VIRY.CZ

Pekný deň,

poprosil by som o preventívnu kontrolu NB, prikladám RSIT log.
Ďakujem.

Logfile of random's system information tool 1.09 (written by random/random)
Run by chobotnica at 2013-08-27 08:07:32
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 9 GB (41%) free of 23 GB
Total RAM: 1213 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:08:04, on 27.8.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Iconoid\Iconoid.exe
C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\slmdmsr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\chobotnica\Plocha\RSIT.exe
C:\Program Files\trend micro\chobotnica.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.b1.org/?bsrc=hmior&chid=c167991
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.b1.org/?bsrc=hmior&chid=c167991
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\ADVANC~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKCU\..\Run: [Iconoid] "C:\Program Files\Iconoid\Iconoid.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe" -agent
O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe" -RESTART
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - http://tbedits.videodownloadconverter.c ... 21612&cv=2
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\pev.3XE
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

--
End of file - 7161 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{44E334DA-4492-478B-9FAA-8AA345BCC90A}.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\chobotnica\Data aplikací\Mozilla\Firefox\Profiles\a9w7o5xd.default

prefs.js - "browser.search.useDBForOrder" - "false"
prefs.js - "browser.startup.homepage" - "http://www.google.sk/"
prefs.js - "keyword.URL" - "http://search.yahoo.com/search?fr=green ... =800236&p="

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.94 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll


C:\Documents and Settings\chobotnica\Data aplikací\Mozilla\Firefox\Profiles\a9w7o5xd.default\searchplugins\
askcom.xml
funmoods.xml
my-web-search.xml
softonic.xml
SweetIM Search.xml
tuvaro.xml
yahoo.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pre aplikáciu Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-07-01 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}]
Advanced SystemCare Browser Protection - C:\PROGRA~1\IObit\ADVANC~1\BROWER~1\ASCPLU~1.DLL [2012-12-10 655744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-07-01 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 997920]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-02-27 65024]
"SiS Tray"=C:\WINDOWS\system32\sistray.EXE [2003-10-30 667648]
"SiSUSBRG"=C:\WINDOWS\SiSUSBrg.exe [2002-07-12 106496]
"Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Iconoid"=C:\Program Files\Iconoid\Iconoid.exe [2010-08-21 289280]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DriverMax"=C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe [2013-07-15 7162744]
"DriverMax_RESTART"=C:\Program Files\Innovative Solutions\DriverMax\drivermax.exe [2013-07-15 7162744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0x00000000
"NoDriveAutoRun"=67108863
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0
"NoFolderOptions"=0
"NoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0
"NoFolderOptions"=0
"NoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Java\jre7\bin\javaw.exe"="C:\Program Files\Java\jre7\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\dmwu.exe"="C:\WINDOWS\system32\dmwu.exe:*:Enabled:dmwu"
"C:\WINDOWS\system32\ARFC\wrtc.exe"="C:\WINDOWS\system32\ARFC\wrtc.exe:*:Enabled:wrtc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=serwvdrv.dll

======List of files/folders created in the last 1 month======

2013-08-27 08:07:33 ----D---- C:\Program Files\trend micro
2013-08-27 08:07:32 ----D---- C:\rsit
2013-08-26 19:25:19 ----D---- C:\WINDOWS\LastGood
2013-08-26 17:52:08 ----SHD---- C:\RECYCLER
2013-08-26 13:30:08 ----SD---- C:\ComboFix
2013-08-24 21:49:34 ----A---- C:\UsbFix [Clean 1] ATTILA.txt
2013-08-24 21:48:38 ----A---- C:\CleanAutoRun.1.2.0.0_24.08.2013_21.48.38_log.txt
2013-08-24 21:21:40 ----A---- C:\CleanAutoRun.1.2.0.0_24.08.2013_21.21.40_log.txt
2013-08-24 21:18:44 ----A---- C:\CleanAutoRun.1.2.0.0_24.08.2013_21.18.44_log.txt
2013-08-24 20:44:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)
2013-08-24 20:36:38 ----A---- C:\UsbFix [Scan 1] ATTILA.txt
2013-08-24 15:02:30 ----A---- C:\TDSSKiller.2.8.16.0_24.08.2013_15.02.30_log.txt
2013-08-24 14:32:04 ----A---- C:\TDSSKiller.2.8.16.0_24.08.2013_14.32.04_log.txt
2013-08-24 14:23:31 ----A---- C:\TDSSKiller.2.8.16.0_24.08.2013_14.23.31_log.txt
2013-08-24 06:59:19 ----D---- C:\Documents and Settings\chobotnica\Data aplikací\Malwarebytes
2013-08-24 06:59:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2013-08-24 06:59:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2013-08-24 06:59:02 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2013-08-23 21:24:53 ----A---- C:\Boot.bak
2013-08-23 21:24:48 ----RASHD---- C:\cmdcons
2013-08-23 21:16:19 ----A---- C:\WINDOWS\zip.exe
2013-08-23 21:16:19 ----A---- C:\WINDOWS\SWXCACLS.exe
2013-08-23 21:16:19 ----A---- C:\WINDOWS\SWSC.exe
2013-08-23 21:16:19 ----A---- C:\WINDOWS\SWREG.exe
2013-08-23 21:16:19 ----A---- C:\WINDOWS\sed.exe
2013-08-23 21:16:19 ----A---- C:\WINDOWS\PEV.exe
2013-08-23 21:16:19 ----A---- C:\WINDOWS\NIRCMD.exe
2013-08-23 21:16:19 ----A---- C:\WINDOWS\MBR.exe
2013-08-23 21:16:19 ----A---- C:\WINDOWS\grep.exe
2013-08-23 21:16:13 ----SD---- C:\combofix_13.8.12.1
2013-08-23 21:16:08 ----D---- C:\Qoobox
2013-08-23 21:15:48 ----D---- C:\WINDOWS\erdnt
2013-08-23 20:12:00 ----HD---- C:\Documents and Settings\All Users\Data aplikací\CanonBJ
2013-08-23 08:45:51 ----RA---- C:\WINDOWS\system32\cnmB5.tmp
2013-08-22 16:57:31 ----RA---- C:\WINDOWS\system32\cnmB1.tmp
2013-08-22 16:53:00 ----A---- C:\WINDOWS\BJPSUNST.EXE
2013-08-22 16:38:23 ----RA---- C:\WINDOWS\system32\cnmBF.tmp
2013-08-22 16:30:33 ----D---- C:\Program Files\Canon
2013-08-22 15:34:11 ----D---- C:\WINDOWS\StartHtmico
2013-08-22 14:32:16 ----A---- C:\WINDOWS\IE4 Error Log.txt
2013-08-22 14:25:47 ----A---- C:\WINDOWS\system32\drivers\udsstub.sys
2013-08-22 10:01:32 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2013-08-22 10:00:24 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2013-08-21 19:55:24 ----N---- C:\WINDOWS\system32\spmsg.dll
2013-08-21 19:54:39 ----D---- C:\Program Files\Windows Media Connect 2
2013-08-21 19:54:17 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2013-08-21 08:30:19 ----D---- C:\Program Files\Mozilla Firefox
2013-08-15 08:58:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2850869$
2013-08-15 08:58:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2859537$
2013-08-15 08:58:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2863058$
2013-08-15 08:57:55 ----A---- C:\WINDOWS\imsins.BAK
2013-08-15 08:57:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2849470$
2013-08-15 08:38:05 ----D---- C:\d418b49e8f33d612b58502f1eb
2013-08-11 15:49:23 ----A---- C:\WINDOWS\system32\drivers\ousbehci.sys
2013-08-11 15:49:23 ----A---- C:\WINDOWS\system32\drivers\ousb2hub.sys
2013-08-10 19:35:39 ----A---- C:\WINDOWS\MyDrivers.ini
2013-08-10 19:20:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\inf
2013-08-10 18:18:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\Synaptics
2013-08-10 18:15:38 ----D---- C:\Documents and Settings\chobotnica\Data aplikací\Synaptics
2013-08-10 18:11:32 ----D---- C:\Program Files\Synaptics
2013-08-10 18:10:12 ----A---- C:\WINDOWS\system32\SynTPAPI.dll
2013-08-10 18:10:08 ----A---- C:\WINDOWS\system32\SynTPCo4.dll
2013-08-10 18:10:07 ----A---- C:\WINDOWS\system32\SynCOM.dll
2013-08-10 18:10:07 ----A---- C:\WINDOWS\system32\drivers\SynTP.sys
2013-08-10 18:10:02 ----A---- C:\WINDOWS\system32\SynCtrl.dll
2013-08-10 17:12:56 ----D---- C:\Program Files\Auto Installer
2013-08-10 12:28:51 ----A---- C:\WINDOWS\system32\drivers\MODEMCSA.sys
2013-08-10 12:28:48 ----A---- C:\WINDOWS\system32\csamsp.dll
2013-08-10 12:27:57 ----D---- C:\WINDOWS\system32\drivers\SLDRV
2013-08-10 12:26:54 ----A---- C:\WINDOWS\system32\slmdmgx.dll
2013-08-10 12:26:53 ----A---- C:\WINDOWS\system32\slmdmsp.dll
2013-08-10 12:26:53 ----A---- C:\WINDOWS\system32\slmdmco.dll
2013-08-10 12:26:49 ----A---- C:\WINDOWS\system32\slmdmsr.exe
2013-08-08 21:42:57 ----D---- C:\Program Files\Microsoft.NET
2013-08-08 21:36:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2834904_WM11$
2013-08-08 21:33:09 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2013-08-08 21:05:12 ----D---- C:\Program Files\Common Files\Windows Live
2013-08-08 21:03:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2492386$
2013-08-08 21:01:22 ----D---- C:\WINDOWS\system32\WindowsPowerShell
2013-08-08 21:01:19 ----D---- C:\WINDOWS\system32\winrm
2013-08-08 21:01:19 ----D---- C:\WINDOWS\system32\GroupPolicy
2013-08-08 21:01:11 ----HDC---- C:\WINDOWS\$968930Uinstall_KB968930$
2013-08-08 21:01:09 ----D---- C:\WINDOWS\$NtUninstallKB968930$
2013-08-08 21:00:41 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$
2013-08-08 20:59:28 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2013-08-08 20:56:42 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2013-08-08 20:55:08 ----D---- C:\WINDOWS\system32\LogFiles
2013-08-08 20:55:08 ----D---- C:\WINDOWS\system32\drivers\UMDF
2013-08-08 20:54:57 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2013-08-08 20:49:12 ----D---- C:\WINDOWS\system32\URTTEMP
2013-08-08 13:37:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\{D76294E6-03B8-4971-AF2E-3F846161A690}
2013-08-08 13:37:05 ----D---- C:\Documents and Settings\chobotnica\Data aplikací\Apple Computer
2013-08-08 13:37:00 ----D---- C:\Documents and Settings\All Users\Data aplikací\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
2013-08-08 13:33:56 ----D---- C:\Program Files\Common Files\Spigot
2013-08-08 13:24:24 ----D---- C:\Program Files\IObit
2013-08-08 12:41:43 ----A---- C:\NTUser.dat
2013-08-08 12:41:00 ----D---- C:\Program Files\MyPC Backup
2013-08-08 12:29:12 ----A---- C:\WINDOWS\system32\drivers\AliRtHub.sys
2013-08-08 12:29:12 ----A---- C:\WINDOWS\system32\drivers\AliHub.sys
2013-08-08 12:29:12 ----A---- C:\WINDOWS\system32\drivers\AliGP.sys
2013-08-08 12:29:12 ----A---- C:\WINDOWS\system32\drivers\AliEhci.sys
2013-08-07 14:16:51 ----SHD---- C:\WINDOWS\system32\AI_RecycleBin
2013-08-06 20:11:22 ----SHD---- C:\Documents and Settings\All Users\Data aplikací\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-08-06 19:18:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2013-08-06 17:41:06 ----A---- C:\WINDOWS\system32\drivers\Cat.DB
2013-08-06 17:30:36 ----A---- C:\FL.ini
2013-08-06 17:01:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\SecTaskMan
2013-07-28 21:44:26 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2013-07-28 21:44:19 ----HDC---- C:\WINDOWS\$NtUninstallWdf01009$
2013-07-28 21:44:02 ----A---- C:\WINDOWS\system32\WdfCoInstaller01009.dll
2013-07-28 21:44:02 ----A---- C:\WINDOWS\system32\drivers\pimou.sys

