765 2352 ============================================================
21:14:17.0546 2352 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:14:17.0562 2352 ============================================================
21:14:17.0562 2352 \Device\Harddisk0\DR0:
21:14:17.0562 2352 MBR partitions:
21:14:17.0562 2352 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
21:14:17.0562 2352 ============================================================
21:14:17.0593 2352 C: <-> \Device\Harddisk0\DR0\Partition1
21:14:17.0593 2352 ============================================================
21:14:17.0593 2352 Initialize success
21:14:17.0593 2352 ============================================================
21:15:16.0015 0792 ============================================================
21:15:16.0015 0792 Scan started
21:15:16.0015 0792 Mode: Manual; SigCheck; TDLFS;
21:15:16.0015 0792 ============================================================
21:15:16.0906 0792 ================ Scan system memory ========================
21:15:16.0906 0792 System memory - ok
21:15:16.0906 0792 ================ Scan services =============================
21:15:17.0031 0792 Abiosdsk - ok
21:15:17.0031 0792 abp480n5 - ok
21:15:17.0093 0792 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:15:18.0718 0792 ACPI - ok
21:15:18.0765 0792 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:15:18.0953 0792 ACPIEC - ok
21:15:19.0093 0792 [ A283108E14F3970432C21AF4C0CB1BCE ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:15:19.0140 0792 AdobeFlashPlayerUpdateSvc - ok
21:15:19.0156 0792 adpu160m - ok
21:15:19.0203 0792 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:15:19.0359 0792 aec - ok
21:15:19.0468 0792 [ 0FF5727AD56842D599C7EDC8172D1014 ] AF9035HB C:\WINDOWS\system32\Drivers\AF9035HB.sys
21:15:19.0593 0792 AF9035HB - ok
21:15:19.0640 0792 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:15:19.0718 0792 AFD - ok
21:15:19.0734 0792 Aha154x - ok
21:15:19.0734 0792 aic78u2 - ok
21:15:19.0750 0792 aic78xx - ok
21:15:19.0796 0792 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:15:19.0937 0792 Alerter - ok
21:15:19.0968 0792 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
21:15:20.0109 0792 ALG - ok
21:15:20.0125 0792 AliIde - ok
21:15:20.0125 0792 amsint - ok
21:15:20.0171 0792 [ 6B8E7A90E576D4FE308F97C69060A171 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
21:15:20.0328 0792 AppMgmt - ok
21:15:20.0328 0792 asc - ok
21:15:20.0343 0792 asc3350p - ok
21:15:20.0343 0792 asc3550 - ok
21:15:20.0515 0792 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:15:20.0593 0792 aspnet_state - ok
21:15:20.0640 0792 [ B9FE438B3CAD82B2014710349A2022F7 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
21:15:20.0656 0792 aswFsBlk - ok
21:15:20.0703 0792 [ AE5549DD21F6DE06406031EF1D51ACC3 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
21:15:20.0718 0792 aswMonFlt - ok
21:15:20.0765 0792 [ D084D0A7A66619FC29776CBBB9D5FA55 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
21:15:20.0781 0792 AswRdr - ok
21:15:20.0812 0792 [ FA72FA503F580C3C628DD8C7D7622E37 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
21:15:20.0828 0792 aswRvrt - ok
21:15:20.0906 0792 [ 4D53349D848C6BADB3D4ACBE98C27676 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
21:15:20.0968 0792 aswSnx - ok
21:15:21.0015 0792 [ 813024DFD54A41B3AFAE2B1E2796CB80 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
21:15:21.0046 0792 aswSP - ok
21:15:21.0093 0792 [ 5E18413310134130D7772F0668698CB7 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
21:15:21.0109 0792 aswTdi - ok
21:15:21.0125 0792 [ A5F637D61719D37A5B4868C385E363C0 ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
21:15:21.0140 0792 aswVmm - ok
21:15:21.0171 0792 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:15:21.0328 0792 AsyncMac - ok
21:15:21.0343 0792 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:15:21.0484 0792 atapi - ok
21:15:21.0484 0792 Atdisk - ok
21:15:21.0500 0792 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:15:21.0656 0792 Atmarpc - ok
21:15:21.0687 0792 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:15:21.0843 0792 AudioSrv - ok
21:15:21.0890 0792 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:15:22.0046 0792 audstub - ok
21:15:22.0203 0792 [ 9330941C8F6DF417F6DBBE998DB6687E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:15:22.0218 0792 avast! Antivirus - ok
21:15:22.0312 0792 [ 5D94B330561A5D5DF869593855B2EE7F ] AVerPola C:\WINDOWS\system32\DRIVERS\AVerPola.sys
21:15:22.0406 0792 AVerPola - ok
21:15:22.0484 0792 [ B085322DC9984B31190BD80D2542329F ] AVerRemote C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
21:15:22.0562 0792 AVerRemote ( UnsignedFile.Multi.Generic ) - warning
21:15:22.0562 0792 AVerRemote - detected UnsignedFile.Multi.Generic (1)
21:15:22.0593 0792 [ 3094F37D17C9F91632689FFE9381FC4B ] AVerScheduleService C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
21:15:22.0656 0792 AVerScheduleService ( UnsignedFile.Multi.Generic ) - warning
21:15:22.0656 0792 AVerScheduleService - detected UnsignedFile.Multi.Generic (1)
21:15:22.0671 0792 [ 3E65117BE44E8436DD9CD8282FEB76F0 ] AVPolCIR C:\WINDOWS\system32\DRIVERS\AVPolCIR.sys
21:15:22.0750 0792 AVPolCIR - ok
21:15:22.0796 0792 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:15:22.0953 0792 Beep - ok
21:15:23.0000 0792 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\WINDOWS\system32\qmgr.dll
21:15:23.0203 0792 BITS - ok
21:15:23.0250 0792 [ 89E739BBA5F636297EA5B5F811189E06 ] Browser C:\WINDOWS\System32\browser.dll
21:15:23.0359 0792 Browser - ok
21:15:23.0531 0792 catchme - ok
21:15:23.0562 0792 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:15:23.0718 0792 cbidf2k - ok
21:15:23.0781 0792 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:15:23.0937 0792 CCDECODE - ok
21:15:23.0937 0792 cd20xrnt - ok
21:15:24.0000 0792 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:15:24.0171 0792 Cdaudio - ok
21:15:24.0218 0792 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:15:24.0375 0792 Cdfs - ok
21:15:24.0421 0792 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:15:24.0578 0792 Cdrom - ok
21:15:24.0578 0792 Changer - ok
21:15:24.0609 0792 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:15:24.0765 0792 CiSvc - ok
21:15:24.0781 0792 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:15:24.0921 0792 ClipSrv - ok
21:15:24.0968 0792 [ 7FA87325900183197BC9710D1CE4C9FA ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:15:25.0046 0792 clr_optimization_v2.0.50727_32 - ok
21:15:25.0093 0792 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:15:25.0125 0792 clr_optimization_v4.0.30319_32 - ok
21:15:25.0125 0792 CmdIde - ok
21:15:25.0140 0792 COMSysApp - ok
21:15:25.0156 0792 Cpqarray - ok
21:15:25.0203 0792 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:15:25.0328 0792 CryptSvc - ok
21:15:25.0343 0792 dac2w2k - ok
21:15:25.0343 0792 dac960nt - ok
21:15:25.0406 0792 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:15:25.0578 0792 DcomLaunch - ok
21:15:25.0687 0792 [ 92AE26F2CAF4A67E24A0BA6DDF32CC3C ] DfSdkS C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
21:15:25.0750 0792 DfSdkS ( UnsignedFile.Multi.Generic ) - warning
21:15:25.0750 0792 DfSdkS - detected UnsignedFile.Multi.Generic (1)
21:15:25.0812 0792 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:15:25.0968 0792 Dhcp - ok
21:15:26.0031 0792 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:15:26.0171 0792 Disk - ok
21:15:26.0187 0792 dmadmin - ok
21:15:26.0250 0792 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:15:26.0500 0792 dmboot - ok
21:15:26.0515 0792 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys
21:15:26.0640 0792 dmio - ok
21:15:26.0671 0792 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:15:26.0812 0792 dmload - ok
21:15:26.0859 0792 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:15:27.0000 0792 dmserver - ok
21:15:27.0015 0792 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:15:27.0156 0792 DMusic - ok
21:15:27.0218 0792 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:15:27.0390 0792 Dnscache - ok
21:15:27.0421 0792 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:15:27.0578 0792 Dot3svc - ok
21:15:27.0578 0792 dpti2o - ok
21:15:27.0609 0792 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:15:27.0750 0792 drmkaud - ok
21:15:27.0781 0792 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:15:27.0906 0792 EapHost - ok
21:15:27.0953 0792 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:15:28.0093 0792 ERSvc - ok
21:15:28.0125 0792 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\WINDOWS\system32\services.exe
21:15:28.0203 0792 Eventlog - ok
21:15:28.0265 0792 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\system32\es.dll
21:15:28.0328 0792 EventSystem - ok
21:15:28.0359 0792 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:15:28.0515 0792 Fastfat - ok
21:15:28.0546 0792 [ EE9A2B9EA968A792A053C9D1A86BF870 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:15:28.0671 0792 FastUserSwitchingCompatibility - ok
21:15:28.0703 0792 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
21:15:28.0828 0792 Fdc - ok
21:15:28.0890 0792 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:15:29.0031 0792 Fips - ok
21:15:29.0031 0792 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:15:29.0187 0792 Flpydisk - ok
21:15:29.0234 0792 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:15:29.0390 0792 FltMgr - ok
21:15:29.0468 0792 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:15:29.0484 0792 FontCache3.0.0.0 - ok
21:15:29.0500 0792 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:15:29.0656 0792 Fs_Rec - ok
21:15:29.0687 0792 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:15:29.0843 0792 Ftdisk - ok
21:15:29.0906 0792 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:15:30.0062 0792 Gpc - ok
21:15:30.0093 0792 [ 6003BC70F1A8307262BD3C941BDA0B7E ] grmnusb C:\WINDOWS\system32\drivers\grmnusb.sys
21:15:30.0140 0792 grmnusb - ok
21:15:30.0187 0792 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:15:30.0375 0792 HDAudBus - ok
21:15:30.0468 0792 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:15:30.0625 0792 helpsvc - ok
21:15:30.0656 0792 [ 00E25EE90166B3E1BE6E74AEBF858306 ] HidServ C:\WINDOWS\System32\hidserv.dll
21:15:30.0812 0792 HidServ - ok
21:15:30.0843 0792 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:15:30.0968 0792 hkmsvc - ok
21:15:30.0984 0792 hpn - ok
21:15:31.0031 0792 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:15:31.0093 0792 HTTP - ok
21:15:31.0140 0792 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:15:31.0281 0792 HTTPFilter - ok
21:15:31.0281 0792 i2omgmt - ok
21:15:31.0296 0792 i2omp - ok
21:15:31.0343 0792 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:15:31.0484 0792 i8042prt - ok
21:15:31.0671 0792 [ D1359E54D9755D28E56B17A352AB8AAE ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:15:31.0984 0792 ialm - ok
21:15:32.0078 0792 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:15:32.0187 0792 idsvc - ok
21:15:32.0234 0792 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:15:32.0390 0792 Imapi - ok
21:15:32.0437 0792 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
21:15:32.0593 0792 ImapiService - ok
21:15:32.0656 0792 [ B87FC7C71632240DAC8F4D20E9CE8377 ] InCDfs C:\WINDOWS\system32\drivers\InCDfs.sys
21:15:32.0687 0792 InCDfs ( UnsignedFile.Multi.Generic ) - warning
21:15:32.0687 0792 InCDfs - detected UnsignedFile.Multi.Generic (1)
21:15:32.0687 0792 [ 2E878405128EC98886EB9C2216AC7BD6 ] InCDPass C:\WINDOWS\system32\DRIVERS\InCDPass.sys
21:15:32.0703 0792 InCDPass ( UnsignedFile.Multi.Generic ) - warning
