Kontrola Logu-začiatočník

[cvirik888]

zdravím, popíšem vám môj problém :niekedy mi neotvori tlačítko "štart"(mám windows xp..), kliknem a iba mi zozelenie no nič sa nevysunie, inokedy sa mi neotvóri neaká hra, poprípade mozilla, keď si otvórim procesi(ctrl alt del) tak tam mám firefox.exe a keď dm "ukončiť proces" tak mi to nič nespraví..., z inej sekcie ma poslali sem a prečítal som si ako má vyzerať tento thread tak pridávam môj log ...

[Reklama]

[cvirik888]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:00:16, on 18.2.2013
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Documents and Settings\PC\Data aplikací\uTorrent\uTorrent.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\PC\Data aplikací\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\PC\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_149_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 5812 bytes

[Žbeky]

Fixni:

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\PC\Local Settings\Data aplikací\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_149_Plugin.exe -update plugin

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.

[cvirik888]

neviem či si chcel presne toto ale naskočil mi z toho mbam log :-)

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Verze: v2013.02.19.05

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
PC :: PC-7CA911BF912E [administrátor]

19.2.2013 18:40:37
mbam-log-2013-02-19 (18-40-37).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 196753
Uplynulý čas: 4 minut, 21 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

[memphisto]

Stáhni si TDSSKiller
Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

[cvirik888]