======List of files/folders modified in the last 1 month======

2013-08-27 08:07:33 ----RD---- C:\Program Files
2013-08-27 08:06:57 ----D---- C:\WINDOWS\Prefetch
2013-08-26 19:25:23 ----D---- C:\WINDOWS\system32\drivers
2013-08-26 19:25:19 ----D---- C:\WINDOWS\Temp
2013-08-26 19:25:19 ----D---- C:\WINDOWS
2013-08-26 19:25:15 ----D---- C:\WINDOWS\system32\CatRoot2
2013-08-26 19:25:14 ----DC---- C:\WINDOWS\system32\DRVSTORE
2013-08-26 18:03:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-08-26 16:55:41 ----SD---- C:\WINDOWS\Tasks
2013-08-26 13:31:57 ----D---- C:\WINDOWS\system32
2013-08-24 21:38:17 ----HD---- C:\WINDOWS\inf
2013-08-24 08:06:02 ----D---- C:\WINDOWS\Minidump
2013-08-23 21:24:53 ----RASH---- C:\boot.ini
2013-08-23 09:04:16 ----D---- C:\WINDOWS\system32\config
2013-08-23 09:03:55 ----D---- C:\WINDOWS\system32\wbem
2013-08-23 09:03:54 ----D---- C:\WINDOWS\Registration
2013-08-23 09:03:09 ----D---- C:\WINDOWS\system32\Restore
2013-08-23 08:58:19 ----D---- C:\WINDOWS\system32\ReinstallBackups
2013-08-22 16:28:30 ----SHD---- C:\WINDOWS\Installer
2013-08-22 16:28:17 ----SHD---- C:\Config.Msi
2013-08-22 14:41:54 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-08-22 10:01:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-08-21 21:22:22 ----D---- C:\WINDOWS\system32\CatRoot
2013-08-21 19:57:16 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-08-21 19:54:52 ----AC---- C:\WINDOWS\win.ini
2013-08-21 19:54:37 ----D---- C:\Program Files\Windows Media Player
2013-08-21 19:54:29 ----D---- C:\WINDOWS\Help
2013-08-21 19:48:45 ----AC---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-08-16 16:57:59 ----D---- C:\Documents and Settings\chobotnica\Data aplikací\Skype
2013-08-15 19:56:51 ----RSD---- C:\WINDOWS\assembly
2013-08-15 19:56:51 ----D---- C:\WINDOWS\Microsoft.NET
2013-08-15 09:20:31 ----D---- C:\WINDOWS\WinSxS
2013-08-15 09:09:48 ----D---- C:\Program Files\Internet Explorer
2013-08-15 09:09:05 ----D---- C:\WINDOWS\system32\MRT
2013-08-15 09:05:31 ----D---- C:\WINDOWS\Debug
2013-08-15 09:05:01 ----AC---- C:\WINDOWS\system32\MRT.exe
2013-08-15 09:04:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2013-08-11 10:37:56 ----AC---- C:\WINDOWS\NeroDigital.ini
2013-08-08 21:53:33 ----D---- C:\WINDOWS\system32\cs-cz
2013-08-08 21:43:10 ----D---- C:\WINDOWS\system32\en-US
2013-08-08 21:11:13 ----D---- C:\WINDOWS\AppPatch
2013-08-08 21:10:22 ----D---- C:\WINDOWS\security
2013-08-08 21:05:12 ----D---- C:\Program Files\Common Files
2013-08-08 21:04:57 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2013-08-08 21:04:23 ----HD---- C:\WINDOWS\$hf_mig$
2013-08-08 20:51:17 ----D---- C:\WINDOWS\system32\mui
2013-08-08 19:47:32 ----AC---- C:\WINDOWS\system32\VGAunistlog.ini
2013-08-08 12:53:06 ----D---- C:\Documents and Settings\chobotnica\Data aplikací\Systweak
2013-08-08 11:11:43 ----AC---- C:\WINDOWS\system32\results.txt
2013-08-08 10:45:18 ----A---- C:\WINDOWS\system32\SiSBase.dll
2013-08-07 14:53:00 ----D---- C:\Program Files\Google
2013-08-07 14:19:56 ----SD---- C:\WINDOWS\Downloaded Program Files
2013-08-07 14:19:56 ----D---- C:\WINDOWS\Logs
2013-08-07 12:22:32 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2013-08-07 12:22:02 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Tools
2013-08-06 17:41:06 ----SHD---- C:\System Volume Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 a347bus;a347bus; C:\WINDOWS\system32\DRIVERS\a347bus.sys [2004-04-30 160640]
R0 a347scsi;a347scsi; C:\WINDOWS\System32\Drivers\a347scsi.sys [2004-04-30 5248]
R0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [2005-04-30 28271]
R0 DPPCMFilter;DPPCMFilter Driver; C:\WINDOWS\system32\DRIVERS\DPPCMFilter.sys [2008-07-08 456960]
R0 LPCFilter;LPC Lower Filter Driver; C:\WINDOWS\system32\DRIVERS\LPCFilter.sys [2011-12-29 28464]
R0 MxEFUF;Matrox Extio Upper Function Filter; C:\WINDOWS\system32\DRIVERS\MxEFUF32.sys [2010-11-04 102728]
R0 RecAgent;RecAgent; C:\WINDOWS\system32\DRIVERS\SLDRV\RecAgent.sys [2005-05-10 14680]
R0 SISAGP;SiS AGP Filter; C:\WINDOWS\System32\DRIVERS\SISAGPX.sys [2003-02-20 36608]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2010-10-26 19200]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-04-16 12032]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-16 13059]
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service; C:\WINDOWS\System32\Drivers\ousbehci.sys [2005-09-29 45824]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\DKbFltr.sys [2004-12-08 16896]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-04-16 12160]
R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\system32\DRIVERS\SLDRV\Mtlmnt5.sys [2005-05-10 237616]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support; C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2005-09-29 56960]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2010-10-26 325120]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2006-07-13 40840]
R3 Slntamr;AMR_PCI Driver; C:\WINDOWS\system32\DRIVERS\SLDRV\slntamr.sys [2005-05-10 698848]
R3 SlWdmSup;SlWdmSup; C:\WINDOWS\system32\DRIVERS\SLDRV\SlWdmSup.sys [2005-05-10 13248]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2010-11-07 1317552]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys []
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2005-03-25 82148]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S0 TfFsMon;TfFsMon; C:\WINDOWS\system32\drivers\TfFsMon.sys []
S0 TfSysMon;TfSysMon; C:\WINDOWS\system32\drivers\TfSysMon.sys []
S1 MpKslebfee7b3;MpKslebfee7b3; \??\c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{328F5637-02C6-49FD-99B1-FAF05534DD8F}\MpKslebfee7b3.sys []
S2 ALIEHCD;ULi PCI to USB Enhanced Host Controller; C:\WINDOWS\System32\Drivers\ALIEHCI.sys [2005-06-14 32768]
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2005-05-31 20480]
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2005-04-30 10804]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2005-05-31 23000]
S3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-04-30 11860]
S3 BTNetFilter;Bluetooth Network Filter; \??\C:\WINDOWS\system32\drivers\BTNetFilter.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 DrvAgent32;DrvAgent32; \??\C:\WINDOWS\system32\Drivers\DrvAgent32.sys []
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-12-14 1038208]
S3 HSFHWSIS;HSFHWSIS; C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2004-12-14 200576]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\system32\DRIVERS\SLDRV\Mtlstrm.sys [2005-05-10 1464848]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 pimou;Pluralinput Mouse 0.8.2.0; C:\WINDOWS\system32\DRIVERS\pimou.sys [2013-03-21 20808]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-04-16 5888]
S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51; C:\WINDOWS\System32\DRIVERS\sisnicxp.sys [2006-02-14 32768]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SlNtHal;SlNtHal; C:\WINDOWS\system32\DRIVERS\SLDRV\Slnthal.sys [2005-05-10 101328]
S3 STAC97;3DP Edition v9.12 (SigmaTel C-Major Audio); C:\WINDOWS\system32\drivers\STAC97.sys [2005-04-14 273296]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
S3 udsstub;USBDeviceShare USB Device Stub; C:\WINDOWS\system32\DRIVERS\udsstub.sys [2012-06-18 16000]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-14 703232]
S3 WINIO;WINIO; \??\C:\DOCUME~1\CHOBOT~1\LOCALS~1\Temp\Rar$EX05.844\winio.sys []
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 11736]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 SLService;SmartLinkService; C:\WINDOWS\system32\slmdmsr.exe [2005-05-10 61440]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2011-10-20 1479488]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-15 135664]
S2 PEVSystemStart;PEVSystemStart; C:\ComboFix\pev.3XE [2011-06-26 256000]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21 257416]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-15 135664]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-07-01 182184]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-08-21 117656]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-04-18 754856]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