21:15:32.0703 0792 InCDPass - detected UnsignedFile.Multi.Generic (1)
21:15:32.0734 0792 [ DDF078917A42F105385D7EB6DEBB3433 ] InCDrec C:\WINDOWS\system32\drivers\InCDrec.sys
21:15:32.0750 0792 InCDrec ( UnsignedFile.Multi.Generic ) - warning
21:15:32.0750 0792 InCDrec - detected UnsignedFile.Multi.Generic (1)
21:15:32.0781 0792 [ 7F352360E947AD2CD4BA60DE27B1A299 ] incdrm C:\WINDOWS\system32\drivers\incdrm.sys
21:15:32.0796 0792 incdrm ( UnsignedFile.Multi.Generic ) - warning
21:15:32.0796 0792 incdrm - detected UnsignedFile.Multi.Generic (1)
21:15:32.0796 0792 ini910u - ok
21:15:32.0984 0792 [ 19D3781892A3794672CD1962F3D8D3B8 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:15:33.0296 0792 IntcAzAudAddService - ok
21:15:33.0296 0792 IntelIde - ok
21:15:33.0359 0792 [ 27B290D632AF2CF3CF40BFDDB7370985 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:15:33.0484 0792 intelppm - ok
21:15:33.0500 0792 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:15:33.0640 0792 Ip6Fw - ok
21:15:33.0671 0792 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:15:33.0828 0792 IpFilterDriver - ok
21:15:33.0843 0792 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:15:33.0968 0792 IpInIp - ok
21:15:34.0000 0792 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:15:34.0156 0792 IpNat - ok
21:15:34.0203 0792 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:15:34.0359 0792 IPSec - ok
21:15:34.0359 0792 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:15:34.0500 0792 IRENUM - ok
21:15:34.0546 0792 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:15:34.0687 0792 isapnp - ok
21:15:34.0828 0792 [ 5E06A9D23727DAF96FAA796F1135FDCD ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
21:15:34.0843 0792 JavaQuickStarterService - ok
21:15:34.0890 0792 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:15:35.0031 0792 Kbdclass - ok
21:15:35.0062 0792 [ 86C8F23616C6C6E5B2776901C17B945B ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:15:35.0218 0792 kbdhid - ok
21:15:35.0265 0792 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:15:35.0390 0792 kmixer - ok
21:15:35.0421 0792 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:15:35.0515 0792 KSecDD - ok
21:15:35.0578 0792 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:15:35.0640 0792 lanmanserver - ok
21:15:35.0687 0792 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:15:35.0765 0792 lanmanworkstation - ok
21:15:35.0781 0792 lbrtfdc - ok
21:15:35.0828 0792 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:15:35.0984 0792 LmHosts - ok
21:15:36.0015 0792 [ 805C6F337968C7271F0421D0A386C8EE ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys
21:15:36.0031 0792 mbamchameleon - ok
21:15:36.0062 0792 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
21:15:36.0093 0792 MBAMProtector - ok
21:15:36.0218 0792 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:15:36.0250 0792 MBAMScheduler - ok
21:15:36.0328 0792 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:15:36.0375 0792 MBAMService - ok
21:15:36.0421 0792 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:15:36.0593 0792 Messenger - ok
21:15:36.0640 0792 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:15:36.0781 0792 mnmdd - ok
21:15:36.0828 0792 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
21:15:36.0984 0792 mnmsrvc - ok
21:15:37.0015 0792 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:15:37.0171 0792 Modem - ok
21:15:37.0218 0792 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:15:37.0375 0792 Mouclass - ok
21:15:37.0406 0792 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:15:37.0531 0792 MountMgr - ok
21:15:37.0578 0792 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
21:15:37.0718 0792 MPE - ok
21:15:37.0734 0792 mraid35x - ok
21:15:37.0734 0792 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:15:37.0890 0792 MRxDAV - ok
21:15:37.0937 0792 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:15:38.0015 0792 MRxSmb - ok
21:15:38.0046 0792 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
21:15:38.0203 0792 MSDTC - ok
21:15:38.0218 0792 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:15:38.0375 0792 Msfs - ok
21:15:38.0375 0792 MSIServer - ok
21:15:38.0390 0792 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:15:38.0515 0792 MSKSSRV - ok
21:15:38.0515 0792 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:15:38.0656 0792 MSPCLOCK - ok
21:15:38.0671 0792 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:15:38.0796 0792 MSPQM - ok
21:15:38.0812 0792 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:15:38.0968 0792 mssmbios - ok
21:15:39.0000 0792 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
21:15:39.0140 0792 MSTEE - ok
21:15:39.0171 0792 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:15:39.0203 0792 Mup - ok
21:15:39.0218 0792 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:15:39.0359 0792 NABTSFEC - ok
21:15:39.0406 0792 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
21:15:39.0562 0792 napagent - ok
21:15:39.0625 0792 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:15:39.0781 0792 NDIS - ok
21:15:39.0812 0792 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:15:39.0953 0792 NdisIP - ok
21:15:39.0984 0792 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:15:40.0046 0792 NdisTapi - ok
21:15:40.0093 0792 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:15:40.0250 0792 Ndisuio - ok
21:15:40.0250 0792 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:15:40.0406 0792 NdisWan - ok
21:15:40.0437 0792 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:15:40.0500 0792 NDProxy - ok
21:15:40.0546 0792 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:15:40.0687 0792 NetBIOS - ok
21:15:40.0718 0792 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:15:40.0875 0792 NetBT - ok
21:15:40.0906 0792 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
21:15:41.0031 0792 NetDDE - ok
21:15:41.0046 0792 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:15:41.0171 0792 NetDDEdsdm - ok
21:15:41.0234 0792 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:15:41.0359 0792 Netlogon - ok
21:15:41.0390 0792 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
21:15:41.0546 0792 Netman - ok
21:15:41.0578 0792 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:15:41.0625 0792 NetTcpPortSharing - ok
21:15:41.0656 0792 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\WINDOWS\System32\mswsock.dll
21:15:41.0734 0792 Nla - ok
21:15:41.0750 0792 [ F6C40E0A565EE3CE5AEEB325E10054F2 ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
21:15:41.0937 0792 nmwcd - ok
21:15:41.0984 0792 [ 2A394E9E1FA3565E4B2FEA470FFE4D6B ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys
21:15:42.0093 0792 nmwcdc - ok
21:15:42.0140 0792 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:15:42.0281 0792 Npfs - ok
21:15:42.0328 0792 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:15:42.0500 0792 Ntfs - ok
21:15:42.0531 0792 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
21:15:42.0656 0792 NtLmSsp - ok
21:15:42.0703 0792 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:15:42.0875 0792 NtmsSvc - ok
21:15:42.0906 0792 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:15:43.0046 0792 Null - ok
21:15:43.0093 0792 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:15:43.0265 0792 NwlnkFlt - ok
21:15:43.0265 0792 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:15:43.0437 0792 NwlnkFwd - ok
21:15:43.0484 0792 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
21:15:43.0625 0792 Parport - ok
21:15:43.0671 0792 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:15:43.0796 0792 PartMgr - ok
21:15:43.0859 0792 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:15:44.0031 0792 ParVdm - ok
21:15:44.0046 0792 [ F451DCACBAA67F3307305EBD4A39EA07 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
21:15:44.0093 0792 pccsmcfd - ok
21:15:44.0093 0792 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:15:44.0250 0792 PCI - ok
21:15:44.0250 0792 PCIDump - ok
21:15:44.0265 0792 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:15:44.0406 0792 PCIIde - ok
21:15:44.0421 0792 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:15:44.0562 0792 Pcmcia - ok
21:15:44.0562 0792 PDCOMP - ok
21:15:44.0578 0792 PDFRAME - ok
21:15:44.0578 0792 PDRELI - ok
21:15:44.0578 0792 PDRFRAME - ok
21:15:44.0593 0792 perc2 - ok
21:15:44.0593 0792 perc2hib - ok
21:15:44.0640 0792 [ 957B82EC80AD7EAD64E5E47DF6B0DC40 ] pfc C:\WINDOWS\system32\drivers\pfc.sys
21:15:44.0671 0792 pfc ( UnsignedFile.Multi.Generic ) - warning
21:15:44.0671 0792 pfc - detected UnsignedFile.Multi.Generic (1)
21:15:44.0703 0792 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\WINDOWS\system32\services.exe
21:15:44.0781 0792 PlugPlay - ok
21:15:44.0781 0792 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:15:44.0921 0792 PolicyAgent - ok
21:15:44.0968 0792 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:15:45.0093 0792 PptpMiniport - ok
21:15:45.0109 0792 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:15:45.0234 0792 ProtectedStorage - ok
21:15:45.0250 0792 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:15:45.0375 0792 PSched - ok
21:15:45.0390 0792 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:15:45.0546 0792 Ptilink - ok
21:15:45.0609 0792 [ 7C81AE3C9B82BA2DA437ED4D31BC56CF ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:15:45.0609 0792 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
21:15:45.0609 0792 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
21:15:45.0609 0792 ql1080 - ok
21:15:45.0625 0792 Ql10wnt - ok
21:15:45.0625 0792 ql12160 - ok
21:15:45.0625 0792 ql1240 - ok
21:15:45.0640 0792 ql1280 - ok
21:15:45.0703 0792 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:15:45.0843 0792 RasAcd - ok
21:15:45.0890 0792 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:15:46.0046 0792 RasAuto - ok
21:15:46.0078 0792 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:15:46.0203 0792 Rasl2tp - ok
21:15:46.0250 0792 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:15:46.0406 0792 RasMan - ok
21:15:46.0421 0792 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:15:46.0546 0792 RasPppoe - ok
21:15:46.0578 0792 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:15:46.0750 0792 Raspti - ok
21:15:46.0781 0792 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:15:46.0921 0792 Rdbss - ok
21:15:46.0953 0792 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:15:47.0109 0792 RDPCDD - ok
21:15:47.0125 0792 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:15:47.0265 0792 rdpdr - ok
21:15:47.0312 0792 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:15:47.0437 0792 RDPWD - ok
21:15:47.0453 0792 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:15:47.0640 0792 RDSessMgr - ok
21:15:47.0687 0792 [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
21:15:47.0703 0792 RealNetworks Downloader Resolver Service - ok
21:15:47.0734 0792 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:15:47.0890 0792 redbook - ok
21:15:47.0937 0792 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:15:48.0093 0792 RemoteAccess - ok
21:15:48.0125 0792 [ 8F31505484A190D5B22274708799F4EC ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
21:15:48.0265 0792 RemoteRegistry - ok
21:15:48.0296 0792 [ 999AA77152F16A40A5727FC657EF66C3 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
21:15:48.0343 0792 RichVideo - ok
21:15:48.0375 0792 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\system32\locator.exe
21:15:48.0531 0792 RpcLocator - ok
21:15:48.0562 0792 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\WINDOWS\System32\rpcss.dll
