preventivka-pomalé PC po startu

[Medievl]

ahoj zde je log z HJT děkuji za odpovědi




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:36:28, on 1.6.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17109)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\program files\ahead\incd\incd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Pavel\Plocha\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.superhry.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Groove Folder Synchronization - {1EA72C1C-3F5D-3E11-3614-1EF9496232D2} - C:\WINDOWS\system32\dmsttyle.dll
O2 - BHO: TheBflix - {48173CE5-D151-4B12-8265-C0209B41B449} - C:\Documents and Settings\All Users\Data aplikací\TheBflix\bhoclass.dll
O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Hyperionics DB Toolbar\tbcore3.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Hyperionics DB Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Hyperionics DB Toolbar\tbcore3.dll
O3 - Toolbar: Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [InCD] c:\program files\ahead\incd\incd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe

--
End of file - 8510 bytes

[Reklama]

[Žbeky]

Odinstaluj Hyperionics DB Toolbar a Incredibar Toolbar

Fixni:

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.superhry.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: TheBflix - {48173CE5-D151-4B12-8265-C0209B41B449} - C:\Documents and Settings\All Users\Data aplikací\TheBflix\bhoclass.dll
O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Hyperionics DB Toolbar\tbcore3.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Hyperionics DB Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\Hyperionics DB Toolbar\tbcore3.dll
O3 - Toolbar: Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.

[Medievl]

poraď prosím jak odstranit ty toolbary jestli to odstraní ten fix nebo jak přes Ccleaner to nejde a log z anti malvare sem přidám

[jaro3]

Pokud je nemáš v přidat/odebrat programy , tak pokračuj dál , smažeme je potom.

[Medievl]

zde log a toolbary odinstalovány




Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Verze databáze: v2012.06.01.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Pavel :: CAPOVEC [administrátor]

3.6.2012 20:28:09
mbam-log-2012-06-03 (20-36-55).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 219462
Uplynulý čas: 7 minut, 29 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4} (PUP.BFlix) -> Žádná instrukce nebyla provedena.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 2
C:\Documents and Settings\All Users\Data aplikací\TheBflix (PUP.BFlix) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\All Users\Data aplikací\TheBflix\data (PUP.BFlix) -> Žádná instrukce nebyla provedena.

Nalezené soubory: 8
C:\Documents and Settings\Pavel\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\All Users\Data aplikací\TheBflix\background.html (PUP.BFlix) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\All Users\Data aplikací\TheBflix\content.js (PUP.BFlix) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\All Users\Data aplikací\TheBflix\joifgdlkhokekeaenpkaehbnjhncglbh.crx (PUP.BFlix) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\All Users\Data aplikací\TheBflix\settings.ini (PUP.BFlix) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\All Users\Data aplikací\TheBflix\uninstall.exe (PUP.BFlix) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\All Users\Data aplikací\TheBflix\data\content.js (PUP.BFlix) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\All Users\Data aplikací\TheBflix\data\jsondb.js (PUP.BFlix) -> Žádná instrukce nebyla provedena.

(konec)

[Žbeky]

Znovu spusť MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

[Medievl]

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Verze databáze: v2012.06.01.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Pavel :: CAPOVEC [administrátor]

3.6.2012 20:52:32
mbam-log-2012-06-03 (20-52-32).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 219497
Uplynulý čas: 7 minut, 58 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4} (PUP.BFlix) -> Umístnění do karantény a smazání se zdařilo.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 2
C:\Documents and Settings\All Users\Data aplikací\TheBflix (PUP.BFlix) -> Umístnění do karantény a smazání se zdařilo.
C:\Documents and Settings\All Users\Data aplikací\TheBflix\data (PUP.BFlix) -> Umístnění do karantény a smazání se zdařilo.

Nalezené soubory: 8
C:\Documents and Settings\Pavel\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Umístnění do karantény a smazání se zdařilo.
C:\Documents and Settings\All Users\Data aplikací\TheBflix\background.html (PUP.BFlix) -> Umístnění do karantény a smazání se zdařilo.
C:\Documents and Settings\All Users\Data aplikací\TheBflix\content.js (PUP.BFlix) -> Umístnění do karantény a smazání se zdařilo.
C:\Documents and Settings\All Users\Data aplikací\TheBflix\joifgdlkhokekeaenpkaehbnjhncglbh.crx (PUP.BFlix) -> Umístnění do karantény a smazání se zdařilo.
C:\Documents and Settings\All Users\Data aplikací\TheBflix\settings.ini (PUP.BFlix) -> Umístnění do karantény a smazání se zdařilo.
C:\Documents and Settings\All Users\Data aplikací\TheBflix\uninstall.exe (PUP.BFlix) -> Umístnění do karantény a smazání se zdařilo.
C:\Documents and Settings\All Users\Data aplikací\TheBflix\data\content.js (PUP.BFlix) -> Umístnění do karantény a smazání se zdařilo.
C:\Documents and Settings\All Users\Data aplikací\TheBflix\data\jsondb.js (PUP.BFlix) -> Umístnění do karantény a smazání se zdařilo.

(konec)

[Žbeky]

Dej ten co minule

[Medievl]

ten úplně první ?

[jaro3]

Stáhni si TDSSKiller

Na svojí plochu.Ujisti se , že máš zavřeny všechny ostatní aplikace a prohlížeče. Rozbal soubor a spusť TDSSKiller.exe. Restartuj PC . Log z TDSSKilleru najdeš zde:
C:\TDSSKiller.2.2.7.1._(datum)_log.txt , vlož sem prosím celý obsah logu.

Pak ten Combofix.

[Medievl]