log z TDSSKILLER

17:12:39.0906 3160 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:12:40.0593 3160 ============================================================
17:12:40.0593 3160 Current date / time: 2013/02/20 17:12:40.0593
17:12:40.0593 3160 SystemInfo:
17:12:40.0593 3160
17:12:40.0593 3160 OS Version: 5.1.2600 ServicePack: 2.0
17:12:40.0593 3160 Product type: Workstation
17:12:40.0593 3160 ComputerName: PC-7CA911BF912E
17:12:40.0593 3160 UserName: PC
17:12:40.0593 3160 Windows directory: C:\WINDOWS
17:12:40.0593 3160 System windows directory: C:\WINDOWS
17:12:40.0593 3160 Processor architecture: Intel x86
17:12:40.0593 3160 Number of processors: 1
17:12:40.0593 3160 Page size: 0x1000
17:12:40.0593 3160 Boot type: Normal boot
17:12:40.0593 3160 ============================================================
17:12:47.0046 3160 Drive \Device\Harddisk0\DR0 - Size: 0x262AE80000 (152.67 Gb), SectorSize: 0x200, Cylinders: 0x4DD9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:12:47.0078 3160 ============================================================
17:12:47.0093 3160 \Device\Harddisk0\DR0:
17:12:47.0093 3160 MBR partitions:
17:12:47.0093 3160 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9C41AD8
17:12:47.0125 3160 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9C41B56, BlocksNum 0x9512343
17:12:47.0125 3160 ============================================================
17:12:47.0218 3160 C: <-> \Device\Harddisk0\DR0\Partition1
17:12:47.0312 3160 D: <-> \Device\Harddisk0\DR0\Partition2
17:12:47.0312 3160 ============================================================
17:12:47.0312 3160 Initialize success
17:12:47.0312 3160 ============================================================
17:15:18.0468 3676 ============================================================
17:15:18.0468 3676 Scan started
17:15:18.0468 3676 Mode: Manual;
17:15:18.0468 3676 ============================================================
17:15:19.0562 3676 ================ Scan system memory ========================
17:15:19.0562 3676 System memory - ok
17:15:19.0578 3676 ================ Scan services =============================
17:15:19.0640 3676 Abiosdsk - ok
17:15:19.0656 3676 abp480n5 - ok
17:15:19.0718 3676 [ FA2FBCDA96D2385F773B059FE5A125A6 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:15:19.0718 3676 ACPI - ok
17:15:19.0765 3676 [ AFDFF022A01F0B11C776F0860C3B282F ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:15:19.0765 3676 ACPIEC - ok
17:15:19.0796 3676 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:15:19.0812 3676 AdobeFlashPlayerUpdateSvc - ok
17:15:19.0812 3676 adpu160m - ok
17:15:19.0859 3676 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:15:19.0859 3676 aec - ok
17:15:19.0906 3676 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:15:19.0906 3676 AFD - ok
17:15:19.0937 3676 [ 2C428FA0C3E3A01ED93C9B2A27D8D4BB ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
17:15:19.0937 3676 agp440 - ok
17:15:19.0953 3676 Aha154x - ok
17:15:19.0968 3676 aic78u2 - ok
17:15:19.0968 3676 aic78xx - ok
17:15:20.0015 3676 [ A9355A51698F6901B362EF738B15631D ] ALCXSENS C:\WINDOWS\system32\drivers\ALCXSENS.SYS
17:15:20.0031 3676 ALCXSENS - ok
17:15:20.0093 3676 [ CD86A348FC4016842DBD5AC7398FB48D ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
17:15:20.0109 3676 ALCXWDM - ok
17:15:20.0156 3676 [ 026DDAA7E6F8D49DF82C7A98BAE5D0D1 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:15:20.0156 3676 Alerter - ok
17:15:20.0187 3676 [ B3F690BF43F93A012A52F28F234FAA1B ] ALG C:\WINDOWS\System32\alg.exe
17:15:20.0187 3676 ALG - ok
17:15:20.0187 3676 AliIde - ok
17:15:20.0203 3676 amsint - ok
17:15:20.0234 3676 [ 421184F91EAE5C6E78E653C6B32AAE84 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
17:15:20.0250 3676 AppMgmt - ok
17:15:20.0250 3676 asc - ok
17:15:20.0265 3676 asc3350p - ok
17:15:20.0281 3676 asc3550 - ok
17:15:20.0343 3676 [ D33C507942299753868204CC7642FA27 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:15:20.0359 3676 aspnet_state - ok
17:15:20.0390 3676 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:15:20.0390 3676 AsyncMac - ok
17:15:20.0421 3676 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:15:20.0421 3676 atapi - ok
17:15:20.0421 3676 Atdisk - ok
17:15:20.0484 3676 [ 471087B5E1E01CC82604E81EA14781D8 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
17:15:20.0515 3676 Ati HotKey Poller - ok
17:15:20.0562 3676 [ B979BA0120B6DB757196A8E2E873FE3C ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
17:15:20.0609 3676 ATI Smart - ok
17:15:20.0734 3676 [ C0B86ECB324E50F6BBD529F9D5C6B24B ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:15:20.0828 3676 ati2mtag - ok
17:15:20.0875 3676 [ 6E996CF8459A2594E0E9609D0E34D41F ] atksgt C:\WINDOWS\system32\DRIVERS\atksgt.sys
17:15:20.0890 3676 atksgt - ok
17:15:20.0906 3676 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:15:20.0906 3676 Atmarpc - ok
17:15:20.0937 3676 [ 40D78F514C8588EF12EC718D2AF0FC4E ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:15:20.0937 3676 AudioSrv - ok
17:15:20.0984 3676 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:15:20.0984 3676 audstub - ok
17:15:21.0265 3676 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
17:15:21.0421 3676 AVGIDSAgent - ok
17:15:21.0453 3676 [ 7BB2C605094DBCA536D127B434214862 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
17:15:21.0453 3676 AVGIDSDriver - ok
17:15:21.0468 3676 [ 8F50F98686C9A397A19FCBAE284DB1C5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
17:15:21.0468 3676 AVGIDSHX - ok
17:15:21.0484 3676 [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
17:15:21.0484 3676 AVGIDSShim - ok
17:15:21.0500 3676 [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
17:15:21.0515 3676 Avgldx86 - ok
17:15:21.0531 3676 [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys
17:15:21.0531 3676 Avglogx - ok
17:15:21.0546 3676 [ AF7AA9BA434CD28833A66E90993E8DFD ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
17:15:21.0546 3676 Avgmfx86 - ok
17:15:21.0562 3676 [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
17:15:21.0562 3676 Avgrkx86 - ok
17:15:21.0578 3676 [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
17:15:21.0593 3676 Avgtdix - ok
17:15:21.0625 3676 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
17:15:21.0625 3676 avgwd - ok
17:15:21.0656 3676 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:15:21.0656 3676 Beep - ok