ahoj,
ajjaaajaaaaj - Ty si sa hral na ludoveho liecitela a ked nepomohlo si zavital na forum
1. co si vytrajal z ComboFix-om ?
2. odinstaluj vsetko od IObit
3. vycisti PC s ADWCleanerom
4. prescanuj PC s MBAM - kompletna kontrola - log vloz

Zdravím,
Tušil som, že nemám niečo v poriadku s PC. Tak som sa to pokúšal nejako riešiť podľa svojich schopností a možností (asi to moc dobre nedopadlo), a až potom som natrafil na toto fórum.
Ale poďme k veci. Podľa inštrukcií som zlikvidival IObit, vycistil som PC s ADWCleanerom (zrušil mnoho vecí, myslel som si, že zostane PC úplne prázdne) a nakoniec som scanol PC s MBAM. Tu je výsledok - log.
Poprosím o prezretie. Ď.

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2013.08.27.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
chobotnica :: ATTILA [administrátor]

Ochrana: Povolena

27.8.2013 16:09:31
MBAM-log-2013-08-27 (17-24-21).txt

Typ: Kompletní kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 252154
Uplynulý čas: 52 minut, 24 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 14
C:\System Volume Information\_restore{8761D874-7197-411E-93BD-C47147695FF4}\RP281\A0112405.dll (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{8761D874-7197-411E-93BD-C47147695FF4}\RP281\A0112406.exe (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{8761D874-7197-411E-93BD-C47147695FF4}\RP281\A0112408.dll (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{8761D874-7197-411E-93BD-C47147695FF4}\RP281\A0112412.dll (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{8761D874-7197-411E-93BD-C47147695FF4}\RP281\A0112414.dll (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{8761D874-7197-411E-93BD-C47147695FF4}\RP281\A0112416.dll (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{8761D874-7197-411E-93BD-C47147695FF4}\RP281\A0112417.dll (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{8761D874-7197-411E-93BD-C47147695FF4}\RP281\A0112418.dll (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{8761D874-7197-411E-93BD-C47147695FF4}\RP281\A0112420.dll (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{8761D874-7197-411E-93BD-C47147695FF4}\RP281\A0112423.dll (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{8761D874-7197-411E-93BD-C47147695FF4}\RP281\A0112424.dll (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{8761D874-7197-411E-93BD-C47147695FF4}\RP281\A0112426.dll (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{8761D874-7197-411E-93BD-C47147695FF4}\RP281\A0112427.msi (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.
C:\System Volume Information\_restore{8761D874-7197-411E-93BD-C47147695FF4}\RP281\A0112415.dll (PUP.Optional.SweetIM) -> Nebyla provedena žádná instrukce.

(konec)

Neviem či to bude mať nejaký súvis, ale pred touto kontrolou a pred vyčistením s ADWCleanerom som predtým prescanoval PC s MBAM, výsledkom je následný log (výsledok uložený do karantény):

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2013.08.24.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
chobotnica :: ATTILA [administrátor]

