VIRY.CZ

Pekny den

Poprosil bych Taaakze, doslo k infikaci pc pres flashku. Projevuje se celkem nekompromisne: nejde regedit, taskmgr, primo nejdou spustit zadne aplikace typu RSIT, HJT, MWAV, dokonce ani cc cleaner a uz vubec ne combofix a to ani po prejmenovani. Ovsem vse lze je spustit primo po stazeni jeste v prohlizeci. Dal nejde nouzovy rezim. Po repairu se jednou do nouzoveho rezimu dostanu, ale pravdepodobne hned dojde k vseho prepsani a jsme tam kde jsme byli. Navic je v nouzovem rezimu nepristupny adresar uzivatele (pc ma jen jednoho uzivatele) a neni mozne rozpakovat zip soubor....ufff. Zakonceno hlaskou Spravce systemu zakazal spravce uloh, runtime error, floating point not loaded, system nemuze nalezt cestu c:/document a settings....a podobnym bullshitem. Prohlizel jsem si forum, opravil zobrazeni registru, zobrazeni taskmgr, provedl urcite vymazy podle logu, a v jednu chvili se zdalo ze bude vse uz v poradku, nicmene asi 10 minut po restartu, tedy ne hned se vse vratilo do puvodniho stavu...Tady je rsit log, a uz vidim ze je uplne jiny nez ten na ktery jsem koukal minule. Dekuju predem za jakoukoliv radu.


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Spravce\Dokumenty\Stažené soubory\RSIT(1).exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Program Files\trend micro\Spravce.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4343 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Spravce\Data aplikací\Mozilla\Firefox\Profiles\0xuygufp.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.235 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon Easy-PhotoPrint EX
"Path"=C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=c:\program files\real\realplayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732]
"Description"=RealJukebox Netscape Plugin
"Path"=c:\program files\real\realplayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732]
"Description"=6.0.12.732
"Path"=c:\program files\real\realplayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@sun.com/npsopluginmi;version=1.0]
"Description"=
"Path"=C:\Program Files\OpenOffice.org 3\program

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Spravce\Data aplikací\Mozilla\Firefox\Profiles\0xuygufp.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-03-26 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-03-31 341600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08 202144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08 1619352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2012-08-08 2508104]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2012-08-08 767312]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2012-08-08 421888]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-03-09 2847160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-20 1379136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe:*:Enabled:ipsec"
"C:\Program Files\QuickTime\qttask.exe"="C:\Program Files\QuickTime\qttask.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\nwiz.exe"="C:\WINDOWS\system32\nwiz.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\netsh.exe"="C:\WINDOWS\system32\netsh.exe:*:Enabled:ipsec"
"C:\Train Simulator\train.exe"="C:\Train Simulator\train.exe:*:Enabled:ipsec"
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe:*:Enabled:ipsec"
"C:\Program Files\Google\Update\GoogleUpdate.exe"="C:\Program Files\Google\Update\GoogleUpdate.exe:*:Enabled:ipsec"
"C:\Program Files\DAEMON Tools Lite\DTLite.exe"="C:\Program Files\DAEMON Tools Lite\DTLite.exe:*:Enabled:ipsec"
"C:\Program Files\Canon\MyPrinter\BJMyPrt.exe"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe:*:Enabled:ipsec"
"C:\Program Files\procexp.exe"="C:\Program Files\procexp.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\taskmgr.exe"="C:\WINDOWS\system32\taskmgr.exe:*:Enabled:ipsec"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:ipsec"
"c:\Documents and Settings\Spravce\Dokumenty\Stažené soubory\ComboFix.exe"="c:\Documents and Settings\Spravce\Dokumenty\Stažené soubory\ComboFix.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\wscntfy.exe"="C:\WINDOWS\system32\wscntfy.exe:*:Enabled:ipsec"
"C:\Program Files\HijackThis\HijackThis.exe"="C:\Program Files\HijackThis\HijackThis.exe:*:Enabled:ipsec"
"C:\ComboFix\CF5221.3XE"="C:\ComboFix\CF5221.3XE:*:Enabled:ipsec"
"C:\Program Files\ComboFix.exe"="C:\Program Files\ComboFix.exe:*:Enabled:ipsec"
"C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE"="C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE:*:Enabled:ipsec"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\System32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"vidc.ffds"=C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

======List of files/folders created in the last 1 month======

2012-08-09 12:51:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-08-09 12:51:16 ----ASH---- C:\hiberfil.sys
2012-08-09 11:44:06 ----A---- C:\WINDOWS\ntbtlog.txt
2012-08-09 01:47:01 ----SHD---- C:\RECYCLER
2012-08-09 01:29:12 ----A---- C:\SAFEBOOT_REPAIR.TXT
2012-08-09 01:25:57 ----A---- C:\RSIT.exe
2012-08-09 01:23:17 ----D---- C:\Program Files\trend micro
2012-08-09 01:23:15 ----D---- C:\rsit
2012-08-09 01:21:17 ----RA---- C:\Program Files\iotitg.com.exe
2012-08-09 01:16:45 ----A---- C:\ComboFix.txt
2012-08-09 01:15:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-08-09 01:10:31 ----SD---- C:\WINDOWS\Tasks
2012-08-09 00:27:52 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2012-08-09 00:27:51 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2012-08-09 00:27:50 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2012-08-09 00:27:48 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2012-08-09 00:27:46 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2012-08-09 00:27:46 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2012-08-09 00:27:46 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2012-08-09 00:27:19 ----A---- C:\WINDOWS\system32\avastSS.scr
2012-08-09 00:27:19 ----A---- C:\WINDOWS\system32\aswBoot.exe
2012-08-08 21:48:01 ----A---- C:\Program Files\mwav.exe
2012-08-08 21:47:13 ----A---- C:\Program Files\kkkk.vbs
2012-08-08 20:13:15 ----D---- C:\Program Files\KZ
2012-08-08 17:20:58 ----A---- C:\WINDOWS\system32\msvcr80.dll
2012-08-08 17:20:56 ----A---- C:\WINDOWS\system32\msvcp80.dll
2012-08-08 17:20:54 ----A---- C:\WINDOWS\system32\msvcp90.dll
2012-08-08 17:20:53 ----A---- C:\WINDOWS\system32\msvcr90.dll
2012-08-08 17:20:42 ----A---- C:\WINDOWS\R.COM
2012-08-08 17:20:40 ----D---- C:\Program Files\Common Files\MicroWorld
2012-08-08 17:20:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
2012-08-08 16:22:51 ----D---- C:\Program Files\UPM
2012-08-08 12:01:35 ----A---- C:\Program Files\SafeBootKeyRepair.exe
2012-08-07 14:01:45 ----D---- C:\ubuntu
2012-08-01 01:51:12 ----D---- C:\zzz
2012-08-01 01:48:51 ----D---- C:\Program Files\IsoBuster
2012-08-01 01:00:41 ----D---- C:\Program Files\HijackThis
2012-08-01 01:00:13 ----A---- C:\Boot.bak
2012-08-01 01:00:05 ----RASHD---- C:\cmdcons
2012-08-01 00:56:10 ----A---- C:\WINDOWS\zip.exe
2012-08-01 00:56:10 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-08-01 00:56:10 ----A---- C:\WINDOWS\SWSC.exe
2012-08-01 00:56:10 ----A---- C:\WINDOWS\SWREG.exe
2012-08-01 00:56:10 ----A---- C:\WINDOWS\sed.exe
2012-08-01 00:56:10 ----A---- C:\WINDOWS\PEV.exe
2012-08-01 00:56:10 ----A---- C:\WINDOWS\NIRCMD.exe
2012-08-01 00:56:10 ----A---- C:\WINDOWS\MBR.exe
2012-08-01 00:56:10 ----A---- C:\WINDOWS\grep.exe
2012-08-01 00:54:34 ----D---- C:\WINDOWS\ERDNT
2012-08-01 00:54:24 ----D---- C:\Qoobox
2012-07-29 13:10:53 ----D---- C:\zaloha_msts
2012-07-23 23:12:04 ----A---- C:\WINDOWS\d3dx.dat
2012-07-23 18:41:13 ----D---- C:\Documents and Settings\Spravce\Data aplikací\codeblocks
2012-07-23 18:40:04 ----D---- C:\Program Files\CodeBlocks
2012-07-11 12:32:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2691442$
2012-07-11 12:32:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2718523$
2012-07-11 12:31:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2655992$
2012-07-11 12:31:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2719985$
2012-07-11 12:24:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2698365$