17:15:21.0703 3676 [ E774A26610EC92674273486612C11CFC ] BITS C:\WINDOWS\system32\qmgr.dll
17:15:21.0718 3676 BITS - ok
17:15:21.0765 3676 [ 73686FE0B2E0469F89FD2075BE724704 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:15:21.0765 3676 Bonjour Service - ok
17:15:21.0796 3676 [ F219E27E88107A50544153898DD8178E ] Browser C:\WINDOWS\System32\browser.dll
17:15:21.0812 3676 Browser - ok
17:15:21.0859 3676 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:15:21.0859 3676 cbidf2k - ok
17:15:21.0875 3676 cd20xrnt - ok
17:15:21.0906 3676 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:15:21.0906 3676 Cdaudio - ok
17:15:21.0953 3676 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:15:21.0953 3676 Cdfs - ok
17:15:22.0000 3676 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:15:22.0000 3676 Cdrom - ok
17:15:22.0015 3676 Changer - ok
17:15:22.0046 3676 [ 9E21229E04E1D301BB40222FE4641CB2 ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:15:22.0046 3676 CiSvc - ok
17:15:22.0062 3676 [ D3DC45553C8025338E08A60E95B1B91D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:15:22.0062 3676 ClipSrv - ok
17:15:22.0093 3676 [ 3C4D595E7F9B747325AEF28B4ADCAAE5 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:15:22.0109 3676 clr_optimization_v2.0.50727_32 - ok
17:15:22.0125 3676 CmdIde - ok
17:15:22.0125 3676 COMSysApp - ok
17:15:22.0156 3676 Cpqarray - ok
17:15:22.0187 3676 [ 70D2A1756F4B2067658A186C963FCABD ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:15:22.0187 3676 CryptSvc - ok
17:15:22.0203 3676 dac2w2k - ok
17:15:22.0203 3676 dac960nt - ok
17:15:22.0265 3676 [ C72C15EE57E248C66E57C76CAB086CF2 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:15:22.0281 3676 DcomLaunch - ok
17:15:22.0296 3676 [ 562830EFB7CF367FB773FEA5256E67C8 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:15:22.0296 3676 Dhcp - ok
17:15:22.0328 3676 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:15:22.0328 3676 Disk - ok
17:15:22.0328 3676 dmadmin - ok
17:15:22.0390 3676 [ E1968EDEC81C430108FEB23AB07BDB14 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:15:22.0406 3676 dmboot - ok
17:15:22.0421 3676 [ 1B1520A82E396E46B9AE9FA6B03FF6C6 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:15:22.0421 3676 dmio - ok
17:15:22.0453 3676 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:15:22.0453 3676 dmload - ok
17:15:22.0468 3676 [ 7B3CA72885923EB947221F17F3E3AC59 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:15:22.0468 3676 dmserver - ok
17:15:22.0984 3676 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:15:22.0984 3676 DMusic - ok
17:15:22.0984 3676 [ F605B3F5674D67587C4B6C9E92A3E025 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:15:23.0000 3676 Dnscache - ok
17:15:23.0000 3676 dpti2o - ok
17:15:23.0031 3676 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:15:23.0031 3676 drmkaud - ok
17:15:23.0062 3676 [ 651554E483712B708EDE864D0CA1AA73 ] DrvAgent32 C:\WINDOWS\system32\Drivers\DrvAgent32.sys
17:15:23.0062 3676 DrvAgent32 - ok
17:15:23.0125 3676 [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
17:15:23.0125 3676 ElbyCDIO - ok
17:15:23.0140 3676 [ D6F7428B201E33BC80066B47144CB568 ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:15:23.0140 3676 ERSvc - ok
17:15:23.0156 3676 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] Eventlog C:\WINDOWS\system32\services.exe
17:15:23.0156 3676 Eventlog - ok
17:15:23.0187 3676 [ 972378B907070F64932A87C90A035487 ] EventSystem C:\WINDOWS\system32\es.dll
17:15:23.0187 3676 EventSystem - ok
17:15:23.0203 3676 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:15:23.0218 3676 Fastfat - ok
17:15:23.0234 3676 [ 8BA76BD2A943F642F267A296A15776D2 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:15:23.0234 3676 FastUserSwitchingCompatibility - ok
17:15:23.0265 3676 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
17:15:23.0265 3676 Fdc - ok
17:15:23.0281 3676 [ 266DAB58619B17BDF37FABBD48D875CA ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:15:23.0281 3676 Fips - ok
17:15:23.0343 3676 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:15:23.0375 3676 FLEXnet Licensing Service - ok
17:15:23.0390 3676 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
17:15:23.0390 3676 Flpydisk - ok
17:15:23.0437 3676 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:15:23.0437 3676 FltMgr - ok
17:15:23.0453 3676 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:15:23.0453 3676 Fs_Rec - ok
17:15:23.0468 3676 [ 4E664D8541DB4A66B73A24257E322E1F ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:15:23.0468 3676 Ftdisk - ok
17:15:23.0500 3676 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\WINDOWS\system32\giveio.sys
17:15:23.0500 3676 giveio - ok
17:15:23.0500 3676 GMSIPCI - ok
17:15:23.0531 3676 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:15:23.0531 3676 Gpc - ok
17:15:23.0593 3676 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
17:15:23.0593 3676 gupdate - ok
17:15:23.0609 3676 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
17:15:23.0609 3676 gupdatem - ok
17:15:23.0671 3676 [ F59152272782FED8A8197FA788287F68 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:15:23.0671 3676 helpsvc - ok
17:15:23.0703 3676 [ D2DCF769E5A70027058AD5BE1F9B55BF ] HidServ C:\WINDOWS\System32\hidserv.dll
17:15:23.0703 3676 HidServ - ok
17:15:23.0734 3676 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:15:23.0734 3676 HidUsb - ok
17:15:23.0750 3676 hpn - ok
17:15:23.0765 3676 [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:15:23.0781 3676 HTTP - ok
17:15:23.0812 3676 [ DA826826C5C9116F47E0CD0CA8CC7C11 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:15:23.0828 3676 HTTPFilter - ok
17:15:23.0828 3676 i2omgmt - ok
17:15:23.0843 3676 i2omp - ok
17:15:23.0875 3676 [ 0F42DE9909B5DBF2C48DD1A79D491AF5 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:15:23.0875 3676 i8042prt - ok
17:15:23.0921 3676 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:15:23.0921 3676 IDriverT - ok
17:15:23.0953 3676 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:15:23.0953 3676 Imapi - ok
17:15:23.0984 3676 [ CF9D286B34CB4912F3B28B4972D5CB33 ] ImapiService C:\WINDOWS\system32\imapi.exe
17:15:23.0984 3676 ImapiService - ok
17:15:24.0000 3676 ini910u - ok
17:15:24.0046 3676 [ EF4FDA4841001A4B98C411797DB8894A ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
17:15:24.0046 3676 IntelIde - ok