Ochrana: Povolena

25.8.2013 20:47:12
mbam-log-2013-08-25 (20-47-12).txt

Typ: Kompletní kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 251454
Uplynulý čas: 58 minut, 25 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 15
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Přesun do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Přesun do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Přesun do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Přesun do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Přesun do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Přesun do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Přesun do karantény a smazání se zdařilo.
HKCR\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A} (PUP.Optional.SweetIM) -> Přesun do karantény a smazání se zdařilo.
HKCR\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19} (PUP.Optional.SweetIM) -> Přesun do karantény a smazání se zdařilo.
HKCR\Interface\{A439801C-961D-452C-AB42-7848E9CBD289} (PUP.Optional.SweetIM) -> Přesun do karantény a smazání se zdařilo.
HKCR\MgMediaPlayer.GifAnimator.1 (PUP.Optional.SweetIM) -> Přesun do karantény a smazání se zdařilo.
HKCR\MgMediaPlayer.GifAnimator (PUP.Optional.SweetIM) -> Přesun do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods (PUP.FunMoods) -> Přesun do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Funmoods (PUP.FunMoods) -> Přesun do karantény a smazání se zdařilo.
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Přesun do karantény a smazání se zdařilo.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 24
C:\Program Files\SweetIM\Messenger\mgMediaPlayer.dll (PUP.Optional.SweetIM) -> Přesun do karantény a smazání se zdařilo.
C:\Program Files\SweetIM\Messenger\ContentPackagesActivationHandler.exe (PUP.Optional.SweetIM) -> Přesun do karantény a smazání se zdařilo.
C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll (PUP.Optional.SweetIM) -> Přesun do karantény a smazání se zdařilo.
C:\Program Files\SweetIM\Messenger\mgArchive.dll (PUP.Optional.SweetIM) -> Přesun do karantény a smazání se zdařilo.
C:\Program Files\SweetIM\Messenger\mgcommon.dll (PUP.Optional.SweetIM) -> Přesun do karantény a smazání se zdařilo.
C:\Program Files\SweetIM\Messenger\mgcommunication.dll (PUP.Optional.SweetIM) -> Přesun do karantény a smazání se zdařilo.
C:\Program Files\SweetIM\Messenger\mgconfig.dll (PUP.Optional.SweetIM) -> Přesun do karantény a smazání se zdařilo.
C:\Program Files\SweetIM\Messenger\mgFlashPlayer.dll (PUP.Optional.SweetIM) -> Přesun do karantény a smazání se zdařilo.
C:\Program Files\SweetIM\Messenger\mghooking.dll (PUP.Optional.SweetIM) -> Přesun do karantény a smazání se zdařilo.
C:\Program Files\SweetIM\Messenger\mgICQAuto.dll (PUP.Optional.SweetIM) -> Přesun do karantény a smazání se zdařilo.
C:\Program Files\SweetIM\Messenger\mgICQMessengerAdapter.dll (PUP.Optional.SweetIM) -> Přesun do karantény a smazání se zdařilo.
C:\Program Files\SweetIM\Messenger\mglogger.dll (PUP.Optional.SweetIM) -> Přesun do karantény a smazání se zdařilo.
C:\Program Files\SweetIM\Messenger\mgMsnAuto.dll (PUP.Optional.SweetIM) -> Přesun do karantény a smazání se zdařilo.
C:\Program Files\SweetIM\Messenger\mgMsnMessengerAdapter.dll (PUP.Optional.SweetIM) -> Přesun do karantény a smazání se zdařilo.
C:\Program Files\SweetIM\Messenger\mgsimcommon.dll (PUP.Optional.SweetIM) -> Přesun do karantény a smazání se zdařilo.
C:\Program Files\SweetIM\Messenger\mgSweetIM.dll (PUP.Optional.SweetIM) -> Přesun do karantény a smazání se zdařilo.
C:\Program Files\SweetIM\Messenger\mgUpdateSupport.dll (PUP.Optional.SweetIM) -> Přesun do karantény a smazání se zdařilo.
C:\Program Files\SweetIM\Messenger\mgxml_wrapper.dll (PUP.Optional.SweetIM) -> Přesun do karantény a smazání se zdařilo.
C:\Program Files\SweetIM\Messenger\mgYahooAuto.dll (PUP.Optional.SweetIM) -> Přesun do karantény a smazání se zdařilo.
C:\Program Files\SweetIM\Messenger\mgYahooMessengerAdapter.dll (PUP.Optional.SweetIM) -> Přesun do karantény a smazání se zdařilo.
C:\Program Files\SweetIM\Messenger\SweetIM.exe (PUP.Optional.SweetIM) -> Přesun do karantény a smazání se zdařilo.
C:\Program Files\SweetIM\Messenger\resources\sqlite\mgSqlite3.dll (PUP.Optional.SweetIM) -> Přesun do karantény a smazání se zdařilo.
C:\WINDOWS\Installer\d1042.msi (PUP.Optional.SweetIM) -> Přesun do karantény a smazání se zdařilo.
C:\Documents and Settings\chobotnica\Data aplikací\Funmoods\UpdateProc\UpdateTask.exe (PUP.FunMoods) -> Přesun do karantény a smazání se zdařilo.

(konec)

- vypni obnovu systemu - restart - zapni obnovu systemu
- premenuj Combofix na Uninstall a spust
- ak nie su problemy, tak hotovo

zdravím,
spravil som veci podľa inštruktáže - vypol obnovu systému - reštart - zapol obnovu systému, premenoval combofix na uninstall a spustil som ho. Problém nastal v časti Autoscan. Pri prehľadávaní pravdepodobne zamrzol - čakal som 60 min. čo sa bude diať, ale ani neblikal, nič nereagovalo, musel som vypnúť PC na tvrdo. Čo teraz, ako ďalej. Pomoooooc, Ď.

to je nepodstatne - CF by sa mal legalne odinstalovat ,,,
ZMAZ rucne adresare:
C:\ComboFix
C:\Qoobox

zmazané, spustené a nič. Zase sa sekol.

- vloz log z TDSSKiller
- spust s prikazoveho riadku chkdsk ak najde chyby nechaj opravit /F

