Prosím o kontrolu logu (pomalý start)

[Ablo005]

Prosím o kontrolu logu, pomalý start win + nelze provést defragmentaci. Kontrola chyb hdd provedena + Hd Tune a vše v pořádku. Děkuji

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:08:20, on 14.12.2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate1c9ef9344ae67a2) (gupdate1c9ef9344ae67a2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

--
End of file - 7315 bytes

[Reklama]

[jaro3]

Především si doinstaluj SP3. Předtím si udělej nový bod obnovy. Máš dost místa na disku?

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.


Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.


Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

[Ablo005]

Tak vše hotovo.

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.65.1.1000
www.malwarebytes.org

Verze databáze: v2012.12.14.12

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Zdeněk :: ZDENDA [administrátor]

Ochrana: Zakázána

15.12.2012 0:41:21
mbam-log-2012-12-15 (00-41-21).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 198988
Uplynulý čas: 2 minut, 56 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

[Žbeky]

Jak to vypadá teď?

[Ablo005]

Bohužel, žádná změna. .

[Žbeky]

Stáhni si TDSSKiller

Na svojí plochu. Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

[Ablo005]

10:51:30.0218 3596 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:51:30.0359 3596 ============================================================
10:51:30.0359 3596 Current date / time: 2012/12/16 10:51:30.0359
10:51:30.0359 3596 SystemInfo:
10:51:30.0359 3596
10:51:30.0359 3596 OS Version: 5.1.2600 ServicePack: 3.0
10:51:30.0359 3596 Product type: Workstation
10:51:30.0359 3596 ComputerName: ZDENDA
10:51:30.0359 3596 UserName: Zdeněk
10:51:30.0359 3596 Windows directory: C:\WINDOWS
10:51:30.0359 3596 System windows directory: C:\WINDOWS
10:51:30.0359 3596 Processor architecture: Intel x86
10:51:30.0359 3596 Number of processors: 2
10:51:30.0359 3596 Page size: 0x1000
10:51:30.0359 3596 Boot type: Normal boot
10:51:30.0359 3596 ============================================================
10:51:30.0625 3596 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:51:30.0625 3596 ============================================================
10:51:30.0625 3596 \Device\Harddisk0\DR0:
10:51:30.0625 3596 MBR partitions:
10:51:30.0625 3596 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
10:51:30.0625 3596 ============================================================
10:51:30.0640 3596 C: <-> \Device\Harddisk0\DR0\Partition1
10:51:30.0640 3596 ============================================================
10:51:30.0640 3596 Initialize success
10:51:30.0640 3596 ============================================================
10:51:34.0734 3716 ============================================================
10:51:34.0734 3716 Scan started
10:51:34.0734 3716 Mode: Manual;
10:51:34.0734 3716 ============================================================
10:51:34.0812 3716 ================ Scan system memory ========================
10:51:34.0812 3716 System memory - ok
10:51:34.0812 3716 ================ Scan services =============================
10:51:34.0921 3716 [ 3F6884EFF406238D39AAA892218F1DF7 ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
10:51:34.0921 3716 Aavmker4 - ok
10:51:34.0937 3716 Abiosdsk - ok
10:51:34.0937 3716 abp480n5 - ok
10:51:35.0062 3716 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
10:51:35.0078 3716 ACDaemon - ok
10:51:35.0109 3716 [ 4FE34F1F3126B61FCC6B2043AA8112C9 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:51:35.0125 3716 ACPI - ok
10:51:35.0156 3716 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
10:51:35.0156 3716 ACPIEC - ok
10:51:35.0156 3716 adpu160m - ok
10:51:35.0265 3716 [ 96D6CDD0B32846E8CFBE592F4F32E608 ] AdvancedSystemCareService5 C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
10:51:35.0265 3716 AdvancedSystemCareService5 - ok
10:51:35.0296 3716 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
10:51:35.0312 3716 aec - ok
10:51:35.0343 3716 [ 7E775010EF291DA96AD17CA4B17137D7 ] AFD C:\WINDOWS\System32\drivers\afd.sys
10:51:35.0359 3716 AFD - ok
10:51:35.0359 3716 Aha154x - ok
10:51:35.0375 3716 aic78u2 - ok
10:51:35.0375 3716 aic78xx - ok
10:51:35.0406 3716 [ E0A6FA244B8624D78FE5FF6F56A33BAE ] Alerter C:\WINDOWS\system32\alrsvc.dll
10:51:35.0421 3716 Alerter - ok
10:51:35.0437 3716 [ 88842DE939A827577BF24243699AC80A ] ALG C:\WINDOWS\System32\alg.exe
10:51:35.0437 3716 ALG - ok
10:51:35.0437 3716 AliIde - ok
10:51:35.0500 3716 [ FCFFA85CFD4BF7A4711012847048DCA3 ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
10:51:35.0500 3716 AmdK8 - ok
10:51:35.0500 3716 amsint - ok
10:51:35.0562 3716 [ 6B8E7A90E576D4FE308F97C69060A171 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
10:51:35.0562 3716 AppMgmt - ok
10:51:35.0593 3716 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:51:35.0593 3716 Arp1394 - ok
10:51:35.0593 3716 asc - ok
10:51:35.0609 3716 asc3350p - ok
10:51:35.0625 3716 asc3550 - ok
10:51:35.0703 3716 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:51:35.0734 3716 aspnet_state - ok
10:51:35.0750 3716 [ 7F08D9C504B015D81A8ABD75C80028C5 ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
10:51:35.0750 3716 aswFsBlk - ok
10:51:35.0765 3716 [ C2181EF6B54752273A0759A968C59279 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
10:51:35.0765 3716 aswMon2 - ok
10:51:35.0781 3716 [ AC48BDD4CD5D44AF33087C06D6E9511C ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
10:51:35.0781 3716 aswRdr - ok
10:51:35.0812 3716 [ B64134316FCD1F20E0F10EF3E65BD522 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
10:51:35.0812 3716 aswSnx - ok
10:51:35.0843 3716 [ D6788E3211AFA9951ED7A4D617F68A4F ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
10:51:35.0843 3716 aswSP - ok
10:51:35.0859 3716 [ 4D100C45517809439C7B6DD98997FA00 ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
10:51:35.0859 3716 aswTdi - ok
10:51:35.0875 3716 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:51:35.0875 3716 AsyncMac - ok
10:51:35.0890 3716 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
10:51:35.0890 3716 atapi - ok
10:51:35.0890 3716 Atdisk - ok
10:51:35.0937 3716 [ 4C3D94D722A35C4F8B03A0C44FA0C11A ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
10:51:35.0937 3716 Ati HotKey Poller - ok
10:51:35.0968 3716 [ 3EA6A3BED77690DD4131C6DE7D478A99 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
10:51:35.0984 3716 ATI Smart - ok
10:51:36.0062 3716 [ C06659FF381423D6CB19A91C2A2F80AD ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
10:51:36.0093 3716 ati2mtag - ok
10:51:36.0109 3716 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:51:36.0109 3716 Atmarpc - ok
10:51:36.0140 3716 [ DE31B88962A8645DBA5A37B993E7B0F1 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
10:51:36.0140 3716 AudioSrv - ok
10:51:36.0156 3716 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
10:51:36.0156 3716 audstub - ok