======List of files/folders modified in the last 1 month======

2012-08-09 12:52:44 ----D---- C:\WINDOWS\SoftwareDistribution
2012-08-09 12:52:02 ----D---- C:\WINDOWS\Temp
2012-08-09 12:52:00 ----D---- C:\WINDOWS\system32\drivers
2012-08-09 12:51:45 ----D---- C:\WINDOWS
2012-08-09 11:48:27 ----D---- C:\WINDOWS\system32
2012-08-09 11:45:40 ----D---- C:\WINDOWS\system32\CatRoot2
2012-08-09 11:42:02 ----RD---- C:\Program Files
2012-08-09 01:36:28 ----A---- C:\WINDOWS\wincmd.ini
2012-08-09 01:10:33 ----A---- C:\WINDOWS\system.ini
2012-08-09 01:10:05 ----D---- C:\WINDOWS\system32\drivers\etc
2012-08-09 01:08:24 ----D---- C:\WINDOWS\system32\config
2012-08-09 01:01:48 ----D---- C:\WINDOWS\AppPatch
2012-08-09 01:01:42 ----D---- C:\Program Files\Common Files
2012-08-09 00:27:37 ----SHD---- C:\WINDOWS\Installer
2012-08-09 00:27:37 ----D---- C:\Config.Msi
2012-08-09 00:27:34 ----D---- C:\WINDOWS\WinSxS
2012-08-09 00:27:09 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2012-08-09 00:26:07 ----D---- C:\TEMP
2012-08-08 23:52:18 ----D---- C:\Program Files\CCleaner
2012-08-08 23:25:00 ----D---- C:\Program Files\Mozilla Firefox
2012-08-08 20:10:07 ----A---- C:\WINDOWS\win.ini
2012-08-08 19:15:21 ----SHD---- C:\System Volume Information
2012-08-08 19:15:21 ----D---- C:\WINDOWS\system32\Restore
2012-08-08 19:15:04 ----D---- C:\WINDOWS\Prefetch
2012-08-08 18:11:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-08-08 18:08:35 ----A---- C:\Program Files\Uninstall_CDS.exe
2012-08-08 18:04:51 ----A---- C:\Program Files\procexp.exe
2012-08-08 17:24:38 ----A---- C:\WINDOWS\system32\nwiz.exe
2012-08-08 15:42:38 ----D---- C:\Documents and Settings
2012-08-08 12:04:41 ----D---- C:\WINDOWS\repair
2012-08-07 14:08:53 ----RASH---- C:\boot.ini
2012-08-07 13:52:14 ----D---- C:\WINDOWS\system32\wbem
2012-08-07 13:52:13 ----D---- C:\WINDOWS\Registration
2012-08-07 13:27:38 ----D---- C:\WINDOWS\system32\NtmsData
2012-08-06 12:05:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
2012-08-03 01:52:03 ----D---- C:\Train Simulator
2012-08-01 01:48:29 ----D---- C:\Program Files\Internet Explorer
2012-07-29 13:29:32 ----D---- C:\WINDOWS\Minidump
2012-07-23 13:46:18 ----D---- C:\totalcmd
2012-07-11 12:57:53 ----D---- C:\WINDOWS\Debug
2012-07-11 12:32:30 ----HD---- C:\WINDOWS\inf
2012-07-11 12:32:05 ----HD---- C:\WINDOWS\$hf_mig$
2012-07-11 12:26:12 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-03-09 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-03-09 162640]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-03-09 46672]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2011-02-20 218688]
R1 P3;Ovladač procesoru Intel PentiumIII; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-14 46592]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-03-09 19024]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-03-09 100432]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R3 asc3360pr;asc3360pr; \??\C:\WINDOWS\system32\drivers\lsnplq.sys []
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-10-24 117760]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 LVHybrid;LVHybrid service; C:\WINDOWS\system32\DRIVERS\LVHybrid.sys [2005-10-21 660736]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-03-09 23376]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys [2001-10-24 907456]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2009-09-08 189832]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 391752]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 SimpTcp;Jednoduché služby TCP/IP; C:\WINDOWS\System32\tcpsvcs.exe [2001-10-25 19456]
R2 SNMP;SNMP; C:\WINDOWS\System32\snmp.exe [2008-04-14 32768]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 fsssvc;Služba Windows Live Zabezpečení rodiny; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2012-08-08 704864]
S3 idsvc;Služba Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LPDSVC;Tiskový server TCP/IP; C:\WINDOWS\System32\tcpsvcs.exe [2001-10-25 19456]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2012-08-08 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2012-08-08 271920]
S3 SNMPTRAP;Zachytávání pro službu SNMP; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2012-08-08 913920]
S4 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

ok dekuju, jdu na to. Ten bordel je kvuli tomu ruznemu zkouseni jak ty utility spustit. Jinak combofix mi vzdy spolehlive problemy vyresil a nejen moje, nicmene ted nezabral, aspon zatim. Ozvu se.

dekuju za vysvetleni, pochopeno, jen netusim, jak moc velka je provazanost combofixu s timto forem a kde zacina svevolnost pouziti combofixu, jinak sem si toho naprosto vedom. Rad se dozvim vice. Vse je reseno s ohledem na vas i muj cas, coz ne vsem vyhovuje ve stejne podobe, proto se tady casto neptam, zvlaste kdyz lide resi prakticky stejne problemy a pri trosce snahy se na ten i onen zpusob da prijit. Tento pripad je ovsem vyjimkou.

Cf: pokud je spusten ze slozky program files jako svchost .exe, je zhruba v polovine rozbalovani sestrelen
jediny zpusob jak ho spustit je primo ze slozky download.