14:39:16.0468 0184 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
14:39:16.0828 0184 ============================================================
14:39:16.0828 0184 Current date / time: 2012/07/04 14:39:16.0828
14:39:16.0828 0184 SystemInfo:
14:39:16.0828 0184
14:39:16.0828 0184 OS Version: 5.1.2600 ServicePack: 3.0
14:39:16.0828 0184 Product type: Workstation
14:39:16.0828 0184 ComputerName: CAPOVEC
14:39:16.0828 0184 UserName: Pavel
14:39:16.0828 0184 Windows directory: C:\WINDOWS
14:39:16.0828 0184 System windows directory: C:\WINDOWS
14:39:16.0828 0184 Processor architecture: Intel x86
14:39:16.0828 0184 Number of processors: 1
14:39:16.0828 0184 Page size: 0x1000
14:39:16.0828 0184 Boot type: Normal boot
14:39:16.0828 0184 ============================================================
14:39:19.0953 0184 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:39:19.0953 0184 ============================================================
14:39:19.0953 0184 \Device\Harddisk0\DR0:
14:39:19.0953 0184 MBR partitions:
14:39:19.0953 0184 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x61A7927
14:39:19.0968 0184 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x61A79A5, BlocksNum 0x3366B1C
14:39:19.0968 0184 ============================================================
14:39:19.0984 0184 C: <-> \Device\Harddisk0\DR0\Partition0
14:39:20.0093 0184 D: <-> \Device\Harddisk0\DR0\Partition1
14:39:20.0093 0184 ============================================================
14:39:20.0093 0184 Initialize success
14:39:20.0093 0184 ============================================================
14:39:23.0703 3412 ============================================================
14:39:23.0703 3412 Scan started
14:39:23.0703 3412 Mode: Manual;
14:39:23.0703 3412 ============================================================
14:39:24.0640 3412 Abiosdsk - ok
14:39:24.0671 3412 abp480n5 - ok
14:39:24.0750 3412 ACPI (4fe34f1f3126b61fcc6b2043aa8112c9) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:39:24.0750 3412 ACPI - ok
14:39:24.0828 3412 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:39:24.0828 3412 ACPIEC - ok
14:39:24.0968 3412 AcrSch2Svc (152d4c9a0ab35621955850efea28595b) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
14:39:24.0968 3412 AcrSch2Svc - ok
14:39:25.0078 3412 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:39:25.0109 3412 AdobeFlashPlayerUpdateSvc - ok
14:39:25.0140 3412 adpu160m - ok
14:39:25.0203 3412 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:39:25.0218 3412 aec - ok
14:39:25.0265 3412 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
14:39:25.0265 3412 Afc - ok
14:39:25.0328 3412 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:39:25.0328 3412 AFD - ok
14:39:25.0359 3412 Aha154x - ok
14:39:25.0390 3412 aic78u2 - ok
14:39:25.0421 3412 aic78xx - ok
14:39:25.0484 3412 Alerter (e0a6fa244b8624d78fe5ff6f56a33bae) C:\WINDOWS\system32\alrsvc.dll
14:39:25.0484 3412 Alerter - ok
14:39:25.0531 3412 ALG (88842de939a827577bf24243699ac80a) C:\WINDOWS\System32\alg.exe
14:39:25.0531 3412 ALG - ok
14:39:25.0562 3412 AliIde - ok
14:39:25.0625 3412 AmdK7 (3980814f8027d27ea003e2e3d9d4f604) C:\WINDOWS\system32\DRIVERS\amdk7.sys
14:39:25.0625 3412 AmdK7 - ok
14:39:25.0656 3412 amsint - ok
14:39:25.0718 3412 asc - ok
14:39:25.0750 3412 asc3350p - ok
14:39:25.0781 3412 asc3550 - ok
14:39:25.0953 3412 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:39:26.0015 3412 aspnet_state - ok
14:39:26.0078 3412 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:39:26.0078 3412 AsyncMac - ok
14:39:26.0343 3412 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:39:26.0359 3412 atapi - ok
14:39:26.0390 3412 Atdisk - ok
14:39:26.0484 3412 atksgt (e46d344412d1abc60c58e95c73bcdc70) C:\WINDOWS\system32\DRIVERS\atksgt.sys
14:39:26.0500 3412 atksgt - ok
14:39:26.0546 3412 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:39:26.0546 3412 Atmarpc - ok
14:39:26.0609 3412 AudioSrv (de31b88962a8645dba5a37b993e7b0f1) C:\WINDOWS\System32\audiosrv.dll
14:39:26.0625 3412 AudioSrv - ok
14:39:26.0671 3412 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:39:26.0671 3412 audstub - ok
14:39:26.0750 3412 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:39:26.0750 3412 Beep - ok
14:39:26.0843 3412 BITS (19395d092fd85ddc2d9c7729cf5a2ac8) C:\WINDOWS\system32\qmgr.dll
14:39:27.0000 3412 BITS - ok
14:39:27.0062 3412 BlueletAudio (5ff9a3f3476d726ae62da82d5da94c36) C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
14:39:27.0062 3412 BlueletAudio - ok
14:39:27.0125 3412 BlueletSCOAudio (bd91afc523fd59f881e1763c38fb772f) C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys
14:39:27.0125 3412 BlueletSCOAudio - ok
14:39:27.0218 3412 BlueSoleil Hid Service (e460dbc78b9162a569c6ce3b7d31216d) C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
14:39:27.0234 3412 BlueSoleil Hid Service - ok
14:39:27.0343 3412 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
14:39:27.0359 3412 Bonjour Service - ok
14:39:27.0421 3412 Browser (249276d3ef1e74b992299cb96099e4d7) C:\WINDOWS\System32\browser.dll
14:39:27.0421 3412 Browser - ok
14:39:27.0484 3412 BT (c5cce2b26f73f8cf7f3c82159e79aa08) C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
14:39:27.0500 3412 BT - ok
14:39:27.0562 3412 Btcsrusb (fb2abc6d08d9f8d5ed8e02cbd18b39bb) C:\WINDOWS\system32\Drivers\btcusb.sys
14:39:27.0562 3412 Btcsrusb - ok
14:39:27.0625 3412 BTHidEnum (ce643d0918123d76a5caab008fca9663) C:\WINDOWS\system32\Drivers\vbtenum.sys
14:39:27.0640 3412 BTHidEnum - ok
14:39:27.0687 3412 BTHidMgr (dfca4fe4c8aec786b4d0f432eb730f48) C:\WINDOWS\system32\Drivers\BTHidMgr.sys
14:39:27.0687 3412 BTHidMgr - ok
14:39:27.0750 3412 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:39:27.0750 3412 cbidf2k - ok
14:39:27.0796 3412 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:39:27.0796 3412 CCDECODE - ok
14:39:27.0828 3412 cd20xrnt - ok
14:39:27.0890 3412 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:39:27.0890 3412 Cdaudio - ok
14:39:27.0953 3412 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:39:27.0953 3412 Cdfs - ok
14:39:28.0015 3412 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:39:28.0015 3412 Cdrom - ok
14:39:28.0046 3412 Changer - ok