lod z TDSSKiller:
22:22:45.0734 1268 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:22:46.0125 1268 ============================================================
22:22:46.0125 1268 Current date / time: 2013/08/29 22:22:46.0125
22:22:46.0125 1268 SystemInfo:
22:22:46.0125 1268
22:22:46.0125 1268 OS Version: 5.1.2600 ServicePack: 3.0
22:22:46.0125 1268 Product type: Workstation
22:22:46.0125 1268 ComputerName: ATTILA
22:22:46.0125 1268 UserName: chobotnica
22:22:46.0125 1268 Windows directory: C:\WINDOWS
22:22:46.0125 1268 System windows directory: C:\WINDOWS
22:22:46.0125 1268 Processor architecture: Intel x86
22:22:46.0125 1268 Number of processors: 1
22:22:46.0125 1268 Page size: 0x1000
22:22:46.0125 1268 Boot type: Normal boot
22:22:46.0125 1268 ============================================================
22:22:47.0625 1268 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:22:47.0625 1268 ============================================================
22:22:47.0625 1268 \Device\Harddisk0\DR0:
22:22:47.0625 1268 MBR partitions:
22:22:47.0625 1268 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2C916DE
22:22:47.0640 1268 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2C9175C, BlocksNum 0x1DF3BA4
22:22:47.0640 1268 ============================================================
22:22:47.0687 1268 C: <-> \Device\Harddisk0\DR0\Partition1
22:22:47.0734 1268 D: <-> \Device\Harddisk0\DR0\Partition2
22:22:47.0734 1268 ============================================================
22:22:47.0734 1268 Initialize success
22:22:47.0734 1268 ============================================================
22:22:53.0578 0348 ============================================================
22:22:53.0578 0348 Scan started
22:22:53.0578 0348 Mode: Manual;
22:22:53.0578 0348 ============================================================
22:22:53.0890 0348 ================ Scan system memory ========================
22:22:53.0890 0348 System memory - ok
22:22:53.0906 0348 ================ Scan services =============================
22:22:54.0140 0348 [ 1F61CACACB521215F39061789147968C ] a347bus C:\WINDOWS\system32\DRIVERS\a347bus.sys
22:22:54.0140 0348 a347bus - ok
22:22:54.0156 0348 [ 113E4B318BBAA7483CA4E582A4D63F49 ] a347scsi C:\WINDOWS\system32\Drivers\a347scsi.sys
22:22:54.0156 0348 a347scsi - ok
22:22:54.0187 0348 Abiosdsk - ok
22:22:54.0203 0348 abp480n5 - ok
22:22:54.0250 0348 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:22:54.0250 0348 ACPI - ok
22:22:54.0296 0348 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
22:22:54.0296 0348 ACPIEC - ok
22:22:54.0375 0348 [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:22:54.0375 0348 AdobeFlashPlayerUpdateSvc - ok
22:22:54.0406 0348 adpu160m - ok
22:22:54.0437 0348 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
22:22:54.0437 0348 aec - ok
22:22:54.0500 0348 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
22:22:54.0500 0348 AFD - ok
22:22:54.0515 0348 Aha154x - ok
22:22:54.0546 0348 aic78u2 - ok
22:22:54.0562 0348 aic78xx - ok
22:22:54.0812 0348 [ DD8520280304B6145A6BE31008748C7C ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
22:22:55.0031 0348 ALCXWDM - ok
22:22:55.0093 0348 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
22:22:55.0093 0348 Alerter - ok
22:22:55.0140 0348 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
22:22:55.0140 0348 ALG - ok
22:22:55.0203 0348 [ DE9ECB05D5433938A9128CE19916087D ] ALIEHCD C:\WINDOWS\system32\Drivers\ALIEHCI.sys
22:22:55.0203 0348 ALIEHCD - ok
22:22:55.0203 0348 AliIde - ok
22:22:55.0234 0348 amsint - ok
22:22:55.0250 0348 AppMgmt - ok
22:22:55.0281 0348 asc - ok
22:22:55.0296 0348 asc3350p - ok
22:22:55.0312 0348 asc3550 - ok
22:22:55.0421 0348 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:22:55.0453 0348 aspnet_state - ok
22:22:55.0515 0348 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:22:55.0515 0348 AsyncMac - ok
22:22:55.0562 0348 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
22:22:55.0562 0348 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\atapi.sys. md5: 9F3A2F5AA6875C72BF062C712CFA2674
22:22:55.0562 0348 atapi ( LockedFile.Multi.Generic ) - warning
22:22:55.0562 0348 atapi - detected LockedFile.Multi.Generic (1)
22:22:55.0593 0348 Atdisk - ok
22:22:55.0640 0348 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:22:55.0640 0348 Atmarpc - ok
22:22:55.0703 0348 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
22:22:55.0703 0348 AudioSrv - ok
22:22:55.0750 0348 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
22:22:55.0750 0348 audstub - ok
22:22:55.0812 0348 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:22:55.0812 0348 Beep - ok
22:22:55.0890 0348 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\WINDOWS\system32\qmgr.dll
22:22:56.0015 0348 BITS - ok
22:22:56.0062 0348 [ 04E84C8049EE93614A2FF6D676D1E247 ] BlueletAudio C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
22:22:56.0062 0348 BlueletAudio - ok
22:22:56.0140 0348 [ 89E739BBA5F636297EA5B5F811189E06 ] Browser C:\WINDOWS\System32\browser.dll
22:22:56.0140 0348 Browser - ok
22:22:56.0187 0348 [ D1813668A0117AE05BC0B81C874F91D4 ] BT C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
22:22:56.0187 0348 BT - ok
22:22:56.0234 0348 [ 7304ACC25455746912DE37D7DED387ED ] Btcsrusb C:\WINDOWS\system32\Drivers\btcusb.sys
22:22:56.0234 0348 Btcsrusb - ok
22:22:56.0281 0348 [ 161969D2DD1D39CD2F1EDBC60C61FA99 ] BTHidEnum C:\WINDOWS\system32\DRIVERS\vbtenum.sys
22:22:56.0281 0348 BTHidEnum - ok
22:22:56.0328 0348 [ A9164C2A39BD917B9F42AE087560AC3D ] BTHidMgr C:\WINDOWS\system32\Drivers\BTHidMgr.sys
22:22:56.0343 0348 BTHidMgr - ok
22:22:56.0406 0348 [ 6B05FDC0CFC3753B520D2D4176CC32D0 ] BTNetFilter C:\WINDOWS\system32\drivers\BTNetFilter.sys
22:22:56.0406 0348 BTNetFilter - ok
22:22:56.0437 0348 BTWUSB - ok
22:22:56.0531 0348 catchme - ok
22:22:56.0578 0348 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
22:22:56.0578 0348 cbidf2k - ok
22:22:56.0640 0348 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:22:56.0640 0348 CCDECODE - ok
22:22:56.0656 0348 cd20xrnt - ok
22:22:56.0703 0348 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
22:22:56.0703 0348 Cdaudio - ok
22:22:56.0765 0348 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
22:22:56.0765 0348 Cdfs - ok
22:22:56.0812 0348 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:22:56.0812 0348 Cdrom - ok
22:22:56.0843 0348 Changer - ok
22:22:56.0890 0348 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
22:22:56.0906 0348 CiSvc - ok
22:22:56.0921 0348 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
22:22:56.0937 0348 ClipSrv - ok
22:22:56.0984 0348 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:22:57.0187 0348 clr_optimization_v2.0.50727_32 - ok
22:22:57.0265 0348 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:22:57.0281 0348 clr_optimization_v4.0.30319_32 - ok
22:22:57.0312 0348 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:22:57.0312 0348 CmBatt - ok
22:22:57.0343 0348 CmdIde - ok
22:22:57.0375 0348 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:22:57.0375 0348 Compbatt - ok
22:22:57.0406 0348 COMSysApp - ok
22:22:57.0437 0348 Cpqarray - ok
22:22:57.0515 0348 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
22:22:57.0515 0348 CryptSvc - ok
22:22:57.0546 0348 dac2w2k - ok
22:22:57.0562 0348 dac960nt - ok
22:22:57.0625 0348 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:22:57.0640 0348 DcomLaunch - ok
22:22:57.0687 0348 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
22:22:57.0703 0348 Dhcp - ok
22:22:57.0718 0348 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
22:22:57.0718 0348 Disk - ok
22:22:57.0765 0348 [ 08D30AF92C270F2E76787C81589DBAD6 ] DKbFltr C:\WINDOWS\system32\Drivers\DKbFltr.sys
22:22:57.0781 0348 DKbFltr - ok
22:22:57.0796 0348 dmadmin - ok
22:22:57.0875 0348 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
22:22:57.0890 0348 dmboot - ok
22:22:57.0953 0348 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
22:22:57.0953 0348 dmio - ok
22:22:58.0000 0348 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
22:22:58.0000 0348 dmload - ok
22:22:58.0093 0348 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
22:22:58.0093 0348 dmserver - ok
22:22:58.0125 0348 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
22:22:58.0125 0348 DMusic - ok
22:22:58.0187 0348 [ DFAA406BF19F4EE806A6F8D4342137F7 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:22:58.0187 0348 Dnscache - ok
22:22:58.0234 0348 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
22:22:58.0250 0348 Dot3svc - ok
22:22:58.0312 0348 [ D835485CFB4B8CA976DB2C3F01F46E7B ] DPPCMFilter C:\WINDOWS\system32\DRIVERS\DPPCMFilter.sys
22:22:58.0312 0348 DPPCMFilter - ok
22:22:58.0328 0348 dpti2o - ok
22:22:58.0359 0348 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
22:22:58.0359 0348 drmkaud - ok
22:22:58.0390 0348 [ 651554E483712B708EDE864D0CA1AA73 ] DrvAgent32 C:\WINDOWS\system32\Drivers\DrvAgent32.sys
22:22:58.0390 0348 DrvAgent32 - ok
22:22:58.0453 0348 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
22:22:58.0453 0348 EapHost - ok
22:22:58.0515 0348 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
22:22:58.0515 0348 ERSvc - ok
22:22:58.0562 0348 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\WINDOWS\system32\services.exe
22:22:58.0562 0348 Eventlog - ok
22:22:58.0640 0348 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\System32\es.dll
22:22:58.0640 0348 EventSystem - ok
22:22:58.0703 0348 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
22:22:58.0703 0348 Fastfat - ok
22:22:58.0765 0348 [ EE9A2B9EA968A792A053C9D1A86BF870 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:22:58.0765 0348 FastUserSwitchingCompatibility - ok
22:22:58.0812 0348 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
22:22:58.0812 0348 Fdc - ok
22:22:58.0875 0348 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
22:22:58.0875 0348 Fips - ok
22:22:58.0906 0348 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
22:22:58.0906 0348 Flpydisk - ok
22:22:58.0953 0348 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
22:22:58.0953 0348 FltMgr - ok
22:22:59.0062 0348 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:22:59.0062 0348 FontCache3.0.0.0 - ok
22:22:59.0093 0348 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:22:59.0093 0348 Fs_Rec - ok
22:22:59.0171 0348 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:22:59.0171 0348 Ftdisk - ok
22:22:59.0218 0348 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:22:59.0218 0348 Gpc - ok
22:22:59.0343 0348 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
22:22:59.0359 0348 gupdate - ok
22:22:59.0375 0348 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
22:22:59.0375 0348 gupdatem - ok
22:22:59.0468 0348 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:22:59.0468 0348 helpsvc - ok
22:22:59.0484 0348 HidServ - ok
22:22:59.0515 0348 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:22:59.0531 0348 hidusb - ok
22:22:59.0578 0348 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
22:22:59.0578 0348 hkmsvc - ok
22:22:59.0609 0348 hpn - ok
22:22:59.0671 0348 [ 5D2CC68AB58EF663AF5803D0FAA42D28 ] HSFHWSIS C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys
22:22:59.0671 0348 HSFHWSIS - ok
22:22:59.0750 0348 [ DFA8F86C0DBCA7DB948043AA3BE6793B ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
22:22:59.0765 0348 HSF_DP - ok
22:22:59.0859 0348 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
22:22:59.0875 0348 HTTP - ok
22:22:59.0921 0348 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
22:22:59.0921 0348 HTTPFilter - ok
22:22:59.0937 0348 i2omgmt - ok
22:22:59.0968 0348 i2omp - ok
22:23:00.0015 0348 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:23:00.0015 0348 i8042prt - ok
22:23:00.0140 0348 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:23:00.0171 0348 idsvc - ok