log z cf, cd s otlpe pripraveno


ComboFix 12-08-08.03 - Spravce 09.08.2012 15:43:55.7.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.319.40 [GMT 2:00]
Spuštěný z: c:\documents and settings\Spravce\Dokumenty\Stažené soubory\ComboFix.exe
AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-09 do 2012-08-09 )))))))))))))))))))))))))))))))
.
.
2012-08-09 12:43 . 2012-08-09 12:44 4727758 ------r- c:\program files\ComboFix.exe
2012-08-09 10:54 . 2012-08-09 10:54 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-08-09 10:53 . 2012-06-02 13:18 214256 ----a-w- c:\windows\system32\muweb.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-08 16:08 . 2008-06-17 17:27 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2012-08-08 16:04 . 2012-05-30 23:09 4177272 ----a-w- c:\program files\procexp.exe
2012-08-08 15:27 . 2012-08-08 15:26 22 ----a-w- c:\windows\REGBK00.ZIP
2012-08-08 15:24 . 2006-10-22 10:22 1622016 ----a-w- c:\windows\system32\nwiz.exe
2012-06-13 13:55 . 2001-10-25 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:49 . 2008-05-20 18:52 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2001-10-25 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2001-10-25 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2007-07-30 17:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2007-07-30 17:18 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2008-05-20 18:04 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2008-05-20 18:04 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2008-05-20 18:04 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2008-05-20 18:04 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2008-05-19 22:01 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2007-07-30 17:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2007-07-30 17:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2007-07-30 17:18 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2001-10-25 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2008-05-20 18:04 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2008-05-19 22:01 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2008-05-26 18:23 17648 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2008-05-26 18:23 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-01 17:51 . 2012-06-01 17:51 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-01 17:51 . 2012-06-01 17:51 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-31 13:22 . 2001-10-25 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-05-30 23:19 . 2012-05-30 23:20 1058784 ----a-w- c:\program files\GPU-Z.0.6.2.exe
2012-05-16 15:09 . 2001-10-25 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:44 . 2001-10-25 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:44 . 2001-10-25 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-31 22:24 . 2012-06-21 12:30 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . EB52091981B2CF6BFE2F115117B22F48 . 225792 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[7] 2008-04-14 . FDEB1D02CAE38665CBF114F44E6B997E . 147968 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\regedit.exe
[7] 2008-04-14 . FDEB1D02CAE38665CBF114F44E6B997E . 147968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[7] 2004-08-17 . CB5A91928D94224E7E30EE277B45E8A3 . 147968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[7] 2010-02-23 . C8DDA4028065D5CE39CBE7A156B72AB9 . 634648 . . [7.00.6000.21228] . . c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\iexplore.exe
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\ERDNT\cache\iexplore.exe
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2008-04-22 . 197B7E4030CFBD8D2979D375E1787AA2 . 625664 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe
[7] 2008-04-22 . 232B22817B90AE0AFF2D189E3E3735AC . 625664 . . [7.00.6000.16674] . . c:\windows\ie8\iexplore.exe
[7] 2008-04-14 . 414AFE6E8CCDE984E16D5ED08624CEC6 . 93184 . . [6.00.2900.5512] . . c:\windows\ie7\iexplore.exe
[7] 2008-04-14 . 414AFE6E8CCDE984E16D5ED08624CEC6 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[7] 2008-02-29 . 2D0E5592AB5A46C27DAF7CCAFF4F5B59 . 625664 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\iexplore.exe
[7] 2008-02-29 . 2D0E5592AB5A46C27DAF7CCAFF4F5B59 . 625664 . . [7.00.6000.16640] . . c:\windows\SoftwareDistribution\Download\93b9ce85582d0997b0cc34d9342f4307\SP2GDR\iexplore.exe
[7] 2008-02-22 . 6E0888626E0CAC79F57149814E22DB4D . 625664 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe
[7] 2008-02-22 . 6E0888626E0CAC79F57149814E22DB4D . 625664 . . [7.00.6000.20772] . . c:\windows\SoftwareDistribution\Download\93b9ce85582d0997b0cc34d9342f4307\SP2QFE\iexplore.exe
[7] 2007-08-13 . DE49B348A18369B4626FBA1D49B07FB4 . 622080 . . [7.00.5730.13] . . c:\windows\ie7updates\KB947864-IE7\iexplore.exe
[7] 2004-08-17 . 63E527C26AC3059EAD766C6C11746D07 . 93184 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\iexplore.exe
.
[7] 2012-07-31 22:24 . 3F677172F23FC17283D9BCE4B42E3F65 . 913888 . . [14.0.1] . . c:\windows\ERDNT\cache\firefox.exe
.
((((((((((((((((((((((((((((( SnapShot@2012-07-31_23.26.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-09 13:15 . 2012-08-09 13:15 16384 c:\windows\Temp\Perflib_Perfdata_7e8.dat
- 2001-10-25 12:00 . 2012-07-31 22:58 73336 c:\windows\system32\perfc009.dat
+ 2001-10-25 12:00 . 2012-08-09 13:20 73336 c:\windows\system32\perfc009.dat
- 2001-10-25 12:00 . 2012-07-31 22:58 85192 c:\windows\system32\perfc005.dat
+ 2001-10-25 12:00 . 2012-08-09 13:20 85192 c:\windows\system32\perfc005.dat
+ 2012-08-08 22:27 . 2010-03-09 10:12 46672 c:\windows\system32\drivers\aswTdi.sys
+ 2012-08-08 22:27 . 2010-03-09 10:09 23376 c:\windows\system32\drivers\aswRdr.sys
+ 2012-08-08 22:27 . 2010-03-09 10:08 94800 c:\windows\system32\drivers\aswmon.sys
+ 2012-08-08 22:27 . 2010-03-09 10:08 19024 c:\windows\system32\drivers\aswFsBlk.sys
+ 2012-08-08 22:27 . 2010-03-09 10:08 28880 c:\windows\system32\drivers\aavmker4.sys
+ 2012-08-08 22:27 . 2010-03-09 10:24 38848 c:\windows\system32\avastSS.scr
+ 2001-10-25 12:00 . 2008-04-14 03:22 412672 c:\windows\system32\zipfldr.dll
+ 2012-04-05 21:13 . 2012-04-05 21:13 368712 c:\windows\system32\XPSViewer\XPSViewer.exe
+ 2001-10-25 12:00 . 2008-05-08 11:24 225280 c:\windows\system32\wscript.exe
+ 2007-08-13 16:45 . 2009-03-08 02:34 278016 c:\windows\system32\WinFXDocObj.exe
+ 2001-10-25 12:00 . 2008-04-14 03:22 215040 c:\windows\system32\taskmgr.exe
- 2001-10-25 12:00 . 2012-07-31 22:58 446130 c:\windows\system32\perfh009.dat
+ 2001-10-25 12:00 . 2012-08-09 13:20 446130 c:\windows\system32\perfh009.dat
+ 2001-10-25 12:00 . 2012-08-09 13:20 442910 c:\windows\system32\perfh005.dat
- 2001-10-25 12:00 . 2012-07-31 22:58 442910 c:\windows\system32\perfh005.dat
+ 2012-08-08 15:20 . 2012-08-08 15:20 655872 c:\windows\system32\msvcr90.dll
+ 2012-08-08 15:20 . 2012-08-08 15:20 632064 c:\windows\system32\msvcr80.dll
+ 2012-08-08 15:20 . 2012-08-08 15:20 572928 c:\windows\system32\msvcp90.dll
+ 2012-08-08 15:20 . 2012-08-08 15:20 554240 c:\windows\system32\msvcp80.dll
- 2012-06-01 17:51 . 2012-06-01 17:51 351904 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe
+ 2012-06-01 17:51 . 2012-08-08 19:07 351904 c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe
+ 2012-08-08 22:27 . 2010-03-09 10:12 162640 c:\windows\system32\drivers\aswSP.sys
+ 2012-08-08 22:27 . 2010-03-09 10:08 100432 c:\windows\system32\drivers\aswmon2.sys
+ 2012-08-08 22:27 . 2010-03-09 10:24 153184 c:\windows\system32\aswBoot.exe
+ 2012-08-08 15:20 . 2008-04-14 03:22 147968 c:\windows\R.COM
+ 2012-08-07 11:44 . 2012-08-07 11:52 1286808 c:\windows\system32\Restore\rstrlog.dat
+ 2001-10-25 12:00 . 2008-04-14 03:22 1492992 c:\windows\system32\mmc.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1379136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2012-08-08 2508104]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2012-08-08 767312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2012-08-08 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-08-08 421888]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2847160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Canon\\SolutionMenu\\CNSLMAIN.exe"=
"c:\\Program Files\\QuickTime\\qttask.exe"=
"c:\\WINDOWS\\system32\\nwiz.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\Train Simulator\\train.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Program Files\\DAEMON Tools Lite\\DTLite.exe"=
"c:\\Program Files\\Canon\\MyPrinter\\BJMyPrt.exe"=
"c:\\Program Files\\procexp.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Spravce\\Dokumenty\\Stažené soubory\\ComboFix.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\Program Files\\HijackThis\\HijackThis.exe"=
"c:\\Program Files\\ComboFix.exe"=
"c:\\Program Files\\Canon\\IJPLM\\IJPLMSVC.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9.8.2012 0:27 162640]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [20.2.2011 17:19 218688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9.8.2012 0:27 19024]
R3 LVHybrid;LVHybrid service;c:\windows\system32\drivers\LVHybrid.sys [1.6.2008 20:04 660736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = about:blank
mSearch Bar = hxxp://www.google.com/ie
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Spravce\Data aplikací\Mozilla\Firefox\Profiles\0xuygufp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-09 15:57
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(5156)
c:\windows\system32\nview.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2012-08-09 16:01:06
ComboFix-quarantined-files.txt 2012-08-09 14:01
ComboFix2.txt 2012-08-08 23:16
ComboFix3.txt 2012-08-08 10:45
ComboFix4.txt 2012-08-07 15:42
ComboFix5.txt 2012-08-09 12:11
.
Před spuštěním: Volných bajtů: 59 693 236 224
Po spuštění: Volných bajtů: 59 785 138 176
.
- - End Of File - - 77422057E0D3C2757BB1B8247D2A5BDB

prostredi OTLpe se bohuzel nedari zavest, pri bootovani z cd se nedeje vubec nic....cerno

ano to jsem zkousel, na jinem pc je to v pohode. Vypaloval sem to teda jinak, v linuxu, protoze nemam po ruce pc s funkcni vypalovackou, nicmene jak rikam zkusil sem to na starem ntb s 256 ram a v pohode to nabehlo....