14:39:28.0125 3412 CiSvc (e390dc1d7c461d7d56ec53402f329928) C:\WINDOWS\system32\cisvc.exe
14:39:28.0125 3412 CiSvc - ok
14:39:28.0187 3412 ClipSrv (064507a8dfa8c5c7e2ffddd3e6f424fa) C:\WINDOWS\system32\clipsrv.exe
14:39:28.0187 3412 ClipSrv - ok
14:39:28.0296 3412 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:39:28.0421 3412 clr_optimization_v2.0.50727_32 - ok
14:39:28.0453 3412 CmdIde - ok
14:39:28.0625 3412 cmuda (297cc8a257cbd3c46bbd675ec5e35cc2) C:\WINDOWS\system32\drivers\cmuda.sys
14:39:28.0671 3412 cmuda - ok
14:39:28.0750 3412 COMSysApp - ok
14:39:28.0812 3412 Cpqarray - ok
14:39:28.0875 3412 cpuz135 (3411fdf098aa20193eee5ffa36ba43b2) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
14:39:28.0875 3412 cpuz135 - ok
14:39:28.0937 3412 CryptSvc (f3ab0933cbd166d271992f411c27ccaf) C:\WINDOWS\System32\cryptsvc.dll
14:39:28.0937 3412 CryptSvc - ok
14:39:28.0968 3412 dac2w2k - ok
14:39:29.0000 3412 dac960nt - ok
14:39:29.0078 3412 DcomLaunch (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\system32\rpcss.dll
14:39:29.0093 3412 DcomLaunch - ok
14:39:29.0156 3412 Dhcp (8c9a53e285ac5e6704844d0459ec85be) C:\WINDOWS\System32\dhcpcsvc.dll
14:39:29.0156 3412 Dhcp - ok
14:39:29.0218 3412 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:39:29.0218 3412 Disk - ok
14:39:29.0250 3412 dmadmin - ok
14:39:29.0375 3412 dmboot (db5fd2bf5b07dc54bfcb3664ff05bd7c) C:\WINDOWS\system32\drivers\dmboot.sys
14:39:29.0406 3412 dmboot - ok
14:39:29.0453 3412 dmio (fff1720af51171f32f1ead5cf71f2810) C:\WINDOWS\system32\drivers\dmio.sys
14:39:29.0468 3412 dmio - ok
14:39:29.0515 3412 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:39:29.0515 3412 dmload - ok
14:39:29.0578 3412 dmserver (2bfefe9e865655a76982f050450b9591) C:\WINDOWS\System32\dmserver.dll
14:39:29.0578 3412 dmserver - ok
14:39:29.0625 3412 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:39:29.0640 3412 DMusic - ok
14:39:29.0687 3412 Dnscache (dfaa406bf19f4ee806a6f8d4342137f7) C:\WINDOWS\System32\dnsrslvr.dll
14:39:29.0687 3412 Dnscache - ok
14:39:29.0750 3412 Dot3svc (4a3e2bd20157a0946751229e92eb8621) C:\WINDOWS\System32\dot3svc.dll
14:39:29.0765 3412 Dot3svc - ok
14:39:29.0796 3412 dpti2o - ok
14:39:29.0859 3412 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:39:29.0859 3412 drmkaud - ok
14:39:29.0937 3412 dtsoftbus01 (fb38473835476a6fb272215a1d972af9) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
14:39:29.0953 3412 dtsoftbus01 - ok
14:39:30.0000 3412 EagleNT - ok
14:39:30.0031 3412 EagleXNt - ok
14:39:30.0078 3412 EapHost (0887d9c2be8d940778cad1e3b85f2a41) C:\WINDOWS\System32\eapsvc.dll
14:39:30.0093 3412 EapHost - ok
14:39:30.0203 3412 ERSvc (a2a4912798f2be706abadd3d30800d16) C:\WINDOWS\System32\ersvc.dll
14:39:30.0203 3412 ERSvc - ok
14:39:30.0265 3412 Eventlog (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
14:39:30.0265 3412 Eventlog - ok
14:39:30.0359 3412 EventSystem (a371f11ef07653591c8de26afb13ce7f) C:\WINDOWS\system32\es.dll
14:39:30.0359 3412 EventSystem - ok
14:39:30.0421 3412 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:39:30.0437 3412 Fastfat - ok
14:39:30.0500 3412 FastUserSwitchingCompatibility (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
14:39:30.0515 3412 FastUserSwitchingCompatibility - ok
14:39:30.0562 3412 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:39:30.0562 3412 Fdc - ok
14:39:30.0593 3412 fgdxbus - ok
14:39:30.0656 3412 Fips (ac366695a0796560aa37215ad5762aaf) C:\WINDOWS\system32\drivers\Fips.sys
14:39:30.0656 3412 Fips - ok
14:39:30.0718 3412 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:39:30.0718 3412 Flpydisk - ok
14:39:30.0828 3412 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:39:30.0828 3412 FltMgr - ok
14:39:30.0953 3412 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:39:30.0968 3412 FontCache3.0.0.0 - ok
14:39:31.0015 3412 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:39:31.0015 3412 Fs_Rec - ok
14:39:31.0062 3412 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:39:31.0062 3412 Ftdisk - ok
14:39:31.0109 3412 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
14:39:31.0109 3412 gameenum - ok
14:39:31.0187 3412 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:39:31.0187 3412 Gpc - ok
14:39:31.0328 3412 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:39:31.0328 3412 gupdate - ok
14:39:31.0359 3412 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
14:39:31.0359 3412 gupdatem - ok
14:39:31.0421 3412 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
14:39:31.0421 3412 hamachi - ok
14:39:31.0500 3412 helpsvc (fcfe31fb75f8a6295b6b0af87a626282) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:39:31.0500 3412 helpsvc - ok
14:39:31.0562 3412 hidgame (923ee4eef2582909a056904ca8026015) C:\WINDOWS\system32\DRIVERS\hidgame.sys
14:39:31.0562 3412 hidgame - ok
14:39:31.0609 3412 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:39:31.0609 3412 hidusb - ok
14:39:31.0671 3412 hkmsvc (7a6b320928f86bc851530d63c82965d9) C:\WINDOWS\System32\kmsvc.dll
14:39:31.0671 3412 hkmsvc - ok
14:39:31.0703 3412 hpn - ok
14:39:31.0765 3412 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:39:31.0796 3412 HTTP - ok
14:39:31.0843 3412 HTTPFilter (58fe2f2da3bc5573f4a35b3760d3125f) C:\WINDOWS\System32\w3ssl.dll
14:39:31.0859 3412 HTTPFilter - ok
14:39:31.0890 3412 i2omgmt - ok
14:39:31.0921 3412 i2omp - ok
14:39:31.0984 3412 i8042prt (c528e27945367191e7bae364930b6932) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:39:31.0984 3412 i8042prt - ok
14:39:32.0078 3412 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:39:32.0078 3412 IDriverT - ok
14:39:32.0203 3412 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:39:32.0250 3412 idsvc - ok
14:39:32.0312 3412 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:39:32.0312 3412 Imapi - ok
14:39:32.0375 3412 ImapiService (f7b93aafad33b2320954c17e26c8d361) C:\WINDOWS\system32\imapi.exe
14:39:32.0375 3412 ImapiService - ok
14:39:32.0437 3412 InCDfs (d8a77fc386f9297ce4b692fc83b4ba02) C:\WINDOWS\system32\drivers\InCDfs.sys
14:39:32.0437 3412 InCDfs - ok
14:39:32.0484 3412 InCDPass (433bb499bcea1c88b55aa67d1b3ef1dc) C:\WINDOWS\system32\DRIVERS\InCDPass.sys
14:39:32.0484 3412 InCDPass - ok