17:15:24.0093 3676 [ 10A3AC0F0DF720AD3C3FD13861D50EB9 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:15:24.0093 3676 intelppm - ok
17:15:24.0125 3676 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:15:24.0125 3676 Ip6Fw - ok
17:15:24.0156 3676 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:15:24.0156 3676 IpFilterDriver - ok
17:15:24.0156 3676 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:15:24.0156 3676 IpInIp - ok
17:15:24.0171 3676 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:15:24.0187 3676 IpNat - ok
17:15:24.0203 3676 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:15:24.0203 3676 IPSec - ok
17:15:24.0296 3676 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:15:24.0296 3676 IRENUM - ok
17:15:24.0343 3676 [ 1091528512E4DD7ED5FDDCC4DF1C53D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:15:24.0343 3676 isapnp - ok
17:15:24.0468 3676 [ CC54FD59486BEF7CE70275FAC2FD9D34 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
17:15:24.0484 3676 JavaQuickStarterService - ok
17:15:24.0531 3676 [ 6F877BF8DC01A550CD666F3BEDB2213C ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:15:24.0531 3676 Kbdclass - ok
17:15:24.0562 3676 [ 065B5A83AA78C0C7047BF22E0AB5C821 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:15:24.0562 3676 kbdhid - ok
17:15:24.0593 3676 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:15:24.0593 3676 kmixer - ok
17:15:24.0593 3676 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:15:24.0609 3676 KSecDD - ok
17:15:24.0625 3676 [ 6D6BDD68B775986577C48A8DF961A05C ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:15:24.0640 3676 lanmanserver - ok
17:15:24.0671 3676 [ 69B0569AAE33F0D5057CA0E8577AAF07 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:15:24.0671 3676 lanmanworkstation - ok
17:15:24.0687 3676 lbrtfdc - ok
17:15:24.0718 3676 [ 975B6CF65F44E95883F3855BAE8CECAF ] lirsgt C:\WINDOWS\system32\DRIVERS\lirsgt.sys
17:15:24.0718 3676 lirsgt - ok
17:15:24.0734 3676 [ F9EE6D2AAB0690B34AE35BA9921A1414 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:15:24.0734 3676 LmHosts - ok
17:15:24.0765 3676 [ 8B2FCBD881879B55BE40B41F12FFC431 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:15:24.0765 3676 Messenger - ok
17:15:24.0781 3676 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:15:24.0781 3676 mnmdd - ok
17:15:24.0812 3676 [ 7D137132D6A9B41EF800E59A771ED48C ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:15:24.0812 3676 mnmsrvc - ok
17:15:24.0843 3676 [ 60210DEB037846AFE521EBF349964F6B ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:15:24.0843 3676 Modem - ok
17:15:24.0859 3676 [ B160EC94114715675509115986400FD9 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:15:24.0859 3676 Mouclass - ok
17:15:24.0890 3676 [ BB269EBA740737AB749B214D568B6812 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:15:24.0890 3676 mouhid - ok
17:15:24.0906 3676 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:15:24.0906 3676 MountMgr - ok
17:15:24.0953 3676 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:15:24.0953 3676 MozillaMaintenance - ok
17:15:24.0968 3676 mraid35x - ok
17:15:24.0984 3676 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:15:24.0984 3676 MRxDAV - ok
17:15:25.0015 3676 [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:15:25.0046 3676 MRxSmb - ok
17:15:25.0062 3676 [ 944A24032AED84C59455B981F6CA1C1A ] MSDTC C:\WINDOWS\system32\msdtc.exe
17:15:25.0062 3676 MSDTC - ok
17:15:25.0078 3676 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:15:25.0078 3676 Msfs - ok
17:15:25.0093 3676 MSIServer - ok
17:15:25.0125 3676 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:15:25.0125 3676 MSKSSRV - ok
17:15:25.0156 3676 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:15:25.0156 3676 MSPCLOCK - ok
17:15:25.0156 3676 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:15:25.0156 3676 MSPQM - ok
17:15:25.0187 3676 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:15:25.0187 3676 mssmbios - ok
17:15:25.0203 3676 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:15:25.0203 3676 Mup - ok
17:15:25.0234 3676 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:15:25.0234 3676 NDIS - ok
17:15:25.0265 3676 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:15:25.0265 3676 NdisTapi - ok
17:15:25.0312 3676 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:15:25.0312 3676 Ndisuio - ok
17:15:25.0328 3676 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:15:25.0328 3676 NdisWan - ok
17:15:25.0343 3676 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:15:25.0343 3676 NDProxy - ok
17:15:25.0343 3676 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:15:25.0359 3676 NetBIOS - ok
17:15:25.0375 3676 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:15:25.0390 3676 NetBT - ok
17:15:25.0406 3676 [ 818053225BF4AAC5F0F718001E492F70 ] NetDDE C:\WINDOWS\system32\netdde.exe
17:15:25.0421 3676 NetDDE - ok
17:15:25.0421 3676 [ 818053225BF4AAC5F0F718001E492F70 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:15:25.0421 3676 NetDDEdsdm - ok
17:15:25.0453 3676 [ 82A362FE1D4980B71B588D9C10748511 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:15:25.0453 3676 Netlogon - ok
17:15:25.0500 3676 [ AF342D2781225A8769686E0D47E3123E ] Netman C:\WINDOWS\System32\netman.dll
17:15:25.0500 3676 Netman - ok
17:15:25.0515 3676 [ 64C078BD4EFD441C3F159EDC5EA4420A ] Nla C:\WINDOWS\System32\mswsock.dll
17:15:25.0531 3676 Nla - ok
17:15:25.0546 3676 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:15:25.0546 3676 Npfs - ok
17:15:25.0593 3676 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:15:25.0640 3676 Ntfs - ok
17:15:25.0656 3676 [ 82A362FE1D4980B71B588D9C10748511 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:15:25.0656 3676 NtLmSsp - ok
17:15:25.0687 3676 [ D8D2B13BA93AE830B1A637DF571D1195 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:15:25.0703 3676 NtmsSvc - ok
17:15:25.0718 3676 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:15:25.0718 3676 Null - ok
17:15:25.0750 3676 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:15:25.0750 3676 NwlnkFlt - ok
17:15:25.0765 3676 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:15:25.0765 3676 NwlnkFwd - ok
17:15:25.0796 3676 [ 76A18CAA2FEFB28A4CED38D76837E86E ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
17:15:25.0796 3676 Parport - ok
17:15:25.0796 3676 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:15:25.0812 3676 PartMgr - ok