dalsi vec - zkousim uploadnout ten archiv qoobox z nakazeneho stroje, a nepusti me k tomu, v momente vybrani souboru zatuhne prohlizec. Jinak vse pri starem. vse co neslo nejde dal vcetne nouzoveho rezimu, atd

Ten nakazeny stroj to cd proste nebere. Zkousel sem jina bootovaci cd (win xp, ubuntu live) a ty to vzalo bez problemu. Tak neviem...

takze pres to ubuntu se mi to podarilo uploadnout

http://leteckaposta.cz/633681858

posledni dobou byval celkem klid, koukam ze to obdobi skoncilo. Rano jdu na trhani zubu, potom se ozvu, jestli me to nezlomi...kazdopadne dekuju zatim za ochotu a preju pekny vecer

zdravim sveho radce jsem po extrakci....tak dokud jsem pri vedomi a pokud budes mit chut, muzeme pokracovat.

ten orezany OTL se rovnez nenabootoval

V prohlizeci na infikovane masine kasperskyho support nelze nalezt. Dokonce i kvuli odkazu ve foru se tvuj posledni prispevek nenacte a prohlizec se kousne. Nicmene stahnuto, proskenovano, log je zde

13:01:00.0712 0440 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

13:01:01.0453 0440 ============================================================

13:01:01.0453 0440 Current date / time: 2012/08/10 13:01:01.0453

13:01:01.0453 0440 SystemInfo:

13:01:01.0473 0440

13:01:01.0473 0440 OS Version: 5.1.2600 ServicePack: 3.0

13:01:01.0473 0440 Product type: Workstation

13:01:01.0473 0440 ComputerName: DELL863

13:01:01.0473 0440 UserName: Spravce

13:01:01.0473 0440 Windows directory: C:\WINDOWS

13:01:01.0473 0440 System windows directory: C:\WINDOWS

13:01:01.0473 0440 Processor architecture: Intel x86

13:01:01.0473 0440 Number of processors: 1

13:01:01.0473 0440 Page size: 0x1000

13:01:01.0473 0440 Boot type: Normal boot

13:01:01.0473 0440 ============================================================

13:01:07.0511 0440 Drive \Device\Harddisk0\DR0 - Size: 0x262AE80000 (152.67 Gb), SectorSize: 0x200, Cylinders: 0x4DD9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

13:01:07.0552 0440 ============================================================

13:01:07.0552 0440 \Device\Harddisk0\DR0:

13:01:07.0552 0440 MBR partitions:

13:01:07.0552 0440 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFFAC05

13:01:07.0552 0440 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFFFAC44, BlocksNum 0x3159255

13:01:07.0552 0440 ============================================================

13:01:07.0662 0440 C: <-> \Device\Harddisk0\DR0\Partition0

13:01:08.0353 0440 D: <-> \Device\Harddisk0\DR0\Partition1

13:01:08.0493 0440 ============================================================

13:01:08.0503 0440 Initialize success

13:01:08.0503 0440 ============================================================

13:01:40.0479 3076 ============================================================

13:01:40.0479 3076 Scan started

13:01:40.0479 3076 Mode: Manual; SigCheck; TDLFS;

13:01:40.0479 3076 ============================================================

13:01:41.0040 3076 Aavmker4 (d5d75edd02157fcd3eb576d4681e8c3e) C:\WINDOWS\system32\drivers\Aavmker4.sys

13:01:41.0621 3076 Aavmker4 - ok

13:01:41.0651 3076 Abiosdsk - ok

13:01:41.0691 3076 abp480n5 - ok

13:01:41.0751 3076 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys

13:01:43.0243 3076 ac97intc - ok

13:01:43.0403 3076 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys

13:01:44.0064 3076 ACPI - ok

13:01:44.0164 3076 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys

13:01:44.0695 3076 ACPIEC - ok

13:01:44.0715 3076 adpu160m - ok

13:01:44.0785 3076 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

13:01:45.0326 3076 aec - ok

13:01:45.0496 3076 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

13:01:45.0676 3076 AFD - ok

13:01:45.0777 3076 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

13:01:46.0267 3076 agp440 - ok

13:01:46.0297 3076 Aha154x - ok

13:01:46.0337 3076 aic78u2 - ok

13:01:46.0377 3076 aic78xx - ok

13:01:46.0498 3076 Alerter (e0a6fa244b8624d78fe5ff6f56a33bae) C:\WINDOWS\system32\alrsvc.dll

13:01:46.0888 3076 Alerter - ok

13:01:46.0938 3076 AliIde - ok

13:01:46.0978 3076 amsint - ok

13:01:47.0038 3076 asc - ok

13:01:47.0068 3076 asc3350p - ok

13:01:47.0098 3076 asc3360pr - ok

13:01:47.0138 3076 asc3550 - ok

13:01:47.0549 3076 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

13:01:47.0709 3076 aspnet_state - ok

13:01:47.0809 3076 aswFsBlk (fb6a381c32a87ee6588eed61d22dc03b) C:\WINDOWS\system32\drivers\aswFsBlk.sys

13:01:47.0839 3076 aswFsBlk - ok

13:01:47.0920 3076 aswMon2 (1a10cbecfdd0a597b27e2d0998d95cf9) C:\WINDOWS\system32\drivers\aswMon2.sys

13:01:47.0960 3076 aswMon2 - ok

13:01:48.0020 3076 aswRdr (7827f70b86b29fbf112cbce547205acc) C:\WINDOWS\system32\drivers\aswRdr.sys

13:01:48.0120 3076 aswRdr - ok

13:01:48.0250 3076 aswSP (39bf48164a958f4bf0c0ec6cdc447db5) C:\WINDOWS\system32\drivers\aswSP.sys

13:01:48.0290 3076 aswSP - ok

13:01:48.0340 3076 aswTdi (755e4afb683e3306886a0f4df02a1575) C:\WINDOWS\system32\drivers\aswTdi.sys

13:01:48.0370 3076 aswTdi - ok

13:01:48.0460 3076 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

13:01:48.0941 3076 AsyncMac - ok

13:01:49.0011 3076 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

13:01:49.0472 3076 atapi - ok

13:01:49.0522 3076 Atdisk - ok

13:01:49.0642 3076 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

13:01:50.0043 3076 Atmarpc - ok

13:01:50.0103 3076 AudioSrv (de31b88962a8645dba5a37b993e7b0f1) C:\WINDOWS\System32\audiosrv.dll

13:01:50.0583 3076 AudioSrv - ok

13:01:50.0674 3076 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

13:01:51.0114 3076 audstub - ok

13:01:51.0214 3076 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

13:01:51.0775 3076 Beep - ok

13:01:51.0855 3076 BITS (19395d092fd85ddc2d9c7729cf5a2ac8) C:\WINDOWS\system32\qmgr.dll

13:01:52.0326 3076 BITS - ok

13:01:52.0386 3076 Browser (249276d3ef1e74b992299cb96099e4d7) C:\WINDOWS\System32\browser.dll

13:01:52.0857 3076 Browser - ok

13:01:52.0927 3076 catchme - ok

13:01:52.0977 3076 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

13:01:53.0407 3076 cbidf2k - ok

13:01:53.0468 3076 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

13:01:53.0888 3076 CCDECODE - ok

13:01:53.0928 3076 cd20xrnt - ok

13:01:53.0978 3076 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

13:01:54.0419 3076 Cdaudio - ok

13:01:54.0479 3076 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

13:01:54.0900 3076 Cdfs - ok

13:01:54.0950 3076 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

13:01:55.0370 3076 Cdrom - ok

13:01:55.0410 3076 Changer - ok

13:01:55.0480 3076 cisvc (e390dc1d7c461d7d56ec53402f329928) C:\WINDOWS\system32\cisvc.exe