10:51:36.0218 3716 [ 7DE3EE7DBEE14C1F8375CB82466C9321 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
10:51:36.0218 3716 avast! Antivirus - ok
10:51:36.0234 3716 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
10:51:36.0234 3716 Beep - ok
10:51:36.0281 3716 [ 19395D092FD85DDC2D9C7729CF5A2AC8 ] BITS C:\WINDOWS\system32\qmgr.dll
10:51:36.0343 3716 BITS - ok
10:51:36.0359 3716 [ 249276D3EF1E74B992299CB96099E4D7 ] Browser C:\WINDOWS\System32\browser.dll
10:51:36.0359 3716 Browser - ok
10:51:36.0406 3716 [ A4087DA0990727DCA1FF4EDE4940D382 ] c65013264 C:\WINDOWS\system32\drivers\c6501.sys
10:51:36.0421 3716 c65013264 - ok
10:51:36.0437 3716 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
10:51:36.0437 3716 cbidf2k - ok
10:51:36.0437 3716 cd20xrnt - ok
10:51:36.0468 3716 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
10:51:36.0468 3716 Cdaudio - ok
10:51:36.0500 3716 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
10:51:36.0500 3716 Cdfs - ok
10:51:36.0515 3716 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:51:36.0515 3716 Cdrom - ok
10:51:36.0515 3716 Changer - ok
10:51:36.0546 3716 [ E390DC1D7C461D7D56EC53402F329928 ] CiSvc C:\WINDOWS\system32\cisvc.exe
10:51:36.0546 3716 CiSvc - ok
10:51:36.0562 3716 [ 064507A8DFA8C5C7E2FFDDD3E6F424FA ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
10:51:36.0562 3716 ClipSrv - ok
10:51:36.0593 3716 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:51:36.0625 3716 clr_optimization_v2.0.50727_32 - ok
10:51:36.0640 3716 CmdIde - ok
10:51:36.0640 3716 COMSysApp - ok
10:51:36.0671 3716 Cpqarray - ok
10:51:36.0703 3716 [ F3AB0933CBD166D271992F411C27CCAF ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
10:51:36.0703 3716 CryptSvc - ok
10:51:36.0703 3716 dac2w2k - ok
10:51:36.0718 3716 dac960nt - ok
10:51:36.0765 3716 [ BE27674D1CBC3214AEC84B4336A38BBF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
10:51:36.0781 3716 DcomLaunch - ok
10:51:36.0796 3716 [ 8C9A53E285AC5E6704844D0459EC85BE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
10:51:36.0796 3716 Dhcp - ok
10:51:36.0812 3716 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
10:51:36.0812 3716 Disk - ok
10:51:36.0812 3716 dmadmin - ok
10:51:36.0859 3716 [ DB5FD2BF5B07DC54BFCB3664FF05BD7C ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
10:51:36.0875 3716 dmboot - ok
10:51:36.0890 3716 [ FFF1720AF51171F32F1EAD5CF71F2810 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
10:51:36.0890 3716 dmio - ok
10:51:36.0921 3716 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
10:51:36.0921 3716 dmload - ok
10:51:36.0937 3716 [ 2BFEFE9E865655A76982F050450B9591 ] dmserver C:\WINDOWS\System32\dmserver.dll
10:51:36.0953 3716 dmserver - ok
10:51:36.0968 3716 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
10:51:36.0968 3716 DMusic - ok
10:51:36.0984 3716 [ 0634B791684B84F4A331F3D3536FEEF8 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
10:51:36.0984 3716 Dnscache - ok
10:51:37.0015 3716 [ 4A3E2BD20157A0946751229E92EB8621 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
10:51:37.0031 3716 Dot3svc - ok
10:51:37.0031 3716 dpti2o - ok
10:51:37.0062 3716 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
10:51:37.0062 3716 drmkaud - ok
10:51:37.0078 3716 [ 0887D9C2BE8D940778CAD1E3B85F2A41 ] EapHost C:\WINDOWS\System32\eapsvc.dll
10:51:37.0078 3716 EapHost - ok
10:51:37.0093 3716 EraserUtilDrv11120 - ok
10:51:37.0109 3716 [ A2A4912798F2BE706ABADD3D30800D16 ] ERSvc C:\WINDOWS\System32\ersvc.dll
10:51:37.0125 3716 ERSvc - ok
10:51:37.0156 3716 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] Eventlog C:\WINDOWS\system32\services.exe
10:51:37.0156 3716 Eventlog - ok
10:51:37.0203 3716 [ A371F11EF07653591C8DE26AFB13CE7F ] EventSystem C:\WINDOWS\system32\es.dll
10:51:37.0203 3716 EventSystem - ok
10:51:37.0218 3716 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
10:51:37.0218 3716 Fastfat - ok
10:51:37.0250 3716 [ B927443008910B412BEC72FC41C1BAD0 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:51:37.0250 3716 FastUserSwitchingCompatibility - ok
10:51:37.0265 3716 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
10:51:37.0265 3716 Fdc - ok
10:51:37.0281 3716 [ AC366695A0796560AA37215AD5762AAF ] Fips C:\WINDOWS\system32\drivers\Fips.sys
10:51:37.0296 3716 Fips - ok
10:51:37.0296 3716 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:51:37.0296 3716 Flpydisk - ok
10:51:37.0328 3716 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
10:51:37.0328 3716 FltMgr - ok
10:51:37.0390 3716 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:51:37.0390 3716 FontCache3.0.0.0 - ok
10:51:37.0421 3716 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:51:37.0437 3716 Fs_Rec - ok
10:51:37.0453 3716 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:51:37.0453 3716 Ftdisk - ok
10:51:37.0484 3716 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:51:37.0484 3716 Gpc - ok
10:51:37.0546 3716 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9ef9344ae67a2 C:\Program Files\Google\Update\GoogleUpdate.exe
10:51:37.0546 3716 gupdate1c9ef9344ae67a2 - ok
10:51:37.0562 3716 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
10:51:37.0562 3716 gupdatem - ok
10:51:37.0578 3716 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:51:37.0593 3716 gusvc - ok
10:51:37.0609 3716 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:51:37.0609 3716 HDAudBus - ok
10:51:37.0656 3716 [ FCFE31FB75F8A6295B6B0AF87A626282 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:51:37.0656 3716 helpsvc - ok
10:51:37.0687 3716 [ 00E25EE90166B3E1BE6E74AEBF858306 ] HidServ C:\WINDOWS\System32\hidserv.dll
10:51:37.0687 3716 HidServ - ok
10:51:37.0703 3716 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:51:37.0703 3716 hidusb - ok
10:51:37.0734 3716 [ 7A6B320928F86BC851530D63C82965D9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
10:51:37.0734 3716 hkmsvc - ok
10:51:37.0750 3716 hpn - ok
10:51:37.0796 3716 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
10:51:37.0796 3716 HTTP - ok
10:51:37.0812 3716 [ 58FE2F2DA3BC5573F4A35B3760D3125F ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
10:51:37.0828 3716 HTTPFilter - ok
10:51:37.0828 3716 i2omgmt - ok
10:51:37.0843 3716 i2omp - ok
10:51:37.0859 3716 [ C528E27945367191E7BAE364930B6932 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:51:37.0859 3716 i8042prt - ok
10:51:37.0890 3716 [ B613C7D844EB84BFCFC6FA36569885C7 ] ICQ Service C:\Program Files\ICQ6Toolbar\ICQ Service.exe
10:51:37.0890 3716 ICQ Service - ok
10:51:37.0937 3716 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
10:51:37.0937 3716 IDriverT - ok
10:51:38.0000 3716 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:51:38.0015 3716 idsvc - ok
10:51:38.0031 3716 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
10:51:38.0031 3716 Imapi - ok
10:51:38.0062 3716 [ F7B93AAFAD33B2320954C17E26C8D361 ] ImapiService C:\WINDOWS\system32\imapi.exe
10:51:38.0062 3716 ImapiService - ok
10:51:38.0062 3716 InCDFs - ok