21:15:48.0640 0792 RpcSs - ok
21:15:48.0671 0792 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
21:15:48.0859 0792 RSVP - ok
21:15:48.0890 0792 [ 6E7470477D08F6E47E91016D6A1C5A5F ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
21:15:48.0984 0792 RTLE8023xp - ok
21:15:49.0015 0792 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
21:15:49.0140 0792 SamSs - ok
21:15:49.0187 0792 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:15:49.0312 0792 SCardSvr - ok
21:15:49.0359 0792 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:15:49.0515 0792 Schedule - ok
21:15:49.0562 0792 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:15:49.0687 0792 Secdrv - ok
21:15:49.0734 0792 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
21:15:49.0890 0792 seclogon - ok
21:15:49.0921 0792 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
21:15:50.0078 0792 SENS - ok
21:15:50.0125 0792 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
21:15:50.0281 0792 serenum - ok
21:15:50.0312 0792 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
21:15:50.0468 0792 Serial - ok
21:15:50.0562 0792 [ C3BB6CF8F9EE199005A2AAE2815AD756 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
21:15:50.0625 0792 ServiceLayer - ok
21:15:50.0671 0792 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:15:50.0828 0792 Sfloppy - ok
21:15:50.0875 0792 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:15:51.0062 0792 SharedAccess - ok
21:15:51.0093 0792 [ EE9A2B9EA968A792A053C9D1A86BF870 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:15:51.0109 0792 ShellHWDetection - ok
21:15:51.0125 0792 Simbad - ok
21:15:51.0156 0792 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:15:51.0312 0792 SLIP - ok
21:15:51.0375 0792 [ 07AD42303519A955560B5A19FE20B68F ] SMTPSVC C:\WINDOWS\system32\inetsrv\inetinfo.exe
21:15:51.0531 0792 SMTPSVC - ok
21:15:51.0562 0792 [ 442D891CF7CB138F185FB2A1161C8AF9 ] SNMP C:\WINDOWS\System32\snmp.exe
21:15:51.0703 0792 SNMP - ok
21:15:51.0750 0792 [ 4296E52A9D3CA6DCD1CF57E8BCA45AB7 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
21:15:51.0890 0792 SNMPTRAP - ok
21:15:51.0906 0792 Sparrow - ok
21:15:51.0953 0792 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:15:52.0078 0792 splitter - ok
21:15:52.0125 0792 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:15:52.0203 0792 Spooler - ok
21:15:52.0250 0792 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:15:52.0406 0792 sr - ok
21:15:52.0421 0792 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
21:15:52.0578 0792 srservice - ok
21:15:52.0609 0792 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:15:52.0734 0792 Srv - ok
21:15:52.0781 0792 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:15:52.0953 0792 SSDPSRV - ok
21:15:52.0984 0792 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:15:53.0156 0792 stisvc - ok
21:15:53.0187 0792 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:15:53.0328 0792 streamip - ok
21:15:53.0375 0792 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:15:53.0500 0792 swenum - ok
21:15:53.0515 0792 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:15:53.0671 0792 swmidi - ok
21:15:53.0671 0792 SwPrv - ok
21:15:53.0671 0792 symc810 - ok
21:15:53.0687 0792 symc8xx - ok
21:15:53.0687 0792 sym_hi - ok
21:15:53.0703 0792 sym_u3 - ok
21:15:53.0734 0792 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:15:53.0859 0792 sysaudio - ok
21:15:53.0906 0792 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:15:54.0046 0792 SysmonLog - ok
21:15:54.0093 0792 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:15:54.0281 0792 TapiSrv - ok
21:15:54.0343 0792 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:15:54.0453 0792 Tcpip - ok
21:15:54.0484 0792 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:15:54.0640 0792 TDPIPE - ok
21:15:54.0656 0792 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:15:54.0781 0792 TDTCP - ok
21:15:54.0828 0792 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:15:54.0968 0792 TermDD - ok
21:15:55.0015 0792 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\WINDOWS\System32\termsrv.dll
21:15:55.0171 0792 TermService - ok
21:15:55.0234 0792 [ EE9A2B9EA968A792A053C9D1A86BF870 ] Themes C:\WINDOWS\System32\shsvcs.dll
21:15:55.0265 0792 Themes - ok
21:15:55.0312 0792 [ CD0CC7B167D78043A41C98D4921EFB54 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
21:15:55.0468 0792 TlntSvr - ok
21:15:55.0468 0792 TosIde - ok
21:15:55.0515 0792 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:15:55.0656 0792 TrkWks - ok
21:15:55.0687 0792 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:15:55.0828 0792 Udfs - ok
21:15:55.0843 0792 ultra - ok
21:15:55.0890 0792 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:15:56.0078 0792 Update - ok
21:15:56.0125 0792 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
21:15:56.0281 0792 upnphost - ok
21:15:56.0296 0792 [ 47F5F9D837D80FFD5882A14DB9DA0A67 ] upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
21:15:56.0375 0792 upperdev - ok
21:15:56.0390 0792 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
21:15:56.0515 0792 UPS - ok
21:15:56.0546 0792 [ 1B611611C28D2DF25BC057D79C6F13FC ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:15:56.0625 0792 usbccgp - ok
21:15:56.0656 0792 [ 4BAC8DF07F1D8434FC640E677A62204E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:15:56.0687 0792 usbehci - ok
21:15:56.0734 0792 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:15:56.0890 0792 usbhub - ok
21:15:56.0937 0792 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:15:57.0078 0792 usbprint - ok
21:15:57.0109 0792 [ F8EDE2B6928970DCE3D5614C27D9E7F6 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:15:57.0171 0792 usbscan - ok
21:15:57.0203 0792 [ 84C44D720655A8AA475E57A9E764D675 ] usbser C:\WINDOWS\system32\drivers\usbser.sys
21:15:57.0234 0792 usbser - ok
21:15:57.0281 0792 [ E44F0D17BE0908B58DCC99CCB99C6C32 ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
21:15:57.0375 0792 UsbserFilt - ok
21:15:57.0421 0792 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:15:57.0562 0792 USBSTOR - ok
21:15:57.0593 0792 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:15:57.0750 0792 usbuhci - ok
21:15:57.0796 0792 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:15:57.0937 0792 VgaSave - ok
21:15:57.0937 0792 ViaIde - ok
21:15:58.0000 0792 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:15:58.0125 0792 VolSnap - ok
21:15:58.0171 0792 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
21:15:58.0359 0792 VSS - ok
21:15:58.0406 0792 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\system32\w32time.dll
21:15:58.0562 0792 W32Time - ok
21:15:58.0609 0792 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:15:58.0734 0792 Wanarp - ok
21:15:58.0781 0792 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
21:15:58.0843 0792 Wdf01000 - ok
21:15:58.0859 0792 WDICA - ok
21:15:58.0906 0792 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:15:59.0046 0792 wdmaud - ok
21:15:59.0093 0792 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:15:59.0218 0792 WebClient - ok
21:15:59.0312 0792 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:15:59.0453 0792 winmgmt - ok
21:15:59.0500 0792 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:15:59.0593 0792 WmdmPmSN - ok
21:15:59.0640 0792 [ 0171CFF34BBA8C5977F18C48D8AEF8C6 ] Wmi C:\WINDOWS\System32\advapi32.dll
21:15:59.0781 0792 Wmi - ok
21:15:59.0812 0792 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:15:59.0953 0792 WmiApSrv - ok
21:16:00.0046 0792 [ 3739866D20ABD42F26A7B85F9E2560AF ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
21:16:00.0140 0792 WMPNetworkSvc - ok
21:16:00.0171 0792 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:16:00.0187 0792 WpdUsb - ok
21:16:00.0265 0792 [ 15673BD0B86150CB8E27766059C72A9B ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:16:00.0406 0792 WPFFontCache_v0400 - ok
21:16:00.0437 0792 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:16:00.0609 0792 WS2IFSL - ok
21:16:00.0656 0792 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:16:00.0796 0792 wscsvc - ok
21:16:00.0890 0792 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:16:01.0062 0792 WSTCODEC - ok
21:16:01.0109 0792 [ C1364564800EE9784192145324A23308 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:16:01.0265 0792 wuauserv - ok
21:16:01.0296 0792 [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:16:01.0375 0792 WudfPf - ok
21:16:01.0390 0792 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:16:01.0437 0792 WudfRd - ok
21:16:01.0468 0792 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
21:16:01.0484 0792 WudfSvc - ok
21:16:01.0562 0792 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:16:01.0765 0792 WZCSVC - ok
21:16:01.0812 0792 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:16:01.0968 0792 xmlprov - ok
21:16:01.0984 0792 ================ Scan global ===============================
21:16:02.0015 0792 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
21:16:02.0062 0792 [ 4C0AA4ABC4E21672B55D8A700AF2B2A6 ] C:\WINDOWS\system32\winsrv.dll
21:16:02.0093 0792 [ 4C0AA4ABC4E21672B55D8A700AF2B2A6 ] C:\WINDOWS\system32\winsrv.dll
21:16:02.0125 0792 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\WINDOWS\system32\services.exe
21:16:02.0140 0792 [Global] - ok
21:16:02.0140 0792 ================ Scan MBR ==================================
21:16:02.0187 0792 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
21:16:02.0421 0792 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:16:02.0421 0792 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:16:02.0421 0792 ================ Scan VBR ==================================
21:16:02.0421 0792 [ F40C23506BB2437B8DFB3DE89D1764B2 ] \Device\Harddisk0\DR0\Partition1
21:16:02.0421 0792 \Device\Harddisk0\DR0\Partition1 - ok
21:16:02.0421 0792 ============================================================
21:16:02.0421 0792 Scan finished
21:16:02.0421 0792 ============================================================
21:16:02.0531 2684 Detected object count: 10
21:16:02.0531 2684 Actual detected object count: 10
21:16:51.0234 2684 AVerRemote ( UnsignedFile.Multi.Generic ) - skipped by user
21:16:51.0234 2684 AVerRemote ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:16:51.0234 2684 AVerScheduleService ( UnsignedFile.Multi.Generic ) - skipped by user
21:16:51.0234 2684 AVerScheduleService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:16:51.0234 2684 DfSdkS ( UnsignedFile.Multi.Generic ) - skipped by user
21:16:51.0234 2684 DfSdkS ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:16:51.0250 2684 InCDfs ( UnsignedFile.Multi.Generic ) - skipped by user
21:16:51.0250 2684 InCDfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:16:51.0250 2684 InCDPass ( UnsignedFile.Multi.Generic ) - skipped by user
21:16:51.0250 2684 InCDPass ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:16:51.0250 2684 InCDrec ( UnsignedFile.Multi.Generic ) - skipped by user
21:16:51.0250 2684 InCDrec ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:16:51.0250 2684 incdrm ( UnsignedFile.Multi.Generic ) - skipped by user
21:16:51.0250 2684 incdrm ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:16:51.0250 2684 pfc ( UnsignedFile.Multi.Generic ) - skipped by user
21:16:51.0250 2684 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:16:51.0250 2684 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
21:16:51.0250 2684 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:16:51.0250 2684 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
21:16:51.0250 2684 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
21:17:08.0390 2668 Deinitialize success