17:15:25.0843 3676 [ 1FAE19D0457176318BBA4A8795656EBC ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:15:25.0843 3676 ParVdm - ok
17:15:25.0906 3676 [ 8F9AD7259C308ECF8FA4A5043B4131DA ] PCAlertDriver C:\Program Files\MSI\Core Center\NTGLM7X.sys
17:15:25.0906 3676 PCAlertDriver - ok
17:15:25.0937 3676 [ B7979F37BB7B9DF2230046134955E6E7 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:15:25.0937 3676 PCI - ok
17:15:25.0953 3676 PCIDump - ok
17:15:25.0968 3676 [ 2DA4EC85E0EA7A45C6B2A05820492D5A ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:15:25.0968 3676 PCIIde - ok
17:15:26.0000 3676 [ 90505755634407D4EF4C6DEA60FC1DF9 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:15:26.0000 3676 Pcmcia - ok
17:15:26.0000 3676 PDCOMP - ok
17:15:26.0015 3676 PDFRAME - ok
17:15:26.0031 3676 PDRELI - ok
17:15:26.0046 3676 PDRFRAME - ok
17:15:26.0046 3676 perc2 - ok
17:15:26.0062 3676 perc2hib - ok
17:15:26.0109 3676 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] PlugPlay C:\WINDOWS\system32\services.exe
17:15:26.0109 3676 PlugPlay - ok
17:15:26.0125 3676 [ 82A362FE1D4980B71B588D9C10748511 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:15:26.0125 3676 PolicyAgent - ok
17:15:26.0140 3676 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:15:26.0140 3676 PptpMiniport - ok
17:15:26.0156 3676 [ 82A362FE1D4980B71B588D9C10748511 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:15:26.0156 3676 ProtectedStorage - ok
17:15:26.0171 3676 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:15:26.0171 3676 PSched - ok
17:15:26.0187 3676 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:15:26.0187 3676 Ptilink - ok
17:15:26.0203 3676 ql1080 - ok
17:15:26.0218 3676 Ql10wnt - ok
17:15:26.0218 3676 ql12160 - ok
17:15:26.0234 3676 ql1240 - ok
17:15:26.0250 3676 ql1280 - ok
17:15:26.0265 3676 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:15:26.0265 3676 RasAcd - ok
17:15:26.0296 3676 [ E68B6F9A726A444059705AB43B5656D1 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:15:26.0296 3676 RasAuto - ok
17:15:26.0328 3676 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:15:26.0328 3676 Rasl2tp - ok
17:15:26.0359 3676 [ 6E519D777C91E90592403C9F981FDF03 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:15:26.0375 3676 RasMan - ok
17:15:26.0375 3676 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:15:26.0390 3676 RasPppoe - ok
17:15:26.0390 3676 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:15:26.0390 3676 Raspti - ok
17:15:26.0437 3676 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:15:26.0437 3676 Rdbss - ok
17:15:26.0453 3676 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:15:26.0453 3676 RDPCDD - ok
17:15:26.0500 3676 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:15:26.0500 3676 rdpdr - ok
17:15:26.0546 3676 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:15:26.0546 3676 RDPWD - ok
17:15:26.0593 3676 [ 125ACF258DA9633F748131A0E0185AF3 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:15:26.0609 3676 RDSessMgr - ok
17:15:26.0656 3676 [ ABA13D33E1F888C9A68599A48A8840D6 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:15:26.0656 3676 redbook - ok
17:15:26.0687 3676 [ EB5E1A601E5A1908A87E4D5A41803D98 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:15:26.0703 3676 RemoteAccess - ok
17:15:26.0718 3676 [ 5B21208FCF8970BB61FE98E19D828714 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
17:15:26.0718 3676 RemoteRegistry - ok
17:15:26.0765 3676 [ C8A3B668985D61249F2DC71716C58DE8 ] RpcLocator C:\WINDOWS\system32\locator.exe
17:15:26.0765 3676 RpcLocator - ok
17:15:26.0796 3676 [ C72C15EE57E248C66E57C76CAB086CF2 ] RpcSs C:\WINDOWS\system32\rpcss.dll
17:15:26.0812 3676 RpcSs - ok
17:15:26.0843 3676 [ 09AB2E71E58B078038E3BFDBA7FFC984 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:15:26.0843 3676 RSVP - ok
17:15:26.0890 3676 [ 2EF9C0DC26B30B2318B1FC3FAA1F0AE7 ] rtl8139 C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
17:15:26.0890 3676 rtl8139 - ok
17:15:26.0906 3676 [ E9D986CE8419571136117520861BD02B ] RushTopDevice C:\Program Files\MSI\Core Center\RushTop.sys
17:15:26.0906 3676 RushTopDevice - ok
17:15:26.0921 3676 [ 82A362FE1D4980B71B588D9C10748511 ] SamSs C:\WINDOWS\system32\lsass.exe
17:15:26.0921 3676 SamSs - ok
17:15:26.0968 3676 [ C177354E995CC1AA1F767BCD9980434A ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:15:26.0968 3676 SCardSvr - ok
17:15:27.0015 3676 [ 29AC93307C6182DBE336BCA314947F28 ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:15:27.0031 3676 Schedule - ok
17:15:27.0046 3676 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:15:27.0046 3676 Secdrv - ok
17:15:27.0062 3676 [ C76CB8A133374FAC6805F83FF7B7DA03 ] seclogon C:\WINDOWS\System32\seclogon.dll
17:15:27.0062 3676 seclogon - ok
17:15:27.0078 3676 [ 220AD85BA9C5B3011296354011B901CC ] SENS C:\WINDOWS\system32\sens.dll
17:15:27.0078 3676 SENS - ok
17:15:27.0093 3676 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:15:27.0093 3676 serenum - ok
17:15:27.0109 3676 [ C1DDBC85251551A840212999DA3D95F3 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
17:15:27.0109 3676 Serial - ok
17:15:27.0140 3676 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:15:27.0140 3676 Sfloppy - ok
17:15:27.0171 3676 [ 6A93501BCDEBF159109429B022C0FF83 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:15:27.0187 3676 SharedAccess - ok
17:15:27.0203 3676 [ 8BA76BD2A943F642F267A296A15776D2 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:15:27.0203 3676 ShellHWDetection - ok
17:15:27.0218 3676 Simbad - ok
17:15:27.0234 3676 Sparrow - ok
17:15:27.0281 3676 [ 3FA2E254BFBCE52B3C6F1BF23AAB6911 ] speedfan C:\WINDOWS\system32\speedfan.sys
17:15:27.0281 3676 speedfan - ok
17:15:27.0312 3676 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:15:27.0312 3676 splitter - ok
17:15:27.0328 3676 [ 21B6FAA88044A41640E03EBB68BE93E8 ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:15:27.0328 3676 Spooler - ok
17:15:27.0343 3676 [ A74035EA526DB97D9D50D2143A55F5CF ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:15:27.0343 3676 sr - ok
17:15:27.0375 3676 [ 3CD57F31A64D32FDB28918B16D1E6AAC ] srservice C:\WINDOWS\system32\srsvc.dll
17:15:27.0375 3676 srservice - ok
17:15:27.0390 3676 [ 20B7E396720353E4117D64D9DCB926CA ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:15:27.0406 3676 Srv - ok
17:15:27.0437 3676 [ 88C28F53F53438DAFCD95E99C837C61E ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:15:27.0437 3676 SSDPSRV - ok