22:23:00.0218 0348 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
22:23:00.0218 0348 Imapi - ok
22:23:00.0281 0348 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
22:23:00.0281 0348 ImapiService - ok
22:23:00.0312 0348 ini910u - ok
22:23:00.0343 0348 IntelIde - ok
22:23:00.0406 0348 [ 27B290D632AF2CF3CF40BFDDB7370985 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:23:00.0406 0348 intelppm - ok
22:23:00.0437 0348 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
22:23:00.0437 0348 ip6fw - ok
22:23:00.0484 0348 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:23:00.0500 0348 IpFilterDriver - ok
22:23:00.0515 0348 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:23:00.0515 0348 IpInIp - ok
22:23:00.0562 0348 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:23:00.0562 0348 IpNat - ok
22:23:00.0640 0348 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:23:00.0640 0348 IPSec - ok
22:23:00.0671 0348 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
22:23:00.0671 0348 IRENUM - ok
22:23:00.0734 0348 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:23:00.0734 0348 isapnp - ok
22:23:00.0890 0348 [ 9ECF00E19736054E019C532AED8228FC ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
22:23:00.0953 0348 JavaQuickStarterService - ok
22:23:01.0000 0348 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:23:01.0015 0348 Kbdclass - ok
22:23:01.0078 0348 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
22:23:01.0078 0348 kmixer - ok
22:23:01.0140 0348 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
22:23:01.0156 0348 KSecDD - ok
22:23:01.0218 0348 [ 3428E8F86F8ADD36B42FB23542C7B3E4 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
22:23:01.0234 0348 lanmanserver - ok
22:23:01.0328 0348 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:23:01.0328 0348 lanmanworkstation - ok
22:23:01.0359 0348 lbrtfdc - ok
22:23:01.0421 0348 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
22:23:01.0437 0348 LmHosts - ok
22:23:01.0484 0348 [ A71AD0EB2FDC1710E465E13B8C2C39C9 ] LPCFilter C:\WINDOWS\system32\DRIVERS\LPCFilter.sys
22:23:01.0484 0348 LPCFilter - ok
22:23:01.0546 0348 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
22:23:01.0546 0348 MBAMProtector - ok
22:23:01.0656 0348 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:23:01.0656 0348 MBAMScheduler - ok
22:23:01.0734 0348 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:23:01.0750 0348 MBAMService - ok
22:23:01.0781 0348 [ 3C318B9CD391371BED62126581EE9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:23:01.0781 0348 mdmxsdk - ok
22:23:01.0875 0348 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
22:23:01.0875 0348 Messenger - ok
22:23:01.0921 0348 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
22:23:01.0921 0348 mnmdd - ok
22:23:01.0984 0348 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
22:23:01.0984 0348 mnmsrvc - ok
22:23:02.0031 0348 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
22:23:02.0031 0348 Modem - ok
22:23:02.0078 0348 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
22:23:02.0078 0348 MODEMCSA - ok
22:23:02.0093 0348 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:23:02.0109 0348 Mouclass - ok
22:23:02.0125 0348 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:23:02.0125 0348 mouhid - ok
22:23:02.0156 0348 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
22:23:02.0156 0348 MountMgr - ok
22:23:02.0234 0348 [ A35576A433F4AEB0D48976A004657CB6 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:23:02.0234 0348 MozillaMaintenance - ok
22:23:02.0281 0348 [ FEE0BADED54222E9F1DAE9541212AAB1 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
22:23:02.0281 0348 MpFilter - ok
22:23:02.0375 0348 MpKslebfee7b3 - ok
22:23:02.0406 0348 mraid35x - ok
22:23:02.0437 0348 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:23:02.0437 0348 MRxDAV - ok
22:23:02.0500 0348 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:23:02.0515 0348 MRxSmb - ok
22:23:02.0562 0348 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\System32\msdtc.exe
22:23:02.0562 0348 MSDTC - ok
22:23:02.0625 0348 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:23:02.0625 0348 Msfs - ok
22:23:02.0656 0348 MSIServer - ok
22:23:02.0687 0348 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:23:02.0687 0348 MSKSSRV - ok
22:23:02.0781 0348 [ CFCE43B70CA0CC4DCC8ADB62B792B173 ] MsMpSvc c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
22:23:02.0781 0348 MsMpSvc - ok
22:23:02.0875 0348 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:23:02.0875 0348 MSPCLOCK - ok
22:23:02.0890 0348 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
22:23:02.0890 0348 MSPQM - ok
22:23:02.0921 0348 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:23:02.0921 0348 mssmbios - ok
22:23:02.0984 0348 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
22:23:02.0984 0348 MSTEE - ok
22:23:03.0031 0348 [ 8CC4AB0F1FDB5FC7F58779DAB0B1D22E ] Mtlmnt5 C:\WINDOWS\system32\DRIVERS\SLDRV\Mtlmnt5.sys
22:23:03.0046 0348 Mtlmnt5 - ok
22:23:03.0156 0348 [ 195C5A0B44240DBB999F267ECFD3FAB2 ] Mtlstrm C:\WINDOWS\system32\DRIVERS\SLDRV\Mtlstrm.sys
22:23:03.0234 0348 Mtlstrm - ok
22:23:03.0281 0348 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
22:23:03.0296 0348 Mup - ok
22:23:03.0500 0348 [ 363B85773D001E35DC977058956A1486 ] MxEFUF C:\WINDOWS\system32\DRIVERS\MxEFUF32.sys
22:23:03.0500 0348 MxEFUF - ok
22:23:03.0546 0348 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:23:03.0546 0348 NABTSFEC - ok
22:23:03.0593 0348 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
22:23:03.0609 0348 napagent - ok
22:23:03.0640 0348 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
22:23:03.0640 0348 NDIS - ok
22:23:03.0671 0348 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:23:03.0687 0348 NdisIP - ok
22:23:03.0734 0348 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:23:03.0734 0348 NdisTapi - ok
22:23:03.0781 0348 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:23:03.0781 0348 Ndisuio - ok
22:23:03.0796 0348 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:23:03.0796 0348 NdisWan - ok
22:23:03.0875 0348 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
22:23:03.0875 0348 NDProxy - ok
22:23:04.0015 0348 [ 40D7D0A208EE863BCA8D89E299216F15 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
22:23:04.0031 0348 Nero BackItUp Scheduler 3 - ok
22:23:04.0078 0348 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
22:23:04.0078 0348 NetBIOS - ok
22:23:04.0093 0348 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:23:04.0109 0348 NetBT - ok
22:23:04.0156 0348 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
22:23:04.0171 0348 NetDDE - ok
22:23:04.0171 0348 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
22:23:04.0187 0348 NetDDEdsdm - ok
22:23:04.0234 0348 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\System32\lsass.exe
22:23:04.0234 0348 Netlogon - ok
22:23:04.0265 0348 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
22:23:04.0265 0348 Netman - ok
22:23:04.0312 0348 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:23:04.0328 0348 NetTcpPortSharing - ok
22:23:04.0359 0348 [ 39EE7C3BFBC64BA87CC8CF67386E814C ] Nla C:\WINDOWS\System32\mswsock.dll
22:23:04.0359 0348 Nla - ok
22:23:04.0500 0348 [ EBA1B4BF2E2375ABDADEDB649F283541 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
22:23:04.0515 0348 NMIndexingService - ok
22:23:04.0562 0348 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:23:04.0562 0348 Npfs - ok
22:23:04.0609 0348 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
22:23:04.0625 0348 Ntfs - ok
22:23:04.0640 0348 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
22:23:04.0656 0348 NtLmSsp - ok
22:23:04.0687 0348 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
22:23:04.0703 0348 NtmsSvc - ok
22:23:04.0734 0348 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
22:23:04.0734 0348 Null - ok
22:23:04.0781 0348 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:23:04.0781 0348 NwlnkFlt - ok
22:23:04.0812 0348 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:23:04.0812 0348 NwlnkFwd - ok
22:23:04.0921 0348 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:23:04.0937 0348 odserv - ok
22:23:04.0984 0348 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:23:05.0000 0348 ose - ok
22:23:05.0046 0348 [ 2FADD6E3AEAFF1A6B84B8D304C395BD5 ] ousb2hub C:\WINDOWS\system32\DRIVERS\ousb2hub.sys
22:23:05.0046 0348 ousb2hub - ok
22:23:05.0062 0348 [ 961414DACB73858B0A2E9075AB2D1EA8 ] ousbehci C:\WINDOWS\system32\Drivers\ousbehci.sys
22:23:05.0078 0348 ousbehci - ok
22:23:05.0140 0348 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\drivers\Parport.sys
22:23:05.0140 0348 Parport - ok
22:23:05.0171 0348 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
22:23:05.0171 0348 PartMgr - ok
22:23:05.0203 0348 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
22:23:05.0203 0348 ParVdm - ok
22:23:05.0234 0348 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
22:23:05.0234 0348 PCI - ok
22:23:05.0250 0348 PCIDump - ok
22:23:05.0281 0348 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
22:23:05.0296 0348 PCIIde - ok
22:23:05.0328 0348 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:23:05.0343 0348 Pcmcia - ok
22:23:05.0359 0348 PDCOMP - ok
22:23:05.0375 0348 PDFRAME - ok
22:23:05.0406 0348 PDRELI - ok
22:23:05.0421 0348 PDRFRAME - ok
22:23:05.0453 0348 perc2 - ok
22:23:05.0468 0348 perc2hib - ok
22:23:05.0546 0348 [ B2AB4EA9D3A56A736B87A711A1E6608D ] pimou C:\WINDOWS\system32\DRIVERS\pimou.sys
22:23:05.0546 0348 pimou - ok
22:23:05.0593 0348 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\WINDOWS\system32\IoctlSvc.exe
22:23:05.0593 0348 PLFlash DeviceIoControl Service - ok
22:23:05.0625 0348 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\WINDOWS\system32\services.exe
22:23:05.0625 0348 PlugPlay - ok
22:23:05.0656 0348 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
22:23:05.0656 0348 PolicyAgent - ok
22:23:05.0703 0348 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:23:05.0703 0348 PptpMiniport - ok
22:23:05.0734 0348 [ 4228630829C0E521C43D882A00533374 ] PQNTDrv C:\WINDOWS\system32\drivers\PQNTDrv.sys
22:23:05.0734 0348 PQNTDrv - ok
22:23:05.0765 0348 [ 7EB15DCE4EC3A0220BD796A15C18186E ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
22:23:05.0765 0348 Processor - ok
22:23:05.0781 0348 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:23:05.0781 0348 ProtectedStorage - ok
22:23:05.0812 0348 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
22:23:05.0828 0348 PSched - ok
22:23:05.0875 0348 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:23:05.0875 0348 Ptilink - ok
22:23:05.0890 0348 ql1080 - ok
22:23:05.0906 0348 Ql10wnt - ok
22:23:05.0937 0348 ql12160 - ok
22:23:05.0953 0348 ql1240 - ok
22:23:05.0984 0348 ql1280 - ok
22:23:06.0015 0348 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:23:06.0015 0348 RasAcd - ok
22:23:06.0078 0348 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:23:06.0078 0348 RasAuto - ok
22:23:06.0109 0348 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:23:06.0109 0348 Rasl2tp - ok
22:23:06.0156 0348 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
22:23:06.0156 0348 RasMan - ok
22:23:06.0171 0348 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:23:06.0171 0348 RasPppoe - ok
22:23:06.0187 0348 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
22:23:06.0203 0348 Raspti - ok
22:23:06.0234 0348 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:23:06.0250 0348 Rdbss - ok
22:23:06.0265 0348 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:23:06.0265 0348 RDPCDD - ok
22:23:06.0343 0348 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
22:23:06.0343 0348 RDPWD - ok
22:23:06.0390 0348 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
22:23:06.0390 0348 RDSessMgr - ok