[Márty84]

Znovu spustte TDSSKiller a nechte ho skenovat.

U vsech nalezu dejte Skip, jen i tohoto \Device\Harddisk0\DR0 ( TDSS File System ) nechte to, co navrhne program.

Log zase sem.

[RH46]

Provedeno, zde je log -

12:38:29.0375 3984 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:38:31.0484 3984 ============================================================
12:38:31.0484 3984 Current date / time: 2013/11/11 12:38:31.0484
12:38:31.0484 3984 SystemInfo:
12:38:31.0484 3984
12:38:31.0484 3984 OS Version: 5.1.2600 ServicePack: 3.0
12:38:31.0484 3984 Product type: Workstation
12:38:31.0484 3984 ComputerName: RH-9B6AEB81C62A
12:38:31.0484 3984 UserName: RH
12:38:31.0484 3984 Windows directory: C:\WINDOWS
12:38:31.0484 3984 System windows directory: C:\WINDOWS
12:38:31.0484 3984 Processor architecture: Intel x86
12:38:31.0484 3984 Number of processors: 1
12:38:31.0484 3984 Page size: 0x1000
12:38:31.0484 3984 Boot type: Normal boot
12:38:31.0484 3984 ============================================================
12:38:32.0953 3984 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:38:32.0953 3984 ============================================================
12:38:32.0953 3984 \Device\Harddisk0\DR0:
12:38:32.0953 3984 MBR partitions:
12:38:32.0953 3984 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
12:38:32.0953 3984 ============================================================
12:38:33.0000 3984 C: <-> \Device\Harddisk0\DR0\Partition1
12:38:33.0000 3984 ============================================================
12:38:33.0000 3984 Initialize success
12:38:33.0000 3984 ============================================================
12:38:53.0453 2592 ============================================================
12:38:53.0453 2592 Scan started
12:38:53.0453 2592 Mode: Manual; SigCheck; TDLFS;
12:38:53.0453 2592 ============================================================
12:38:53.0734 2592 ================ Scan system memory ========================
12:38:53.0734 2592 System memory - ok
12:38:53.0734 2592 ================ Scan services =============================
12:38:53.0812 2592 Abiosdsk - ok
12:38:53.0828 2592 abp480n5 - ok
12:38:53.0890 2592 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:38:54.0234 2592 ACPI - ok
12:38:54.0250 2592 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
12:38:54.0390 2592 ACPIEC - ok
12:38:54.0484 2592 [ A283108E14F3970432C21AF4C0CB1BCE ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:38:54.0515 2592 AdobeFlashPlayerUpdateSvc - ok
12:38:54.0515 2592 adpu160m - ok
12:38:54.0578 2592 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:38:54.0718 2592 aec - ok
12:38:54.0796 2592 [ 0FF5727AD56842D599C7EDC8172D1014 ] AF9035HB C:\WINDOWS\system32\Drivers\AF9035HB.sys
12:38:54.0875 2592 AF9035HB - ok
12:38:54.0921 2592 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:38:54.0968 2592 AFD - ok
12:38:54.0968 2592 Aha154x - ok
12:38:54.0968 2592 aic78u2 - ok
12:38:54.0984 2592 aic78xx - ok
12:38:55.0031 2592 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:38:55.0156 2592 Alerter - ok
12:38:55.0187 2592 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
12:38:55.0328 2592 ALG - ok
12:38:55.0343 2592 AliIde - ok
12:38:55.0343 2592 amsint - ok
12:38:55.0390 2592 [ 6B8E7A90E576D4FE308F97C69060A171 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
12:38:55.0531 2592 AppMgmt - ok
12:38:55.0546 2592 asc - ok
12:38:55.0546 2592 asc3350p - ok
12:38:55.0562 2592 asc3550 - ok
12:38:55.0734 2592 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:38:55.0750 2592 aspnet_state - ok
12:38:55.0812 2592 [ B9FE438B3CAD82B2014710349A2022F7 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
12:38:55.0828 2592 aswFsBlk - ok
12:38:55.0875 2592 [ AE5549DD21F6DE06406031EF1D51ACC3 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
12:38:55.0890 2592 aswMonFlt - ok
12:38:55.0921 2592 [ D084D0A7A66619FC29776CBBB9D5FA55 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
12:38:55.0937 2592 AswRdr - ok
12:38:55.0953 2592 [ FA72FA503F580C3C628DD8C7D7622E37 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
12:38:55.0968 2592 aswRvrt - ok
12:38:56.0031 2592 [ 4D53349D848C6BADB3D4ACBE98C27676 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
12:38:56.0062 2592 aswSnx - ok
12:38:56.0125 2592 [ 813024DFD54A41B3AFAE2B1E2796CB80 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
12:38:56.0156 2592 aswSP - ok
12:38:56.0187 2592 [ 5E18413310134130D7772F0668698CB7 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
12:38:56.0203 2592 aswTdi - ok
12:38:56.0218 2592 [ A5F637D61719D37A5B4868C385E363C0 ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
12:38:56.0234 2592 aswVmm - ok
12:38:56.0250 2592 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:38:56.0390 2592 AsyncMac - ok
12:38:56.0390 2592 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:38:56.0531 2592 atapi - ok
12:38:56.0546 2592 Atdisk - ok
12:38:56.0546 2592 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:38:56.0671 2592 Atmarpc - ok
12:38:56.0703 2592 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:38:56.0843 2592 AudioSrv - ok
12:38:56.0906 2592 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:38:57.0062 2592 audstub - ok
12:38:57.0203 2592 [ 9330941C8F6DF417F6DBBE998DB6687E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
12:38:57.0218 2592 avast! Antivirus - ok
12:38:57.0281 2592 [ 5D94B330561A5D5DF869593855B2EE7F ] AVerPola C:\WINDOWS\system32\DRIVERS\AVerPola.sys
12:38:57.0343 2592 AVerPola - ok
12:38:57.0375 2592 [ B085322DC9984B31190BD80D2542329F ] AVerRemote C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
12:38:57.0437 2592 AVerRemote ( UnsignedFile.Multi.Generic ) - warning
12:38:57.0437 2592 AVerRemote - detected UnsignedFile.Multi.Generic (1)
12:38:57.0468 2592 [ 3094F37D17C9F91632689FFE9381FC4B ] AVerScheduleService C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
12:38:57.0500 2592 AVerScheduleService ( UnsignedFile.Multi.Generic ) - warning
12:38:57.0500 2592 AVerScheduleService - detected UnsignedFile.Multi.Generic (1)
12:38:57.0515 2592 [ 3E65117BE44E8436DD9CD8282FEB76F0 ] AVPolCIR C:\WINDOWS\system32\DRIVERS\AVPolCIR.sys
12:38:57.0546 2592 AVPolCIR - ok
12:38:57.0609 2592 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:38:57.0765 2592 Beep - ok
12:38:57.0812 2592 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\WINDOWS\system32\qmgr.dll
12:38:57.0968 2592 BITS - ok
12:38:58.0015 2592 [ 89E739BBA5F636297EA5B5F811189E06 ] Browser C:\WINDOWS\System32\browser.dll
12:38:58.0062 2592 Browser - ok
12:38:58.0234 2592 catchme - ok
12:38:58.0281 2592 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:38:58.0406 2592 cbidf2k - ok
12:38:58.0453 2592 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:38:58.0609 2592 CCDECODE - ok
12:38:58.0609 2592 cd20xrnt - ok
12:38:58.0656 2592 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:38:58.0812 2592 Cdaudio - ok
12:38:58.0859 2592 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:38:59.0015 2592 Cdfs - ok
12:38:59.0062 2592 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:38:59.0203 2592 Cdrom - ok
12:38:59.0203 2592 Changer - ok
12:38:59.0234 2592 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:38:59.0359 2592 CiSvc - ok
12:38:59.0390 2592 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:38:59.0531 2592 ClipSrv - ok
12:38:59.0562 2592 [ 7FA87325900183197BC9710D1CE4C9FA ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:38:59.0578 2592 clr_optimization_v2.0.50727_32 - ok
12:38:59.0640 2592 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:38:59.0656 2592 clr_optimization_v4.0.30319_32 - ok
12:38:59.0671 2592 CmdIde - ok
12:38:59.0671 2592 COMSysApp - ok
12:38:59.0687 2592 Cpqarray - ok
12:38:59.0734 2592 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:38:59.0859 2592 CryptSvc - ok
12:38:59.0875 2592 dac2w2k - ok
12:38:59.0875 2592 dac960nt - ok
12:38:59.0937 2592 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:39:00.0031 2592 DcomLaunch - ok
12:39:00.0140 2592 [ 92AE26F2CAF4A67E24A0BA6DDF32CC3C ] DfSdkS C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
12:39:00.0171 2592 DfSdkS ( UnsignedFile.Multi.Generic ) - warning
12:39:00.0171 2592 DfSdkS - detected UnsignedFile.Multi.Generic (1)
12:39:00.0234 2592 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:39:00.0390 2592 Dhcp - ok
12:39:00.0437 2592 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:39:00.0593 2592 Disk - ok
12:39:00.0593 2592 dmadmin - ok
12:39:00.0656 2592 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:39:00.0828 2592 dmboot - ok
12:39:00.0859 2592 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys
12:39:00.0984 2592 dmio - ok
12:39:01.0000 2592 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:39:01.0140 2592 dmload - ok
12:39:01.0187 2592 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:39:01.0312 2592 dmserver - ok
12:39:01.0328 2592 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:39:01.0484 2592 DMusic - ok
12:39:01.0531 2592 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:39:01.0593 2592 Dnscache - ok
12:39:01.0625 2592 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:39:01.0781 2592 Dot3svc - ok
12:39:01.0781 2592 dpti2o - ok
12:39:01.0812 2592 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:39:01.0968 2592 drmkaud - ok
12:39:01.0984 2592 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:39:02.0109 2592 EapHost - ok
12:39:02.0156 2592 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:39:02.0281 2592 ERSvc - ok
12:39:02.0328 2592 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\WINDOWS\system32\services.exe
12:39:02.0390 2592 Eventlog - ok
12:39:02.0437 2592 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\system32\es.dll
12:39:02.0468 2592 EventSystem - ok
12:39:02.0500 2592 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:39:02.0640 2592 Fastfat - ok
12:39:02.0687 2592 [ EE9A2B9EA968A792A053C9D1A86BF870 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:39:02.0734 2592 FastUserSwitchingCompatibility - ok
12:39:02.0765 2592 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
12:39:02.0890 2592 Fdc - ok
12:39:02.0953 2592 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:39:03.0078 2592 Fips - ok
12:39:03.0125 2592 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:39:03.0265 2592 Flpydisk - ok
12:39:03.0328 2592 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
12:39:03.0468 2592 FltMgr - ok
12:39:03.0546 2592 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:39:03.0562 2592 FontCache3.0.0.0 - ok
12:39:03.0578 2592 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:39:03.0734 2592 Fs_Rec - ok
12:39:03.0750 2592 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:39:03.0921 2592 Ftdisk - ok
12:39:03.0968 2592 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:39:04.0109 2592 Gpc - ok
12:39:04.0140 2592 [ 6003BC70F1A8307262BD3C941BDA0B7E ] grmnusb C:\WINDOWS\system32\drivers\grmnusb.sys
12:39:04.0171 2592 grmnusb - ok
12:39:04.0218 2592 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:39:04.0375 2592 HDAudBus - ok
12:39:04.0468 2592 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:39:04.0609 2592 helpsvc - ok
12:39:04.0640 2592 [ 00E25EE90166B3E1BE6E74AEBF858306 ] HidServ C:\WINDOWS\System32\hidserv.dll
12:39:04.0781 2592 HidServ - ok
12:39:04.0812 2592 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:39:04.0937 2592 hkmsvc - ok
12:39:04.0953 2592 hpn - ok
12:39:05.0000 2592 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:39:05.0046 2592 HTTP - ok
12:39:05.0093 2592 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:39:05.0218 2592 HTTPFilter - ok
12:39:05.0234 2592 i2omgmt - ok
12:39:05.0234 2592 i2omp - ok
12:39:05.0281 2592 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:39:05.0421 2592 i8042prt - ok
12:39:05.0609 2592 [ D1359E54D9755D28E56B17A352AB8AAE ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
12:39:05.0796 2592 ialm - ok
12:39:05.0890 2592 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:39:05.0953 2592 idsvc - ok