10:51:38.0078 3716 InCDPass - ok
10:51:38.0093 3716 InCDRm - ok
10:51:38.0109 3716 ini910u - ok
10:51:38.0125 3716 IntelIde - ok
10:51:38.0156 3716 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
10:51:38.0156 3716 Ip6Fw - ok
10:51:38.0187 3716 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:51:38.0187 3716 IpFilterDriver - ok
10:51:38.0203 3716 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:51:38.0203 3716 IpInIp - ok
10:51:38.0234 3716 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:51:38.0234 3716 IpNat - ok
10:51:38.0250 3716 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:51:38.0250 3716 IPSec - ok
10:51:38.0265 3716 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
10:51:38.0265 3716 IRENUM - ok
10:51:38.0281 3716 [ CC9F8A2D60AED1A51A3AC34C59B987AE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:51:38.0281 3716 isapnp - ok
10:51:38.0343 3716 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
10:51:38.0359 3716 JavaQuickStarterService - ok
10:51:38.0375 3716 [ 1B6162FE7F66B1A71A4B70F941C4AA9B ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:51:38.0375 3716 Kbdclass - ok
10:51:38.0390 3716 [ 86C8F23616C6C6E5B2776901C17B945B ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:51:38.0390 3716 kbdhid - ok
10:51:38.0421 3716 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
10:51:38.0421 3716 kmixer - ok
10:51:38.0484 3716 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
10:51:38.0484 3716 KSecDD - ok
10:51:38.0515 3716 [ 21920AC69594AB021237054FA728FE46 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
10:51:38.0515 3716 lanmanserver - ok
10:51:38.0562 3716 [ 936C1D110232D23B621CB0196E4F80F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:51:38.0562 3716 lanmanworkstation - ok
10:51:38.0562 3716 lbrtfdc - ok
10:51:38.0609 3716 [ AEEDACC6FB20FDBA95213AD3BB009B7D ] LexBceS C:\WINDOWS\system32\LEXBCES.EXE
10:51:38.0609 3716 LexBceS - ok
10:51:38.0640 3716 [ 0AB159F536E3E8F7F07113702A07CCA5 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
10:51:38.0640 3716 LmHosts - ok
10:51:38.0671 3716 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
10:51:38.0671 3716 MBAMProtector - ok
10:51:38.0703 3716 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:51:38.0718 3716 MBAMScheduler - ok
10:51:38.0750 3716 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
10:51:38.0750 3716 MBAMService - ok
10:51:38.0765 3716 [ 221CD1C815B8A6B79389C3F5D1018DE8 ] Messenger C:\WINDOWS\System32\msgsvc.dll
10:51:38.0765 3716 Messenger - ok
10:51:38.0828 3716 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
10:51:38.0828 3716 Microsoft Office Groove Audit Service - ok
10:51:38.0843 3716 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
10:51:38.0843 3716 mnmdd - ok
10:51:38.0875 3716 [ 9A57D046F88F4B69751B11FD40088A61 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
10:51:38.0890 3716 mnmsrvc - ok
10:51:38.0906 3716 [ 44032B0C6D9954D3FD26438330B99EE7 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
10:51:38.0906 3716 Modem - ok
10:51:38.0921 3716 [ 4CB582831DBDE63CE43B45D771218374 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:51:38.0921 3716 Mouclass - ok
10:51:38.0937 3716 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:51:38.0937 3716 mouhid - ok
10:51:38.0968 3716 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
10:51:38.0968 3716 MountMgr - ok
10:51:38.0968 3716 mraid35x - ok
10:51:39.0000 3716 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:51:39.0000 3716 MRxDAV - ok
10:51:39.0046 3716 [ F3AEFB11ABC521122B67095044169E98 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:51:39.0046 3716 MRxSmb - ok
10:51:39.0078 3716 [ 6DB4D1521CABA9A5FFAB54ADE0AE867D ] MSDTC C:\WINDOWS\system32\msdtc.exe
10:51:39.0078 3716 MSDTC - ok
10:51:39.0109 3716 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
10:51:39.0109 3716 Msfs - ok
10:51:39.0109 3716 MSIServer - ok
10:51:39.0125 3716 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:51:39.0125 3716 MSKSSRV - ok
10:51:39.0140 3716 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:51:39.0140 3716 MSPCLOCK - ok
10:51:39.0156 3716 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
10:51:39.0156 3716 MSPQM - ok
10:51:39.0171 3716 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:51:39.0171 3716 mssmbios - ok
10:51:39.0203 3716 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
10:51:39.0203 3716 MTsensor - ok
10:51:39.0218 3716 [ 2F625D11385B1A94360BFC70AAEFDEE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
10:51:39.0218 3716 Mup - ok
10:51:39.0250 3716 [ 6EA362E9DB03D44F6B996F4D8BE237E9 ] napagent C:\WINDOWS\System32\qagentrt.dll
10:51:39.0265 3716 napagent - ok
10:51:39.0281 3716 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
10:51:39.0281 3716 NDIS - ok
10:51:39.0312 3716 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:51:39.0312 3716 NdisTapi - ok
10:51:39.0328 3716 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:51:39.0328 3716 Ndisuio - ok
10:51:39.0343 3716 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:51:39.0343 3716 NdisWan - ok
10:51:39.0359 3716 [ 6215023940CFD3702B46ABC304E1D45A ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
10:51:39.0359 3716 NDProxy - ok
10:51:39.0375 3716 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
10:51:39.0375 3716 NetBIOS - ok
10:51:39.0390 3716 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
10:51:39.0390 3716 NetBT - ok
10:51:39.0437 3716 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDE C:\WINDOWS\system32\netdde.exe
10:51:39.0437 3716 NetDDE - ok
10:51:39.0437 3716 [ 933DE774986EC85E48210C44AB431DE6 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
10:51:39.0453 3716 NetDDEdsdm - ok
10:51:39.0484 3716 [ ED0A176354487CEED65B80A7148AB739 ] Netlogon C:\WINDOWS\system32\lsass.exe
10:51:39.0484 3716 Netlogon - ok
10:51:39.0500 3716 [ 72E1E9E2977BE08BDEEDB6D8FD9D4D40 ] Netman C:\WINDOWS\System32\netman.dll
10:51:39.0515 3716 Netman - ok
10:51:39.0546 3716 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:51:39.0546 3716 NetTcpPortSharing - ok
10:51:39.0546 3716 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:51:39.0562 3716 NIC1394 - ok
10:51:39.0593 3716 [ 1289B7611CCD6CB27596AE92CBF03E35 ] Nla C:\WINDOWS\System32\mswsock.dll
10:51:39.0593 3716 Nla - ok
10:51:39.0625 3716 [ B9730495E0CF674680121E34BD95A73B ] npf C:\WINDOWS\system32\drivers\npf.sys
10:51:39.0625 3716 npf - ok
10:51:39.0640 3716 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
10:51:39.0640 3716 Npfs - ok
10:51:39.0671 3716 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
10:51:39.0671 3716 Ntfs - ok
10:51:39.0687 3716 [ ED0A176354487CEED65B80A7148AB739 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
10:51:39.0687 3716 NtLmSsp - ok
10:51:39.0703 3716 [ 023DD70573D644F3D9C8B1258A7BFD08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
10:51:39.0718 3716 NtmsSvc - ok
10:51:39.0734 3716 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
10:51:39.0734 3716 Null - ok