22:23:06.0437 0348 [ 5DF1543B5258AF20DEDDBB32808470C5 ] RecAgent C:\WINDOWS\system32\DRIVERS\SLDRV\RecAgent.sys
22:23:06.0437 0348 RecAgent - ok
22:23:06.0484 0348 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
22:23:06.0500 0348 redbook - ok
22:23:06.0546 0348 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
22:23:06.0546 0348 RemoteAccess - ok
22:23:06.0593 0348 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
22:23:06.0593 0348 ROOTMODEM - ok
22:23:06.0656 0348 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\System32\locator.exe
22:23:06.0656 0348 RpcLocator - ok
22:23:06.0687 0348 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\WINDOWS\system32\rpcss.dll
22:23:06.0703 0348 RpcSs - ok
22:23:06.0765 0348 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\System32\rsvp.exe
22:23:06.0765 0348 RSVP - ok
22:23:06.0781 0348 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
22:23:06.0781 0348 SamSs - ok
22:23:06.0875 0348 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
22:23:06.0875 0348 SCardSvr - ok
22:23:06.0937 0348 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:23:06.0937 0348 Schedule - ok
22:23:06.0984 0348 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:23:06.0984 0348 Secdrv - ok
22:23:07.0015 0348 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
22:23:07.0015 0348 seclogon - ok
22:23:07.0046 0348 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
22:23:07.0046 0348 SENS - ok
22:23:07.0078 0348 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
22:23:07.0078 0348 Serenum - ok
22:23:07.0125 0348 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
22:23:07.0140 0348 Serial - ok
22:23:07.0234 0348 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
22:23:07.0234 0348 Sfloppy - ok
22:23:07.0312 0348 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
22:23:07.0312 0348 SharedAccess - ok
22:23:07.0343 0348 [ EE9A2B9EA968A792A053C9D1A86BF870 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:23:07.0359 0348 ShellHWDetection - ok
22:23:07.0359 0348 Simbad - ok
22:23:07.0437 0348 [ 7BA8FEBF9ECB36C029410E7957E7FF9C ] SiS315 C:\WINDOWS\system32\DRIVERS\sisgrp.sys
22:23:07.0437 0348 SiS315 - ok
22:23:07.0484 0348 [ 923D23638C616EECB0D811461161D0B8 ] SISAGP C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
22:23:07.0500 0348 SISAGP - ok
22:23:07.0546 0348 [ 94A0E9F4A7B42899B793F5DE6C362662 ] SiSkp C:\WINDOWS\system32\DRIVERS\srvkp.sys
22:23:07.0546 0348 SiSkp - ok
22:23:07.0593 0348 [ 6AB81F481E4D69A933E83100136B7B03 ] SISNIC C:\WINDOWS\system32\DRIVERS\sisnic.sys
22:23:07.0593 0348 SISNIC - ok
22:23:07.0625 0348 [ A1348A901A44760CCD76043525E851D0 ] SISNICXP C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
22:23:07.0640 0348 SISNICXP - ok
22:23:07.0671 0348 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:23:07.0671 0348 SLIP - ok
22:23:07.0750 0348 [ E61F4A8551ED6D42245EC5C4A29C120B ] Slntamr C:\WINDOWS\system32\DRIVERS\SLDRV\slntamr.sys
22:23:07.0765 0348 Slntamr - ok
22:23:07.0796 0348 [ 7F5F9B53BEA4238AA18BA05382EC7629 ] SlNtHal C:\WINDOWS\system32\DRIVERS\SLDRV\Slnthal.sys
22:23:07.0796 0348 SlNtHal - ok
22:23:07.0812 0348 SLService - ok
22:23:07.0890 0348 [ 58F389DAEA07A855F7F38DD0D66E20C2 ] SlWdmSup C:\WINDOWS\system32\DRIVERS\SLDRV\SlWdmSup.sys
22:23:07.0890 0348 SlWdmSup - ok
22:23:07.0937 0348 Sparrow - ok
22:23:07.0968 0348 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
22:23:07.0968 0348 splitter - ok
22:23:08.0015 0348 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
22:23:08.0015 0348 Spooler - ok
22:23:08.0062 0348 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
22:23:08.0062 0348 sr - ok
22:23:08.0125 0348 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
22:23:08.0125 0348 srservice - ok
22:23:08.0171 0348 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
22:23:08.0187 0348 Srv - ok
22:23:08.0203 0348 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:23:08.0218 0348 SSDPSRV - ok
22:23:08.0265 0348 [ EE74E3B1B521CEF8E8C9D008E4BDB45C ] STAC97 C:\WINDOWS\system32\drivers\STAC97.sys
22:23:08.0281 0348 STAC97 - ok
22:23:08.0328 0348 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
22:23:08.0328 0348 stisvc - ok
22:23:08.0375 0348 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:23:08.0375 0348 streamip - ok
22:23:08.0406 0348 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
22:23:08.0406 0348 swenum - ok
22:23:08.0453 0348 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
22:23:08.0453 0348 swmidi - ok
22:23:08.0468 0348 SwPrv - ok
22:23:08.0500 0348 symc810 - ok
22:23:08.0515 0348 symc8xx - ok
22:23:08.0531 0348 sym_hi - ok
22:23:08.0562 0348 sym_u3 - ok
22:23:08.0656 0348 [ 9574C5EEA8078C7B1A70AE912FF02FE0 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
22:23:08.0671 0348 SynTP - ok
22:23:08.0703 0348 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
22:23:08.0703 0348 sysaudio - ok
22:23:08.0750 0348 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
22:23:08.0765 0348 SysmonLog - ok
22:23:08.0812 0348 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:23:08.0812 0348 TapiSrv - ok
22:23:08.0890 0348 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:23:08.0906 0348 Tcpip - ok
22:23:08.0953 0348 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
22:23:08.0953 0348 TDPIPE - ok
22:23:08.0984 0348 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
22:23:08.0984 0348 TDTCP - ok
22:23:09.0031 0348 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
22:23:09.0031 0348 TermDD - ok
22:23:09.0093 0348 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\WINDOWS\System32\termsrv.dll
22:23:09.0109 0348 TermService - ok
22:23:09.0109 0348 TfFsMon - ok
22:23:09.0140 0348 TfNetMon - ok
22:23:09.0156 0348 TfSysMon - ok
22:23:09.0203 0348 [ EE9A2B9EA968A792A053C9D1A86BF870 ] Themes C:\WINDOWS\System32\shsvcs.dll
22:23:09.0203 0348 Themes - ok
22:23:09.0218 0348 TosIde - ok
22:23:09.0250 0348 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
22:23:09.0265 0348 TrkWks - ok
22:23:09.0421 0348 [ 013FB80269599D0FDBE86D78365603B8 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
22:23:09.0515 0348 TuneUp.UtilitiesSvc - ok
22:23:09.0562 0348 [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
22:23:09.0562 0348 TuneUpUtilitiesDrv - ok
22:23:09.0593 0348 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
22:23:09.0593 0348 Udfs - ok
22:23:09.0640 0348 [ BB424A118A3E8202DB3BD0D5CAB20246 ] udsstub C:\WINDOWS\system32\DRIVERS\udsstub.sys
22:23:09.0640 0348 udsstub - ok
22:23:09.0656 0348 ultra - ok
22:23:09.0718 0348 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
22:23:09.0718 0348 Update - ok
22:23:09.0781 0348 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
22:23:09.0781 0348 upnphost - ok
22:23:09.0812 0348 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
22:23:09.0812 0348 UPS - ok
22:23:09.0890 0348 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:23:09.0890 0348 usbehci - ok
22:23:09.0921 0348 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:23:09.0921 0348 usbhub - ok
22:23:09.0968 0348 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:23:09.0968 0348 usbohci - ok
22:23:10.0000 0348 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:23:10.0000 0348 usbprint - ok
22:23:10.0062 0348 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:23:10.0140 0348 usbscan - ok
22:23:10.0156 0348 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:23:10.0171 0348 USBSTOR - ok
22:23:10.0203 0348 [ 9EBEE4A060C5364A31AEAA04EAC2AF1E ] VComm C:\WINDOWS\system32\DRIVERS\VComm.sys
22:23:10.0203 0348 VComm - ok
22:23:10.0265 0348 [ 630BBDBF5490F8F57ABE650DA63661A0 ] VcommMgr C:\WINDOWS\system32\Drivers\VcommMgr.sys
22:23:10.0265 0348 VcommMgr - ok
22:23:10.0312 0348 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
22:23:10.0312 0348 VgaSave - ok
22:23:10.0328 0348 ViaIde - ok
22:23:10.0390 0348 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
22:23:10.0406 0348 VolSnap - ok
22:23:11.0406 0348 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
22:23:11.0421 0348 VSS - ok
22:23:11.0468 0348 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\system32\w32time.dll
22:23:11.0484 0348 W32Time - ok
22:23:11.0531 0348 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:23:11.0531 0348 Wanarp - ok
22:23:11.0609 0348 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
22:23:11.0625 0348 Wdf01000 - ok
22:23:11.0640 0348 WDICA - ok
22:23:11.0671 0348 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
22:23:11.0671 0348 wdmaud - ok
22:23:11.0734 0348 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
22:23:11.0734 0348 WebClient - ok
22:23:11.0796 0348 [ 473EE64C368CE2EED110376C11960259 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:23:11.0828 0348 winachsf - ok
22:23:11.0843 0348 WINIO - ok
22:23:11.0937 0348 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:23:11.0937 0348 winmgmt - ok
22:23:12.0015 0348 [ 4D34CEDD74BDBF2B6A935EAE3BF80543 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
22:23:12.0156 0348 WinRM - ok
22:23:12.0234 0348 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
22:23:12.0234 0348 WmdmPmSN - ok
22:23:12.0296 0348 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
22:23:12.0312 0348 WmiApSrv - ok
22:23:12.0421 0348 [ 3739866D20ABD42F26A7B85F9E2560AF ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
22:23:12.0437 0348 WMPNetworkSvc - ok
22:23:12.0546 0348 [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:23:12.0593 0348 WPFFontCache_v0400 - ok
22:23:12.0640 0348 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:23:12.0640 0348 WS2IFSL - ok
22:23:12.0687 0348 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
22:23:12.0703 0348 wscsvc - ok
22:23:12.0718 0348 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:23:12.0718 0348 WSTCODEC - ok
22:23:12.0765 0348 [ C1364564800EE9784192145324A23308 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
22:23:12.0796 0348 wuauserv - ok
22:23:12.0859 0348 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:23:12.0859 0348 WudfPf - ok
22:23:12.0906 0348 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:23:12.0921 0348 WudfRd - ok
22:23:12.0937 0348 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
22:23:12.0953 0348 WudfSvc - ok
22:23:13.0015 0348 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
22:23:13.0031 0348 WZCSVC - ok
22:23:13.0078 0348 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
22:23:13.0140 0348 xmlprov - ok
22:23:13.0171 0348 ================ Scan global ===============================
22:23:13.0203 0348 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
22:23:13.0250 0348 [ 4C0AA4ABC4E21672B55D8A700AF2B2A6 ] C:\WINDOWS\system32\winsrv.dll
22:23:13.0265 0348 [ 4C0AA4ABC4E21672B55D8A700AF2B2A6 ] C:\WINDOWS\system32\winsrv.dll
22:23:13.0312 0348 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\WINDOWS\system32\services.exe
22:23:13.0312 0348 [Global] - ok
22:23:13.0312 0348 ================ Scan MBR ==================================
22:23:13.0343 0348 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
22:23:13.0468 0348 \Device\Harddisk0\DR0 - ok
22:23:13.0468 0348 ================ Scan VBR ==================================
22:23:13.0484 0348 [ 398894D07BBD1ED72364591E3C9106B6 ] \Device\Harddisk0\DR0\Partition1
22:23:13.0484 0348 \Device\Harddisk0\DR0\Partition1 - ok
22:23:13.0531 0348 [ 518D2259205595A264BCC88590D8D20C ] \Device\Harddisk0\DR0\Partition2
22:23:13.0531 0348 \Device\Harddisk0\DR0\Partition2 - ok
22:23:13.0531 0348 ============================================================
22:23:13.0531 0348 Scan finished
22:23:13.0531 0348 ============================================================
22:23:13.0578 0244 Detected object count: 1
22:23:13.0578 0244 Actual detected object count: 1
22:23:40.0546 0244 atapi ( LockedFile.Multi.Generic ) - skipped by user
22:23:40.0546 0244 atapi ( LockedFile.Multi.Generic ) - User select action: Skip