12:39:05.0953 2592 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:39:06.0093 2592 Imapi - ok
12:39:06.0140 2592 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
12:39:06.0296 2592 ImapiService - ok
12:39:06.0343 2592 [ B87FC7C71632240DAC8F4D20E9CE8377 ] InCDfs C:\WINDOWS\system32\drivers\InCDfs.sys
12:39:06.0375 2592 InCDfs ( UnsignedFile.Multi.Generic ) - warning
12:39:06.0375 2592 InCDfs - detected UnsignedFile.Multi.Generic (1)
12:39:06.0406 2592 [ 2E878405128EC98886EB9C2216AC7BD6 ] InCDPass C:\WINDOWS\system32\DRIVERS\InCDPass.sys
12:39:06.0421 2592 InCDPass ( UnsignedFile.Multi.Generic ) - warning
12:39:06.0421 2592 InCDPass - detected UnsignedFile.Multi.Generic (1)
12:39:06.0453 2592 [ DDF078917A42F105385D7EB6DEBB3433 ] InCDrec C:\WINDOWS\system32\drivers\InCDrec.sys
12:39:06.0484 2592 InCDrec ( UnsignedFile.Multi.Generic ) - warning
12:39:06.0484 2592 InCDrec - detected UnsignedFile.Multi.Generic (1)
12:39:06.0531 2592 [ 7F352360E947AD2CD4BA60DE27B1A299 ] incdrm C:\WINDOWS\system32\drivers\incdrm.sys
12:39:06.0546 2592 incdrm ( UnsignedFile.Multi.Generic ) - warning
12:39:06.0546 2592 incdrm - detected UnsignedFile.Multi.Generic (1)
12:39:06.0546 2592 ini910u - ok
12:39:06.0734 2592 [ 19D3781892A3794672CD1962F3D8D3B8 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:39:06.0921 2592 IntcAzAudAddService - ok
12:39:06.0921 2592 IntelIde - ok
12:39:07.0000 2592 [ 27B290D632AF2CF3CF40BFDDB7370985 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:39:07.0140 2592 intelppm - ok
12:39:07.0203 2592 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
12:39:07.0328 2592 Ip6Fw - ok
12:39:07.0359 2592 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:39:07.0515 2592 IpFilterDriver - ok
12:39:07.0515 2592 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:39:07.0640 2592 IpInIp - ok
12:39:07.0687 2592 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:39:07.0843 2592 IpNat - ok
12:39:07.0890 2592 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:39:08.0015 2592 IPSec - ok
12:39:08.0015 2592 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:39:08.0156 2592 IRENUM - ok
12:39:08.0187 2592 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:39:08.0312 2592 isapnp - ok
12:39:08.0468 2592 [ 5E06A9D23727DAF96FAA796F1135FDCD ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
12:39:08.0484 2592 JavaQuickStarterService - ok
12:39:08.0515 2592 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:39:08.0640 2592 Kbdclass - ok
12:39:08.0687 2592 [ 86C8F23616C6C6E5B2776901C17B945B ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:39:08.0843 2592 kbdhid - ok
12:39:08.0875 2592 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:39:09.0000 2592 kmixer - ok
12:39:09.0015 2592 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:39:09.0046 2592 KSecDD - ok
12:39:09.0093 2592 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
12:39:09.0140 2592 lanmanserver - ok
12:39:09.0187 2592 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:39:09.0203 2592 lanmanworkstation - ok
12:39:09.0218 2592 lbrtfdc - ok
12:39:09.0281 2592 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:39:09.0437 2592 LmHosts - ok
12:39:09.0453 2592 [ 805C6F337968C7271F0421D0A386C8EE ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys
12:39:09.0468 2592 mbamchameleon - ok
12:39:09.0484 2592 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
12:39:09.0500 2592 MBAMProtector - ok
12:39:09.0562 2592 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:39:09.0593 2592 MBAMScheduler - ok
12:39:09.0640 2592 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:39:09.0671 2592 MBAMService - ok
12:39:09.0703 2592 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:39:09.0843 2592 Messenger - ok
12:39:09.0906 2592 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:39:10.0031 2592 mnmdd - ok
12:39:10.0078 2592 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:39:10.0218 2592 mnmsrvc - ok
12:39:10.0250 2592 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:39:10.0390 2592 Modem - ok
12:39:10.0421 2592 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:39:10.0578 2592 Mouclass - ok
12:39:10.0625 2592 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:39:10.0750 2592 MountMgr - ok
12:39:10.0781 2592 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
12:39:10.0921 2592 MPE - ok
12:39:10.0937 2592 mraid35x - ok
12:39:10.0937 2592 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:39:11.0078 2592 MRxDAV - ok
12:39:11.0125 2592 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:39:11.0156 2592 MRxSmb - ok
12:39:11.0187 2592 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:39:11.0328 2592 MSDTC - ok
12:39:11.0343 2592 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:39:11.0468 2592 Msfs - ok
12:39:11.0468 2592 MSIServer - ok
12:39:11.0484 2592 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:39:11.0609 2592 MSKSSRV - ok
12:39:11.0609 2592 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:39:11.0750 2592 MSPCLOCK - ok
12:39:11.0750 2592 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:39:11.0875 2592 MSPQM - ok
12:39:11.0906 2592 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:39:12.0031 2592 mssmbios - ok
12:39:12.0031 2592 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
12:39:12.0171 2592 MSTEE - ok
12:39:12.0203 2592 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:39:12.0218 2592 Mup - ok
12:39:12.0250 2592 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:39:12.0375 2592 NABTSFEC - ok
12:39:12.0406 2592 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
12:39:12.0531 2592 napagent - ok
12:39:12.0578 2592 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:39:12.0734 2592 NDIS - ok
12:39:12.0750 2592 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:39:12.0890 2592 NdisIP - ok
12:39:12.0953 2592 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:39:13.0000 2592 NdisTapi - ok
12:39:13.0046 2592 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:39:13.0171 2592 Ndisuio - ok
12:39:13.0187 2592 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:39:13.0328 2592 NdisWan - ok
12:39:13.0359 2592 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:39:13.0406 2592 NDProxy - ok
12:39:13.0453 2592 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:39:13.0578 2592 NetBIOS - ok
12:39:13.0593 2592 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:39:13.0734 2592 NetBT - ok
12:39:13.0781 2592 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
12:39:13.0906 2592 NetDDE - ok
12:39:13.0921 2592 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:39:14.0046 2592 NetDDEdsdm - ok
12:39:14.0093 2592 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:39:14.0203 2592 Netlogon - ok
12:39:14.0250 2592 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
12:39:14.0406 2592 Netman - ok
12:39:14.0421 2592 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:39:14.0437 2592 NetTcpPortSharing - ok
12:39:14.0484 2592 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\WINDOWS\System32\mswsock.dll
12:39:14.0562 2592 Nla - ok
12:39:14.0593 2592 [ F6C40E0A565EE3CE5AEEB325E10054F2 ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
12:39:14.0671 2592 nmwcd - ok
12:39:14.0703 2592 [ 2A394E9E1FA3565E4B2FEA470FFE4D6B ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys
12:39:14.0781 2592 nmwcdc - ok
12:39:14.0843 2592 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:39:14.0984 2592 Npfs - ok
12:39:15.0031 2592 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:39:15.0203 2592 Ntfs - ok
12:39:15.0234 2592 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:39:15.0359 2592 NtLmSsp - ok
12:39:15.0406 2592 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:39:15.0578 2592 NtmsSvc - ok
12:39:15.0593 2592 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
12:39:15.0718 2592 Null - ok
12:39:15.0765 2592 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:39:15.0906 2592 NwlnkFlt - ok
12:39:15.0921 2592 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:39:16.0078 2592 NwlnkFwd - ok
12:39:16.0125 2592 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
12:39:16.0265 2592 Parport - ok
12:39:16.0296 2592 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:39:16.0421 2592 PartMgr - ok
12:39:16.0484 2592 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:39:16.0640 2592 ParVdm - ok
12:39:16.0656 2592 [ F451DCACBAA67F3307305EBD4A39EA07 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
12:39:16.0687 2592 pccsmcfd - ok
12:39:16.0703 2592 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:39:16.0828 2592 PCI - ok
12:39:16.0828 2592 PCIDump - ok
12:39:16.0859 2592 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:39:17.0000 2592 PCIIde - ok
12:39:17.0015 2592 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
12:39:17.0156 2592 Pcmcia - ok
12:39:17.0171 2592 PDCOMP - ok
12:39:17.0171 2592 PDFRAME - ok
12:39:17.0187 2592 PDRELI - ok
12:39:17.0187 2592 PDRFRAME - ok
12:39:17.0203 2592 perc2 - ok
12:39:17.0203 2592 perc2hib - ok
12:39:17.0265 2592 [ 957B82EC80AD7EAD64E5E47DF6B0DC40 ] pfc C:\WINDOWS\system32\drivers\pfc.sys
12:39:17.0281 2592 pfc ( UnsignedFile.Multi.Generic ) - warning
12:39:17.0281 2592 pfc - detected UnsignedFile.Multi.Generic (1)
12:39:17.0312 2592 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\WINDOWS\system32\services.exe
12:39:17.0375 2592 PlugPlay - ok
12:39:17.0375 2592 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:39:17.0500 2592 PolicyAgent - ok
12:39:17.0578 2592 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:39:17.0687 2592 PptpMiniport - ok
12:39:17.0703 2592 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:39:17.0828 2592 ProtectedStorage - ok
12:39:17.0843 2592 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:39:17.0953 2592 PSched - ok
12:39:17.0968 2592 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:39:18.0125 2592 Ptilink - ok
12:39:18.0187 2592 [ 7C81AE3C9B82BA2DA437ED4D31BC56CF ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:39:18.0187 2592 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
12:39:18.0187 2592 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
12:39:18.0203 2592 ql1080 - ok
12:39:18.0203 2592 Ql10wnt - ok
12:39:18.0218 2592 ql12160 - ok
12:39:18.0218 2592 ql1240 - ok
12:39:18.0218 2592 ql1280 - ok
12:39:18.0296 2592 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:39:18.0437 2592 RasAcd - ok
12:39:18.0468 2592 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:39:18.0609 2592 RasAuto - ok
12:39:18.0640 2592 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:39:18.0765 2592 Rasl2tp - ok
12:39:18.0812 2592 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:39:18.0953 2592 RasMan - ok
12:39:18.0968 2592 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:39:19.0093 2592 RasPppoe - ok
12:39:19.0140 2592 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:39:19.0296 2592 Raspti - ok
12:39:19.0328 2592 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:39:19.0468 2592 Rdbss - ok
12:39:19.0500 2592 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:39:19.0656 2592 RDPCDD - ok
12:39:19.0656 2592 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:39:19.0796 2592 rdpdr - ok
12:39:19.0843 2592 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:39:19.0875 2592 RDPWD - ok
12:39:19.0906 2592 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:39:20.0046 2592 RDSessMgr - ok
12:39:20.0093 2592 [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
12:39:20.0109 2592 RealNetworks Downloader Resolver Service - ok
12:39:20.0156 2592 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:39:20.0265 2592 redbook - ok
12:39:20.0312 2592 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:39:20.0453 2592 RemoteAccess - ok
12:39:20.0484 2592 [ 8F31505484A190D5B22274708799F4EC ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
12:39:20.0609 2592 RemoteRegistry - ok
12:39:20.0656 2592 [ 999AA77152F16A40A5727FC657EF66C3 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