10:51:39.0765 3716 [ C03E15101F6D9E82CD9B0E7D715F5DE3 ] nvata C:\WINDOWS\system32\DRIVERS\nvata.sys
10:51:39.0765 3716 nvata - ok
10:51:39.0781 3716 [ 97724AFFDD7A5A47C3BC07CCD1B88745 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
10:51:39.0781 3716 NVENETFD - ok
10:51:39.0796 3716 [ 82C2B3A89B9EDFA6287C5ABA1A4E6A99 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
10:51:39.0796 3716 nvnetbus - ok
10:51:39.0828 3716 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:51:39.0828 3716 NwlnkFlt - ok
10:51:39.0828 3716 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:51:39.0828 3716 NwlnkFwd - ok
10:51:39.0906 3716 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:51:39.0906 3716 odserv - ok
10:51:39.0921 3716 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:51:39.0937 3716 ohci1394 - ok
10:51:39.0953 3716 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:51:39.0953 3716 ose - ok
10:51:39.0984 3716 [ 46F8DB73B4A53E543F8E371DC7C75BAE ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
10:51:40.0000 3716 Parport - ok
10:51:40.0000 3716 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
10:51:40.0000 3716 PartMgr - ok
10:51:40.0031 3716 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
10:51:40.0031 3716 ParVdm - ok
10:51:40.0046 3716 [ 6CE351D149CB4BEFC702951E471E1730 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
10:51:40.0062 3716 PCI - ok
10:51:40.0062 3716 PCIDump - ok
10:51:40.0109 3716 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
10:51:40.0109 3716 PCIIde - ok
10:51:40.0125 3716 [ 4FC31E6C19A5CE5198B1ABFF94CAE758 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
10:51:40.0125 3716 Pcmcia - ok
10:51:40.0125 3716 PDCOMP - ok
10:51:40.0140 3716 PDFRAME - ok
10:51:40.0156 3716 PDRELI - ok
10:51:40.0171 3716 PDRFRAME - ok
10:51:40.0171 3716 perc2 - ok
10:51:40.0187 3716 perc2hib - ok
10:51:40.0218 3716 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] PlugPlay C:\WINDOWS\system32\services.exe
10:51:40.0234 3716 PlugPlay - ok
10:51:40.0250 3716 [ ED0A176354487CEED65B80A7148AB739 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
10:51:40.0250 3716 PolicyAgent - ok
10:51:40.0265 3716 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:51:40.0265 3716 PptpMiniport - ok
10:51:40.0296 3716 [ 7EB15DCE4EC3A0220BD796A15C18186E ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
10:51:40.0296 3716 Processor - ok
10:51:40.0296 3716 [ ED0A176354487CEED65B80A7148AB739 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:51:40.0296 3716 ProtectedStorage - ok
10:51:40.0312 3716 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
10:51:40.0328 3716 PSched - ok
10:51:40.0343 3716 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:51:40.0343 3716 Ptilink - ok
10:51:40.0359 3716 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:51:40.0375 3716 PxHelp20 - ok
10:51:40.0375 3716 ql1080 - ok
10:51:40.0390 3716 Ql10wnt - ok
10:51:40.0390 3716 ql12160 - ok
10:51:40.0406 3716 ql1240 - ok
10:51:40.0421 3716 ql1280 - ok
10:51:40.0437 3716 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:51:40.0453 3716 RasAcd - ok
10:51:40.0468 3716 [ 2B5E44EA009F2F374B980E1E9A70635D ] RasAuto C:\WINDOWS\System32\rasauto.dll
10:51:40.0484 3716 RasAuto - ok
10:51:40.0500 3716 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:51:40.0500 3716 Rasl2tp - ok
10:51:40.0531 3716 [ D57554C664B64604BD1EE13EA2C07E77 ] RasMan C:\WINDOWS\System32\rasmans.dll
10:51:40.0546 3716 RasMan - ok
10:51:40.0546 3716 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:51:40.0562 3716 RasPppoe - ok
10:51:40.0562 3716 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
10:51:40.0562 3716 Raspti - ok
10:51:40.0578 3716 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:51:40.0593 3716 Rdbss - ok
10:51:40.0609 3716 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:51:40.0609 3716 RDPCDD - ok
10:51:40.0625 3716 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:51:40.0625 3716 rdpdr - ok
10:51:40.0656 3716 [ 6728E45B66F93C08F11DE2E316FC70DD ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
10:51:40.0656 3716 RDPWD - ok
10:51:40.0671 3716 [ C0D9D9711CB74EE9BC66353D8CBDAB0E ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
10:51:40.0671 3716 RDSessMgr - ok
10:51:40.0703 3716 [ 611BFD220305BE3A85AE876EA47D4AA5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
10:51:40.0703 3716 redbook - ok
10:51:40.0734 3716 [ 127C26B5371651043450E52542099ABA ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
10:51:40.0734 3716 RemoteAccess - ok
10:51:40.0750 3716 [ 8F31505484A190D5B22274708799F4EC ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
10:51:40.0765 3716 RemoteRegistry - ok
10:51:40.0765 3716 [ 718B3BDC0BC3C2F7D065A53D26202AF9 ] RpcLocator C:\WINDOWS\system32\locator.exe
10:51:40.0781 3716 RpcLocator - ok
10:51:40.0796 3716 [ BE27674D1CBC3214AEC84B4336A38BBF ] RpcSs C:\WINDOWS\system32\rpcss.dll
10:51:40.0812 3716 RpcSs - ok
10:51:40.0843 3716 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
10:51:40.0843 3716 RSVP - ok
10:51:40.0859 3716 [ ED0A176354487CEED65B80A7148AB739 ] SamSs C:\WINDOWS\system32\lsass.exe
10:51:40.0875 3716 SamSs - ok
10:51:40.0890 3716 [ 410046E401EB11E1E6749E9DEEA41D4A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
10:51:40.0890 3716 SCardSvr - ok
10:51:40.0921 3716 [ 3FF232A7731621B8902D81D42418C93C ] Schedule C:\WINDOWS\system32\schedsvc.dll
10:51:40.0937 3716 Schedule - ok
10:51:40.0968 3716 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:51:40.0968 3716 Secdrv - ok
10:51:40.0984 3716 [ 477E2C3CC5E4A0D635BCB0EA8DCAC3C6 ] seclogon C:\WINDOWS\System32\seclogon.dll
10:51:41.0000 3716 seclogon - ok
10:51:41.0015 3716 [ A530B75C10C23C9AB28FDB6CE719E21F ] SENS C:\WINDOWS\system32\sens.dll
10:51:41.0015 3716 SENS - ok
10:51:41.0046 3716 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
10:51:41.0046 3716 serenum - ok
10:51:41.0062 3716 [ B842729337C9B921615C40D3C1A1AF96 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
10:51:41.0062 3716 Serial - ok
10:51:41.0093 3716 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
10:51:41.0093 3716 Sfloppy - ok
10:51:41.0125 3716 [ F58FACA9621D2DB01BD0927D9A0A208E ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
10:51:41.0140 3716 SharedAccess - ok
10:51:41.0140 3716 [ B927443008910B412BEC72FC41C1BAD0 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:51:41.0156 3716 ShellHWDetection - ok
10:51:41.0156 3716 Simbad - ok
10:51:41.0171 3716 Sparrow - ok
10:51:41.0203 3716 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
10:51:41.0203 3716 splitter - ok
10:51:41.0218 3716 [ CB1090BCA0E7B40D0B5B4E4D66531809 ] Spooler C:\WINDOWS\system32\spoolsv.exe
10:51:41.0218 3716 Spooler - ok
10:51:41.0234 3716 sptd - ok
10:51:41.0250 3716 [ 94610C8653635E4459316A0050D55CE7 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
10:51:41.0250 3716 sr - ok
10:51:41.0281 3716 [ 35B91147124F64AC8081A2EDB9EA4DEE ] srservice C:\WINDOWS\system32\srsvc.dll
10:51:41.0281 3716 srservice - ok