vloz este log z ASWMbr

posielam log z aswMBR:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-09-09 15:20:15
-----------------------------
15:20:15.062 OS Version: Windows 5.1.2600 Service Pack 3
15:20:15.062 Number of processors: 1 586 0xD08
15:20:15.062 ComputerName: ATTILA UserName:
15:20:17.203 Initialize success
15:27:57.203 AVAST engine defs: 13090900
15:41:54.906 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:41:54.906 Disk 0 Vendor: HTS424040M9AT00 MA2OA71A Size: 38154MB BusType: 3
15:41:54.906 Device \Driver\atapi -> MajorFunction 88b7c1d0
15:41:54.921 Disk 0 MBR read successfully
15:41:54.921 Disk 0 MBR scan
15:41:55.015 Disk 0 Windows XP default MBR code
15:41:55.015 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 22818 MB offset 63
15:41:55.015 Disk 0 Partition - 00 0F Extended LBA 15335 MB offset 46733085
15:41:55.031 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15335 MB offset 46733148
15:41:55.046 Disk 0 scanning sectors +78140160
15:41:55.343 Disk 0 scanning C:\WINDOWS\system32\drivers
15:42:12.359 Service scanning
15:42:14.593 Service atapi C:\WINDOWS\System32\DRIVERS\atapi.sys **LOCKED** 32
15:42:37.796 Modules scanning
15:42:46.406 Disk 0 trace - called modules:
15:42:46.421 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x88b7c1d0]<<
15:42:46.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88f6aab8]
15:42:46.421 3 CLASSPNP.SYS[ba0f8fd7] -> nt!IofCallDriver -> \Device\00000083[0x88f879e8]
15:42:46.421 5 ACPI.sys[b9f57620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x88f69940]
15:42:46.421 \Driver\atapi[0x88f448f0] -> IRP_MJ_CREATE -> 0x88b7c1d0
15:42:46.734 AVAST engine scan C:\WINDOWS
15:42:54.031 AVAST engine scan C:\WINDOWS\system32
15:46:51.140 AVAST engine scan C:\WINDOWS\system32\drivers
15:47:13.812 AVAST engine scan C:\Documents and Settings\chobotnica
15:48:20.250 AVAST engine scan C:\Documents and Settings\All Users
15:49:47.562 Scan finished successfully
16:54:42.140 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\chobotnica\Plocha\ASWMbr log\MBR.dat"
16:54:42.140 The log file has been saved successfully to "C:\Documents and Settings\chobotnica\Plocha\ASWMbr log\aswMBR.txt"

otestuj C:\WINDOWS\System32\DRIVERS\atapi.sys na www.virustotal.com

Na www.virustotal.com zadám scan file, ale tu to zamrzne. Nevie uploadovať file.

staihni SL http://jpshortstuff.247fixes.com/SystemLook.exe
a spust s prikazom:
:filefind
atapi.sys

vysledok hladania vloz sem

výsledok:

SystemLook 30.07.11 by jpshortstuff
Log created at 08:14 on 16/09/2013 by chobotnica
Administrator - Elevation successful

No Context: atapi.sys

-= EOF =-