12:39:20.0671 2592 RichVideo - ok
12:39:20.0703 2592 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\system32\locator.exe
12:39:20.0843 2592 RpcLocator - ok
12:39:20.0875 2592 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\WINDOWS\System32\rpcss.dll
12:39:20.0937 2592 RpcSs - ok
12:39:21.0015 2592 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
12:39:21.0218 2592 RSVP - ok
12:39:21.0250 2592 [ 6E7470477D08F6E47E91016D6A1C5A5F ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
12:39:21.0312 2592 RTLE8023xp - ok
12:39:21.0343 2592 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
12:39:21.0453 2592 SamSs - ok
12:39:21.0500 2592 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:39:21.0671 2592 SCardSvr - ok
12:39:21.0703 2592 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:39:21.0843 2592 Schedule - ok
12:39:21.0890 2592 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:39:22.0015 2592 Secdrv - ok
12:39:22.0062 2592 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
12:39:22.0203 2592 seclogon - ok
12:39:22.0234 2592 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
12:39:22.0390 2592 SENS - ok
12:39:22.0453 2592 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
12:39:22.0593 2592 serenum - ok
12:39:22.0609 2592 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
12:39:22.0750 2592 Serial - ok
12:39:22.0859 2592 [ C3BB6CF8F9EE199005A2AAE2815AD756 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
12:39:22.0890 2592 ServiceLayer - ok
12:39:22.0953 2592 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:39:23.0109 2592 Sfloppy - ok
12:39:23.0156 2592 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:39:23.0312 2592 SharedAccess - ok
12:39:23.0343 2592 [ EE9A2B9EA968A792A053C9D1A86BF870 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:39:23.0375 2592 ShellHWDetection - ok
12:39:23.0375 2592 Simbad - ok
12:39:23.0421 2592 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:39:23.0546 2592 SLIP - ok
12:39:23.0640 2592 [ 07AD42303519A955560B5A19FE20B68F ] SMTPSVC C:\WINDOWS\system32\inetsrv\inetinfo.exe
12:39:23.0781 2592 SMTPSVC - ok
12:39:23.0812 2592 [ 442D891CF7CB138F185FB2A1161C8AF9 ] SNMP C:\WINDOWS\System32\snmp.exe
12:39:23.0937 2592 SNMP - ok
12:39:24.0000 2592 [ 4296E52A9D3CA6DCD1CF57E8BCA45AB7 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
12:39:24.0156 2592 SNMPTRAP - ok
12:39:24.0156 2592 Sparrow - ok
12:39:24.0203 2592 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:39:24.0328 2592 splitter - ok
12:39:24.0390 2592 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:39:24.0437 2592 Spooler - ok
12:39:24.0468 2592 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:39:24.0609 2592 sr - ok
12:39:24.0625 2592 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
12:39:24.0781 2592 srservice - ok
12:39:24.0796 2592 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:39:24.0859 2592 Srv - ok
12:39:24.0906 2592 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:39:25.0093 2592 SSDPSRV - ok
12:39:25.0140 2592 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:39:25.0265 2592 stisvc - ok
12:39:25.0296 2592 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:39:25.0437 2592 streamip - ok
12:39:25.0500 2592 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:39:25.0625 2592 swenum - ok
12:39:25.0625 2592 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:39:25.0765 2592 swmidi - ok
12:39:25.0781 2592 SwPrv - ok
12:39:25.0781 2592 symc810 - ok
12:39:25.0796 2592 symc8xx - ok
12:39:25.0796 2592 sym_hi - ok
12:39:25.0812 2592 sym_u3 - ok
12:39:25.0828 2592 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:39:25.0953 2592 sysaudio - ok
12:39:26.0015 2592 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:39:26.0156 2592 SysmonLog - ok
12:39:26.0203 2592 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:39:26.0343 2592 TapiSrv - ok
12:39:26.0390 2592 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:39:26.0453 2592 Tcpip - ok
12:39:26.0468 2592 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:39:26.0593 2592 TDPIPE - ok
12:39:26.0625 2592 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:39:26.0750 2592 TDTCP - ok
12:39:26.0781 2592 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:39:26.0921 2592 TermDD - ok
12:39:26.0984 2592 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\WINDOWS\System32\termsrv.dll
12:39:27.0125 2592 TermService - ok
12:39:27.0156 2592 [ EE9A2B9EA968A792A053C9D1A86BF870 ] Themes C:\WINDOWS\System32\shsvcs.dll
12:39:27.0187 2592 Themes - ok
12:39:27.0234 2592 [ CD0CC7B167D78043A41C98D4921EFB54 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
12:39:27.0375 2592 TlntSvr - ok
12:39:27.0375 2592 TosIde - ok
12:39:27.0421 2592 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:39:27.0546 2592 TrkWks - ok
12:39:27.0593 2592 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:39:27.0718 2592 Udfs - ok
12:39:27.0718 2592 ultra - ok
12:39:27.0750 2592 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:39:27.0890 2592 Update - ok
12:39:27.0937 2592 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
12:39:28.0078 2592 upnphost - ok
12:39:28.0093 2592 [ 47F5F9D837D80FFD5882A14DB9DA0A67 ] upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
12:39:28.0171 2592 upperdev - ok
12:39:28.0187 2592 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
12:39:28.0312 2592 UPS - ok
12:39:28.0343 2592 [ 1B611611C28D2DF25BC057D79C6F13FC ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:39:28.0375 2592 usbccgp - ok
12:39:28.0406 2592 [ 4BAC8DF07F1D8434FC640E677A62204E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:39:28.0421 2592 usbehci - ok
12:39:28.0484 2592 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:39:28.0625 2592 usbhub - ok
12:39:28.0671 2592 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:39:28.0812 2592 usbprint - ok
12:39:28.0859 2592 [ F8EDE2B6928970DCE3D5614C27D9E7F6 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:39:28.0890 2592 usbscan - ok
12:39:28.0921 2592 [ 84C44D720655A8AA475E57A9E764D675 ] usbser C:\WINDOWS\system32\drivers\usbser.sys
12:39:28.0953 2592 usbser - ok
12:39:28.0968 2592 [ E44F0D17BE0908B58DCC99CCB99C6C32 ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
12:39:29.0062 2592 UsbserFilt - ok
12:39:29.0109 2592 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:39:29.0218 2592 USBSTOR - ok
12:39:29.0250 2592 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:39:29.0375 2592 usbuhci - ok
12:39:29.0390 2592 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:39:29.0515 2592 VgaSave - ok
12:39:29.0515 2592 ViaIde - ok
12:39:29.0562 2592 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:39:29.0687 2592 VolSnap - ok
12:39:29.0734 2592 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
12:39:29.0890 2592 VSS - ok
12:39:29.0921 2592 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\system32\w32time.dll
12:39:30.0078 2592 W32Time - ok
12:39:30.0125 2592 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:39:30.0234 2592 Wanarp - ok
12:39:30.0281 2592 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
12:39:30.0312 2592 Wdf01000 - ok
12:39:30.0328 2592 WDICA - ok
12:39:30.0359 2592 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:39:30.0500 2592 wdmaud - ok
12:39:30.0531 2592 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
12:39:30.0656 2592 WebClient - ok
12:39:30.0781 2592 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:39:30.0906 2592 winmgmt - ok
12:39:30.0968 2592 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
12:39:31.0015 2592 WmdmPmSN - ok
12:39:31.0078 2592 [ 0171CFF34BBA8C5977F18C48D8AEF8C6 ] Wmi C:\WINDOWS\System32\advapi32.dll
12:39:31.0171 2592 Wmi - ok
12:39:31.0203 2592 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:39:31.0343 2592 WmiApSrv - ok
12:39:31.0437 2592 [ 3739866D20ABD42F26A7B85F9E2560AF ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
12:39:31.0500 2592 WMPNetworkSvc - ok
12:39:31.0515 2592 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
12:39:31.0546 2592 WpdUsb - ok
12:39:31.0593 2592 [ 15673BD0B86150CB8E27766059C72A9B ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:39:31.0640 2592 WPFFontCache_v0400 - ok
12:39:31.0671 2592 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:39:31.0812 2592 WS2IFSL - ok
12:39:31.0859 2592 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
12:39:32.0000 2592 wscsvc - ok
12:39:32.0031 2592 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:39:32.0156 2592 WSTCODEC - ok
12:39:32.0187 2592 [ C1364564800EE9784192145324A23308 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:39:32.0328 2592 wuauserv - ok
12:39:32.0390 2592 [ EAA6324F51214D2F6718977EC9CE0DEF ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:39:32.0421 2592 WudfPf - ok
12:39:32.0453 2592 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:39:32.0468 2592 WudfRd - ok
12:39:32.0515 2592 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
12:39:32.0562 2592 WudfSvc - ok
12:39:32.0625 2592 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:39:32.0812 2592 WZCSVC - ok
12:39:32.0859 2592 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:39:32.0984 2592 xmlprov - ok
12:39:33.0000 2592 ================ Scan global ===============================
12:39:33.0031 2592 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
12:39:33.0078 2592 [ 4C0AA4ABC4E21672B55D8A700AF2B2A6 ] C:\WINDOWS\system32\winsrv.dll
12:39:33.0093 2592 [ 4C0AA4ABC4E21672B55D8A700AF2B2A6 ] C:\WINDOWS\system32\winsrv.dll
12:39:33.0140 2592 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\WINDOWS\system32\services.exe
12:39:33.0156 2592 [Global] - ok
12:39:33.0156 2592 ================ Scan MBR ==================================
12:39:33.0187 2592 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
12:39:33.0421 2592 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
12:39:33.0421 2592 \Device\Harddisk0\DR0 - detected TDSS File System (1)
12:39:33.0421 2592 ================ Scan VBR ==================================
12:39:33.0421 2592 [ F40C23506BB2437B8DFB3DE89D1764B2 ] \Device\Harddisk0\DR0\Partition1
12:39:33.0421 2592 \Device\Harddisk0\DR0\Partition1 - ok
12:39:33.0421 2592 ============================================================
12:39:33.0421 2592 Scan finished
12:39:33.0421 2592 ============================================================
12:39:33.0531 2292 Detected object count: 10
12:39:33.0531 2292 Actual detected object count: 10
12:40:22.0328 2292 AVerRemote ( UnsignedFile.Multi.Generic ) - skipped by user
12:40:22.0328 2292 AVerRemote ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:40:22.0328 2292 AVerScheduleService ( UnsignedFile.Multi.Generic ) - skipped by user
12:40:22.0328 2292 AVerScheduleService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:40:22.0328 2292 DfSdkS ( UnsignedFile.Multi.Generic ) - skipped by user
12:40:22.0328 2292 DfSdkS ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:40:22.0328 2292 InCDfs ( UnsignedFile.Multi.Generic ) - skipped by user
12:40:22.0328 2292 InCDfs ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:40:22.0328 2292 InCDPass ( UnsignedFile.Multi.Generic ) - skipped by user
12:40:22.0328 2292 InCDPass ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:40:22.0328 2292 InCDrec ( UnsignedFile.Multi.Generic ) - skipped by user
12:40:22.0328 2292 InCDrec ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:40:22.0328 2292 incdrm ( UnsignedFile.Multi.Generic ) - skipped by user
12:40:22.0328 2292 incdrm ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:40:22.0328 2292 pfc ( UnsignedFile.Multi.Generic ) - skipped by user
12:40:22.0328 2292 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:40:22.0328 2292 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
12:40:22.0328 2292 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:40:22.0328 2292 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
12:40:22.0328 2292 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
12:40:30.0687 3120 Deinitialize success