13:01:55.0841 3076 cisvc - ok

13:01:55.0881 3076 ClipSrv (064507a8dfa8c5c7e2ffddd3e6f424fa) C:\WINDOWS\system32\clipsrv.exe

13:01:56.0312 3076 ClipSrv - ok

13:01:56.0382 3076 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:01:56.0492 3076 clr_optimization_v2.0.50727_32 - ok

13:01:56.0512 3076 CmdIde - ok

13:01:56.0552 3076 COMSysApp - ok

13:01:56.0622 3076 Cpqarray - ok

13:01:56.0672 3076 CryptSvc (f3ab0933cbd166d271992f411c27ccaf) C:\WINDOWS\System32\cryptsvc.dll

13:01:57.0173 3076 CryptSvc - ok

13:01:57.0203 3076 dac2w2k - ok

13:01:57.0233 3076 dac960nt - ok

13:01:57.0323 3076 DcomLaunch (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\system32\rpcss.dll

13:01:57.0553 3076 DcomLaunch - ok

13:01:57.0814 3076 Dhcp (8c9a53e285ac5e6704844d0459ec85be) C:\WINDOWS\System32\dhcpcsvc.dll

13:01:58.0365 3076 Dhcp - ok

13:01:58.0405 3076 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

13:01:58.0996 3076 Disk - ok

13:01:59.0016 3076 dmadmin - ok

13:01:59.0186 3076 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys

13:01:59.0676 3076 dmboot - ok

13:01:59.0807 3076 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys

13:02:00.0307 3076 dmio - ok

13:02:00.0398 3076 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

13:02:00.0858 3076 dmload - ok

13:02:00.0968 3076 dmserver (2bfefe9e865655a76982f050450b9591) C:\WINDOWS\System32\dmserver.dll

13:02:01.0439 3076 dmserver - ok

13:02:01.0509 3076 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

13:02:02.0170 3076 DMusic - ok

13:02:02.0220 3076 Dnscache (dfaa406bf19f4ee806a6f8d4342137f7) C:\WINDOWS\System32\dnsrslvr.dll

13:02:02.0390 3076 Dnscache - ok

13:02:02.0471 3076 Dot3svc (4a3e2bd20157a0946751229e92eb8621) C:\WINDOWS\System32\dot3svc.dll

13:02:02.0921 3076 Dot3svc - ok

13:02:02.0961 3076 dpti2o - ok

13:02:03.0011 3076 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

13:02:03.0422 3076 drmkaud - ok

13:02:03.0522 3076 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys

13:02:03.0642 3076 dtsoftbus01 - ok

13:02:03.0852 3076 E100B (866b8ee30e4504c11ae0d29ed6f8824b) C:\WINDOWS\system32\DRIVERS\e100b325.sys

13:02:04.0463 3076 E100B - ok

13:02:04.0614 3076 EapHost (0887d9c2be8d940778cad1e3b85f2a41) C:\WINDOWS\System32\eapsvc.dll

13:02:05.0014 3076 EapHost - ok

13:02:05.0074 3076 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys

13:02:05.0615 3076 EL90XBC - ok

13:02:05.0785 3076 ERSvc (a2a4912798f2be706abadd3d30800d16) C:\WINDOWS\System32\ersvc.dll

13:02:06.0336 3076 ERSvc - ok

13:02:06.0476 3076 Eventlog (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe

13:02:06.0566 3076 Eventlog - ok

13:02:06.0717 3076 EventSystem (a371f11ef07653591c8de26afb13ce7f) C:\WINDOWS\System32\es.dll

13:02:06.0987 3076 EventSystem - ok

13:02:07.0167 3076 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

13:02:07.0668 3076 Fastfat - ok

13:02:08.0018 3076 FastUserSwitchingCompatibility (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll

13:02:08.0289 3076 FastUserSwitchingCompatibility - ok

13:02:08.0359 3076 Fax (2cd14c70d1d81af054aa5ed8024dcae6) C:\WINDOWS\system32\fxssvc.exe

13:02:08.0860 3076 Fax - ok

13:02:08.0910 3076 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

13:02:09.0340 3076 Fdc - ok

13:02:09.0380 3076 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys

13:02:09.0841 3076 Fips - ok

13:02:09.0891 3076 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

13:02:10.0382 3076 Flpydisk - ok

13:02:10.0472 3076 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

13:02:10.0893 3076 FltMgr - ok

13:02:11.0013 3076 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

13:02:11.0083 3076 FontCache3.0.0.0 - ok

13:02:11.0153 3076 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys

13:02:11.0193 3076 fssfltr - ok

13:02:11.0463 3076 fsssvc (7ab1d5916ccfb5bbcc3189a363eaf856) C:\Program Files\Windows Live\Family Safety\fsssvc.exe

13:02:11.0664 3076 fsssvc ( UnsignedFile.Multi.Generic ) - warning

13:02:11.0664 3076 fsssvc - detected UnsignedFile.Multi.Generic (1)

13:02:11.0724 3076 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

13:02:12.0174 3076 Fs_Rec - ok

13:02:12.0265 3076 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

13:02:12.0775 3076 Ftdisk - ok

13:02:12.0845 3076 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

13:02:12.0916 3076 GEARAspiWDM - ok

13:02:12.0976 3076 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

13:02:13.0356 3076 Gpc - ok

13:02:13.0496 3076 HCF_MSFT (9513de607cd2c6d7fbeca2e6e0ae5dc0) C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys

13:02:14.0117 3076 HCF_MSFT - ok

13:02:14.0197 3076 helpsvc (fcfe31fb75f8a6295b6b0af87a626282) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

13:02:14.0588 3076 helpsvc - ok

13:02:14.0628 3076 HidServ - ok

13:02:14.0778 3076 hkmsvc (7a6b320928f86bc851530d63c82965d9) C:\WINDOWS\System32\kmsvc.dll

13:02:15.0179 3076 hkmsvc - ok

13:02:15.0219 3076 hpn - ok

13:02:15.0259 3076 hpt3xx - ok

13:02:15.0329 3076 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

13:02:15.0469 3076 HPZid412 - ok

13:02:15.0509 3076 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

13:02:15.0609 3076 HPZipr12 - ok

13:02:15.0680 3076 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

13:02:15.0770 3076 HPZius12 - ok

13:02:15.0860 3076 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

13:02:16.0981 3076 HTTP - ok

13:02:17.0041 3076 HTTPFilter (58fe2f2da3bc5573f4a35b3760d3125f) C:\WINDOWS\System32\w3ssl.dll

13:02:17.0442 3076 HTTPFilter - ok

13:02:17.0462 3076 i2omgmt - ok

13:02:17.0502 3076 i2omp - ok

13:02:17.0542 3076 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

13:02:17.0943 3076 i8042prt - ok

13:02:18.0313 3076 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

13:02:18.0484 3076 idsvc - ok

13:02:18.0604 3076 IJPLMSVC (44c7f6489d7944f74398fa89ab2f8262) C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

13:02:18.0704 3076 IJPLMSVC ( UnsignedFile.Multi.Generic ) - warning

13:02:18.0704 3076 IJPLMSVC - detected UnsignedFile.Multi.Generic (1)

13:02:18.0774 3076 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

13:02:19.0154 3076 Imapi - ok

13:02:19.0215 3076 ImapiService (f7b93aafad33b2320954c17e26c8d361) C:\WINDOWS\system32\imapi.exe

13:02:19.0625 3076 ImapiService - ok

13:02:19.0665 3076 ini910u - ok

13:02:19.0725 3076 IntelIde (57d928e548b38502abba7a77a6eb7312) C:\WINDOWS\system32\DRIVERS\intelide.sys