14:39:32.0546 3412 InCDrec (12dbb035cd2ed0313fab864470f31c23) C:\WINDOWS\system32\drivers\InCDrec.sys
14:39:32.0546 3412 InCDrec - ok
14:39:32.0593 3412 incdrm (9d1adfe6ce5c2e2a42f3b8aa57821d87) C:\WINDOWS\system32\drivers\incdrm.sys
14:39:32.0593 3412 incdrm - ok
14:39:32.0765 3412 InCDsrv (394bf2329ac168f253c74e1eead15fac) C:\Program Files\Ahead\InCD\InCDsrv.exe
14:39:32.0796 3412 InCDsrv - ok
14:39:32.0843 3412 ini910u - ok
14:39:32.0890 3412 IntelIde - ok
14:39:32.0937 3412 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:39:32.0937 3412 Ip6Fw - ok
14:39:33.0000 3412 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:39:33.0000 3412 IpFilterDriver - ok
14:39:33.0046 3412 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:39:33.0046 3412 IpInIp - ok
14:39:33.0109 3412 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:39:33.0109 3412 IpNat - ok
14:39:33.0171 3412 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:39:33.0171 3412 IPSec - ok
14:39:33.0218 3412 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:39:33.0218 3412 IRENUM - ok
14:39:33.0296 3412 isapnp (cc9f8a2d60aed1a51a3ac34c59b987ae) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:39:33.0296 3412 isapnp - ok
14:39:33.0421 3412 JavaQuickStarterService (8c5c59e1921eca3607390a1f641556df) C:\Program Files\Java\jre7\bin\jqs.exe
14:39:33.0421 3412 JavaQuickStarterService - ok
14:39:33.0453 3412 k750bus - ok
14:39:33.0484 3412 k750mdfl - ok
14:39:33.0515 3412 k750mdm - ok
14:39:33.0546 3412 k750mgmt - ok
14:39:33.0578 3412 k750obex - ok
14:39:33.0640 3412 Kbdclass (1b6162fe7f66b1a71a4b70f941c4aa9b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:39:33.0640 3412 Kbdclass - ok
14:39:33.0703 3412 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:39:33.0703 3412 kmixer - ok
14:39:33.0765 3412 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:39:33.0765 3412 KSecDD - ok
14:39:33.0828 3412 lanmanserver (3428e8f86f8add36b42fb23542c7b3e4) C:\WINDOWS\System32\srvsvc.dll
14:39:33.0843 3412 lanmanserver - ok
14:39:33.0906 3412 lanmanworkstation (936c1d110232d23b621cb0196e4f80f0) C:\WINDOWS\System32\wkssvc.dll
14:39:33.0921 3412 lanmanworkstation - ok
14:39:33.0953 3412 lbrtfdc - ok
14:39:34.0046 3412 lirsgt (8ccf9ed46d52af1375875f74a91ffacf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
14:39:34.0046 3412 lirsgt - ok
14:39:34.0093 3412 LmHosts (0ab159f536e3e8f7f07113702a07cca5) C:\WINDOWS\System32\lmhsvc.dll
14:39:34.0093 3412 LmHosts - ok
14:39:34.0203 3412 ltmodem5 (77db6177fd08aab1dd8a896197cc7660) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
14:39:34.0234 3412 ltmodem5 - ok
14:39:34.0281 3412 massfilter_hs (3c7b3072c3c5cc23f5fd46f8dfda7480) C:\WINDOWS\system32\drivers\massfilter_hs.sys
14:39:34.0281 3412 massfilter_hs - ok
14:39:34.0343 3412 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
14:39:34.0343 3412 MBAMSwissArmy - ok
14:39:34.0390 3412 Messenger (221cd1c815b8a6b79389c3f5d1018de8) C:\WINDOWS\System32\msgsvc.dll
14:39:34.0406 3412 Messenger - ok
14:39:34.0453 3412 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:39:34.0453 3412 mnmdd - ok
14:39:34.0515 3412 mnmsrvc (9a57d046f88f4b69751b11fd40088a61) C:\WINDOWS\system32\mnmsrvc.exe
14:39:34.0515 3412 mnmsrvc - ok
14:39:34.0562 3412 Modem (44032b0c6d9954d3fd26438330b99ee7) C:\WINDOWS\system32\drivers\Modem.sys
14:39:34.0562 3412 Modem - ok
14:39:34.0625 3412 Mouclass (4cb582831dbde63ce43b45d771218374) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:39:34.0625 3412 Mouclass - ok
14:39:34.0671 3412 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:39:34.0671 3412 mouhid - ok
14:39:34.0734 3412 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:39:34.0734 3412 MountMgr - ok
14:39:34.0812 3412 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:39:34.0828 3412 MozillaMaintenance - ok
14:39:34.0859 3412 mraid35x - ok
14:39:34.0921 3412 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:39:34.0937 3412 MRxDAV - ok
14:39:35.0031 3412 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:39:35.0046 3412 MRxSmb - ok
14:39:35.0093 3412 MSDTC (6db4d1521caba9a5ffab54ade0ae867d) C:\WINDOWS\system32\msdtc.exe
14:39:35.0109 3412 MSDTC - ok
14:39:35.0171 3412 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:39:35.0171 3412 Msfs - ok
14:39:35.0203 3412 MSIServer - ok
14:39:35.0250 3412 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:39:35.0250 3412 MSKSSRV - ok
14:39:35.0296 3412 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:39:35.0296 3412 MSPCLOCK - ok
14:39:35.0343 3412 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:39:35.0343 3412 MSPQM - ok
14:39:35.0390 3412 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:39:35.0390 3412 mssmbios - ok
14:39:35.0437 3412 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
14:39:35.0437 3412 MSTEE - ok
14:39:35.0484 3412 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
14:39:35.0484 3412 ms_mpu401 - ok
14:39:35.0546 3412 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:39:35.0546 3412 Mup - ok
14:39:35.0593 3412 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:39:35.0593 3412 NABTSFEC - ok
14:39:35.0671 3412 napagent (6ea362e9db03d44f6b996f4d8be237e9) C:\WINDOWS\System32\qagentrt.dll
14:39:35.0703 3412 napagent - ok
14:39:35.0765 3412 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:39:35.0765 3412 NDIS - ok
14:39:35.0812 3412 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:39:35.0812 3412 NdisIP - ok
14:39:35.0875 3412 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:39:35.0875 3412 NdisTapi - ok
14:39:35.0921 3412 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:39:35.0921 3412 Ndisuio - ok
14:39:35.0984 3412 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:39:35.0984 3412 NdisWan - ok
14:39:36.0046 3412 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:39:36.0046 3412 NDProxy - ok
14:39:36.0250 3412 Nero BackItUp Scheduler 4.0 (b90e093e7a7250906f1054418b5339c0) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
14:39:36.0281 3412 Nero BackItUp Scheduler 4.0 - ok
14:39:36.0343 3412 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:39:36.0343 3412 NetBIOS - ok
14:39:36.0390 3412 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:39:36.0406 3412 NetBT - ok