[Márty84]

Zkuste znovu MBAR, hlasi jeste havet? Nebo uz ji odstranil?

[RH46]

V průběhu skenování naskočila modrá obrazovka -
"Byly zjištěny potíže a systém Windows byl ukončen ...
Zahájen výpis fyzické paměti ..."
Poté došlo k restartu a zdá se, že i k obvyklému chodu PC.
Toto je log z mbar (vzhledem k přerušení skenování nevím
nakolik je úplný) -

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_24

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.596000 GHz
Memory total: 1063501824, free: 372609024

Downloaded database version: v2013.11.10.03
Downloaded database version: v2013.10.11.02
=======================================
Initializing...
------------ Kernel report ------------
11/10/2013 18:06:06
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
aswVmm.sys
aswRvrt.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igxpmp32.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rtenicxp.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\pfc.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\incdrm.SYS
\SystemRoot\System32\DRIVERS\InCDPass.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\InCDrec.SYS
\SystemRoot\System32\Drivers\InCDfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\Drivers\AswRdr.SYS
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\igxpgd32.dll
\SystemRoot\System32\igxprd32.dll
\SystemRoot\System32\igxpdv32.DLL
\SystemRoot\System32\igxpdx32.DLL
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\aswMonFlt.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\WudfPf.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86366ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-10\
Lower Device Object: 0xffffffff8636dd98
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86366ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8638e900, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff86366ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff863c99e8, DeviceName: \Device\00000067\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8636dd98, DeviceName: \Device\Ide\IdeDeviceP3T0L0-10\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D854D854

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 312560577
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-312561808-312581808)...
Done!
Infected: C:\WINDOWS\system32\c_31475.nls --> [Backdoor.0Access]
Infected: C:\Documents and Settings\RH.RH-9B6AEB81C62A\Local Settings\Data aplikací\372fea9a\@ --> [Backdoor.0Access]
User declined to cleanup malware.
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_63_i.mbam...
Removing C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_24

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.595000 GHz
Memory total: 1063501824, free: 327888896

Downloaded database version: v2013.11.11.09
Downloaded database version: v2013.10.11.02
=======================================
Initializing...
------------ Kernel report ------------
11/11/2013 19:19:57
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
aswVmm.sys
aswRvrt.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igxpmp32.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rtenicxp.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\pfc.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\incdrm.SYS
\SystemRoot\System32\DRIVERS\InCDPass.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\InCDrec.SYS
\SystemRoot\System32\Drivers\InCDfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\Drivers\AswRdr.SYS
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\igxpgd32.dll
\SystemRoot\System32\igxprd32.dll
\SystemRoot\System32\igxpdv32.DLL
\SystemRoot\System32\igxpdx32.DLL
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\aswMonFlt.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\WudfPf.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86334ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-10\
Lower Device Object: 0xffffffff86336d98
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86334ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8638a900, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff86334ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8633a9e8, DeviceName: \Device\00000068\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff86336d98, DeviceName: \Device\Ide\IdeDeviceP3T0L0-10\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D854D854

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 312560577
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-312561808-312581808)...
Done!
Infected: C:\WINDOWS\system32\c_31475.nls --> [Backdoor.0Access]
Infected: C:\Documents and Settings\RH.RH-9B6AEB81C62A\Local Settings\Data aplikací\372fea9a\@ --> [Backdoor.0Access]

[Márty84]

Doufam, ze mate zalohovana data. System se z toho nemusi vzpamatovat


Pracujte v nouzovem rezimu.
Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

Rootkit::
C:\WINDOWS\system32\c_31475.nls
C:\Documents and Settings\RH.RH-9B6AEB81C62A\Local Settings\Data aplikací\372fea9a\@

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[RH46]

Provedeno log -

ComboFix 13-11-11.01 - RH 11.11.2013 23:58:43.2.1 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.790 [GMT 1:00]
Spuštěný z: c:\documents and settings\RH.RH-9B6AEB81C62A\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\RH.RH-9B6AEB81C62A\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0405.exe
c:\windows\system32\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-11 do 2013-11-11 )))))))))))))))))))))))))))))))
.
.
2013-11-10 16:19 . 2013-11-11 18:21 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Malwarebytes' Anti-Malware (portable)
2013-11-10 16:18 . 2013-11-11 18:18 47064 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-11-10 15:59 . 2013-11-10 15:54 716360 ----a-w- c:\program files\gcUninstall WeatherBlink.dll
2013-11-10 15:59 . 2013-11-10 15:54 190848 ----a-w- c:\program files\gcres.dll
2013-11-10 15:54 . 2013-11-10 15:54 -------- d-----w- c:\documents and settings\RH.RH-9B6AEB81C62A\Local Settings\Data aplikací\IAC
2013-11-09 13:25 . 2013-11-09 15:55 -------- d-----w- C:\AdwCleaner
2013-11-09 11:52 . 2013-11-09 11:52 -------- d-----w- c:\program files\CCleaner
2013-11-07 15:18 . 2013-11-07 15:20 -------- d-----w- C:\imgs
2013-11-07 15:18 . 2013-11-07 15:18 -------- d-----w- C:\css
2013-11-06 23:09 . 2013-11-06 23:09 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Data aplikací\VS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-07 12:44 . 2012-07-18 18:51 205984 ----a-w- c:\documents and settings\All Users.WINDOWS\Data aplikací\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
2013-10-08 19:00 . 2012-03-13 18:49 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-23 18:25 . 2006-03-02 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:25 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-09-23 18:25 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:25 . 2006-03-02 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-08-30 07:48 . 2013-05-10 14:33 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2013-05-10 14:33 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2013-03-15 21:58 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48 . 2013-05-10 14:33 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-08-30 07:48 . 2013-05-10 14:33 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2013-03-15 21:58 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48 . 2013-05-10 14:33 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:48 . 2013-03-15 21:58 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47 . 2013-05-10 14:32 41664 ----a-w- c:\windows\avastSS.scr
2013-08-30 07:47 . 2013-05-10 14:33 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-08-29 07:01 . 2006-03-02 12:00 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-29 00:56 . 2004-08-03 23:08 26240 ----a-w- c:\windows\system32\drivers\usbser.sys
2004-10-01 14:00 . 2010-04-08 12:48 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-04-26 102400]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 188416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-16 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-16 150040]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^AVer HID Receiver.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\AVer HID Receiver.lnk
backup=c:\windows\pss\AVer HID Receiver.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^AVerQuick.lnk]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Corel MEDIA FOLDERS INDEXER 8.LNK]
path=c:\documents and settings\All Users.WINDOWS\Nabídka Start\Programy\Po spuštění\Corel MEDIA FOLDERS INDEXER 8.LNK
backup=c:\windows\pss\Corel MEDIA FOLDERS INDEXER 8.LNKCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-12-19 14:39 41208 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2012-06-26 11:10 1516632 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-12-26 14:47 295072 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
2011-01-17 19:41 8192 ----a-w- c:\program files\Xvid\CheckUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TrkWks"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RasMan"=3 (0x3)
"AVerScheduleService"=2 (0x2)
"AVerRemote"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nokia\\Nokia PC Suite 7\\PCSuite.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Documents and Settings\\RH.RH-9B6AEB81C62A\\Local Settings\\Data aplikací\\Super Internet TV\\Super Internet TV.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [15.3.2013 22:58 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [15.3.2013 22:58 177864]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10.5.2013 15:33 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10.5.2013 15:33 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10.5.2013 15:33 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [15.3.2013 22:58 66336]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10.5.2013 22:40 701512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10.5.2013 22:40 22856]
S3 AF9035HB;AF9035 Hybrid Device;c:\windows\system32\drivers\AF9035HB.SYS [12.1.2012 21:23 863616]
S3 AVerPola;AVerMedia USB Polaris Series Capture Service;c:\windows\system32\drivers\AVerPola.sys [17.12.2012 17:09 478464]
S3 AVPolCIR;AVerMedia USB Polaris Series Custom IR Service;c:\windows\system32\drivers\AVPolCIR.sys [17.12.2012 17:09 38144]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [8.1.2011 18:26 406016]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [10.11.2013 17:18 47064]
S4 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [17.12.2012 17:06 348160]
S4 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [17.12.2012 17:06 403456]
S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [29.11.2012 20:31 38608]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-11-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 19:00]
.
2013-11-11 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-10 07:47]
.
2013-11-11 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-606747145-1580436667-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30]
.
2013-11-11 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-606747145-1580436667-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30]
.
2013-11-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-606747145-1580436667-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30]
.
2013-11-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-606747145-1580436667-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 14:30]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Stáhnout FDM - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video FDM - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané FDM - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše FDM - file://c:\program files\Free Download Manager\dlall.htm
TCP: DhcpNameServer = 213.211.45.3
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-11-12 00:11
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(724)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\corel\Graphics8\programs\CMFFld80.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\savedump.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\System32\snmp.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Celkový čas: 2013-11-12 00:15:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-11-11 23:15
.
Před spuštěním: Volných bajtů: 46 966 026 240
Po spuštění: Volných bajtů: 47 130 656 768
.
- - End Of File - - 82CD9E5DBECD0589B2D647F017C932BF
413FC2A0C716421B3158746D63736515

[Márty84]

V nouzovem rezimu zopakujte MBAR a pokud zas neco najde, zkuste opet odstranit.

[RH46]

Kontrola provedena - Mbar nic nenašel, log -

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_24

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.596000 GHz
Memory total: 1063501824, free: 814968832

Could not load protection driver
Host not found
=======================================
Initializing...
------------ Kernel report ------------
11/12/2013 17:27:10
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\pfc.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\System32\Drivers\incdrm.SYS
\SystemRoot\System32\DRIVERS\InCDPass.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\framebuf.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\Drivers\Fastfat.SYS
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8635eab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-10\
Lower Device Object: 0xffffffff86365940
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8635eab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8635de08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8635eab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff863d09e8, DeviceName: \Device\00000068\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff86365940, DeviceName: \Device\Ide\IdeDeviceP3T0L0-10\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D854D854

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 312560577
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 160041885696 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-312561808-312581808)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_63_i.mbam...
Removing C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

Java version: 1.6.0_24

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.596000 GHz
Memory total: 1063501824, free: 752775168

=======================================

[RH46]

Děkuji moc za pomoc !
Zdraví RH46.

[Márty84]

Nemate zac! Ale jeste neni konec, je treba to overit, ze je to fakt pryc Ten previt je hodne odokny a hodne dobre se maskuje.