10:51:41.0328 3716 [ 89220B427890AA1DFFD1A02648AE51C3 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
10:51:41.0328 3716 Srv - ok
10:51:41.0359 3716 [ BECD5271DC4E3B7C3D035F790FCBC1E5 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
10:51:41.0359 3716 SSDPSRV - ok
10:51:41.0406 3716 [ C1CDD9275F6A115BB0AE1D55D8D27BA6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
10:51:41.0406 3716 stisvc - ok
10:51:41.0437 3716 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
10:51:41.0437 3716 swenum - ok
10:51:41.0453 3716 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
10:51:41.0453 3716 swmidi - ok
10:51:41.0453 3716 SwPrv - ok
10:51:41.0468 3716 symc810 - ok
10:51:41.0484 3716 symc8xx - ok
10:51:41.0500 3716 sym_hi - ok
10:51:41.0515 3716 sym_u3 - ok
10:51:41.0546 3716 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
10:51:41.0546 3716 sysaudio - ok
10:51:41.0562 3716 [ CE06F01B88ACE199A1BF460CAC29C110 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
10:51:41.0578 3716 SysmonLog - ok
10:51:41.0593 3716 [ C2546CD7A398476F9DF5614B2AE160E8 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
10:51:41.0593 3716 TapiSrv - ok
10:51:41.0640 3716 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:51:41.0656 3716 Tcpip - ok
10:51:41.0656 3716 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
10:51:41.0671 3716 TDPIPE - ok
10:51:41.0687 3716 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
10:51:41.0687 3716 TDTCP - ok
10:51:41.0703 3716 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
10:51:41.0703 3716 TermDD - ok
10:51:41.0718 3716 [ A75DD6FC3DBEE4FFF5EBC9F2C28BB66E ] TermService C:\WINDOWS\System32\termsrv.dll
10:51:41.0734 3716 TermService - ok
10:51:41.0750 3716 [ B927443008910B412BEC72FC41C1BAD0 ] Themes C:\WINDOWS\System32\shsvcs.dll
10:51:41.0765 3716 Themes - ok
10:51:41.0781 3716 [ CD0CC7B167D78043A41C98D4921EFB54 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
10:51:41.0796 3716 TlntSvr - ok
10:51:41.0796 3716 TosIde - ok
10:51:41.0828 3716 [ 38853304CCB938D30E0C4CDE8D2C2A8A ] TrkWks C:\WINDOWS\system32\trkwks.dll
10:51:41.0828 3716 TrkWks - ok
10:51:41.0859 3716 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
10:51:41.0859 3716 Udfs - ok
10:51:41.0859 3716 ultra - ok
10:51:41.0906 3716 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
10:51:41.0906 3716 Update - ok
10:51:41.0921 3716 [ 651BD90DCEE5B7BDC74A2EB7C9266F9E ] upnphost C:\WINDOWS\System32\upnphost.dll
10:51:41.0937 3716 upnphost - ok
10:51:41.0953 3716 [ 20A0F6A11959E92908717D09E87D670D ] UPS C:\WINDOWS\System32\ups.exe
10:51:41.0953 3716 UPS - ok
10:51:41.0968 3716 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
10:51:41.0968 3716 usbaudio - ok
10:51:41.0984 3716 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:51:41.0984 3716 usbccgp - ok
10:51:42.0000 3716 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:51:42.0000 3716 usbehci - ok
10:51:42.0015 3716 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:51:42.0031 3716 usbhub - ok
10:51:42.0031 3716 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
10:51:42.0031 3716 usbohci - ok
10:51:42.0046 3716 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:51:42.0046 3716 usbprint - ok
10:51:42.0062 3716 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:51:42.0062 3716 usbscan - ok
10:51:42.0078 3716 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:51:42.0078 3716 USBSTOR - ok
10:51:42.0093 3716 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
10:51:42.0093 3716 VgaSave - ok
10:51:42.0109 3716 ViaIde - ok
10:51:42.0109 3716 [ 28A4B296B47782173C346E376CB374D1 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
10:51:42.0125 3716 VolSnap - ok
10:51:42.0140 3716 [ D6BA1A63D9E00933F1CD2A885573AFB2 ] VSS C:\WINDOWS\System32\vssvc.exe
10:51:42.0156 3716 VSS - ok
10:51:42.0171 3716 [ FA4E1CDBA256787F2149F4AAD07BC91F ] W32Time C:\WINDOWS\system32\w32time.dll
10:51:42.0187 3716 W32Time - ok
10:51:42.0218 3716 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:51:42.0218 3716 Wanarp - ok
10:51:42.0218 3716 WDICA - ok
10:51:42.0250 3716 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
10:51:42.0250 3716 wdmaud - ok
10:51:42.0265 3716 [ 47AE51048A82DFA1CD6B51D369F7E169 ] WebClient C:\WINDOWS\System32\webclnt.dll
10:51:42.0265 3716 WebClient - ok
10:51:42.0312 3716 [ E488332126E3B1182D2B8A0C35408EC6 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
10:51:42.0328 3716 winmgmt - ok
10:51:42.0375 3716 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
10:51:42.0390 3716 WmdmPmSN - ok
10:51:42.0437 3716 [ 0171CFF34BBA8C5977F18C48D8AEF8C6 ] Wmi C:\WINDOWS\System32\advapi32.dll
10:51:42.0453 3716 Wmi - ok
10:51:42.0484 3716 [ 23F6F03272F7E5679F1F050AED5ACEE6 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:51:42.0484 3716 WmiApSrv - ok
10:51:42.0578 3716 [ 3739866D20ABD42F26A7B85F9E2560AF ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
10:51:42.0593 3716 WMPNetworkSvc - ok
10:51:42.0625 3716 [ 4C86D5FAF78194995AF9CC1075F65DD3 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
10:51:42.0625 3716 wscsvc - ok
10:51:42.0656 3716 [ C1364564800EE9784192145324A23308 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
10:51:42.0671 3716 wuauserv - ok
10:51:42.0718 3716 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:51:42.0718 3716 WudfPf - ok
10:51:42.0734 3716 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:51:42.0734 3716 WudfRd - ok
10:51:42.0750 3716 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
10:51:42.0750 3716 WudfSvc - ok
10:51:42.0796 3716 [ A27D4BA7264C0BF52F32D10405BEA1D4 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
10:51:42.0796 3716 WZCSVC - ok
10:51:42.0828 3716 [ EAA4BB9EDB3FB10CF8979FE65E63658F ] xmlprov C:\WINDOWS\System32\xmlprov.dll
10:51:42.0828 3716 xmlprov - ok
10:51:42.0843 3716 ================ Scan global ===============================
10:51:42.0875 3716 [ F36278E42C8C5DF03CE17DAC8231C91C ] C:\WINDOWS\system32\basesrv.dll
10:51:42.0890 3716 [ 77A41C497ADB0C96D1E8DF6F71D843C0 ] C:\WINDOWS\system32\winsrv.dll
10:51:42.0906 3716 [ 77A41C497ADB0C96D1E8DF6F71D843C0 ] C:\WINDOWS\system32\winsrv.dll
10:51:42.0921 3716 [ 9EF697AF07BB8DD82C3B02CA953A95B7 ] C:\WINDOWS\system32\services.exe
10:51:42.0937 3716 [Global] - ok
10:51:42.0937 3716 ================ Scan MBR ==================================
10:51:42.0953 3716 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
10:51:43.0031 3716 \Device\Harddisk0\DR0 - ok
10:51:43.0031 3716 ================ Scan VBR ==================================
10:51:43.0031 3716 [ 839DBB33CA215EDE8F60F767A4C37A62 ] \Device\Harddisk0\DR0\Partition1
10:51:43.0031 3716 \Device\Harddisk0\DR0\Partition1 - ok
10:51:43.0046 3716 ============================================================
10:51:43.0046 3716 Scan finished
10:51:43.0046 3716 ============================================================
10:51:43.0062 3708 Detected object count: 0
10:51:43.0062 3708 Actual detected object count: 0
10:51:55.0656 3632 Deinitialize success