14:39:36.0468 3412 NetDDE (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
14:39:36.0468 3412 NetDDE - ok
14:39:36.0500 3412 NetDDEdsdm (933de774986ec85e48210c44ab431de6) C:\WINDOWS\system32\netdde.exe
14:39:36.0500 3412 NetDDEdsdm - ok
14:39:36.0546 3412 Netlogon (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
14:39:36.0562 3412 Netlogon - ok
14:39:36.0609 3412 Netman (72e1e9e2977be08bdeedb6d8fd9d4d40) C:\WINDOWS\System32\netman.dll
14:39:36.0609 3412 Netman - ok
14:39:36.0750 3412 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:39:36.0750 3412 NetTcpPortSharing - ok
14:39:36.0828 3412 Nla (39ee7c3bfbc64ba87cc8cf67386e814c) C:\WINDOWS\System32\mswsock.dll
14:39:36.0843 3412 Nla - ok
14:39:36.0906 3412 npf (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys
14:39:36.0906 3412 npf - ok
14:39:36.0953 3412 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:39:36.0968 3412 Npfs - ok
14:39:37.0078 3412 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:39:37.0093 3412 Ntfs - ok
14:39:37.0156 3412 NtLmSsp (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
14:39:37.0156 3412 NtLmSsp - ok
14:39:37.0250 3412 NtmsSvc (023dd70573d644f3d9c8b1258a7bfd08) C:\WINDOWS\system32\ntmssvc.dll
14:39:37.0265 3412 NtmsSvc - ok
14:39:37.0312 3412 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:39:37.0312 3412 Null - ok
14:39:37.0656 3412 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:39:37.0812 3412 nv - ok
14:39:37.0937 3412 NVSvc (0febe37db6650faa5965c00545009d1d) C:\WINDOWS\system32\nvsvc32.exe
14:39:37.0953 3412 NVSvc - ok
14:39:38.0031 3412 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:39:38.0031 3412 NwlnkFlt - ok
14:39:38.0078 3412 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:39:38.0078 3412 NwlnkFwd - ok
14:39:38.0156 3412 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:39:38.0171 3412 ose - ok
14:39:38.0250 3412 Parport (46f8db73b4a53e543f8e371dc7c75bae) C:\WINDOWS\system32\DRIVERS\parport.sys
14:39:38.0250 3412 Parport - ok
14:39:38.0312 3412 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:39:38.0328 3412 PartMgr - ok
14:39:38.0375 3412 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
14:39:38.0375 3412 ParVdm - ok
14:39:38.0421 3412 PCI (6ce351d149cb4befc702951e471e1730) C:\WINDOWS\system32\DRIVERS\pci.sys
14:39:38.0421 3412 PCI - ok
14:39:38.0453 3412 PCIDump - ok
14:39:38.0484 3412 PCIIde - ok
14:39:38.0546 3412 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\system32\drivers\pclepci.sys
14:39:38.0562 3412 PCLEPCI - ok
14:39:38.0609 3412 Pcmcia (4fc31e6c19a5ce5198b1abff94cae758) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:39:38.0625 3412 Pcmcia - ok
14:39:38.0656 3412 PDCOMP - ok
14:39:38.0687 3412 PDFRAME - ok
14:39:38.0718 3412 PDRELI - ok
14:39:38.0750 3412 PDRFRAME - ok
14:39:38.0781 3412 perc2 - ok
14:39:38.0812 3412 perc2hib - ok
14:39:38.0921 3412 PlugPlay (9ef697af07bb8dd82c3b02ca953a95b7) C:\WINDOWS\system32\services.exe
14:39:38.0937 3412 PlugPlay - ok
14:39:38.0984 3412 PnkBstrA (3a2bdd76e7d2a5f40a7174793d1ba794) C:\WINDOWS\system32\PnkBstrA.exe
14:39:38.0984 3412 PnkBstrA - ok
14:39:39.0062 3412 PnkBstrB (7c01817adf3207fb65a4b56e6d5ad833) C:\WINDOWS\system32\PnkBstrB.exe
14:39:39.0078 3412 PnkBstrB - ok
14:39:39.0156 3412 PnkBstrK (f4ba8e3e515a3dd9dd29a031d6f94e02) C:\WINDOWS\system32\drivers\PnkBstrK.sys
14:39:39.0156 3412 PnkBstrK - ok
14:39:39.0218 3412 PolicyAgent (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
14:39:39.0218 3412 PolicyAgent - ok
14:39:39.0265 3412 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:39:39.0265 3412 PptpMiniport - ok
14:39:39.0343 3412 prodrv06 (18d9789a4664bf417eea944d2776091a) C:\WINDOWS\System32\drivers\prodrv06.sys
14:39:39.0343 3412 prodrv06 - ok
14:39:39.0406 3412 prohlp02 (8cc9671a7ed2902e747ee0892e1c8575) C:\WINDOWS\system32\drivers\prohlp02.sys
14:39:39.0406 3412 prohlp02 - ok
14:39:39.0453 3412 prosync1 (960bce3ed38761b446aabac06c76badf) C:\WINDOWS\system32\drivers\prosync1.sys
14:39:39.0453 3412 prosync1 - ok
14:39:39.0484 3412 ProtectedStorage (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
14:39:39.0484 3412 ProtectedStorage - ok
14:39:39.0515 3412 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:39:39.0515 3412 PSched - ok
14:39:39.0578 3412 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:39:39.0578 3412 Ptilink - ok
14:39:39.0609 3412 ql1080 - ok
14:39:39.0640 3412 Ql10wnt - ok
14:39:39.0671 3412 ql12160 - ok
14:39:39.0718 3412 ql1240 - ok
14:39:39.0750 3412 ql1280 - ok
14:39:39.0796 3412 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:39:39.0796 3412 RasAcd - ok
14:39:39.0859 3412 RasAuto (2b5e44ea009f2f374b980e1e9a70635d) C:\WINDOWS\System32\rasauto.dll
14:39:39.0859 3412 RasAuto - ok
14:39:39.0906 3412 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:39:39.0906 3412 Rasl2tp - ok
14:39:39.0984 3412 RasMan (d57554c664b64604bd1ee13ea2c07e77) C:\WINDOWS\System32\rasmans.dll
14:39:39.0984 3412 RasMan - ok
14:39:40.0046 3412 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:39:40.0046 3412 RasPppoe - ok
14:39:40.0093 3412 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:39:40.0093 3412 Raspti - ok
14:39:40.0156 3412 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:39:40.0171 3412 Rdbss - ok
14:39:40.0203 3412 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:39:40.0203 3412 RDPCDD - ok
14:39:40.0296 3412 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
14:39:40.0296 3412 RDPWD - ok
14:39:40.0359 3412 RDSessMgr (c0d9d9711cb74ee9bc66353d8cbdab0e) C:\WINDOWS\system32\sessmgr.exe
14:39:40.0359 3412 RDSessMgr - ok
14:39:40.0421 3412 redbook (611bfd220305be3a85ae876ea47d4aa5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:39:40.0421 3412 redbook - ok
14:39:40.0468 3412 RemoteAccess (127c26b5371651043450e52542099aba) C:\WINDOWS\System32\mprdim.dll
14:39:40.0468 3412 RemoteAccess - ok
14:39:40.0546 3412 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
14:39:40.0546 3412 ROOTMODEM - ok
14:39:40.0593 3412 RpcLocator (718b3bdc0bc3c2f7d065a53d26202af9) C:\WINDOWS\system32\locator.exe
14:39:40.0609 3412 RpcLocator - ok
14:39:40.0687 3412 RpcSs (be27674d1cbc3214aec84b4336a38bbf) C:\WINDOWS\System32\rpcss.dll
14:39:40.0687 3412 RpcSs - ok