13:02:20.0106 3076 IntelIde - ok

13:02:20.0176 3076 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

13:02:20.0546 3076 ip6fw - ok

13:02:20.0607 3076 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

13:02:21.0077 3076 IpFilterDriver - ok

13:02:21.0157 3076 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

13:02:21.0538 3076 IpInIp - ok

13:02:21.0598 3076 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

13:02:21.0989 3076 IpNat - ok

13:02:22.0039 3076 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

13:02:22.0469 3076 IPSec - ok

13:02:22.0519 3076 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

13:02:22.0890 3076 IRENUM - ok

13:02:22.0930 3076 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys

13:02:23.0320 3076 isapnp - ok

13:02:23.0371 3076 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

13:02:23.0761 3076 Kbdclass - ok

13:02:23.0831 3076 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

13:02:24.0232 3076 kmixer - ok

13:02:24.0292 3076 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

13:02:24.0482 3076 KSecDD - ok

13:02:24.0592 3076 lanmanserver (3428e8f86f8add36b42fb23542c7b3e4) C:\WINDOWS\System32\srvsvc.dll

13:02:24.0672 3076 lanmanserver - ok

13:02:24.0733 3076 lanmanworkstation (936c1d110232d23b621cb0196e4f80f0) C:\WINDOWS\System32\wkssvc.dll

13:02:24.0833 3076 lanmanworkstation - ok

13:02:24.0863 3076 lbrtfdc - ok

13:02:24.0963 3076 LmHosts (0ab159f536e3e8f7f07113702a07cca5) C:\WINDOWS\System32\lmhsvc.dll

13:02:25.0363 3076 LmHosts - ok

13:02:25.0413 3076 LPDSVC (0befa983f8b9511eadd6960dd13e9fbf) C:\WINDOWS\System32\tcpsvcs.exe

13:02:25.0874 3076 LPDSVC - ok

13:02:25.0994 3076 LVHybrid (21e5fe0a3254664abbc051bfabe25871) C:\WINDOWS\system32\DRIVERS\LVHybrid.sys

13:02:26.0195 3076 LVHybrid - ok

13:02:26.0335 3076 MDM (926a14e36837dcf7b09b09ba0ba1fc84) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

13:02:26.0425 3076 MDM ( UnsignedFile.Multi.Generic ) - warning

13:02:26.0425 3076 MDM - detected UnsignedFile.Multi.Generic (1)

13:02:26.0495 3076 Messenger (221cd1c815b8a6b79389c3f5d1018de8) C:\WINDOWS\System32\msgsvc.dll

13:02:26.0916 3076 Messenger - ok

13:02:26.0986 3076 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

13:02:27.0466 3076 mnmdd - ok

13:02:27.0527 3076 mnmsrvc (9a57d046f88f4b69751b11fd40088a61) C:\WINDOWS\System32\mnmsrvc.exe

13:02:27.0897 3076 mnmsrvc - ok

13:02:27.0947 3076 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys

13:02:28.0338 3076 Modem - ok

13:02:28.0378 3076 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys

13:02:28.0748 3076 Mouclass - ok

13:02:28.0788 3076 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

13:02:29.0219 3076 MountMgr - ok

13:02:29.0299 3076 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys

13:02:29.0660 3076 MPE - ok

13:02:29.0690 3076 mraid35x - ok

13:02:29.0760 3076 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

13:02:30.0130 3076 MRxDAV - ok

13:02:30.0220 3076 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

13:02:30.0381 3076 MRxSmb - ok

13:02:30.0431 3076 MSDTC (6db4d1521caba9a5ffab54ade0ae867d) C:\WINDOWS\System32\msdtc.exe

13:02:30.0811 3076 MSDTC - ok

13:02:30.0891 3076 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

13:02:31.0272 3076 Msfs - ok

13:02:31.0312 3076 MSIServer - ok

13:02:31.0392 3076 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

13:02:31.0753 3076 MSKSSRV - ok

13:02:31.0783 3076 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

13:02:32.0163 3076 MSPCLOCK - ok

13:02:32.0203 3076 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

13:02:32.0584 3076 MSPQM - ok

13:02:32.0624 3076 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

13:02:33.0014 3076 mssmbios - ok

13:02:33.0075 3076 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

13:02:33.0425 3076 MSTEE - ok

13:02:33.0475 3076 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

13:02:33.0605 3076 Mup - ok

13:02:33.0655 3076 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

13:02:34.0036 3076 NABTSFEC - ok

13:02:34.0146 3076 napagent (6ea362e9db03d44f6b996f4d8be237e9) C:\WINDOWS\System32\qagentrt.dll

13:02:34.0607 3076 napagent - ok

13:02:34.0797 3076 NBService (57fbf806d0552941952aacf85f65e1f9) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

13:02:34.0947 3076 NBService ( UnsignedFile.Multi.Generic ) - warning

13:02:34.0947 3076 NBService - detected UnsignedFile.Multi.Generic (1)

13:02:35.0017 3076 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

13:02:35.0448 3076 NDIS - ok

13:02:35.0518 3076 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

13:02:35.0889 3076 NdisIP - ok

13:02:35.0919 3076 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

13:02:35.0999 3076 NdisTapi - ok

13:02:36.0059 3076 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

13:02:36.0489 3076 Ndisuio - ok

13:02:36.0580 3076 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

13:02:36.0980 3076 NdisWan - ok

13:02:37.0040 3076 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

13:02:37.0110 3076 NDProxy - ok

13:02:37.0200 3076 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\WINDOWS\system32\HPZinw12.dll

13:02:37.0371 3076 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

13:02:37.0371 3076 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

13:02:37.0421 3076 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

13:02:37.0821 3076 NetBIOS - ok

13:02:37.0871 3076 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

13:02:38.0282 3076 NetBT - ok

13:02:38.0352 3076 NetDDE (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe

13:02:38.0763 3076 NetDDE - ok

13:02:38.0803 3076 NetDDEdsdm (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe

13:02:39.0153 3076 NetDDEdsdm - ok

13:02:39.0223 3076 Netlogon (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe

13:02:39.0604 3076 Netlogon - ok

13:02:39.0654 3076 Netman (72e1e9e2977be08bdeedb6d8fd9d4d40) C:\WINDOWS\System32\netman.dll

13:02:40.0025 3076 Netman - ok

13:02:40.0155 3076 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:02:40.0285 3076 NetTcpPortSharing - ok

13:02:40.0385 3076 Nla (39ee7c3bfbc64ba87cc8cf67386e814c) C:\WINDOWS\System32\mswsock.dll

13:02:40.0485 3076 Nla - ok

13:02:40.0615 3076 NMIndexingService (8ea8761de68a9465ebec889f26d3c426) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

13:02:40.0756 3076 NMIndexingService ( UnsignedFile.Multi.Generic ) - warning

13:02:40.0756 3076 NMIndexingService - detected UnsignedFile.Multi.Generic (1)

13:02:40.0826 3076 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

13:02:41.0226 3076 Npfs - ok

13:02:41.0306 3076 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

13:02:41.0747 3076 Ntfs - ok

13:02:41.0817 3076 NtLmSsp (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\System32\lsass.exe

13:02:42.0178 3076 NtLmSsp - ok

13:02:42.0288 3076 NtmsSvc (023dd70573d644f3d9c8b1258a7bfd08) C:\WINDOWS\system32\ntmssvc.dll

13:02:42.0728 3076 NtmsSvc - ok

13:02:42.0778 3076 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

13:02:43.0229 3076 Null - ok

13:02:43.0670 3076 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

13:02:44.0201 3076 nv - ok

13:02:44.0421 3076 NVSvc (0febe37db6650faa5965c00545009d1d) C:\WINDOWS\system32\nvsvc32.exe

13:02:44.0511 3076 NVSvc - ok

13:02:44.0591 3076 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

13:02:45.0072 3076 NwlnkFlt - ok

13:02:45.0112 3076 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

13:02:45.0593 3076 NwlnkFwd - ok

13:02:45.0633 3076 P3 (3fc38e7fbe91db40c34731195f4116c2) C:\WINDOWS\system32\DRIVERS\p3.sys