[Ablo005]

ComboFix 12-12-14.01 - Zdeněk 16.12.2012 11:52:25.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1521 [GMT 1:00]
Spuštěný z: c:\documents and settings\Zdeněk\Plocha\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-16 do 2012-12-16 )))))))))))))))))))))))))))))))
.
.
2012-12-16 10:51 . 2012-12-16 10:51 -------- d-----w- c:\windows\LastGood
2012-12-16 10:40 . 2012-12-16 10:40 -------- d-sh--w- c:\documents and settings\Zdeněk\IETldCache
2012-12-16 10:38 . 2012-12-16 10:38 -------- dc-h--w- c:\windows\ie8
2012-12-16 10:09 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-12-16 10:08 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-12-16 10:07 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-12-16 10:07 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-12-16 10:06 . 2012-05-28 18:16 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2012-12-16 10:06 . 2012-07-04 14:05 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-12-16 10:06 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-12-16 10:06 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-12-16 10:06 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-12-16 10:05 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-12-15 00:03 . 2012-12-15 00:03 12192 ----a-w- C:\cc_20121215_010330.reg
2012-12-14 23:09 . 2012-12-14 23:09 -------- d-----w- c:\documents and settings\NetworkService\Plocha
2012-12-14 22:41 . 2008-04-14 07:51 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2012-12-13 18:06 . 2012-12-13 18:06 -------- d-----w- c:\program files\Defraggler
2012-12-10 22:08 . 2012-12-10 22:08 -------- d-----w- c:\documents and settings\LocalService\Plocha
2012-12-10 22:06 . 2012-12-10 22:06 -------- d-----w- c:\program files\HD Tune
2012-12-10 22:06 . 2012-12-10 22:06 -------- d-----w- c:\documents and settings\Zdeněk\Data aplikací\TuneUp Software
2012-12-10 22:06 . 2012-12-10 22:06 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TuneUp Software
2012-12-10 22:06 . 2012-12-10 22:06 -------- d-sh--w- c:\documents and settings\All Users\Data aplikací\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-12-10 22:06 . 2012-12-10 22:06 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2012-12-10 22:05 . 2012-12-10 22:07 -------- d-----w- c:\program files\CrystalDiskInfo
2012-12-09 22:07 . 2012-12-09 22:10 -------- d-----w- C:\Složky z plochy
2012-12-09 20:11 . 2012-12-09 20:11 -------- d-----w- c:\documents and settings\Zdeněk\Data aplikací\Malwarebytes
2012-12-09 20:11 . 2012-12-09 20:11 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-12-09 20:11 . 2012-12-09 20:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-09 20:11 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-09 19:43 . 2012-12-09 19:43 -------- d---a-w- c:\windows\VDLL.DLL
2012-12-09 19:43 . 2012-12-09 19:43 -------- d---a-w- c:\windows\system32\runouce.exe
2012-12-09 19:43 . 2012-12-09 19:43 -------- d---a-w- c:\windows\RUNDL132.EXE
2012-12-09 19:43 . 2012-12-09 19:43 -------- d---a-w- c:\windows\logo_1.exe
2012-12-09 19:41 . 2012-12-09 19:41 34048 ----a-w- c:\windows\system32\eEmpty.exe
2012-12-09 19:41 . 2004-08-17 13:49 147968 ----a-w- c:\windows\R.COM
2012-12-09 19:41 . 2004-08-17 13:49 137216 ----a-w- c:\windows\system32\T.COM
2012-12-09 19:40 . 2012-12-09 19:40 -------- d-----w- c:\program files\Common Files\MicroWorld
2012-12-09 19:40 . 2012-12-09 19:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MicroWorld
2012-12-09 18:17 . 2012-12-09 18:17 388096 ----a-r- c:\documents and settings\Zdeněk\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-12-09 18:17 . 2012-12-09 18:17 -------- d-----w- c:\program files\Trend Micro
2012-12-09 15:07 . 2012-12-09 15:07 14072 ----a-w- C:\cc_20121209_160728.reg
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-13 11:55 . 2004-08-17 13:44 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:03 . 2004-08-17 13:49 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-10-24 15:28 . 2012-10-24 15:28 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-24 15:28 . 2012-07-03 08:39 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-24 15:28 . 2011-05-02 12:24 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-24 15:28 . 2011-05-02 12:24 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-02 18:04 . 2004-08-17 13:49 58368 ----a-w- c:\windows\system32\synceng.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]
"LXSUPMON"="c:\windows\system32\LXSUPMON.EXE" [2002-01-28 885760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Zdeněk\Nabídka Start\Programy\Po spuštění\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Software Kodak EasyShare.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Software Kodak EasyShare.lnk
backup=c:\windows\pss\Software Kodak EasyShare.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5]
2012-05-28 13:56 288128 ----a-w- c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 21:10 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sweetpacks Communicator]
2012-08-15 17:08 231768 ----a-w- c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-01-19 17:26 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Veetle\\Player\\VeetleNet.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\SweetIM\\Communicator\\SweetPacksUpdateManager.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [15.6.2012 11:54 913792]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 17:33 50704]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [16.11.2008 10:34 1310720]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S3 EraserUtilDrv11120;EraserUtilDrv11120;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11120.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11120.sys [?]
S3 gupdate1c9ef9344ae67a2;Služba Google Update (gupdate1c9ef9344ae67a2);c:\program files\Google\Update\GoogleUpdate.exe [17.6.2009 22:33 133104]
S3 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [25.12.2008 17:27 222968]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9.12.2012 21:11 22856]
S3 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9.12.2012 21:11 676936]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd957fbf6387ee.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-17 21:33]
.
2012-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-17 21:33]
.
.
------- Doplňkový sken -------
.
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-C6501Sound - c6501.cpl
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-16 11:55
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2012-12-16 11:56:37
ComboFix-quarantined-files.txt 2012-12-16 10:56
.
Před spuštěním: Volných bajtů: 22 832 082 944
Po spuštění: Volných bajtů: 22 864 306 176
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 7BADC96A8148C8CFB5ECDCD311415C8C