14:39:40.0734 3412 RSVP (09ab2e71e58b078038e3bfdba7ffc984) C:\WINDOWS\system32\rsvp.exe
14:39:40.0750 3412 RSVP - ok
14:39:40.0796 3412 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
14:39:40.0796 3412 rtl8139 - ok
14:39:40.0859 3412 s0017bus (594ff5620661d1386475406e78cb6f2f) C:\WINDOWS\system32\DRIVERS\s0017bus.sys
14:39:40.0859 3412 s0017bus - ok
14:39:40.0906 3412 s0017mdfl (7258f550419d543bc5c8e80c578a5d54) C:\WINDOWS\system32\DRIVERS\s0017mdfl.sys
14:39:40.0906 3412 s0017mdfl - ok
14:39:40.0953 3412 s0017mdm (1de4f6607feb17a15dbd4f1b139e6d2f) C:\WINDOWS\system32\DRIVERS\s0017mdm.sys
14:39:40.0953 3412 s0017mdm - ok
14:39:41.0000 3412 s0017mgmt (9814e6bacc06d2526cd52981c7eeedf0) C:\WINDOWS\system32\DRIVERS\s0017mgmt.sys
14:39:41.0000 3412 s0017mgmt - ok
14:39:41.0078 3412 s0017nd5 (2c62cd58225973f26682cd4f783ddede) C:\WINDOWS\system32\DRIVERS\s0017nd5.sys
14:39:41.0078 3412 s0017nd5 - ok
14:39:41.0125 3412 s0017obex (f87c3422e84b2fb1b43e0a26247ad5a5) C:\WINDOWS\system32\DRIVERS\s0017obex.sys
14:39:41.0125 3412 s0017obex - ok
14:39:41.0171 3412 s0017unic (df5e7360a0afa5956bf75da683d0679f) C:\WINDOWS\system32\DRIVERS\s0017unic.sys
14:39:41.0187 3412 s0017unic - ok
14:39:41.0234 3412 SamSs (ed0a176354487ceed65b80a7148ab739) C:\WINDOWS\system32\lsass.exe
14:39:41.0234 3412 SamSs - ok
14:39:41.0296 3412 SCardSvr (410046e401eb11e1e6749e9deea41d4a) C:\WINDOWS\System32\SCardSvr.exe
14:39:41.0296 3412 SCardSvr - ok
14:39:41.0359 3412 Schedule (3ff232a7731621b8902d81d42418c93c) C:\WINDOWS\system32\schedsvc.dll
14:39:41.0359 3412 Schedule - ok
14:39:41.0437 3412 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:39:41.0437 3412 Secdrv - ok
14:39:41.0484 3412 seclogon (477e2c3cc5e4a0d635bcb0ea8dcac3c6) C:\WINDOWS\System32\seclogon.dll
14:39:41.0500 3412 seclogon - ok
14:39:41.0546 3412 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
14:39:41.0546 3412 seehcri - ok
14:39:41.0609 3412 SENS (a530b75c10c23c9ab28fdb6ce719e21f) C:\WINDOWS\system32\sens.dll
14:39:41.0609 3412 SENS - ok
14:39:41.0671 3412 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:39:41.0671 3412 serenum - ok
14:39:41.0718 3412 Serial (b842729337c9b921615c40d3c1a1af96) C:\WINDOWS\system32\DRIVERS\serial.sys
14:39:41.0734 3412 Serial - ok
14:39:41.0828 3412 sfdrv01a (4d0ce0fadca29e7da68ce597ac9010bd) C:\WINDOWS\system32\drivers\sfdrv01a.sys
14:39:41.0828 3412 sfdrv01a - ok
14:39:41.0890 3412 sfhlp01 (462aee0ea0481ea8bd45cac876a4ccc4) C:\WINDOWS\system32\drivers\sfhlp01.sys
14:39:41.0890 3412 sfhlp01 - ok
14:39:41.0921 3412 sfhlp02 (daad4c099ebf5094d32c373ac1ac0f3c) C:\WINDOWS\system32\drivers\sfhlp02.sys
14:39:41.0921 3412 sfhlp02 - ok
14:39:41.0984 3412 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:39:41.0984 3412 Sfloppy - ok
14:39:42.0015 3412 sfrem01 - ok
14:39:42.0078 3412 sfsync02 (6dc03269f4c71e4ab313c3597f42a340) C:\WINDOWS\system32\drivers\sfsync02.sys
14:39:42.0078 3412 sfsync02 - ok
14:39:42.0125 3412 sfsync04 (c526ad307ff1900bc4c864f74553f762) C:\WINDOWS\system32\drivers\sfsync04.sys
14:39:42.0125 3412 sfsync04 - ok
14:39:42.0171 3412 sfvfs02 (107b772690050d3b19cbc637ad8fd96e) C:\WINDOWS\system32\drivers\sfvfs02.sys
14:39:42.0171 3412 sfvfs02 - ok
14:39:42.0250 3412 SharedAccess (f58faca9621d2db01bd0927d9a0a208e) C:\WINDOWS\System32\ipnathlp.dll
14:39:42.0265 3412 SharedAccess - ok
14:39:42.0328 3412 ShellHWDetection (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
14:39:42.0343 3412 ShellHWDetection - ok
14:39:42.0375 3412 Simbad - ok
14:39:42.0453 3412 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files\Skype\Updater\Updater.exe
14:39:42.0453 3412 SkypeUpdate - ok
14:39:42.0515 3412 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:39:42.0515 3412 SLIP - ok
14:39:42.0593 3412 snapman (5052dbafc8f4e4507e6ad0d467dd3529) C:\WINDOWS\system32\DRIVERS\snapman.sys
14:39:42.0593 3412 snapman - ok
14:39:42.0625 3412 Sparrow - ok
14:39:42.0687 3412 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:39:42.0687 3412 splitter - ok
14:39:42.0734 3412 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
14:39:42.0734 3412 Spooler - ok
14:39:42.0781 3412 sr (94610c8653635e4459316a0050d55ce7) C:\WINDOWS\system32\DRIVERS\sr.sys
14:39:42.0781 3412 sr - ok
14:39:42.0843 3412 srservice (35b91147124f64ac8081a2edb9ea4dee) C:\WINDOWS\system32\srsvc.dll
14:39:42.0859 3412 srservice - ok
14:39:42.0937 3412 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:39:42.0953 3412 Srv - ok
14:39:43.0000 3412 SSDPSRV (becd5271dc4e3b7c3d035f790fcbc1e5) C:\WINDOWS\System32\ssdpsrv.dll
14:39:43.0015 3412 SSDPSRV - ok
14:39:43.0109 3412 Start BT in service (9d1a8732718438dc8c472d4d7762de5f) C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
14:39:43.0109 3412 Start BT in service - ok
14:39:43.0171 3412 StillCam (06cda2a5a549bc455d004461e6bc5b33) C:\WINDOWS\system32\DRIVERS\serscan.sys
14:39:43.0171 3412 StillCam - ok
14:39:43.0250 3412 stisvc (c1cdd9275f6a115bb0ae1d55d8d27ba6) C:\WINDOWS\system32\wiaservc.dll
14:39:43.0265 3412 stisvc - ok
14:39:43.0328 3412 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:39:43.0328 3412 streamip - ok
14:39:43.0375 3412 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:39:43.0375 3412 swenum - ok
14:39:43.0421 3412 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:39:43.0421 3412 swmidi - ok
14:39:43.0453 3412 SwPrv - ok
14:39:43.0500 3412 symc810 - ok
14:39:43.0531 3412 symc8xx - ok
14:39:43.0562 3412 sym_hi - ok
14:39:43.0593 3412 sym_u3 - ok
14:39:43.0640 3412 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:39:43.0640 3412 sysaudio - ok
14:39:43.0703 3412 SysmonLog (ce06f01b88ace199a1bf460cac29c110) C:\WINDOWS\system32\smlogsvc.exe
14:39:43.0703 3412 SysmonLog - ok
14:39:43.0765 3412 TapiSrv (c2546cd7a398476f9df5614b2ae160e8) C:\WINDOWS\System32\tapisrv.dll
14:39:43.0781 3412 TapiSrv - ok
14:39:43.0875 3412 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:39:43.0890 3412 Tcpip - ok
14:39:43.0937 3412 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:39:43.0937 3412 TDPIPE - ok
14:39:43.0984 3412 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:39:43.0984 3412 TDTCP - ok
14:39:44.0031 3412 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:39:44.0031 3412 TermDD - ok