17:15:27.0468 3676 Steam Client Service - ok
17:15:27.0500 3676 [ 0645CCDDDD27F96EEA3534C1DEF736D9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:15:27.0515 3676 stisvc - ok
17:15:27.0531 3676 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:15:27.0531 3676 swenum - ok
17:15:27.0546 3676 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:15:27.0546 3676 swmidi - ok
17:15:27.0562 3676 SwPrv - ok
17:15:27.0578 3676 symc810 - ok
17:15:27.0593 3676 symc8xx - ok
17:15:27.0593 3676 sym_hi - ok
17:15:27.0609 3676 sym_u3 - ok
17:15:27.0640 3676 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:15:27.0640 3676 sysaudio - ok
17:15:27.0687 3676 [ D9C9ECFF4904E6151525C533AEEDF8F4 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:15:27.0687 3676 SysmonLog - ok
17:15:27.0718 3676 [ 37162D29CD61519E6F5EA0DE99786FF6 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:15:27.0734 3676 TapiSrv - ok
17:15:27.0765 3676 [ 9F4B36614A0FC234525BA224957DE55C ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:15:27.0765 3676 Tcpip - ok
17:15:27.0796 3676 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:15:27.0796 3676 TDPIPE - ok
17:15:27.0812 3676 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:15:27.0828 3676 TDTCP - ok
17:15:27.0843 3676 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:15:27.0859 3676 TermDD - ok
17:15:27.0890 3676 [ 2F5919F2F6EE7A845893D9C3AA2BC56A ] TermService C:\WINDOWS\System32\termsrv.dll
17:15:27.0906 3676 TermService - ok
17:15:27.0937 3676 [ 8BA76BD2A943F642F267A296A15776D2 ] Themes C:\WINDOWS\System32\shsvcs.dll
17:15:27.0937 3676 Themes - ok
17:15:27.0968 3676 [ 535C2FB97336BAFA509F4783DD1E5746 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
17:15:27.0968 3676 TlntSvr - ok
17:15:27.0984 3676 TosIde - ok
17:15:28.0015 3676 [ 4DCE17221B1A87FB47E36842F3E38753 ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:15:28.0015 3676 TrkWks - ok
17:15:28.0062 3676 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:15:28.0062 3676 Udfs - ok
17:15:28.0078 3676 ultra - ok
17:15:28.0109 3676 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:15:28.0109 3676 Update - ok
17:15:28.0156 3676 [ 984FC1518B0D5B31D76F0E63608E0500 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:15:28.0156 3676 upnphost - ok
17:15:28.0171 3676 [ 6148A3BA4D9CC628357FC92014FEA30E ] UPS C:\WINDOWS\System32\ups.exe
17:15:28.0187 3676 UPS - ok
17:15:28.0218 3676 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:15:28.0218 3676 usbccgp - ok
17:15:28.0265 3676 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:15:28.0265 3676 usbehci - ok
17:15:28.0312 3676 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:15:28.0312 3676 usbhub - ok
17:15:28.0343 3676 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:15:28.0343 3676 USBSTOR - ok
17:15:28.0390 3676 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:15:28.0390 3676 usbuhci - ok
17:15:28.0421 3676 [ FCE98C43B5C5DB8E0DA8EA0E2B45E044 ] VClone C:\WINDOWS\system32\DRIVERS\VClone.sys
17:15:28.0421 3676 VClone - ok
17:15:28.0437 3676 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:15:28.0437 3676 VgaSave - ok
17:15:28.0453 3676 ViaIde - ok
17:15:28.0468 3676 [ CD8CCE067F7E9CBD762C00BDDDECAA34 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:15:28.0468 3676 VolSnap - ok
17:15:28.0500 3676 [ 043539881667BB37B07524032D6FFC3E ] VSS C:\WINDOWS\System32\vssvc.exe
17:15:28.0515 3676 VSS - ok
17:15:28.0562 3676 [ 2CEEBB402187AE56B585701F3D191FB3 ] W32Time C:\WINDOWS\system32\w32time.dll
17:15:28.0562 3676 W32Time - ok
17:15:28.0593 3676 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:15:28.0593 3676 Wanarp - ok
17:15:28.0593 3676 WDICA - ok
17:15:28.0625 3676 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:15:28.0625 3676 wdmaud - ok
17:15:28.0656 3676 [ 3791ADF1D3466AC6B4B662D3F79CBFEC ] WebClient C:\WINDOWS\System32\webclnt.dll
17:15:28.0656 3676 WebClient - ok
17:15:28.0734 3676 [ E12084EA622BDF2262C637BEF15DD85C ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:15:28.0734 3676 winmgmt - ok
17:15:28.0796 3676 [ E02E913B3841717A890A644EE167B9A5 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
17:15:28.0796 3676 WmdmPmSN - ok
17:15:28.0859 3676 [ 0CDC4A0C6B820FAD99FB4CA74CD0C476 ] Wmi C:\WINDOWS\System32\advapi32.dll
17:15:28.0890 3676 Wmi - ok
17:15:28.0937 3676 [ BCD21B989F0FD4ACE78287FC01B4693D ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:15:28.0937 3676 WmiApSrv - ok
17:15:28.0984 3676 [ 4ADED1ADEF25041D9827F9A79C0FDA13 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:15:28.0984 3676 wscsvc - ok
17:15:29.0031 3676 [ 21F5169CA14E0B25C757644456F637DF ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:15:29.0031 3676 wuauserv - ok
17:15:29.0078 3676 [ 325CEDEF696EF4B649DDCD3968D085C9 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:15:29.0078 3676 WZCSVC - ok
17:15:29.0125 3676 [ 9B835D4C64860B155A1701D5092EC9E4 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:15:29.0125 3676 xmlprov - ok
17:15:29.0140 3676 ================ Scan global ===============================
17:15:29.0156 3676 [ F642F3368D2839798DA79E7BA9218481 ] C:\WINDOWS\system32\basesrv.dll
17:15:29.0171 3676 [ E4E57FBA176F2752527B1D53A663D2D7 ] C:\WINDOWS\system32\winsrv.dll
17:15:29.0187 3676 [ E4E57FBA176F2752527B1D53A663D2D7 ] C:\WINDOWS\system32\winsrv.dll
17:15:29.0203 3676 [ 6E401E61F952FBBF708AFBECEFAFAE81 ] C:\WINDOWS\system32\services.exe
17:15:29.0203 3676 [Global] - ok
17:15:29.0218 3676 ================ Scan MBR ==================================
17:15:29.0234 3676 [ 413FC2A0C716421B3158746D63736515 ] \Device\Harddisk0\DR0
17:15:29.0390 3676 \Device\Harddisk0\DR0 - ok
17:15:29.0406 3676 ================ Scan VBR ==================================
17:15:29.0406 3676 [ DE0E99503EE94DBFD0FAA936E7660E7A ] \Device\Harddisk0\DR0\Partition1
17:15:29.0406 3676 \Device\Harddisk0\DR0\Partition1 - ok
17:15:29.0437 3676 [ C6715289EB8170B7E14E446ED5B3030E ] \Device\Harddisk0\DR0\Partition2
17:15:29.0437 3676 \Device\Harddisk0\DR0\Partition2 - ok
17:15:29.0437 3676 ============================================================
17:15:29.0437 3676 Scan finished
17:15:29.0437 3676 ============================================================
17:15:29.0453 3836 Detected object count: 0
17:15:29.0453 3836 Actual detected object count: 0
17:15:44.0812 1124 Deinitialize success