[Žbeky]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

File::
c:\windows\system32\eEmpty.exe
c:\windows\R.COM
c:\windows\system32\T.COM
c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd957fbf6387ee.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\windows\VDLL.DLL
c:\windows\system32\runouce.exe
c:\windows\RUNDL132.EXE
c:\windows\logo_1.exe
c:\program files\Google\Update
c:\program files\ICQ6Toolbar

Driver::
sptd
EraserUtilDrv11120
gupdate1c9ef9344ae67a2
ICQ Service


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.


- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

[Ablo005]

ComboFix 12-12-14.01 - Zdeněk 16.12.2012 13:29:06.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1488 [GMT 1:00]
Spuštěný z: c:\documents and settings\Zdeněk\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Zdeněk\Plocha\CFScript.txt
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
FILE ::
"c:\windows\R.COM"
"c:\windows\system32\eEmpty.exe"
"c:\windows\system32\T.COM"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd957fbf6387ee.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\Update
c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdate.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.21.123\GoogleUpdateSetup.exe
c:\program files\Google\Update\1.3.21.123\goopdate.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_am.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ar.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_bg.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_bn.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ca.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_cs.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_da.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_de.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_el.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_en.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_es.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_et.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fa.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fi.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fil.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_fr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_gu.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_hi.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_hr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_hu.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_id.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_is.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_it.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_iw.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ja.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_kn.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ko.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_lt.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_lv.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ml.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_mr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ms.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_nl.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_no.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_pl.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ro.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ru.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sk.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sl.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sv.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_sw.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ta.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_te.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_th.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_tr.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_uk.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_ur.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_vi.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.21.123\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.21.123\psmachine.dll
c:\program files\Google\Update\1.3.21.123\psuser.dll
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.125\GoogleUpdateB6998767.exe
c:\program files\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\23.0.1271.97\23.0.1271.97_23.0.1271.95_chrome_updater.exe
c:\program files\Google\Update\Download\{EC3C7087-D790-431E-B05D-3037A0305EF9}\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\7.4.3230.2052\GoogleToolbarInstaller_updater_signed.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Version.txt
c:\windows\logo_1.exe
c:\windows\R.COM
c:\windows\RUNDL132.EXE
c:\windows\system32\eEmpty.exe
c:\windows\system32\runouce.exe
c:\windows\system32\T.COM
c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd957fbf6387ee.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\VDLL.DLL
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ERASERUTILDRV11120
-------\Legacy_GUPDATE1C9EF9344AE67A2
-------\Legacy_ICQ_SERVICE
-------\Legacy_SPTD
-------\Service_EraserUtilDrv11120
-------\Service_gupdate1c9ef9344ae67a2
-------\Service_ICQ Service
-------\Service_sptd
-------\Legacy_gupdatem
-------\Legacy_gupdatem
-------\Service_gupdatem
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-16 do 2012-12-16 )))))))))))))))))))))))))))))))
.
.
2012-12-16 10:40 . 2012-12-16 10:40 -------- d-sh--w- c:\documents and settings\Zdeněk\IETldCache
2012-12-16 10:38 . 2012-12-16 10:38 -------- dc-h--w- c:\windows\ie8
2012-12-16 10:09 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-12-16 10:08 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-12-16 10:07 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-12-16 10:07 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-12-16 10:06 . 2012-05-28 18:16 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2012-12-16 10:06 . 2012-07-04 14:05 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-12-16 10:06 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-12-16 10:06 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-12-16 10:06 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-12-16 10:05 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-12-15 00:03 . 2012-12-15 00:03 12192 ----a-w- C:\cc_20121215_010330.reg
2012-12-14 23:09 . 2012-12-14 23:09 -------- d-----w- c:\documents and settings\NetworkService\Plocha
2012-12-14 22:41 . 2008-04-14 07:51 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2012-12-13 18:06 . 2012-12-13 18:06 -------- d-----w- c:\program files\Defraggler
2012-12-10 22:08 . 2012-12-10 22:08 -------- d-----w- c:\documents and settings\LocalService\Plocha
2012-12-10 22:06 . 2012-12-10 22:06 -------- d-----w- c:\program files\HD Tune
2012-12-10 22:06 . 2012-12-10 22:06 -------- d-----w- c:\documents and settings\Zdeněk\Data aplikací\TuneUp Software
2012-12-10 22:06 . 2012-12-10 22:06 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TuneUp Software
2012-12-10 22:06 . 2012-12-10 22:06 -------- d-sh--w- c:\documents and settings\All Users\Data aplikací\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-12-10 22:06 . 2012-12-10 22:06 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2012-12-10 22:05 . 2012-12-10 22:07 -------- d-----w- c:\program files\CrystalDiskInfo
2012-12-09 22:07 . 2012-12-09 22:10 -------- d-----w- C:\Složky z plochy
2012-12-09 20:11 . 2012-12-09 20:11 -------- d-----w- c:\documents and settings\Zdeněk\Data aplikací\Malwarebytes
2012-12-09 20:11 . 2012-12-09 20:11 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-12-09 20:11 . 2012-12-09 20:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-09 20:11 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-09 19:40 . 2012-12-09 19:40 -------- d-----w- c:\program files\Common Files\MicroWorld
2012-12-09 19:40 . 2012-12-09 19:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MicroWorld
2012-12-09 18:17 . 2012-12-09 18:17 388096 ----a-r- c:\documents and settings\Zdeněk\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-12-09 18:17 . 2012-12-09 18:17 -------- d-----w- c:\program files\Trend Micro
2012-12-09 15:07 . 2012-12-09 15:07 14072 ----a-w- C:\cc_20121209_160728.reg
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-13 11:55 . 2004-08-17 13:44 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:03 . 2004-08-17 13:49 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-10-24 15:28 . 2012-10-24 15:28 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-24 15:28 . 2012-07-03 08:39 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-24 15:28 . 2011-05-02 12:24 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-24 15:28 . 2011-05-02 12:24 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-02 18:04 . 2004-08-17 13:49 58368 ----a-w- c:\windows\system32\synceng.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]
"LXSUPMON"="c:\windows\system32\LXSUPMON.EXE" [2002-01-28 885760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Zdeněk\Nabídka Start\Programy\Po spuštění\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Software Kodak EasyShare.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Software Kodak EasyShare.lnk
backup=c:\windows\pss\Software Kodak EasyShare.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5]
2012-05-28 13:56 288128 ----a-w- c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 21:10 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sweetpacks Communicator]
2012-08-15 17:08 231768 ----a-w- c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-01-19 17:26 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Veetle\\Player\\VeetleNet.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\SweetIM\\Communicator\\SweetPacksUpdateManager.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [15.6.2012 11:54 913792]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 17:33 50704]
R3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [16.11.2008 10:34 1310720]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9.12.2012 21:11 22856]
S3 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9.12.2012 21:11 676936]
.
.
------- Doplňkový sken -------
.
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz
Trusted Zone: mojebanka.cz\*
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-16 13:35
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(788)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
.
**************************************************************************
.
Celkový čas: 2012-12-16 13:36:48 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-16 12:36
ComboFix2.txt 2012-12-16 10:56
.
Před spuštěním: Volných bajtů: 27 111 759 872
Po spuštění: Volných bajtů: 27 000 238 080
.
- - End Of File - - 8DB915F16485C1E1EC2AAB63B3945DCB