13:02:46.0013 3076 P3 - ok

13:02:46.0083 3076 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys

13:02:46.0464 3076 Parport - ok

13:02:46.0524 3076 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

13:02:46.0934 3076 PartMgr - ok

13:02:46.0995 3076 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys

13:02:47.0415 3076 ParVdm - ok

13:02:47.0475 3076 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys

13:02:47.0876 3076 PCI - ok

13:02:47.0916 3076 PCIDump - ok

13:02:47.0966 3076 PCIIde - ok

13:02:48.0036 3076 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys

13:02:48.0417 3076 Pcmcia - ok

13:02:48.0457 3076 PDCOMP - ok

13:02:48.0497 3076 PDFRAME - ok

13:02:48.0547 3076 PDRELI - ok

13:02:48.0587 3076 PDRFRAME - ok

13:02:48.0617 3076 perc2 - ok

13:02:48.0657 3076 perc2hib - ok

13:02:48.0777 3076 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys

13:02:48.0827 3076 pfc ( UnsignedFile.Multi.Generic ) - warning

13:02:48.0827 3076 pfc - detected UnsignedFile.Multi.Generic (1)

13:02:48.0897 3076 PlugPlay (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe

13:02:48.0987 3076 PlugPlay - ok

13:02:49.0037 3076 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\WINDOWS\system32\HPZipm12.dll

13:02:49.0047 3076 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

13:02:49.0047 3076 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

13:02:49.0118 3076 PolicyAgent (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe

13:02:49.0448 3076 PolicyAgent - ok

13:02:49.0488 3076 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

13:02:49.0889 3076 PptpMiniport - ok

13:02:49.0929 3076 ProtectedStorage (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe

13:02:50.0259 3076 ProtectedStorage - ok

13:02:50.0299 3076 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

13:02:50.0680 3076 PSched - ok

13:02:50.0730 3076 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

13:02:51.0211 3076 Ptilink - ok

13:02:51.0241 3076 ql1080 - ok

13:02:51.0271 3076 Ql10wnt - ok

13:02:51.0301 3076 ql12160 - ok

13:02:51.0341 3076 ql1240 - ok

13:02:51.0371 3076 ql1280 - ok

13:02:51.0411 3076 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

13:02:51.0962 3076 RasAcd - ok

13:02:52.0042 3076 RasAuto (2b5e44ea009f2f374b980e1e9a70635d) C:\WINDOWS\System32\rasauto.dll

13:02:52.0382 3076 RasAuto - ok

13:02:52.0452 3076 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

13:02:52.0803 3076 Rasl2tp - ok

13:02:52.0863 3076 RasMan (d57554c664b64604bd1ee13ea2c07e77) C:\WINDOWS\System32\rasmans.dll

13:02:53.0264 3076 RasMan - ok

13:02:53.0284 3076 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

13:02:53.0644 3076 RasPppoe - ok

13:02:53.0674 3076 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

13:02:54.0155 3076 Raspti - ok

13:02:54.0235 3076 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

13:02:54.0595 3076 Rdbss - ok

13:02:54.0636 3076 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

13:02:55.0156 3076 RDPCDD - ok

13:02:55.0256 3076 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys

13:02:55.0367 3076 RDPWD - ok

13:02:55.0427 3076 RDSessMgr (c0d9d9711cb74ee9bc66353d8cbdab0e) C:\WINDOWS\system32\sessmgr.exe

13:02:55.0827 3076 RDSessMgr - ok

13:02:55.0897 3076 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys

13:02:56.0308 3076 redbook - ok

13:02:56.0368 3076 RemoteAccess (127c26b5371651043450e52542099aba) C:\WINDOWS\System32\mprdim.dll

13:02:56.0749 3076 RemoteAccess - ok

13:02:56.0799 3076 RpcLocator (718b3bdc0bc3c2f7d065a53d26202af9) C:\WINDOWS\System32\locator.exe

13:02:57.0189 3076 RpcLocator - ok

13:02:57.0289 3076 RpcSs (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\System32\rpcss.dll

13:02:57.0359 3076 RpcSs - ok

13:02:57.0420 3076 RSVP (09ab2e71e58b078038e3bfdba7ffc984) C:\WINDOWS\System32\rsvp.exe

13:02:57.0950 3076 RSVP - ok

13:02:58.0000 3076 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

13:02:58.0311 3076 rtl8139 - ok

13:02:58.0351 3076 SamSs (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe

13:02:58.0681 3076 SamSs - ok

13:02:58.0731 3076 SCardSvr (410046e401eb11e1e6749e9deea41d4a) C:\WINDOWS\System32\SCardSvr.exe

13:02:59.0102 3076 SCardSvr - ok

13:02:59.0172 3076 Schedule (3ff232a7731621b8902d81d42418c93c) C:\WINDOWS\system32\schedsvc.dll

13:02:59.0573 3076 Schedule - ok

13:02:59.0653 3076 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

13:03:00.0013 3076 Secdrv - ok

13:03:00.0063 3076 seclogon (477e2c3cc5e4a0d635bcb0ea8dcac3c6) C:\WINDOWS\System32\seclogon.dll

13:03:00.0454 3076 seclogon - ok

13:03:00.0494 3076 SENS (a530b75c10c23c9ab28fdb6ce719e21f) C:\WINDOWS\system32\sens.dll

13:03:00.0885 3076 SENS - ok

13:03:00.0945 3076 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

13:03:01.0285 3076 serenum - ok

13:03:01.0325 3076 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys

13:03:01.0696 3076 Serial - ok

13:03:01.0776 3076 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

13:03:02.0136 3076 Sfloppy - ok

13:03:02.0216 3076 SharedAccess (f58faca9621d2db01bd0927d9a0a208e) C:\WINDOWS\System32\ipnathlp.dll

13:03:02.0777 3076 SharedAccess - ok

13:03:02.0847 3076 ShellHWDetection (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll

13:03:02.0927 3076 ShellHWDetection - ok

13:03:02.0978 3076 Simbad - ok

13:03:03.0028 3076 SimpTcp (0befa983f8b9511eadd6960dd13e9fbf) C:\WINDOWS\System32\tcpsvcs.exe

13:03:03.0508 3076 SimpTcp - ok

13:03:03.0588 3076 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

13:03:03.0959 3076 SLIP - ok

13:03:04.0009 3076 SNMP (442d891cf7cb138f185fb2a1161c8af9) C:\WINDOWS\System32\snmp.exe

13:03:04.0420 3076 SNMP - ok

13:03:04.0480 3076 SNMPTRAP (4296e52a9d3ca6dcd1cf57e8bca45ab7) C:\WINDOWS\System32\snmptrap.exe

13:03:04.0890 3076 SNMPTRAP - ok

13:03:04.0930 3076 Sparrow - ok

13:03:04.0990 3076 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

13:03:05.0361 3076 splitter - ok

13:03:05.0391 3076 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

13:03:05.0481 3076 Spooler - ok

13:03:05.0541 3076 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys

13:03:05.0892 3076 sr - ok

13:03:05.0952 3076 srservice (35b91147124f64ac8081a2edb9ea4dee) C:\WINDOWS\system32\srsvc.dll

13:03:06.0322 3076 srservice - ok

13:03:06.0422 3076 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

13:03:06.0563 3076 Srv - ok

13:03:06.0633 3076 SSDPSRV (becd5271dc4e3b7c3d035f790fcbc1e5) C:\WINDOWS\System32\ssdpsrv.dll

13:03:06.0993 3076 SSDPSRV - ok

13:03:07.0093 3076 stisvc (c1cdd9275f6a115bb0ae1d55d8d27ba6) C:\WINDOWS\system32\wiaservc.dll

13:03:07.0524 3076 stisvc - ok

13:03:07.0564 3076 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

13:03:07.0945 3076 streamip - ok

13:03:08.0005 3076 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

13:03:08.0335 3076 swenum - ok

13:03:08.0385 3076 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

13:03:08.0736 3076 swmidi - ok

13:03:08.0766 3076 SwPrv - ok

13:03:08.0816 3076 symc810 - ok

13:03:08.0886 3076 symc8xx - ok

13:03:08.0936 3076 sym_hi - ok

13:03:08.0976 3076 sym_u3 - ok

13:03:09.0046 3076 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

13:03:09.0477 3076 sysaudio - ok

13:03:09.0527 3076 SysmonLog (ce06f01b88ace199a1bf460cac29c110) C:\WINDOWS\system32\smlogsvc.exe