14:39:44.0109 3412 TermService (a75dd6fc3dbee4fff5ebc9f2c28bb66e) C:\WINDOWS\System32\termsrv.dll
14:39:44.0125 3412 TermService - ok
14:39:44.0187 3412 Themes (ee9a2b9ea968a792a053c9d1a86bf870) C:\WINDOWS\System32\shsvcs.dll
14:39:44.0187 3412 Themes - ok
14:39:44.0250 3412 tifsfilter (304e188496ec723c369e3b27da82f992) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
14:39:44.0250 3412 tifsfilter - ok
14:39:44.0312 3412 timounter (ac0a6126138403b5913a6d819343034b) C:\WINDOWS\system32\DRIVERS\timntr.sys
14:39:44.0328 3412 timounter - ok
14:39:44.0375 3412 TosIde - ok
14:39:44.0437 3412 TrkWks (38853304ccb938d30e0c4cde8d2c2a8a) C:\WINDOWS\system32\trkwks.dll
14:39:44.0437 3412 TrkWks - ok
14:39:44.0515 3412 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:39:44.0515 3412 Udfs - ok
14:39:44.0546 3412 ultra - ok
14:39:44.0625 3412 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:39:44.0640 3412 Update - ok
14:39:44.0718 3412 upnphost (651bd90dcee5b7bdc74a2eb7c9266f9e) C:\WINDOWS\System32\upnphost.dll
14:39:44.0734 3412 upnphost - ok
14:39:44.0781 3412 UPS (20a0f6a11959e92908717d09e87d670d) C:\WINDOWS\System32\ups.exe
14:39:44.0781 3412 UPS - ok
14:39:44.0843 3412 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:39:44.0843 3412 usbccgp - ok
14:39:44.0890 3412 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:39:44.0890 3412 usbehci - ok
14:39:44.0953 3412 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:39:44.0968 3412 usbhub - ok
14:39:45.0015 3412 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:39:45.0015 3412 usbprint - ok
14:39:45.0078 3412 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:39:45.0078 3412 usbscan - ok
14:39:45.0125 3412 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:39:45.0125 3412 USBSTOR - ok
14:39:45.0187 3412 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:39:45.0187 3412 usbuhci - ok
14:39:45.0250 3412 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\WINDOWS\system32\DRIVERS\VClone.sys
14:39:45.0250 3412 VClone - ok
14:39:45.0312 3412 VComm (51750b0539986186c6931fc40d171521) C:\WINDOWS\system32\DRIVERS\VComm.sys
14:39:45.0312 3412 VComm - ok
14:39:45.0375 3412 VcommMgr (6d9c891c0a761afed1f3609c2e56f2b9) C:\WINDOWS\system32\Drivers\VcommMgr.sys
14:39:45.0375 3412 VcommMgr - ok
14:39:45.0421 3412 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:39:45.0421 3412 VgaSave - ok
14:39:45.0484 3412 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
14:39:45.0500 3412 viaagp - ok
14:39:45.0546 3412 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
14:39:45.0546 3412 viaagp1 - ok
14:39:45.0593 3412 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
14:39:45.0593 3412 ViaIde - ok
14:39:45.0656 3412 VolSnap (28a4b296b47782173c346e376cb374d1) C:\WINDOWS\system32\drivers\VolSnap.sys
14:39:45.0656 3412 VolSnap - ok
14:39:45.0718 3412 VSS (d6ba1a63d9e00933f1cd2a885573afb2) C:\WINDOWS\System32\vssvc.exe
14:39:45.0750 3412 VSS - ok
14:39:45.0796 3412 vulfnths (16409c468ceee99b6b129fcaa5c0f206) C:\WINDOWS\System32\Drivers\vulfnth.sys
14:39:45.0796 3412 vulfnths - ok
14:39:45.0828 3412 vulfntrs (e76fb35e30fb885124479a4a0aca3923) C:\WINDOWS\System32\Drivers\vulfntr.sys
14:39:45.0828 3412 vulfntrs - ok
14:39:45.0906 3412 W32Time (fa4e1cdba256787f2149f4aad07bc91f) C:\WINDOWS\system32\w32time.dll
14:39:45.0906 3412 W32Time - ok
14:39:45.0968 3412 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:39:45.0968 3412 Wanarp - ok
14:39:46.0000 3412 WDICA - ok
14:39:46.0062 3412 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:39:46.0062 3412 wdmaud - ok
14:39:46.0125 3412 WebClient (47ae51048a82dfa1cd6b51d369f7e169) C:\WINDOWS\System32\webclnt.dll
14:39:46.0125 3412 WebClient - ok
14:39:46.0234 3412 winmgmt (e488332126e3b1182d2b8a0c35408ec6) C:\WINDOWS\system32\wbem\WMIsvc.dll
14:39:46.0234 3412 winmgmt - ok
14:39:46.0375 3412 WinRM (4d34cedd74bdbf2b6a935eae3bf80543) C:\WINDOWS\system32\WsmSvc.dll
14:39:46.0453 3412 WinRM - ok
14:39:46.0703 3412 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:39:46.0750 3412 wlidsvc - ok
14:39:46.0875 3412 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
14:39:46.0875 3412 WmdmPmSN - ok
14:39:46.0984 3412 WmiApSrv (23f6f03272f7e5679f1f050aed5acee6) C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:39:47.0000 3412 WmiApSrv - ok
14:39:47.0171 3412 WMPNetworkSvc (3739866d20abd42f26a7b85f9e2560af) C:\Program Files\Windows Media Player\WMPNetwk.exe
14:39:47.0218 3412 WMPNetworkSvc - ok
14:39:47.0281 3412 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
14:39:47.0281 3412 WpdUsb - ok
14:39:47.0359 3412 wscsvc (4c86d5faf78194995af9cc1075f65dd3) C:\WINDOWS\system32\wscsvc.dll
14:39:47.0375 3412 wscsvc - ok
14:39:47.0421 3412 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:39:47.0421 3412 WSTCODEC - ok
14:39:47.0468 3412 wuauserv (c1364564800ee9784192145324a23308) C:\WINDOWS\system32\wuauserv.dll
14:39:47.0484 3412 wuauserv - ok
14:39:47.0546 3412 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:39:47.0546 3412 WudfPf - ok
14:39:47.0609 3412 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:39:47.0609 3412 WudfRd - ok
14:39:47.0656 3412 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
14:39:47.0671 3412 WudfSvc - ok
14:39:47.0750 3412 WZCSVC (a27d4ba7264c0bf52f32d10405bea1d4) C:\WINDOWS\System32\wzcsvc.dll
14:39:47.0781 3412 WZCSVC - ok
14:39:47.0812 3412 XDva397 - ok
14:39:47.0859 3412 xmlprov (eaa4bb9edb3fb10cf8979fe65e63658f) C:\WINDOWS\System32\xmlprov.dll
14:39:47.0953 3412 xmlprov - ok
14:39:48.0062 3412 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
14:39:48.0515 3412 \Device\Harddisk0\DR0 - ok
14:39:48.0531 3412 Boot (0x1200) (76bf79e97faf4f5f81f4dc01ad4bdaf7) \Device\Harddisk0\DR0\Partition0
14:39:48.0531 3412 \Device\Harddisk0\DR0\Partition0 - ok
14:39:48.0578 3412 Boot (0x1200) (e63cc7a3e91b9d33c86a8e5994d11667) \Device\Harddisk0\DR0\Partition1
14:39:48.0578 3412 \Device\Harddisk0\DR0\Partition1 - ok
14:39:48.0593 3412 ============================================================
14:39:48.0593 3412 Scan finished
14:39:48.0593 3412 ============================================================
14:39:48.0656 2660 Detected object count: 0
14:39:48.0656 2660 Actual detected object count: 0
14:40:01.0843 1008 Deinitialize success