[Žbeky]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

Stáhni si OTC na plochu, spusť jej a klikni na Clean up!

+ Nový log z HJT

Jak se chová PC?

[Ablo005]

Pořad špatný. Start trvá něco málo přes 2 min. A Defragmentace stále nejde provést, píše mi to:

Svazek (C:)
Velikost svazku = 149 GB
Velikost clusteru = 4 kB
Využité místo = 126 GB
Volné místo = 22,78 GB
Procenta volného místa = 15 %

Fragmentace svazku
Celková fragmentace = 15 %
Fragmentace souborů = 30 %
Fragmentace volného místa = 0 %

Fragmentace souborů
Celkový počet souborů = 95 744
Průměrná velikost souboru = 2 MB
Celkový počet fragmentovaných souborů = 112
Celkový počet přebytečných fragmentů = 1 234
Průměrný počet fragmentů na soubor = 1,01

Fragmentace stránkového souboru
Velikost stránkového souboru = 2,00 GB
Celkový počet fragmentů = 7

Fragmentace složek
Celkový počet složek = 8 551
Počet fragmentovaných složek = 1
Počet přebytečných fragmentů složek = 0

Fragmentace hlavní tabulky souborů (MFT)
Celková velikost tabulky MFT = 110 MB
Počet záznamů tabulky MFT = 108 466
Procento využití tabulky MFT = 96 %
Celkový počet fragmentů tabulky MFT = 3

--------------------------------------------------------------------------------
Fragmenty Velikost souboruSoubory, které nelze defragmentovat
3 204 MB \Documents and Settings\Zdeněk\Dokumenty\Downloads\Cleveland-Show-III-(16)---Kdo-je-lepší-táta.Cleveland-Show-S03E16---Kdo-je-lepsi-tata.Lovok.DVB-T.x264.mp4
3 209 MB \Složky z plochy\filmy\video\létající cyrkus\Monty Python's Flying Circus - S02E07.rar
3 216 MB \Složky z plochy\seriály\grifinovi\11.serie\05x11\Family.Guy.S11E05.HDTV.XviD-AFG[fg].avi
3 216 MB \Složky z plochy\seriály\grifinovi\futurama 8\7x11.divx
3 223 MB \Složky z plochy\filmy\video\létající cyrkus\Monty Python's Flying Circus - S02E01.rar
3 224 MB \Složky z plochy\filmy\video\létající cyrkus\Monty Python's Flying Circus - S02E13.rar
3 228 MB \Složky z plochy\filmy\video\létající cyrkus\Monty Python's Flying Circus - S02E08.rar
700 308 MB \System Volume Information\_restore{8789501D-B11F-4533-A202-7AF731C49CBE}\RP767\A0138646.exe
3 350 MB \Složky z plochy\seriály\grifinovi\9. serie\9x1\family-guy-s09e01-hdtv-xvid-lol.avi
3 350 MB \Složky z plochy\seriály\grifinovi\9. serie\9x8x7\family-guy-s09e07e08-hdtv-xvid-lol.avi
6 575 MB \Documents and Settings\Zdeněk\Dokumenty\Downloads\Billy-Elliot-(2000)-byMrR-CZ.avi
4 694 MB \Složky z plochy\Sefove-na-zabiti.CZ.2011.avi
3 698 MB \Složky z plochy\filmy\video\filmy\Hlidac c.47.avi
5 699 MB \Složky z plochy\filmy\video\filmy\zlo mezi nami.avi
6 700 MB \Složky z plochy\seriály\grifinovi\futurama 8\futurama filmy\Futurama-film-3-Benderova-hra---CZ-DVDrip-Cinky.avi
3 700 MB \Složky z plochy\filmy\video\filmy\jezis.je.normalni.-take.it.jeasy.2008.hbo.rip-.avi
5 701 MB \Složky z plochy\filmy\video\filmy\Vecny svit neposkvrnene mysli CZ dabing.avi
4 701 MB \Složky z plochy\filmy\video\létající cyrkus\jabberwocky\Jabberwocky.avi
5 702 MB \Složky z plochy\filmy\video\filmy\Zmatena duse dvdrip cz.avi
4 706 MB \Složky z plochy\seriály\grifinovi\futurama 8\futurama filmy\Futurama---Milion-A-Jedno-Chapadlo-CZ-(sloučil-xFifas).avi
3 706 MB \Složky z plochy\seriály\grifinovi\futurama 8\futurama filmy\Futurama---Benderovo-Parádní-Terno-CZ-(sloučil-xFifas).avi
5 772 MB \Documents and Settings\Zdeněk\Dokumenty\Downloads\District-9.CZ.2009.avi
3 797 MB \Documents and Settings\Zdeněk\Dokumenty\Downloads\PSP-Sherlock-Holmes-2---Hra-stinu-2011-CZ-dub-(by-VENA_1980).mp4
7 847 MB \Documents and Settings\Zdeněk\Dokumenty\Downloads\Prci,-prci,-prcičky--Školní-sraz-2012--komedie--cz-dabing-dvdrip.fl.avi
7 883 MB \Documents and Settings\Zdeněk\Dokumenty\Downloads\The-human-centipede---lidská-stonožka-cz-title-by-spy.avi
8 926 MB \Documents and Settings\Zdeněk\Dokumenty\Downloads\nemilosrdny-2009-dvdrip-cz-warezfilm-cz.avi
8 962 MB \Složky z plochy\filmy\video\filmy\Roming - komedie.cz.avi
6 1,000 MB \Documents and Settings\Zdeněk\Dokumenty\Downloads\Tygr-a-Drak.avi
4 1.02 GB \Documents and Settings\Zdeněk\Dokumenty\Downloads\Majestic-Cz-(J).avi
18 3.25 GB \Documents and Settings\Zdeněk\Dokumenty\NeroVision\ImportedVideo\23.12.2008 20_20_04.0001\Title 1.0001.mpg

Nepomohlo by všechny tyhle věci smazat? Akorát nevím, jestli můžu tuhle: 700 308 MB \System Volume Information\_restore{8789501D-B11F-4533-A202-7AF731C49CBE}\RP767\A0138646.exe?