Stahnete aswMBR http://public.avast.com/%7Egmerek/aswMBR.exe , ulozte na plochu a spustte jako spravce.
Kliknete na Scan
Pak kliknete na Save log a ulozte ho treba na plochu
Obsah logu mi sem zkopirujte


Pak zopakujte RogueKiller
Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe , ulozte ho na plochu, kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Zprava a objevi se log. Ten mi sem vlozte

[RH46]

Myslím, že aswMBR skenování nedokončil, po chvíli se zasekl a dál
nepokračoval.
Zde je zpráva -

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-11-13 19:14:15
-----------------------------
19:14:15.453 OS Version: Windows 5.1.2600 Service Pack 3
19:14:15.453 Number of processors: 1 586 0x1601
19:14:15.453 ComputerName: RH-9B6AEB81C62A UserName: RH
19:14:16.281 Initialize success
19:14:18.515 AVAST engine defs: 13111302
19:14:29.750 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10
19:14:29.750 Disk 0 Vendor: WDC_WD1600AAJS-00L7A0 01.03E01 Size: 152627MB BusType: 3
19:14:30.062 Disk 0 MBR read successfully
19:14:30.062 Disk 0 MBR scan
19:14:30.187 Disk 0 Windows XP default MBR code
19:14:30.203 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
19:14:30.250 Disk 0 scanning sectors +312560640
19:14:30.562 Disk 0 scanning C:\WINDOWS\system32\drivers
19:15:07.609 Service scanning
19:15:23.328 Modules scanning
19:15:40.859 Disk 0 trace - called modules:
19:15:40.890 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
19:15:40.890 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86334ab8]
19:15:41.406 3 CLASSPNP.SYS[f764bfd7] -> nt!IofCallDriver -> \Device\00000068[0x8633a9e8]
19:15:41.406 5 ACPI.sys[f75c2620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-10[0x86336d98]
19:15:41.796 AVAST engine scan C:\WINDOWS
19:16:10.906 AVAST engine scan C:\WINDOWS\system32
19:24:17.796 AVAST engine scan C:\WINDOWS\system32\drivers
19:25:10.687 AVAST engine scan C:\Documents and Settings\RH.RH-9B6AEB81C62A
19:46:45.296 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\RH.RH-9B6AEB81C62A\Plocha\MBR.dat"
19:46:45.359 The log file has been saved successfully to "C:\Documents and Settings\RH.RH-9B6AEB81C62A\Plocha\aswMBR.txt"


Roguer Killer našel 1 soubor, který jsem smazal.

Zpráva -

RogueKiller V8.7.7 [Nov 11 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : RH [Práva správce]
Mód : Odebrat -- Datum : 11/13/2013 20:01:27
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 1 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD1600AAJS-00L7A0 +++++
--- User ---
[MBR] 0ebd4b947214d42558570eecf4966c9b
[BSP] 50f5ded20cf357aac243474a284a214f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_D_11132013_200127.txt >>
RKreport[0]_S_11132013_195828.txt

[Márty84]

Vypada to dobre, RK uz zera nehlasi.


Dejte novy log z RSIT

[RH46]

log -

Logfile of random's system information tool 1.06 (written by random/random)
Run by RH at 2013-11-14 18:47:03
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 44 GB (29%) free of 153 GB
Total RAM: 1014 MB (43% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-606747145-1580436667-725345543-1003.job
C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-606747145-1580436667-725345543-1003.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-606747145-1580436667-725345543-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-606747145-1580436667-725345543-1003.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 77576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealNetworks Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users.WINDOWS\Data aplikací\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2012-11-29 539888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
Free Download Manager - C:\Program Files\Free Download Manager\iefdm2.dll [2013-03-11 365056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"=C:\WINDOWS\SiSUSBrg.exe [2002-04-26 102400]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe [2002-03-18 188416]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-09-16 150040]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-09-16 178712]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-09-16 150040]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-10-28 17331200]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-08-30 4858968]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-12-19 41208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Real\RealPlayer\update\realsched.exe [2012-12-26 295072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
C:\Program Files\Xvid\CheckUpdate.exe [2011-01-17 8192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^AVer HID Receiver.lnk]
C:\PROGRA~1\COMMON~1\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2010-01-05 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^AVerQuick.lnk]
C:\PROGRA~1\COMMON~1\AVerMedia\AVerQuick\AVerQuick.exe [2011-05-19 675840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Nabídka Start^Programy^Po spuštění^Corel MEDIA FOLDERS INDEXER 8.LNK]
C:\Corel\GRAPHI~1\Programs\MFINDE~1.EXE [1998-01-12 83456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TrkWks"=2
"TermService"=3
"TapiSrv"=3
"RemoteRegistry"=2
"RasMan"=3
"AVerScheduleService"=2
"AVerRemote"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-09-11 217088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveTrack"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe:*:Enabled:Nokia Launch Application"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Documents and Settings\RH.RH-9B6AEB81C62A\Local Settings\Data aplikací\Super Internet TV\Super Internet TV.exe"="C:\Documents and Settings\RH.RH-9B6AEB81C62A\Local Settings\Data aplikací\Super Internet TV\Super Internet TV.exe:*:Enabled:Super Internet TV"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Průvodce přenesením souborů a nastavení"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2013-11-13 14:55:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2868626$
2013-11-13 10:10:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2900986$
2013-11-13 10:10:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2862152$
2013-11-13 10:10:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2876331$
2013-11-13 10:10:23 ----A---- C:\WINDOWS\imsins.BAK
2013-11-12 00:21:47 ----SHD---- C:\RECYCLER
2013-11-12 00:15:13 ----A---- C:\ComboFix.txt
2013-11-12 00:09:27 ----D---- C:\WINDOWS\temp
2013-11-11 23:48:55 ----A---- C:\WINDOWS\ntbtlog.txt
2013-11-10 17:19:25 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Malwarebytes' Anti-Malware (portable)
2013-11-10 16:59:28 ----A---- C:\Program Files\gcUninstall WeatherBlink.dll
2013-11-10 16:59:28 ----A---- C:\Program Files\gcres.dll
2013-11-10 15:43:45 ----A---- C:\WINDOWS\zip.exe
2013-11-10 15:43:45 ----A---- C:\WINDOWS\SWXCACLS.exe
2013-11-10 15:43:45 ----A---- C:\WINDOWS\SWSC.exe
2013-11-10 15:43:45 ----A---- C:\WINDOWS\SWREG.exe
2013-11-10 15:43:45 ----A---- C:\WINDOWS\sed.exe
2013-11-10 15:43:45 ----A---- C:\WINDOWS\PEV.exe
2013-11-10 15:43:45 ----A---- C:\WINDOWS\NIRCMD.exe
2013-11-10 15:43:45 ----A---- C:\WINDOWS\MBR.exe
2013-11-10 15:43:45 ----A---- C:\WINDOWS\grep.exe
2013-11-10 15:43:24 ----D---- C:\Qoobox
2013-11-09 14:25:53 ----D---- C:\AdwCleaner
2013-11-09 12:52:29 ----D---- C:\Program Files\CCleaner
2013-11-07 16:18:47 ----D---- C:\imgs
2013-11-07 16:18:47 ----D---- C:\css
2013-11-07 00:09:16 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\VS

======List of files/folders modified in the last 1 months======

2013-11-14 18:47:05 ----D---- C:\Program Files\trend micro
2013-11-14 17:43:59 ----SD---- C:\WINDOWS\Tasks
2013-11-14 14:57:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-11-13 23:29:15 ----D---- C:\WINDOWS\system32\CatRoot2
2013-11-13 22:48:13 ----D---- C:\Documents and Settings\RH.RH-9B6AEB81C62A\Data aplikací\Ancestry
2013-11-13 21:40:07 ----D---- C:\WINDOWS\Prefetch
2013-11-13 20:02:48 ----D---- C:\WINDOWS\system32
2013-11-13 19:58:25 ----D---- C:\WINDOWS\system32\drivers
2013-11-13 14:57:59 ----D---- C:\WINDOWS
2013-11-13 14:55:53 ----HD---- C:\WINDOWS\inf
2013-11-13 14:55:49 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-11-13 10:10:16 ----D---- C:\Program Files\Internet Explorer
2013-11-13 10:09:59 ----D---- C:\WINDOWS\ie8updates
2013-11-13 10:05:32 ----D---- C:\WINDOWS\system32\MRT
2013-11-13 10:05:30 ----D---- C:\WINDOWS\Debug
2013-11-13 10:05:16 ----A---- C:\WINDOWS\system32\MRT.exe
2013-11-12 00:11:35 ----A---- C:\WINDOWS\system.ini
2013-11-12 00:06:04 ----D---- C:\WINDOWS\AppPatch
2013-11-12 00:06:02 ----D---- C:\Program Files\Common Files
2013-11-11 19:43:08 ----D---- C:\WINDOWS\Minidump
2013-11-10 17:54:08 ----RD---- C:\Program Files
2013-11-10 15:42:59 ----D---- C:\WINDOWS\ERDNT
2013-11-07 14:47:12 ----RSD---- C:\WINDOWS\assembly
2013-11-07 14:47:08 ----D---- C:\WINDOWS\Microsoft.NET
2013-11-07 13:44:23 ----SHD---- C:\WINDOWS\Installer
2013-11-07 13:44:23 ----D---- C:\Config.Msi
2013-11-07 13:39:38 ----D---- C:\Program Files\Common Files\Microsoft Shared
2013-11-07 00:39:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-11-07 00:39:23 ----D---- C:\WINDOWS\WinSxS
2013-11-04 16:40:38 ----D---- C:\WINDOWS\History
2013-10-20 20:22:04 ----D---- C:\Program Files\Zoom Player
2013-10-18 17:50:53 ----D---- C:\Documents and Settings\RH.RH-9B6AEB81C62A\Data aplikací\vlc
2013-10-16 16:46:24 ----A---- C:\WINDOWS\NeroDigital.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\AswRdr.sys [2013-08-30 49760]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2013-08-30 770344]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2013-08-30 369584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2013-08-30 56080]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2005-07-08 28672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2013-08-30 29816]
R2 aswMonFlt;aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-09-11 6047904]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-10-31 4942336]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2011-01-06 10368]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-01-22 120064]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2009-03-18 30336]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-08 99584]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 AF9035HB;AF9035 Hybrid Device; C:\WINDOWS\System32\Drivers\AF9035HB.sys [2012-01-12 863616]
S3 AVerPola;AVerMedia USB Polaris Series Capture Service; C:\WINDOWS\system32\DRIVERS\AVerPola.sys [2010-10-07 478464]
S3 AVPolCIR;AVerMedia USB Polaris Series Custom IR Service; C:\WINDOWS\system32\DRIVERS\AVPolCIR.sys [2010-10-07 38144]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 grmnusb;Garmin USB Driver; C:\WINDOWS\system32\drivers\grmnusb.sys [2009-04-17 9344]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2012-01-09 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2012-01-09 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2012-06-11 19072]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2012-01-09 8192]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2013-08-29 26240]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2012-01-09 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-08-30 46808]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 SNMP;SNMP; C:\WINDOWS\System32\snmp.exe [2008-04-14 32768]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SMTPSVC;Simple Mail Transport Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08 257416]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 DfSdkS;Defragmentation-Service; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-08-24 406016]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 SNMPTRAP;Zachytávání pro službu SNMP; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]
S4 AVerRemote;AVerRemote; C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe [2010-04-27 348160]
S4 AVerScheduleService;AVerScheduleService; C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2011-04-01 403456]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-30 69632]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-02-02 153376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2008-12-31 247152]

-----------------EOF-----------------