[Medievl]

combofix




ComboFix 12-07-04.01 - Pavel 04.07.2012 15:00:40.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.511.293 [GMT 2:00]
Spuštěný z: c:\documents and settings\Pavel\Plocha\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\DealBulldog Toolbar
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\system32\%SYSTE~1
c:\windows\system32\3gpvideoconvertera.dat
c:\windows\system32\3gpvideoconverterb.dat
c:\windows\system32\l_inntl.nls
c:\windows\system32\SET77.tmp
c:\windows\system32\SET83.tmp
c:\windows\system32\SETC6.tmp
c:\windows\system32\SETCB.tmp
c:\windows\system32\tmp5A.tmp
c:\windows\system32\tmp5B.tmp
D:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-04 do 2012-07-04 )))))))))))))))))))))))))))))))
.
.
2012-06-29 22:13 . 2012-07-04 10:16 -------- d-----w- c:\documents and settings\Pavel\Data aplikací\.minecraft
2012-06-29 07:59 . 2004-10-22 00:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2012-06-29 07:59 . 2004-10-22 00:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2012-06-29 07:59 . 2004-10-22 00:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2012-06-29 07:59 . 2004-10-22 00:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2012-06-29 07:59 . 2004-10-22 00:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-06-29 07:59 . 2012-06-29 07:59 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2012-06-29 07:59 . 2012-06-29 07:59 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2012-06-27 19:20 . 2012-06-27 19:20 -------- d-----w- c:\documents and settings\Pavel\KBang
2012-06-27 17:48 . 2012-06-27 17:49 -------- d-----w- c:\program files\ChatZum Toolbar
2012-06-27 17:47 . 2012-06-27 17:51 -------- d-----w- c:\program files\Attack on Pearl Harbor Demo
2012-06-18 11:52 . 2012-06-18 11:56 -------- d-----w- C:\40f63f5029503c2b85
2012-06-14 20:44 . 2012-06-14 20:44 3826112 ----a-w- C:\chatzum.exe
2012-06-12 17:56 . 2012-06-12 17:56 -------- d-----w- c:\program files\Codemasters
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-29 09:11 . 2008-06-17 12:06 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-06-23 17:18 . 2012-04-09 16:00 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 17:18 . 2011-08-29 06:59 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-03 18:43 . 2012-06-03 18:43 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-06-02 13:19 . 2007-07-30 18:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2007-07-30 18:18 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2007-12-18 22:01 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2007-12-18 22:01 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2007-12-18 22:01 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2007-12-18 22:01 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2007-12-18 22:01 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2007-07-30 18:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2007-07-30 18:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2007-07-30 18:18 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2004-08-17 13:49 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2007-12-18 22:01 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2007-12-18 22:01 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2009-08-21 13:31 17648 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 13:18 . 2009-08-21 13:31 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2009-08-21 13:31 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2004-08-17 13:49 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-05-20 15:47 . 2012-05-20 15:47 772552 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-20 15:47 . 2011-11-10 14:11 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-20 15:47 . 2011-03-23 17:36 687560 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-15 15:36 . 2004-08-17 13:49 832512 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:55 . 2004-08-17 13:44 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-05 03:14 . 2004-08-17 15:45 2071296 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-05 03:14 . 2004-08-17 13:45 2194816 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-02 13:46 . 2007-12-18 21:59 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 14:39 . 2004-08-17 13:49 1830912 ------w- c:\windows\system32\inetcpl.cpl
2012-04-23 14:39 . 2004-08-17 13:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-04-23 14:39 . 2004-08-17 13:49 17408 ------w- c:\windows\system32\corpol.dll
2012-04-16 16:25 . 2011-10-16 11:12 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2012-04-21 01:18 . 2012-05-09 16:20 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1EA72C1C-3F5D-3E11-3614-1EF9496232D2}]
2008-04-14 03:21 65536 ----a-w- c:\windows\system32\dmsttyle.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-04-11 1127644]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-04-10 1846804]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-04-07 126976]
"InCD"="c:\program files\ahead\incd\incd.exe" [2006-03-23 1398272]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4StoryPrePatch]
2010-10-20 09:48 319488 ----a-w- c:\program files\Gameforge4D\4Story\PrePatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Badoo Desktop]
2011-06-07 16:55 1017344 ----a-w- c:\documents and settings\All Users\Data aplikací\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-11-10 09:17 3514176 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileHippo.com]
2012-03-26 07:34 306688 ----a-w- c:\program files\FileHippo.com\UpdateChecker.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-02-02 16:04 136176 ----atw- c:\documents and settings\Pavel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-10-22 10:22 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-06-07 17:17 17425072 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Pavel\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\GMOD10\\hl2.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
"c:\\Documents and Settings\\Pavel\\Plocha\\All-in-One_v1.9\\apache\\bin\\apache.exe"=
"c:\\Documents and Settings\\Pavel\\Plocha\\All-in-One_v1.9\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2.12.2011 22:30 239168]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [16.2.2012 20:50 21992]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16.11.2009 18:33 50704]
R2 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [19.3.2008 17:52 51816]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [10.10.2009 11:41 27632]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8.11.2011 20:05 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7.6.2012 19:12 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [9.4.2012 18:00 250056]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8.11.2011 20:05 136176]
S3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [24.12.2011 20:59 15896]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [3.6.2012 20:43 40776]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [9.5.2012 18:20 129976]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [10.10.2009 11:41 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [10.10.2009 11:41 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [10.10.2009 11:41 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [10.10.2009 11:41 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [10.10.2009 11:41 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [10.10.2009 11:41 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [10.10.2009 11:41 109736]
S3 XDva397;XDva397;\??\c:\windows\system32\XDva397.sys --> c:\windows\system32\XDva397.sys [?]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - 12573602
*Deregistered* - 12573602
.
Obsah adresáře 'Naplánované úlohy'
.
2012-07-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 17:18]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-08 18:05]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-08 18:05]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.chatzum.com/
mStart Page = hxxp://search.chatzum.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Pavel\Data aplikací\Mozilla\Firefox\Profiles\rmtybd5f.default\
FF - prefs.js: browser.search.selectedEngine - Search web
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://utils.chatzum.com/?url=
FF - prefs.js: network.proxy.type - 0
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8ovP ... 26&search=
FF - user.js: extensions.incredibar_i.id - dcf5cdbd0000000000000015832b615e
FF - user.js: extensions.incredibar_i.instlDay - 15430
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1419:26
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8ovPPZ9U
FF - user.js: extensions.incredibar_i.upn2n - 92824110162185234
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10606
FF - user.js: extensions.incredibar_i.ppd - 20%5F4
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2473228 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2478663 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2518870 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2539636 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2572078 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2604121 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2633870 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656351 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656368 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656405 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-04 15:16
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2012-07-04 15:22:11
ComboFix-quarantined-files.txt 2012-07-04 13:21
.
Před spuštěním: 1 827 487 744
Po spuštění: 2 346 512 384
.
- - End Of File - - 3B74303E4B65276A07758A8C12173767