13:03:09.0928 3076 SysmonLog - ok

13:03:09.0998 3076 TapiSrv (c2546cd7a398476f9df5614b2ae160e8) C:\WINDOWS\System32\tapisrv.dll

13:03:10.0398 3076 TapiSrv - ok

13:03:10.0498 3076 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

13:03:10.0629 3076 Tcpip - ok

13:03:10.0689 3076 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

13:03:11.0049 3076 TDPIPE - ok

13:03:11.0099 3076 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

13:03:11.0440 3076 TDTCP - ok

13:03:11.0480 3076 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

13:03:11.0840 3076 TermDD - ok

13:03:11.0910 3076 TermService (a75dd6fc3dbee4fff5ebc9f2c28bb66e) C:\WINDOWS\System32\termsrv.dll

13:03:12.0321 3076 TermService - ok

13:03:12.0401 3076 Themes (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll

13:03:12.0471 3076 Themes - ok

13:03:12.0521 3076 TosIde - ok

13:03:12.0601 3076 TrkWks (38853304ccb938d30e0c4cde8d2c2a8a) C:\WINDOWS\system32\trkwks.dll

13:03:13.0042 3076 TrkWks - ok

13:03:13.0132 3076 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

13:03:13.0493 3076 Udfs - ok

13:03:13.0513 3076 ultra - ok

13:03:13.0593 3076 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

13:03:13.0993 3076 Update - ok

13:03:14.0043 3076 upnphost (651bd90dcee5b7bdc74a2eb7c9266f9e) C:\WINDOWS\System32\upnphost.dll

13:03:14.0434 3076 upnphost - ok

13:03:14.0494 3076 UPS (20a0f6a11959e92908717d09e87d670d) C:\WINDOWS\System32\ups.exe

13:03:14.0875 3076 UPS - ok

13:03:14.0945 3076 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

13:03:15.0325 3076 usbccgp - ok

13:03:15.0385 3076 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

13:03:15.0716 3076 usbhub - ok

13:03:15.0786 3076 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

13:03:16.0136 3076 usbprint - ok

13:03:16.0207 3076 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

13:03:16.0617 3076 usbscan - ok

13:03:16.0657 3076 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

13:03:17.0028 3076 USBSTOR - ok

13:03:17.0088 3076 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

13:03:17.0488 3076 usbuhci - ok

13:03:17.0518 3076 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

13:03:17.0939 3076 VgaSave - ok

13:03:17.0969 3076 ViaIde - ok

13:03:18.0039 3076 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys

13:03:18.0410 3076 VolSnap - ok

13:03:18.0490 3076 VSS (d6ba1a63d9e00933f1cd2a885573afb2) C:\WINDOWS\System32\vssvc.exe

13:03:18.0860 3076 VSS - ok

13:03:18.0910 3076 W32Time (fa4e1cdba256787f2149f4aad07bc91f) C:\WINDOWS\system32\w32time.dll

13:03:19.0301 3076 W32Time - ok

13:03:19.0361 3076 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

13:03:19.0732 3076 Wanarp - ok

13:03:19.0762 3076 WDICA - ok

13:03:19.0822 3076 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

13:03:20.0182 3076 wdmaud - ok

13:03:20.0242 3076 WebClient (47ae51048a82dfa1cd6b51d369f7e169) C:\WINDOWS\System32\webclnt.dll

13:03:20.0683 3076 WebClient - ok

13:03:20.0913 3076 winmgmt (e488332126e3b1182d2b8a0c35408ec6) C:\WINDOWS\system32\wbem\WMIsvc.dll

13:03:21.0294 3076 winmgmt - ok

13:03:21.0394 3076 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

13:03:21.0454 3076 WmdmPmSN - ok

13:03:21.0534 3076 WmiApSrv (23f6f03272f7e5679f1f050aed5acee6) C:\WINDOWS\System32\wbem\wmiapsrv.exe

13:03:21.0955 3076 WmiApSrv - ok

13:03:22.0165 3076 WMPNetworkSvc (71b5c3a7e50a9e300dd7fc91dd5f56ad) C:\Program Files\Windows Media Player\WMPNetwk.exe

13:03:22.0305 3076 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - warning

13:03:22.0305 3076 WMPNetworkSvc - detected UnsignedFile.Multi.Generic (1)

13:03:22.0335 3076 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

13:03:22.0826 3076 WS2IFSL - ok

13:03:22.0906 3076 wscsvc (4c86d5faf78194995af9cc1075f65dd3) C:\WINDOWS\system32\wscsvc.dll

13:03:23.0327 3076 wscsvc - ok

13:03:23.0367 3076 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

13:03:23.0707 3076 WSTCODEC - ok

13:03:23.0757 3076 wuauserv (c1364564800ee9784192145324a23308) C:\WINDOWS\system32\wuauserv.dll

13:03:24.0128 3076 wuauserv - ok

13:03:24.0318 3076 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

13:03:24.0398 3076 WudfPf - ok

13:03:24.0448 3076 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

13:03:24.0508 3076 WudfRd - ok

13:03:24.0569 3076 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

13:03:24.0649 3076 WudfSvc - ok

13:03:24.0739 3076 WZCSVC (a27d4ba7264c0bf52f32d10405bea1d4) C:\WINDOWS\System32\wzcsvc.dll

13:03:25.0169 3076 WZCSVC - ok

13:03:25.0310 3076 xmlprov (eaa4bb9edb3fb10cf8979fe65e63658f) C:\WINDOWS\System32\xmlprov.dll

13:03:25.0740 3076 xmlprov - ok

13:03:25.0860 3076 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0

13:03:27.0022 3076 \Device\Harddisk0\DR0 - ok

13:03:27.0052 3076 Boot (0x1200) (5e14fd3e7e9c1fcb95d403e5ffe3ad30) \Device\Harddisk0\DR0\Partition0

13:03:27.0052 3076 \Device\Harddisk0\DR0\Partition0 - ok

13:03:27.0102 3076 Boot (0x1200) (3827f83324eee1e1ab7de700263cdf96) \Device\Harddisk0\DR0\Partition1

13:03:27.0112 3076 \Device\Harddisk0\DR0\Partition1 - ok

13:03:27.0122 3076 ============================================================

13:03:27.0122 3076 Scan finished

13:03:27.0122 3076 ============================================================

13:03:27.0282 3068 Detected object count: 9

13:03:27.0282 3068 Actual detected object count: 9

13:03:47.0992 3068 fsssvc ( UnsignedFile.Multi.Generic ) - skipped by user

13:03:47.0992 3068 fsssvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:03:47.0992 3068 IJPLMSVC ( UnsignedFile.Multi.Generic ) - skipped by user

13:03:47.0992 3068 IJPLMSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:03:48.0002 3068 MDM ( UnsignedFile.Multi.Generic ) - skipped by user

13:03:48.0002 3068 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:03:48.0012 3068 NBService ( UnsignedFile.Multi.Generic ) - skipped by user

13:03:48.0012 3068 NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:03:48.0012 3068 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

13:03:48.0012 3068 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:03:48.0032 3068 NMIndexingService ( UnsignedFile.Multi.Generic ) - skipped by user

13:03:48.0032 3068 NMIndexingService ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:03:48.0042 3068 pfc ( UnsignedFile.Multi.Generic ) - skipped by user

13:03:48.0042 3068 pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:03:48.0052 3068 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

13:03:48.0052 3068 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:03:48.0062 3068 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - skipped by user

13:03:48.0062 3068 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

a ten powertool nejde ani rozbalit, pri pokusu nasledoval vytuh....

avira nacist jde ale udajne ma nedostatek pameti a jak tam scanuje vdf tak se to vzdy na 13% zhrouti. Kaspersky ovsem nabehl, ale zatim s tim nedelam nic