[cvirik888]

log z combo fix

ComboFix 13-02-18.02 - PC 20.02.2013 17:45:15.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1629 [GMT 1:00]
Spuštěný z: c:\documents and settings\PC\Dokumenty\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-01-20 do 2013-02-20 )))))))))))))))))))))))))))))))
.
.
2013-02-19 17:38 . 2013-02-19 17:38 -------- d-----w- c:\documents and settings\PC\Data aplikací\Malwarebytes
2013-02-19 17:38 . 2013-02-19 17:38 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-02-19 17:38 . 2013-02-19 17:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-19 17:38 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-18 19:54 . 2013-02-18 19:53 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-02-18 19:53 . 2013-02-18 19:53 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-18 19:53 . 2013-02-18 19:53 -------- d-----w- c:\program files\Java
2013-02-18 16:59 . 2013-02-18 16:59 388096 ----a-r- c:\documents and settings\PC\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-02-18 16:59 . 2013-02-18 16:59 -------- d-----w- c:\program files\Trend Micro
2013-02-17 09:34 . 2013-02-17 09:34 -------- d-----w- c:\program files\Common Files\Nero
2013-02-17 09:33 . 2005-10-18 19:03 3031040 ------w- c:\windows\UNNeroVision.exe
2013-02-17 09:33 . 2001-03-08 17:30 24064 ------w- c:\windows\system32\msxml3a.dll
2013-02-17 09:32 . 2013-02-17 09:32 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Ahead
2013-02-17 09:32 . 2004-07-09 07:43 364544 ------w- c:\windows\system32\TwnLib4.dll
2013-02-17 09:32 . 2004-07-20 15:24 471040 ------w- c:\windows\system32\ImagXRA7.dll
2013-02-17 09:32 . 2004-07-20 15:24 262144 ------w- c:\windows\system32\ImagXR7.dll
2013-02-17 09:32 . 2004-07-20 15:24 476320 ------w- c:\windows\system32\ImagXpr7.dll
2013-02-17 09:32 . 2004-07-20 15:24 1568768 ------w- c:\windows\system32\ImagX7.dll
2013-02-17 09:32 . 2001-06-26 06:15 38912 ------w- c:\windows\system32\picn20.dll
2013-02-17 09:32 . 2000-06-26 09:45 106496 ------w- c:\windows\system32\TwnLib20.dll
2013-02-17 09:32 . 2013-02-17 09:32 -------- d-----w- c:\program files\Common Files\Ahead
2013-02-17 09:32 . 2013-02-17 09:32 -------- d-----w- c:\program files\Ahead
2013-02-16 20:44 . 2013-02-16 20:44 -------- d-----w- c:\documents and settings\PC\Local Settings\Data aplikací\Identities
2013-02-14 17:02 . 2013-02-14 17:18 -------- d-----w- c:\documents and settings\PC\Data aplikací\flightgear.org
2013-02-14 16:40 . 2004-03-08 23:00 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
2013-02-13 16:05 . 2013-02-13 16:06 -------- d-----w- c:\documents and settings\PC\Local Settings\Data aplikací\Temp
2013-02-13 16:05 . 2013-02-13 16:06 -------- d-----w- c:\documents and settings\PC\Local Settings\Data aplikací\Facebook
2013-02-13 16:00 . 2013-02-13 16:00 -------- d-s---w- c:\documents and settings\PC\UserData
2013-02-11 15:52 . 2013-02-11 15:52 -------- d-----w- c:\documents and settings\PC\Local Settings\Data aplikací\eSupport.com
2013-02-11 15:52 . 2013-02-11 15:52 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2013-02-08 20:21 . 2013-02-08 20:21 -------- d--h--r- c:\documents and settings\PC\Data aplikací\SecuROM
2013-02-08 20:21 . 2013-02-08 20:21 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2013-02-08 19:49 . 2013-02-08 19:49 -------- d-----w- c:\program files\MSXML 4.0
2013-02-08 19:45 . 2013-02-16 17:29 -------- d-----w- c:\program files\Microsoft Games
2013-02-07 17:54 . 2013-02-07 17:54 -------- d-----w- c:\program files\Lavalys
2013-02-07 17:26 . 2013-02-16 19:00 -------- d-----w- c:\program files\SpeedFan
2013-02-05 20:12 . 2013-02-05 20:12 -------- d-----w- c:\documents and settings\All Users\Data aplikací\FLEXnet
2013-02-05 20:00 . 2013-02-05 20:00 -------- d-----w- c:\program files\Bonjour
2013-02-05 19:40 . 2013-02-05 19:40 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2013-02-05 17:22 . 2013-02-15 15:11 -------- d-----w- c:\program files\Google
2013-02-05 17:22 . 2013-02-05 17:25 -------- d-----w- c:\documents and settings\PC\Local Settings\Data aplikací\Google
2013-02-04 15:53 . 2013-02-06 16:13 -------- d-----w- c:\documents and settings\PC\Local Settings\Data aplikací\Adobe
2013-02-04 15:52 . 2013-02-05 20:00 -------- d-----w- c:\program files\Common Files\Adobe
2013-02-04 15:23 . 2013-02-04 15:23 -------- d-----w- c:\program files\CCleaner
2013-02-02 16:31 . 2013-02-02 16:31 271360 ----a-w- c:\windows\system32\drivers\atksgt.sys
2013-02-02 16:31 . 2013-02-02 16:31 18048 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2013-02-02 16:27 . 2013-02-02 16:51 -------- d-----w- c:\program files\Gothic III
2013-02-02 13:35 . 2013-02-02 13:36 -------- d-----w- c:\windows\system32\NtmsData
2013-02-01 19:19 . 2013-02-20 16:25 -------- d-----w- c:\documents and settings\PC\Data aplikací\uTorrent
2013-02-01 13:32 . 2013-02-01 13:34 -------- d-----w- c:\documents and settings\PC\Data aplikací\HU2011
2013-02-01 13:27 . 2013-02-01 13:27 -------- d-----w- c:\program files\Elaborate Bytes
2013-01-30 16:13 . 2013-01-30 16:13 -------- d-----w- c:\documents and settings\PC\Data aplikací\Wargaming.net
2013-01-30 14:05 . 2013-01-30 14:05 -------- d-----w- c:\documents and settings\PC\Local Settings\Data aplikací\Sun
2013-01-29 20:39 . 2013-01-29 20:39 -------- d-----w- c:\program files\Common Files\Java
2013-01-29 20:39 . 2013-01-30 17:40 -------- d-----w- c:\documents and settings\PC\Data aplikací\.minecraft
2013-01-29 20:39 . 2013-02-18 19:53 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-29 20:39 . 2013-02-18 19:53 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-29 17:08 . 2013-01-29 17:08 -------- d-----w- c:\documents and settings\PC\Local Settings\Data aplikací\ATI
2013-01-29 17:08 . 2013-01-29 17:08 -------- d-----w- c:\documents and settings\PC\Data aplikací\ATI
2013-01-29 17:08 . 2013-01-29 17:08 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ATI
2013-01-28 19:19 . 2000-08-19 18:29 268048 ----a-w- c:\windows\system32\dxtmeta2.dll
2013-01-28 17:40 . 2013-01-28 17:40 -------- d-----w- C:\Games
2013-01-28 17:21 . 2004-07-15 23:16 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2013-01-28 17:21 . 2003-11-10 17:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2013-01-28 17:21 . 2003-11-10 17:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2013-01-28 17:21 . 2003-11-10 17:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2013-01-28 17:21 . 2003-11-10 17:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2013-01-28 17:21 . 2003-11-10 17:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2013-01-28 17:21 . 2013-01-28 17:21 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2013-01-28 17:21 . 2013-01-28 17:21 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2013-01-28 17:19 . 2013-01-28 17:19 -------- d-----w- C:\ATI
2013-01-28 17:04 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2013-01-28 17:04 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2013-01-28 17:04 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2013-01-28 17:04 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-01-28 17:04 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2013-01-28 17:02 . 2008-03-05 15:00 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll
2013-01-28 17:01 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2013-01-28 17:01 . 2013-02-09 19:51 -------- d-----w- c:\windows\Logs
2013-01-28 14:13 . 2013-02-09 20:20 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-28 14:13 . 2013-02-09 20:20 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-27 20:24 . 2013-01-27 20:24 -------- d-----w- c:\documents and settings\PC\Data aplikací\AVG2013
2013-01-27 20:24 . 2013-01-27 20:24 -------- d-----w- c:\documents and settings\PC\Data aplikací\TuneUp Software
2013-01-27 20:23 . 2013-01-27 20:24 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVG2013
2013-01-27 20:23 . 2013-01-27 20:23 -------- d-----w- C:\$AVG
2013-01-27 20:23 . 2013-01-27 20:23 -------- d-----w- c:\program files\AVG
2013-01-27 20:22 . 2013-02-20 11:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2013-01-27 20:22 . 2013-01-27 20:31 -------- d-----w- c:\documents and settings\PC\Local Settings\Data aplikací\Avg2013
2013-01-27 20:22 . 2013-01-27 20:22 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2013-01-27 20:22 . 2013-01-27 20:22 -------- d-----w- c:\documents and settings\PC\Local Settings\Data aplikací\MFAData
2013-01-27 20:05 . 2013-01-27 20:05 -------- d-----w- c:\documents and settings\All Users\Nabdka Start
2013-01-27 20:05 . 2013-01-27 20:05 -------- d-----w- c:\program files\Common Files\Steam
2013-01-27 20:05 . 2013-02-20 16:29 -------- d-----w- c:\program files\Steam
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-06 16:29 . 2013-02-06 16:28 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
CoreCenter.lnk - c:\program files\MSI\Core Center\CoreCenter.exe [1999-3-1 2605056]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Games\\World_of_Tanks\\WOTLauncher.exe"=
"c:\\Program Files\\Call Of Duty 2\\CoD2MP_s.exe"=
"c:\\Games\\World_of_Tanks\\WorldOfTanks.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Documents and Settings\\PC\\Data aplikací\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
"c:\\Documents and Settings\\PC\\Local Settings\\Data aplikací\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\dota 2 beta\\dota.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [15.10.2012 3:48 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21.9.2012 3:46 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [14.9.2012 3:05 35552]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [22.10.2012 13:02 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [21.9.2012 3:45 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2.10.2012 3:30 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [21.9.2012 3:46 164832]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [15.11.2012 23:34 5814904]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [22.10.2012 13:05 196664]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [11.2.2013 16:52 23456]
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - PCAlertDriver
*Deregistered* - RushTopDevice
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-05 17:24 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-02-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-28 20:20]
.
2013-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-05 17:22]
.
2013-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-02-05 17:22]
.
.
------- Doplňkový sken -------
.
FF - ProfilePath - c:\documents and settings\PC\Data aplikací\Mozilla\Firefox\Profiles\8ctmc8zh.default-1359392824328\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-20 17:51
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Data]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Networking]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for Oracle]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for SqlServer]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NETFramework]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Abiosdsk]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\abp480n5]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPI]
"ImagePath"="system32\DRIVERS\ACPI.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPIEC]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AdobeFlashPlayerUpdateSvc]
"ImagePath"="c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\adpu160m]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aec]
"ImagePath"="system32\drivers\aec.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFD]
"ImagePath"="\SystemRoot\System32\drivers\afd.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\agp440]
"ImagePath"="system32\DRIVERS\agp440.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aha154x]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78u2]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78xx]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALCXSENS]
"ImagePath"="system32\drivers\ALCXSENS.SYS"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALCXWDM]
"ImagePath"="system32\drivers\ALCXWDM.SYS"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Alerter]
"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AliIde]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amsint]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3350p]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3550]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET_2.0.50727]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aspnet_state]
"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi]
"ImagePath"="system32\DRIVERS\atapi.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atdisk]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ati HotKey Poller]
"ImagePath"="%SystemRoot%\system32\Ati2evxx.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ATI Smart]
"ImagePath"="c:\windows\system32\ati2sgag.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ati2mtag]
"ImagePath"="system32\DRIVERS\ati2mtag.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atierecord]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atksgt]
"ImagePath"="system32\DRIVERS\atksgt.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atmarpc]
"ImagePath"="system32\DRIVERS\atmarpc.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\audstub]
"ImagePath"="system32\DRIVERS\audstub.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Avg]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVGIDSAgent]
"ImagePath"="\"c:\program files\AVG\AVG2013\avgidsagent.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVGIDSDriver]
"ImagePath"="system32\DRIVERS\avgidsdriverx.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVGIDSHX]
"ImagePath"="system32\DRIVERS\avgidshx.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVGIDSShim]
"ImagePath"="system32\DRIVERS\avgidsshimx.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Avgldx86]
"ImagePath"="system32\DRIVERS\avgldx86.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Avglogx]
"ImagePath"="system32\DRIVERS\avglogx.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Avgmfx86]
"ImagePath"="system32\DRIVERS\avgmfx86.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Avgrkx86]
"ImagePath"="system32\DRIVERS\avgrkx86.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Avgtdix]
"ImagePath"="system32\DRIVERS\avgtdix.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avgwd]
"ImagePath"="\"c:\program files\AVG\AVG2013\avgwdsvc.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BattC]
"MofImagePath"="System32\Drivers\battc.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Bonjour Service]
"ImagePath"="\"c:\program files\Bonjour\mDNSResponder.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]
"ImagePath"="\??\c:\docume~1\PC\LOCALS~1\Temp\catchme.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbidf2k]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cd20xrnt]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdaudio]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdfs]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Changer]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvc]
"ImagePath"="%SystemRoot%\system32\cisvc.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClipSrv]
"ImagePath"="%SystemRoot%\system32\clipsrv.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clr_optimization_v2.0.50727_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdIde]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysApp]
"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentFilter]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentIndex]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cpqarray]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac2w2k]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac960nt]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp]
"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadmin]
"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmboot]
"ImagePath"="System32\drivers\dmboot.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmio]
"ImagePath"="System32\drivers\dmio.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmload]
"ImagePath"="System32\drivers\dmload.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserver]
"ServiceDll"="%SystemRoot%\System32\dmserver.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMusic]
"ImagePath"="system32\drivers\DMusic.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpti2o]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DrvAgent32]
"ImagePath"="\??\c:\windows\system32\Drivers\DrvAgent32.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\eamonm]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ElbyCDIO]
"ImagePath"="System32\Drivers\ElbyCDIO.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvc]
"ServiceDll"="%SystemRoot%\System32\ersvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog]
"ImagePath"="%SystemRoot%\system32\services.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
"ServiceDll"="c:\windows\system32\es.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FLEXnet Licensing Service]
"ImagePath"="\"c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
"ImagePath"="system32\DRIVERS\fltMgr.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\giveio]
"ImagePath"="system32\giveio.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GMSIPCI]
"ImagePath"="\??\e:\install\GMSIPCI.SYS"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gupdate]
"ImagePath"="\"c:\program files\Google\Update\GoogleUpdate.exe\" /svc"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gupdatem]
"ImagePath"="\"c:\program files\Google\Update\GoogleUpdate.exe\" /medsvc"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDriverT]
"ImagePath"="\"c:\program files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]
"ImagePath"="system32\DRIVERS\intelide.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
"ImagePath"="system32\DRIVERS\Ip6Fw.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\JavaQuickStarterService]
"ImagePath"="\"c:\program files\Java\jre7\bin\jqs.exe\" -service -config \"c:\program files\Java\jre7\lib\deploy\jqs\jqs.conf\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lirsgt]
"ImagePath"="system32\DRIVERS\lirsgt.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="c:\windows\system32\mnmsrvc.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MozillaMaintenance]
"ImagePath"="\"c:\program files\Mozilla Maintenance Service\maintenanceservice.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
"ImagePath"="c:\windows\system32\msdtc.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rtl8139]
"ImagePath"="system32\DRIVERS\R8139n51.SYS"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\speedfan]
"ImagePath"="system32\speedfan.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
"ServiceDll"="%SystemRoot%\system32\srsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Steam Client Service]
"ImagePath"="c:\program files\Common Files\Steam\SteamService.exe /RunAsService"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{E380311C-63D5-41CD-BD16-106BFD5EF98E}"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]
"ImagePath"="c:\windows\system32\tlntsvr.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usb]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VClone]
"ImagePath"="system32\DRIVERS\VClone.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]
"ServiceDll"="c:\windows\system32\mspmsnsv.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi]
"ServiceDll"="%SystemRoot%\System32\advapi32.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv]
"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL]
"ImagePath"="\SystemRoot\System32\drivers\ws2ifsl.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv]
"ServiceDll"="%systemroot%\system32\wuauserv.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{BCAA6E3C-3DC1-45EF-BE30-33E37DF3FDEB}]
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1935655697-1214440339-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:94,36,73,b8,7b,a7,80,4f,03,b4,18,63,16,2b,bf,72,7a,6c,ca,ed,32,2a,96,
c4,7b,ad,b2,d0,aa,02,78,c8,f5,1d,ce,1a,1d,a7,c8,fc,51,1c,5f,8b,52,66,fe,51,\
"??"=hex:b9,50,d5,de,a7,8e,42,5e,15,bd,8a,44,64,0b,33,d2
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3292)
c:\windows\system32\msi.dll
.
Celkový čas: 2013-02-20 17:56:17
ComboFix-quarantined-files.txt 2013-02-20 16:56
.
Před spuštěním: Volných bajtů: 16 421 371 904
Po spuštění: Volných bajtů: 16 386 113 536
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 8F04FD453B9556B042C12A186715E3F3

môžem sa spýtať, na ploche sa mi objavila neaká ikonka ktorú som ešte nevidel, nemá žiadny názov, keď kliknem pravým tak sa mi objaví "otevřít","prozkoumat" a "vytvořit zastupce"... môžem ju vymazať alebo ju nechať tak?, načo slúži?

[jaro3]

můžeš sem vložit screen té ikonky.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::

FixCSet::

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.